Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates#150

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/WHartTest_Vue/npm_and_yarn-37a3c96e9f
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates#150
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/WHartTest_Vue/npm_and_yarn-37a3c96e9f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 1 update in the /WHartTest_WeixinPluginHost directory: openclaw.

Updates openclaw from 2026.3.23 to 2026.7.1

Release notes

Sourced from openclaw's releases.

openclaw 2026.7.1

2026.7.1

OpenClaw v2026.7.1 brings major Control UI and onboarding overhauls, major updates to the official iOS, Android, and macOS apps, expanded model and provider support including GPT-5.6 compatibility, Tencent Hy3, and Meta Muse Spark 1.1, and stronger Codex and connected coding-agent workflows. Telegram, Slack, Discord, and Apple Messages each receive substantial updates, while Gateway crash loops, scheduled work, remote browser control, workspace terminals, sessions, and goals also improve. There are also many general fixes and refinements throughout OpenClaw.

Read the full release notes

This release brings together 3,063 contributions from 532 contributors.

Highlights

  • Control UI overhaul: conversations are easier to organize and work with side by side, with live Tasks, clearer chat controls, better usage and cost views, files, downloads, pairing, approvals, and Gateway health kept close to the conversation.
  • Easier setup from install to first chat: guided setup provides clearer steps toward a working first chat, checks connections before saving them, and preserves earlier choices when setup is interrupted.
  • Official app updates: iOS and iPadOS, Android, and macOS received substantial work across setup, navigation, chat, voice, permissions, localization, files, scheduled work, offline reading, queued sends, connection recovery, and native session controls.
  • Models and providers: GPT-5.6 compatibility improves across supported OpenAI and Codex routes, Tencent Hy3 gains a complete setup path, Meta Model API adds Muse Spark 1.1, and broader Claude, Ollama, ClawRouter, LongCat, and provider work expands choice and reliability.
  • Codex and connected coding agents: openclaw attach gives Claude Code temporary access to a selected session, Codex delegation and native subagents return tracked results more reliably, Copilot gains broader provider choices, and long-running sessions and goals are easier to resume.
  • Telegram: live progress, photos and documents, topics, commands, retries, account routing, setup, and delivery all received substantial work.
  • Slack: threads, cards, progress, identity, reactions, and duplicate prevention improve, while longer conversations avoid more unnecessary waits.
  • Discord: replies, attachments, voice sessions, progress, reconnects, and multi-account behavior improve, with better unread cues and recovery from repeated session-resume failures.
  • Apple Messages: replies, typing, media, routing, setup guidance, and chat continuity improve across supported bridge setups.
  • Gateway crashes stop restarting forever: repeatedly failing Gateways now leave a stable repair path instead of restarting indefinitely.
  • Scheduled work, remote browser control, and workspace terminals: scheduled work can wake only when something changes, selected signed-in browser tabs can pair remotely and save completed downloads safely, and guarded terminals are available across web, iOS, and Android.

Changes

  • Channels and messaging: expanded native capabilities, clearer progress and delivery behavior, stronger media handling, and broader controls across Telegram, Slack, Discord, Signal, WhatsApp, Apple Messages, Teams, Matrix, Feishu, and other channels.
  • Models and providers: more models can be discovered, selected, authenticated, and used across cloud, managed, and local routes, with clearer reasoning controls and provider-specific setup.
  • Memory, sessions, and state: session groups, titles, unread state, checkpoints, context handling, goals, and recovery paths are more consistent across web, mobile, CLI, and connected agents.
  • Tools and automation: browser control, downloads, cron jobs, terminals, files, search, fetch, MCP, and background task workflows gain new capabilities and clearer controls.
  • Account, device, and data protection: passwords and tokens stay out of more logs, sensitive controls remain limited to approved users, device pairing is clearer, and unsafe downloads, files, and network requests are blocked earlier.
  • Plugins and packaging: bundled and external plugins gain improved installation, discovery, updates, compatibility, diagnostics, and distribution behavior.
  • CLI, setup, and administration: onboarding, Doctor, updates, configuration, status, diagnostics, node management, backup, and deployment workflows are easier to inspect and recover.

Fixes

  • Chat delivery and replies: messages, progress updates, quoted replies, media, and final results stay tied to the intended conversation more reliably across reconnects, restarts, retries, and channel-specific limits.
  • Control UI and native apps: fixes cover session state, stale completions, responsive layouts, scrolling, focus, accessibility, localization, pairing, voice, offline chat, and mobile recovery.
  • Gateway and provider reliability: startup, restart, migration, authentication, fallback, streaming, model discovery, and oversized-response failures now stop or recover more cleanly.
  • Sessions and memory: transcript, compaction, checkpoint, cache, rotation, search, and persistence fixes reduce lost state, stale views, and cross-session confusion.
  • Browser, tools, and automation: browser actions, downloads, fetches, searches, scheduled jobs, terminals, subprocesses, and MCP calls now handle cancellation, malformed input, timeouts, and broken streams more safely.
  • Setup, updates, and packaging: installers, containers, plugin updates, runtime checks, temporary files, and platform-specific launch paths receive recovery and compatibility fixes.
  • Security and credentials: additional hardening protects tokens, secrets, approval scopes, local paths, network destinations, attachments, archives, and untrusted provider or plugin responses.

Pull requests

The expandable groups below list all 2,018 public and credited pull requests represented in these release notes. Direct commits and detailed contributor credits remain available in the full release notes.

