fix(deps): patch security vulnerabilities, bump ponder to 0.16.6 (#1897)

shrugs · web-flow · commit 66ddd69158b4 · 2026-04-08T14:21:55.000-05:00
diff --git a/apps/ensapi/package.json b/apps/ensapi/package.json
@@ -26,7 +26,7 @@
     "@ensnode/ensdb-sdk": "workspace:*",
     "@ensnode/ensnode-sdk": "workspace:*",
     "@ensnode/ponder-subgraph": "workspace:*",
-    "@hono/node-server": "^1.19.10",
+    "@hono/node-server": "catalog:",
     "@hono/otel": "^0.2.2",
     "@hono/zod-openapi": "^1.2.2",
     "@namehash/ens-referrals": "workspace:*",
diff --git a/apps/ensrainbow/package.json b/apps/ensrainbow/package.json
@@ -32,7 +32,7 @@
   "dependencies": {
     "@ensnode/ensrainbow-sdk": "workspace:*",
     "@ensnode/ensnode-sdk": "workspace:*",
-    "@hono/node-server": "^1.19.10",
+    "@hono/node-server": "catalog:",
     "classic-level": "^1.4.1",
     "hono": "catalog:",
     "pino": "catalog:",
diff --git a/apps/fallback-ensapi/package.json b/apps/fallback-ensapi/package.json
@@ -31,7 +31,7 @@
   },
   "devDependencies": {
     "@ensnode/shared-configs": "workspace:*",
-    "@hono/node-server": "^1.19.10",
+    "@hono/node-server": "catalog:",
     "@types/node": "catalog:",
     "esbuild": "^0.27.2",
     "tsx": "^4.7.1",
diff --git a/package.json b/package.json
@@ -50,7 +50,7 @@
       "minimatch@<10.2.3": ">=10.2.3",
       "rollup@>=4.0.0 <4.59.0": ">=4.59.0",
       "svgo@>=3.0.0 <3.3.3": "^3.3.3",
-      "ponder>@hono/node-server@<1.19.10": "^1.19.10",
+      "ponder>@hono/node-server@<1.19.13": "catalog:",
       "devalue@<5.6.4": "^5.6.4",
       "undici@>=7.0.0 <7.24.0": "^7.24.0",
       "undici@>=6.0.0 <6.24.0": "^6.24.0",
@@ -66,6 +66,11 @@
       "defu@<=6.1.4": "^6.1.5",
       "vite@>=5.0.0 <=6.4.1": "^6.4.2"
     },
+    "auditConfig": {
+      "ignoreCves": [
+        "CVE-2026-39356"
+      ]
+    },
     "ignoredBuiltDependencies": [
       "bun"
     ],
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
