chore(deps): bump @hono/node-server and openclaw

[dependabot]

Bumps @hono/node-server to 1.19.13 and updates ancestor dependency openclaw. These dependencies need to be updated together.

Updates @hono/node-server from 1.19.9 to 1.19.13

Release notes

Sourced from @​hono/node-server's releases.

v1.19.13

Security Fix

Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (//) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-92pp-h63x-v22m for details.

v1.19.12

What's Changed

• chore: ignore claude setting by @​yusukebe in honojs/node-server#314
• fix: request draining for early 413 responses by @​usualoma in honojs/node-server#329

Full Changelog: honojs/node-server@v1.19.11...v1.19.12

v1.19.11

What's Changed

• fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by @​usualoma in honojs/node-server#309

Full Changelog: honojs/node-server@v1.19.10...v1.19.11

v1.19.10

Security Fix

Fixed an authorization bypass in Serve Static Middleware caused by inconsistent URL decoding (%2F handling) between the router and static file resolution. Users of Serve Static Middleware are encouraged to upgrade to this version.

See GHSA-wc8c-qw6v-h7f6 for details.

Commits

• fd64e65 1.19.13
• 025c30f Merge commit from fork
• 6cdb5a7 1.19.12
• 70250f7 fix: request draining for early 413 responses (#329)
• cfc08b3 chore: ignore claude setting (#314)
• ecd4d6b 1.19.11
• c944899 fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...
• 2f8ca36 1.19.10
• 455015b Merge commit from fork
• cc05c48 chore: add benchmark for comparing with npm and local (dev) (#305)
• Additional commits viewable in compare view

Updates openclaw from 2026.3.11 to 2026.4.7

Release notes

Sourced from openclaw's releases.

openclaw 2026.4.7

Changes

• CLI/infer: add a first-class openclaw infer ... hub for provider-backed inference workflows across model, media, web, and embedding tasks. Thanks @​Takhoffman.
• Tools/media generation: auto-fallback across auth-backed image, music, and video providers by default, preserve intent during provider switches, remap size/aspect/resolution/duration hints to the closest supported option, and surface provider capabilities plus mode-aware video-to-video support.
• Memory/wiki: restore the bundled memory-wiki stack with plugin, CLI, sync/query/apply tooling, memory-host integration, structured claim/evidence fields, compiled digest retrieval, claim-health linting, contradiction clustering, staleness dashboards, and freshness-weighted search. Thanks @​vincentkoc.
• Plugins/webhooks: add a bundled webhook ingress plugin so external automation can create and drive bound TaskFlows through per-route shared-secret endpoints. (#61892) Thanks @​mbelinky.
• Gateway/sessions: add persisted compaction checkpoints plus Sessions UI branch/restore actions so operators can inspect and recover pre-compaction session state. (#62146) Thanks @​scoootscooob.
• Compaction: add pluggable compaction provider registry so plugins can replace the built-in summarization pipeline. Configure via agents.defaults.compaction.provider; falls back to LLM summarization on provider failure. (#56224) Thanks @​DhruvBhatia0.
• Agents/system prompt: add agents.defaults.systemPromptOverride for controlled prompt experiments plus heartbeat prompt-section controls so heartbeat runtime behavior can stay enabled without injecting heartbeat instructions every turn.
• Providers/Google: add Gemma 4 model support and keep Google fallback resolution on the requested provider path so native Google Gemma routes work again. (#61507) Thanks @​eyjohn.
• Providers/Google: preserve explicit thinking-off semantics for Gemma 4 while still enabling Gemma reasoning support in compatibility wrappers. (#62127) Thanks @​romgenie.
• Providers/Arcee AI: add a bundled Arcee AI provider plugin with Trinity catalog entries, OpenRouter support, and updated onboarding/auth guidance. (#62068) Thanks @​arthurbr11.
• Providers/Anthropic: restore Claude CLI as the preferred local Anthropic path in onboarding, model-auth guidance, doctor flows, and Docker Claude CLI live lanes again.
• Providers/Ollama: detect vision capability from the /api/show response and set image input on models that support it so Ollama vision models accept image attachments. (#62193) Thanks @​BruceMacD.
• Memory/dreaming: ingest redacted session transcripts into the dreaming corpus with per-day session-corpus notes, cursor checkpointing, and promotion/doctor support. (#62227) Thanks @​vignesh07.
• Providers/inferrs: add string-content compatibility for stricter OpenAI-compatible chat backends, document inferrs setup with a full config example, and add troubleshooting guidance for local backends that pass direct probes but fail on full agent-runtime prompts.
• Agents/context engine: expose prompt-cache runtime context to context engines and keep current-turn prompt-cache usage aligned with the active attempt instead of stale prior-turn assistant state. (#62179) Thanks @​jalehman.
• Plugin SDK/context engines: pass availableTools and citationsMode into assemble(), and expose memory-artifact and memory-prompt seams so companion plugins and non-legacy context engines can consume active memory state without reaching into internals. Thanks @​vincentkoc.
• ACP/ACPX plugin: bump the bundled acpx pin to 0.5.1 so plugin-local installs and strict version checks pick up the latest published runtime release. (#62148) Thanks @​onutc.
• Discord/events: allow event-create to accept a cover image URL or local file path, load and validate PNG/JPG/GIF event cover media, and pass the encoded image payload through Discord admin action/runtime paths. (#60883) Thanks @​bittoby.

Fixes

• CLI/infer: keep provider-backed infer behavior aligned with actual runtime execution by fixing explicit TTS override handling, profile-aware gateway TTS prefs resolution, per-request transcription prompt/language overrides, image output MIME/extension mismatches, configured web-search fallback behavior, and agent-vs-CLI web-search execution drift.
• Plugins/media: when plugins.allow is set, capability fallback now merges bundled capability plugin ids into the allowlist (not only plugins.entries), so media understanding providers such as OpenAI-compatible STT load for voice transcription without requiring openai in plugins.allow. (#62205) Thanks @​neeravmakwana.
• Agents/history and replies: buffer phaseless OpenAI WS text until a real assistant phase arrives, keep replay and SSE history sequence tracking aligned, hide commentary and leaked tool XML from user-visible history, and keep history-based follow-up replies on final_answer text only. (#61729, #61747, #61829, #61855, #61954) Thanks @​100yenadmin and contributors.
• Control UI: show /tts audio replies in webchat, detect mistaken ?token= auth links with the correct #token= hint, and keep Copy, Canvas, and mobile exec-approval UI from covering chat content on narrow screens. (#54842, #61514, #61598) Thanks @​neeravmakwana.
• iOS/gateway: replace string-matched connection error UI with structured gateway connection problems, preserve actionable pairing/auth failures over later generic disconnect noise, and surface reusable problem banners and details across onboarding, settings, and root status surfaces. (#62650) Thanks @​ngutman.
• TUI: route /status through the shared session-status command, keep commentary hidden in history, strip raw envelope metadata from async command notices, preserve fallback streaming before per-attempt failures finalize, and restore Kitty keyboard state on exit or fatal crashes. (#49130, #59985, #60043, #61463) Thanks @​biefan and contributors.
• iOS/Watch exec approvals: keep Apple Watch review and approval recovery working while the iPhone is locked or backgrounded, including reconnect recovery, pending approval persistence, notification cleanup, and APNs-backed watch refresh recovery. (#61757) Thanks @​ngutman.
• Agents/context overflow: combine oversized and aggregate tool-result recovery in one pass and restore a total-context overflow backstop so recoverable sessions retry instead of failing early. (#61651) Thanks @​Takhoffman.
• Auth/OpenAI Codex OAuth: reload fresh on-disk credentials inside the locked refresh path and retry once after refresh_token_reused rotates only the stored refresh token, so relogin/restart recovery stops getting stuck on stale cached auth state. Thanks @​owen-ever.
• Auth/OpenAI Codex OAuth: keep native /model ...@profile selections on the target session and honor explicit user-locked auth profiles even when per-agent auth order excludes them. (#62744) Thanks @​jalehman.
• Providers/Anthropic: preserve thinking blocks for Claude Opus 4.5+, Sonnet 4.5+, and newer Claude 4-family models so prompt-cache prefixes keep matching, and skip service_tier injection on OAuth-authenticated stream wrapper requests so Claude OAuth streaming stops failing with HTTP 401. (#60356, #61793)
• Agents/Claude CLI: surface nested API error messages from structured CLI output so billing/auth/provider failures show the real provider error instead of an opaque CLI failure.
• Agents/exec: preserve explicit host=node routing under elevated defaults when tools.exec.host=auto, fail loud on invalid elevated cross-host overrides, and keep strictInlineEval commands blocked after approval timeouts instead of falling through to automatic execution. (#61739) Thanks @​obviyus.
• Nodes/exec approvals: keep host=node POSIX transport shell wrappers (/bin/sh -lc ...) aligned with inner-command allowlist analysis so allowlisted scripts stop prompting unnecessarily, while Windows cmd.exe wrapper runs stay approval-gated. (#62401) Thanks @​ngutman.
• Nodes/exec approvals: keep Windows cmd.exe /c wrapper runs approval-gated even when env carriers, including env-assignment carriers, wrap the shell invocation. (#62439) Thanks @​ngutman.
• Gateway tool/exec config: block model-facing gateway config.apply and config.patch writes from changing exec approval paths such as safeBins, safeBinProfiles, safeBinTrustedDirs, and strictInlineEval, while still allowing unchanged structured values through. (#62001) Thanks @​eleqtrizit.
• Host exec/env sanitization: block dangerous Java, Rust, Cargo, Git, Kubernetes, cloud credential, config-path, and Helm env overrides so host-run tools cannot be redirected to attacker-chosen code, config, credentials, or repository state. (#59119, #62002, #62291) Thanks @​eleqtrizit and contributors.
• Commands/allowlist: require owner authorization for /allowlist add and /allowlist remove before channel resolution, so non-owner but command-authorized senders can no longer persistently rewrite allowlist policy state. (#62383) Thanks @​pgondhi987.
• Feishu/docx uploads: honor tools.fs.workspaceOnly for local upload_file and upload_image paths by forwarding workspace-constrained localRoots into the media loader, so docx uploads can no longer read host-local files outside the workspace when workspace-only mode is active. (#62369) Thanks @​pgondhi987.
• Network/fetch guard: drop request bodies and body-describing headers on cross-origin 307 and 308 redirects by default, so attacker-controlled redirect hops cannot receive secret-bearing POST payloads from SSRF-guarded fetch flows unless a caller explicitly opts in. (#62357) Thanks @​pgondhi987.
• Browser/SSRF: treat main-frame document redirect hops as navigations even when Playwright does not flag them as isNavigationRequest(), so strict private-network blocking still stops forbidden redirect pivots before the browser reaches the internal target. (#62355) Thanks @​pgondhi987.
• Browser/node invoke: block persistent browser profile create, reset, and delete mutations through browser.proxy on both gateway-forwarded node.invoke and the node-host proxy path, even when no profile allowlist is configured. (#60489)
• Gateway/node pairing: require a fresh pairing request when a previously paired node reconnects with additional declared commands, and keep the live session pinned to the earlier approved command set until the upgrade is approved. (#62658) Thanks @​eleqtrizit.
• Gateway/auth: invalidate existing shared-token and password WebSocket sessions when the configured secret rotates, so stale authenticated sockets cannot stay attached after token or password changes. (#62350) Thanks @​pgondhi987.
• MS Teams/security: validate file-consent upload URLs against HTTPS, Microsoft/SharePoint host allowlists, and private-IP DNS checks before uploading attachments, blocking SSRF-style consent-upload abuse. (#23596)
• Media/base64 decode guards: enforce byte limits before decoding missed base64-backed Teams, Signal, QQ Bot, and image-tool payloads so oversized inbound media and data URLs no longer bypass pre-decode size checks. (#62007) Thanks @​eleqtrizit.
• Runtime event trust: mark background notifyOnExit summaries, ACP parent-stream relays, and wake-hook payloads as untrusted system events so lower-trust runtime output no longer re-enters later turns as trusted System: text. (#62003)
• Auto-reply/media: allow managed generated-media MEDIA: paths from normal reply text again while still blocking arbitrary host-local media and document paths, so generated media keep delivering without reopening host-path injection holes.
• Gateway/status and containers: auto-bind to 0.0.0.0 inside Docker and Podman environments, and probe local TLS gateways over wss:// with self-signed fingerprint forwarding so container startup and loopback TLS status checks work again. (#61818, #61935) Thanks @​openperf and contributors.

... (truncated)

Commits

• 5050017 fix(doctor): warn when stale Codex overrides shadow OAuth (#40143)
• 7fc3197 fix: guide exec timeouts to registered background sessions
• 6807e6a docs: fix qa refactor heading fence
• 87b31c8 docs: update config baseline
• da858c3 build: exclude plugin sdk build info from npm pack
• c33ad41 docs: update plugin sdk api baseline
• 6211e3d fix: raise acpx runtime timeout
• c5392f3 fix: escape tahoe update trap vars
• 9a165e2 docs: stamp 2026.4.7 changelog
• 3c9371e fix: repair tahoe update done trap
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for openclaw since your current version.

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.