... (truncated)

Commits
  • 2d2ddc4 fix(codex): update managed app-server to 0.144.3 [AI] (#106098)
  • 2b4232e docs(changelog): refresh 2026.7.1 notes
  • e0ce125 test(installer): dedupe cleanup coverage
  • 5bbf27e fix(installer): clean temporary files on failure (#103725)
  • b2569f9 test(daemon): remove stale release mocks
  • d57704f docs(changelog): finalize SQLite runtime safety
  • 28db140 fix(installer): validate upgraded Windows SQLite runtime
  • c86285f fix(sqlite): reject runtimes vulnerable to WAL corruption (#106065)
  • 3010140 docs(changelog): finalize 2026.7.1 stable notes
  • 970bbc7 chore(release): prepare 2026.7.1
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for openclaw since your current version.

Install script changes

This version adds preinstall, postinstall scripts that run during installation. Review the package contents before updating.


Updates hono from 4.12.8 to 4.12.25

Release notes

Sourced from hono's releases.

v4.12.25

Security fixes

This release includes fixes for the following security issues:

CORS Middleware reflects any Origin with credentials when origin defaults to the wildcard

Affects: hono/cors. Fixes the wildcard origin reflecting the request Origin and sending Access-Control-Allow-Credentials: true when credentials: true is set without an explicit origin, where any site a logged-in user visited could make credentialed cross-origin requests and read responses from cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc

Body Limit Middleware can be bypassed on AWS Lambda by understating Content-Length

Affects: hono/body-limit on AWS Lambda (hono/aws-lambda, hono/lambda-edge). Fixes the request being built with the client-declared Content-Length while the body is delivered fully buffered, where a client could declare a small Content-Length with a much larger body and slip past the configured size limit. GHSA-rv63-4mwf-qqc2

Path traversal in serve-static on Windows via encoded backslash (%5C)

Affects: serveStatic on Windows (Node, Bun, Deno adapters). Fixes the path guard allowing a lone backslash, where an encoded backslash (%5C) decoded to \ was treated as a separator by the Windows path resolver, letting a single URL segment escape into a middleware-guarded subtree. GHSA-wwfh-h76j-fc44

AWS Lambda adapter merges multiple Set-Cookie headers into one value, dropping cookies on ALB single-header and Lattice

Affects: hono/aws-lambda. Fixes multiple Set-Cookie response headers being joined into one comma-separated value for ALB single-header responses and VPC Lattice v2, where the value could not be split back into individual cookies and clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf

Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest

Affects: hono/lambda-edge. Fixes repeated request headers being written with overwrite instead of append, where only the last value of a header such as X-Forwarded-For reached the application and the remaining values were silently dropped. GHSA-wgpf-jwqj-8h8p

v4.12.24

What's Changed

Full Changelog: honojs/hono@v4.12.23...v4.12.24

v4.12.23

What's Changed

Full Changelog: honojs/hono@v4.12.22...v4.12.23

v4.12.22

What's Changed

... (truncated)

Commits

Updates protobufjs from 7.5.4 to 7.6.3

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.6.3

7.6.3 (2026-06-09)

Bug Fixes

  • Avoid name collisions in generated code (#2311) (78a9576)
  • Preserve null conversion behavior for fieldless messages (#2312) (df91652)

protobufjs: v7.6.2

7.6.2 (2026-05-30)

Bug Fixes

  • Backport consistency and correctness fixes (#2294) (a92f72e)

protobufjs: v7.6.1

7.6.1 (2026-05-22)

Bug Fixes

protobufjs: v7.6.0

7.6.0 (2026-05-18)

Features

protobufjs: v7.5.9

7.5.9 (2026-05-17)

Bug Fixes

  • Backport bundler-safe optional module lookups (#2254) (0853a62)

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.6.3 (2026-06-09)

Bug Fixes

  • Avoid name collisions in generated code (#2311) (78a9576)
  • Preserve null conversion behavior for fieldless messages (#2312) (df91652)

7.6.2 (2026-05-30)

Bug Fixes

  • Backport consistency and correctness fixes (#2294) (a92f72e)

7.6.1 (2026-05-22)

Bug Fixes

7.6.0 (2026-05-18)

Features

7.5.9 (2026-05-17)

Bug Fixes

  • Backport bundler-safe optional module lookups (#2254) (0853a62)

7.5.8 (2026-05-12)

Bug Fixes

7.5.7 (2026-05-09)

Bug Fixes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates

Bumps the npm_and_yarn group with 1 update in the /WHartTest_WeixinPluginHost directory: [openclaw](https://github.com/openclaw/openclaw).


Updates `openclaw` from 2026.3.23 to 2026.7.1
- [Release notes](https://github.com/openclaw/openclaw/releases)
- [Commits](openclaw/openclaw@v2026.3.23...v2026.7.1)

Updates `hono` from 4.12.8 to 4.12.25
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.8...v4.12.25)

Updates `protobufjs` from 7.5.4 to 7.6.3
- [Release notes](https://github.com/protobufjs/protobuf.js/releases)
- [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.3/CHANGELOG.md)
- [Commits](protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.6.3)

---
updated-dependencies:
- dependency-name: openclaw
  dependency-version: 2026.7.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: hono
  dependency-version: 4.12.25
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: protobufjs
  dependency-version: 7.6.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants