build(deps): bump the all-bun-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the all-bun-dependencies group with 4 updates in the / directory: hono, marked, @cloudflare/workers-types and wrangler.

Updates hono from 4.12.5 to 4.12.8

Release notes

Sourced from hono's releases.

v4.12.8

What's Changed

• fix(utils/mime): Normalize input extension to lowercase before MIME check by @​TheEssem in honojs/hono#4800
• fix(bearer-auth): escape regex metacharacters in bearer auth prefix option by @​otoneko1102 in honojs/hono#4750

New Contributors

• @​TheEssem made their first contribution in honojs/hono#4800

Full Changelog: honojs/hono@v4.12.7...v4.12.8

v4.12.7

Security hardening

Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns.

---

Full Changelog: honojs/hono@v4.12.6...v4.12.7

v4.12.6

What's Changed

• fix(accept): replace regex split to mitigate ReDoS by @​EdamAme-x in honojs/hono#4758
• fix(jsx): align link hoisting and dedupe with React 19 by @​usualoma in honojs/hono#4792
• chore(builld): tsconfig project references by @​BarryThePenguin in honojs/hono#4797
• chore: add tsconfig.spec.json by @​yusukebe in honojs/hono#4798
• feat(jsx-renderer): support function-based options by @​3w36zj6 in honojs/hono#4780
• fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X by @​t0waxx in honojs/hono#4782

New Contributors

• @​t0waxx made their first contribution in honojs/hono#4782

Full Changelog: honojs/hono@v4.12.5...v4.12.6

Commits

• fe689ec 4.12.8
• 0c0bf8d fix(bearer-auth): escape regex metacharacters in bearer auth prefix option (#...
• 488ea6a fix(utils/mime): Normalize input extension to lowercase before MIME check (#4...
• b0aba5b 4.12.7
• 1be3a53 ci: apply automated fixes
• ef90225 Merge commit from fork
• 3f88636 4.12.6
• 53b66ae fix(lambda-edge): avoid callback handler deprecation on NODEJS_24_X (#4782)
• 58825a7 feat(jsx-renderer): support function-based options (#4780)
• 0e80acb chore: add tsconfig.spec.json (#4798)
• Additional commits viewable in compare view

Updates marked from 17.0.4 to 17.0.5

Release notes

Sourced from marked's releases.

v17.0.5

17.0.5 (2026-03-20)

Bug Fixes

• Fix catastrophic backtracking (ReDoS) in link/reflink label regex (#3918) (4625980)
• prevent quadratic complexity in emStrongLDelim regex (#3906) (c732dd2)
• prevent single-tilde strikethrough false positives (#3910) (5e03369)
• re-assign tokenizer.lexer and renderer.parser at start of each parse call (#3907) (f3a3ec0)
• trim trailing whitespace from lheading text (#3920) (3ea7e88)

Commits

• 811ea59 chore(release): 17.0.5 [skip ci]
• c732dd2 fix: prevent quadratic complexity in emStrongLDelim regex (#3906)
• f3a3ec0 fix: re-assign tokenizer.lexer and renderer.parser at start of each parse cal...
• 4625980 fix: Fix catastrophic backtracking (ReDoS) in link/reflink label regex (#3918)
• 5e03369 fix: prevent single-tilde strikethrough false positives (#3910)
• 288349d test: add heading edge case tests (#3919)
• 3ea7e88 fix: trim trailing whitespace from lheading text (#3920)
• d4c0fe5 chore(deps-dev): Bump esbuild from 0.27.3 to 0.27.4 (#3915)
• 30682c1 chore(deps-dev): Bump undici from 6.23.0 to 6.24.0 (#3914)
• 59752c4 chore(deps-dev): Bump minimatch from 9.0.5 to 9.0.9 (#3913)
• Additional commits viewable in compare view

Updates @cloudflare/workers-types from 4.20260307.1 to 4.20260317.1

Commits

• See full diff in compare view

Updates wrangler from 4.71.0 to 4.76.0

Release notes

Sourced from wrangler's releases.

wrangler@4.76.0

Minor Changes

• #12893 782df44 Thanks @​gpanders! - Rewrite wrangler containers list to use the paginated Dash API endpoint

  wrangler containers list now fetches from the /dash/applications endpoint instead of /applications, displaying results in a paginated table with columns for ID, Name, State, Live Instances, and Last Modified. Container state is derived from health instance counters (active, degraded, provisioning, ready).

  The command supports --per-page (default 25) for interactive pagination with Enter to load more and q/Esc to quit, and --json for machine-readable output. Non-interactive environments load all results in a single request.

• #12957 62545c9 Thanks @​natewong1313! - Add Stream binding support to Wrangler and workers-utils

  Wrangler and workers-utils now recognize the stream binding in configuration, deployment metadata, and generated worker types. This enables projects to declare Stream bindings in wrangler.json and have the binding represented consistently across validation, metadata mapping, and type generation.

• #12848 ce48b77 Thanks @​emily-shen! - Enable local explorer by default

  This ungates the local explorer, a UI that lets you inspect the state of D1, DO and KV resources locally by visiting /cdn-cgi/explorer during local development.

  Note: this feature is still experimental, and can be disabled by setting the env var X_LOCAL_EXPLORER=false.

Patch Changes

• #12938 71ab981 Thanks @​dario-piotrowicz! - Add backward-compatible autoconfig support for Astro v5 and v4 projects

  The astro add cloudflare command in older Astro versions installs the latest adapter version, which causes compatibility issues. This change adds manual configuration logic for projects using Astro versions before 6.0.0:

  • Astro 6.0.0+: Uses the native astro add cloudflare command (unchanged behavior)
  • Astro 5.x: Installs @astrojs/cloudflare@12 and manually configures the adapter
  • Astro 4.x: Installs @astrojs/cloudflare@11 and manually configures the adapter
  • Astro < 4.0.0: Returns an error prompting the user to upgrade

• #11892 7c3c6c6 Thanks @​staticpayload! - Handle registry ports when matching container image digests

  Wrangler now strips tags without breaking registry ports when comparing local images to remote digests. This prevents unnecessary pushes for tags like localhost:5000/app:tag.

• Updated dependencies [3c988e2, d028ffb, cb71403, 3a1c149, ce48b77, 8729f3d]:

  • miniflare@4.20260317.1
  • @​cloudflare/unenv-preset@​2.16.0

wrangler@4.75.0

Minor Changes

• #12492 3b81fc6 Thanks @​thomasgauvin! - feat: add wrangler tunnel commands for managing Cloudflare Tunnels

  Adds a new set of commands for managing remotely-managed Cloudflare Tunnels directly from Wrangler:

  • wrangler tunnel create <name> - Create a new Cloudflare Tunnel
  • wrangler tunnel list - List all tunnels in your account
  • wrangler tunnel info <tunnel> - Display details about a specific tunnel
  • wrangler tunnel delete <tunnel> - Delete a tunnel (with confirmation)
  • wrangler tunnel run <tunnel> - Run a tunnel using cloudflared

... (truncated)

Commits

• 7d2661b Version Packages (#12945)
• 782df44 Reimplement containers list using Dash API endpoints (#12893)
• 62545c9 [Stream] Add worker bindings support (#12957)
• 71ab981 Add backward-compatible autoconfig support for Astro v5 and v4 projects (#12938)
• aa26784 Convert from ESLint to oxlint, Prettier to oxfmt (#12930)
• 7c3c6c6 wrangler: handle registry ports in digest checks (#11892)
• d028ffb [unenv-preset] Graduate experimental Node.js module flags to date-gated (2026...
• ce48b77 Ungate local explorer (#12848)
• a671740 Version Packages (#12923)
• e25bd0e Update prettier to 3.8.1 (#12939)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions