Skip to content

chore(deps): bump @adonisjs/http-server from 8.0.0 to 8.2.0 in the npm_and_yarn group across 1 directory#12

Merged
lucas-luchack merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-901ae6d4e2
Apr 21, 2026
Merged

chore(deps): bump @adonisjs/http-server from 8.0.0 to 8.2.0 in the npm_and_yarn group across 1 directory#12
lucas-luchack merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm_and_yarn-901ae6d4e2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 14, 2026

Bumps the npm_and_yarn group with 1 update in the / directory: @adonisjs/http-server.

Updates @adonisjs/http-server from 8.0.0 to 8.2.0

Release notes

Sourced from @​adonisjs/http-server's releases.

Add isValidRedirectUrl helper to be re-used by other packages

8.2.0 (2026-04-09)

Features

  • add isValidRedirectUrl helper, ctx on Redirect, and helper tests (2008fb6)

Full Changelog: adonisjs/http-server@v8.1.3...v8.2.0

Secure redirect-back with host validation and new configuration options

8.1.3 (2026-04-09)

Redirect back now validates the referrer URL against the request's Host header and a configurable allowedHosts list, preventing open-redirect vulnerabilities.

Additions

  • getPreviousUrl helper, available on both the HttpRequest and Redirect classes, for resolving the previous URL in one place.
  • Redirect extends Macroable, so you can override getPreviousUrl with your own resolution logic (for example, reading from a session)
  • forwardQueryString config option to control the default behavior.
  • redirect.withQs(boolean) overload for per-call control over query-string forwarding

Bug Fixes

  • prevent open redirect in redirect back via referrer host validation (ebba697)

Full Changelog: adonisjs/http-server@v8.1.2...v8.1.3

Catch malformed URIs and return 400

8.1.2 (2026-04-07)

Bug Fixes

  • return 400 for requests with malformed percent-encoded URIs (e96808e), closes #118

Full Changelog: adonisjs/http-server@v8.1.1...v8.1.2

Fix build issue

8.1.1 (2026-03-20)

Bug Fixes

  • rollback tsdown version for now (2f86348), closes #116

Pass original trust proxy fn to getIp method

8.1.0 (2026-03-20)

Features

... (truncated)

Commits
  • 384a5df chore(release): 8.2.0
  • bcdb2f1 style: reformat source code
  • 2008fb6 feat: add isValidRedirectUrl helper, ctx on Redirect, and helper tests
  • 929ea1a chore(release): 8.1.3
  • ebba697 fix: prevent open redirect in redirect back via referrer host validation
  • 3e6ffad chore: update dependencies
  • fe688b7 chore: update dependencies
  • dd44178 chore(release): 8.1.2
  • e96808e fix: return 400 for requests with malformed percent-encoded URIs
  • c16f074 chore(release): 8.1.1
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump @adonisjs/http-server
42a0a58 
Bumps the npm_and_yarn group with 1 update in the / directory: [@adonisjs/http-server](https://github.com/adonisjs/http-server).


Updates `@adonisjs/http-server` from 8.0.0 to 8.2.0
- [Release notes](https://github.com/adonisjs/http-server/releases)
- [Commits](adonisjs/http-server@v8.0.0...v8.2.0)

---
updated-dependencies:
- dependency-name: "@adonisjs/http-server"
  dependency-version: 8.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code minor labels Apr 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 14, 2026
edited
Loading

Version Preview
Current version v0.3.5
Next version v0.3.6
Bump type patch

To override the bump type, add a label: major, minor, or patch
Or use conventional commits: feat: → minor, fix: → patch, BREAKING CHANGE → major

2 similar comments
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 14, 2026

Version Preview
Current version v0.3.5
Next version v0.3.6
Bump type patch

To override the bump type, add a label: major, minor, or patch
Or use conventional commits: feat: → minor, fix: → patch, BREAKING CHANGE → major

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 14, 2026

Version Preview
Current version v0.3.5
Next version v0.3.6
Bump type patch

To override the bump type, add a label: major, minor, or patch
Or use conventional commits: feat: → minor, fix: → patch, BREAKING CHANGE → major

@lucas-luchack lucas-luchack enabled auto-merge April 21, 2026 07:31
@lucas-luchack lucas-luchack merged commit 1bfe648 into main Apr 21, 2026
14 checks passed
@lucas-luchack lucas-luchack deleted the dependabot/npm_and_yarn/npm_and_yarn-901ae6d4e2 branch April 21, 2026 07:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucas-luchack lucas-luchack lucas-luchack approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code minor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lucas-luchack