This is an automated email from the ASF dual-hosted git repository.
github-merge-queue[bot] pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/texera.git
The following commit(s) were added to refs/heads/main by this push:
new c2129d4b7c chore(deps): bump elysia from 1.4.18 to 1.4.27 in
/agent-service (#4961)
c2129d4b7c is described below
commit c2129d4b7c3e75b2c36de22148e3eaebd0f52833
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Fri Jun 19 23:45:06 2026 +0000
chore(deps): bump elysia from 1.4.18 to 1.4.27 in /agent-service (#4961)
Bumps [elysia](https://github.com/elysiajs/elysia) from 1.4.18 to
1.4.27.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/elysiajs/elysia/releases";>elysia's
releases</a>.</em></p>
<blockquote>
<h2>1.4.27</h2>
<h2>What's changed</h2>
<p>Bug fix:</p>
<ul>
<li>getSchemaValidator: handle TypeBox as sub type</li>
<li>handle cookie prototype pollution when parsing cookie</li>
</ul>
<p>Improvement:</p>
<ul>
<li>conditional async on getSchemaValidator when schema is Standard
Schema</li>
<li>use Response.json on Bun</li>
<li>export <code>AnySchema</code>, <code>UnwrapSchema</code>,
<code>ModelsToTypes</code> from root</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/elysiajs/elysia/compare/1.4.26...1.4.27";>https://github.com/elysiajs/elysia/compare/1.4.26...1.4.27</a></p>
<h2>1.4.26</h2>
<h2>What's changed</h2>
<p>Bug fix:</p>
<ul>
<li><a
href="https://redirect.github.com/elysiajs/elysia/issues/1755";>#1755</a>
deduplicate local handler from global event</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/issues/1752";>#1752</a>
system router with trailing path doesn't match with non-trailing</li>
<li>url format redos</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/issues/1747";>#1747</a>
parsing request from mount hang</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/elysiajs/elysia/compare/1.4.25...1.4.26";>https://github.com/elysiajs/elysia/compare/1.4.25...1.4.26</a></p>
<h2>1.4.25</h2>
<h2>What's changed</h2>
<p>Feature:</p>
<ul>
<li>export ElysiaStatus</li>
</ul>
<p>Bug fix:</p>
<ul>
<li>macro with conflict literal value per status</li>
<li>recursive macro with conflict value per status</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/elysiajs/elysia/compare/1.4.24...1.4.25";>https://github.com/elysiajs/elysia/compare/1.4.24...1.4.25</a></p>
<h2>1.4.24</h2>
<h2>What's Changed</h2>
<p>Feature:</p>
<ul>
<li>graceful unsigned cookie transition</li>
</ul>
<p>Bug fix:</p>
<ul>
<li><a
href="https://redirect.github.com/elysiajs/elysia/pull/1733";>#1733</a>
preserve multiple set-cookie headers in mounted handlers by <a
href="https://github.com/cipher416";><code>@cipher416</code></a></li>
<li>object cookie with secret doesn't deserialized after parsed</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/cipher416";><code>@cipher416</code></a>
made their first contribution in <a
href="https://redirect.github.com/elysiajs/elysia/pull/1733";>elysiajs/elysia#1733</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/elysiajs/elysia/compare/1.4.23...1.4.24";>https://github.com/elysiajs/elysia/compare/1.4.23...1.4.24</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/elysiajs/elysia/blob/main/CHANGELOG.md";>elysia's
changelog</a>.</em></p>
<blockquote>
<h1>1.4.27 - 1 Mar 2026</h1>
<p>Bug fix:</p>
<ul>
<li>getSchemaValidator: handle TypeBox as sub type</li>
<li>handle cookie prototype pollution when parsing cookie</li>
</ul>
<p>Improvement:</p>
<ul>
<li>conditional async on getSchemaValidator when schema is Standard
Schema</li>
<li>use Response.json on Bun</li>
</ul>
<h1>1.4.26 - 25 Feb 2026</h1>
<p>Bug fix:</p>
<ul>
<li><a
href="https://redirect.github.com/elysiajs/elysia/issues/1755";>#1755</a>
deduplicate local handler from global event</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/issues/1752";>#1752</a>
system router with trailing path doesn't match with non-trailing</li>
<li>url format redos</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/issues/1747";>#1747</a>
parsing request from mount hang</li>
</ul>
<h1>1.4.25 - 12 Feb 2026</h1>
<p>Feature:</p>
<ul>
<li>export ElysiaStatus</li>
</ul>
<p>Bug fix:</p>
<ul>
<li>macro with conflict literal value per status</li>
<li>recursive macro with conflict value per status</li>
</ul>
<h1>1.4.24 - 11 Feb 2026</h1>
<p>Feature:</p>
<ul>
<li>graceful unsigned cookie transition</li>
</ul>
<p>Bug fix:</p>
<ul>
<li><a
href="https://redirect.github.com/elysiajs/elysia/pull/1733";>#1733</a>
preserve multiple set-cookie headers in mounted handlers</li>
<li>object cookie with secret doesn't deserialized after parsed</li>
</ul>
<h1>1.4.23 - 9 Feb 2026</h1>
<p>Feature:</p>
<ul>
<li><a
href="https://redirect.github.com/elysiajs/elysia/pull/1719";>#1719</a>
add t.Union/t.Intersection handling in property enumerations/checks</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/pull/1697";>#1697</a>
extend complex formdata support to StandardSchema</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/pull/1675";>#1656</a>
serialize custom array-like custom class with array sub class</li>
</ul>
<p>Bug fix:</p>
<ul>
<li><a
href="https://redirect.github.com/elysiajs/elysia/issues/1721";>#1721</a>
Promise<!-- raw HTML omitted --> with response schema</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/issues/1700";>#1700</a>
distinct union object</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/pull/1683";>#1683</a>
response validation returns 500 instead of 422 for nested schemas in
dynamic mode</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/pull/1679";>#1679</a>
preserve headers when throwing from AsyncGenerator</li>
<li><a
href="https://redirect.github.com/elysiajs/elysia/pull/1595";>#1595</a>
stream reference should point to teed value</li>
<li>fix can't modify immutable headers error</li>
</ul>
<p>Change:</p>
<ul>
<li>update exact-mirror to 0.2.7</li>
</ul>
<h1>1.4.22 - 14 Jan 2026</h1>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/elysiajs/elysia/commit/cc9159b5c60a8eb16bbac4525005e2b5880d3624";><code>cc9159b</code></a>
:tada: feat: 1.4.27</li>
<li><a
href="https://github.com/elysiajs/elysia/commit/e9d6b1743fa7368ef942dce181f6a089757f6aab";><code>e9d6b17</code></a>
:tada: feat: 1.4.27</li>
<li><a
href="https://github.com/elysiajs/elysia/commit/21dce4c9b84c3151490a9c8c4ef851f1dc676a3f";><code>21dce4c</code></a>
:tada: feat: use Response.json on Bun</li>
<li><a
href="https://github.com/elysiajs/elysia/commit/6b44646f5cb5ae61bb3f2a7bcf269cd90971f4e3";><code>6b44646</code></a>
:wrench: fix(getSchemaValidator): handle TypeBox as sub type</li>
<li><a
href="https://github.com/elysiajs/elysia/commit/bbaf6b7f729b858a7435bf28b97119112177479e";><code>bbaf6b7</code></a>
:tada: feat: 1.4.26</li>
<li><a
href="https://github.com/elysiajs/elysia/commit/e596dab627d54dd194511532faf20d59e2e92f96";><code>e596dab</code></a>
:wrench: fix: <a
href="https://redirect.github.com/elysiajs/elysia/issues/1747";>#1747</a>
parsing request from mount hang</li>
<li><a
href="https://github.com/elysiajs/elysia/commit/6561d614f7f2462a2fe162b99f78a6af58e85565";><code>6561d61</code></a>
:wrench: fix: <a
href="https://redirect.github.com/elysiajs/elysia/issues/1752";>#1752</a>
system router with trailing path doesn't match with non-t...</li>
<li><a
href="https://github.com/elysiajs/elysia/commit/3c9dabc47409c2f104e2a954a459c72aa94e38f5";><code>3c9dabc</code></a>
:wrench: fix: <a
href="https://redirect.github.com/elysiajs/elysia/issues/1752";>#1752</a>
system router with trailing path doesn't match with non-t...</li>
<li><a
href="https://github.com/elysiajs/elysia/commit/d17a7aa204b5feea65d6d8f7651fb7141fb322bd";><code>d17a7aa</code></a>
:wrench: fix: <a
href="https://redirect.github.com/elysiajs/elysia/issues/1755";>#1755</a>
deduplicate local handler from global event</li>
<li><a
href="https://github.com/elysiajs/elysia/commit/e5c9449d4c10dbddd01dda726a80a0b8dc16d68c";><code>e5c9449</code></a>
:wrench: fix: recursive macro with conflict value per status</li>
<li>Additional commits viewable in <a
href="https://github.com/elysiajs/elysia/compare/1.4.18...1.4.27";>compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~GitHub%20Actions";>GitHub Actions</a>, a new
releaser for elysia since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/apache/texera/network/alerts).
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
---------
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xinyuan Lin <[email protected]>
---
.github/dependabot.yml | 28 ++++++++++++++++++++++++++++
agent-service/LICENSE-binary | 4 ++--
agent-service/bun.lock | 6 +++---
agent-service/package.json | 2 +-
4 files changed, 34 insertions(+), 6 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..7fa277b31a
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# agent-service uses Bun (bun.lock). The npm/yarn updater leaves bun.lock
+# stale, so version updates run through the bun ecosystem instead. Requires
+# Dependabot bun support (>= v1.2.5).
+version: 2
+updates:
+ - package-ecosystem: "bun"
+ directory: "/agent-service"
+ schedule:
+ interval: "weekly"
+ commit-message:
+ prefix: "chore(deps)"
diff --git a/agent-service/LICENSE-binary b/agent-service/LICENSE-binary
index ba6237424a..a0b4ae793b 100644
--- a/agent-service/LICENSE-binary
+++ b/agent-service/LICENSE-binary
@@ -241,9 +241,9 @@ Agent service npm packages:
- [email protected]
- [email protected]
- [email protected]
- - [email protected]
+ - [email protected]
- [email protected]
- - [email protected]
+ - [email protected]
- [email protected]
- [email protected]
- [email protected]
diff --git a/agent-service/bun.lock b/agent-service/bun.lock
index 3650dabffa..278df0baba 100644
--- a/agent-service/bun.lock
+++ b/agent-service/bun.lock
@@ -10,7 +10,7 @@
"ai": "5.0.108",
"ajv": "8.18.0",
"dagre": "0.8.5",
- "elysia": "1.4.18",
+ "elysia": "1.4.27",
"pino": "10.3.1",
"rxjs": "7.8.2",
"zod": "3.25.76",
@@ -128,7 +128,7 @@
"debug": ["[email protected]", "", { "dependencies": { "ms": "^2.1.3" } },
"sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
- "elysia": ["[email protected]", "", { "dependencies": { "cookie": "^1.1.1",
"exact-mirror": "0.2.5", "fast-decode-uri-component": "^1.0.1", "memoirist":
"^0.4.0" }, "peerDependencies": { "@sinclair/typebox": ">= 0.34.0 < 1",
"@types/bun": ">= 1.2.0", "file-type": ">= 20.0.0", "openapi-types": ">=
12.0.0", "typescript": ">= 5.0.0" }, "optionalPeers": ["@types/bun",
"typescript"] },
"sha512-A6BhlipmSvgCy69SBgWADYZSdDIj3fT2gk8/9iMAC8iD+aGcnCr0fitziX0xr36MFDs/fsvVp8dWqxeq1VCgKg=="],
+ "elysia": ["[email protected]", "", { "dependencies": { "cookie": "^1.1.1",
"exact-mirror": "^0.2.7", "fast-decode-uri-component": "^1.0.1", "memoirist":
"^0.4.0" }, "peerDependencies": { "@sinclair/typebox": ">= 0.34.0 < 1",
"@types/bun": ">= 1.2.0", "file-type": ">= 20.0.0", "openapi-types": ">=
12.0.0", "typescript": ">= 5.0.0" }, "optionalPeers": ["@types/bun",
"typescript"] },
"sha512-2UlmNEjPJVA/WZVPYKy+KdsrfFwwNlqSBW1lHz6i2AHc75k7gV4Rhm01kFeotH7PDiHIX2G8X3KnRPc33SGVIg=="],
"end-of-stream": ["[email protected]", "", { "dependencies": { "once":
"^1.4.0" } },
"sha512-ooEGc6HP26xXq/N+GCGOT0JKCLDGrq2bQUZrQ7gyrJiZANJ/8YDTxTpQBXGMn+WbIQXNVpyWymm7KYVICQnyOg=="],
@@ -136,7 +136,7 @@
"eventsource-parser": ["[email protected]", "", {},
"sha512-Vo1ab+QXPzZ4tCa8SwIHJFaSzy4R6SHf7BY79rFBDf0idraZWAkYrDjDj8uWaSm3S2TK+hJ7/t1CEmZ7jXw+pg=="],
- "exact-mirror": ["[email protected]", "", { "peerDependencies": {
"@sinclair/typebox": "^0.34.15" }, "optionalPeers": ["@sinclair/typebox"] },
"sha512-u8Wu2lO8nio5lKSJubOydsdNtQmH8ENba5m0nbQYmTvsjksXKYIS1nSShdDlO8Uem+kbo+N6eD5I03cpZ+QsRQ=="],
+ "exact-mirror": ["[email protected]", "", { "peerDependencies": {
"@sinclair/typebox": "^0.34.15" }, "optionalPeers": ["@sinclair/typebox"] },
"sha512-+MeEmDcLA4o/vjK2zujgk+1VTxPR4hdp23qLqkWfStbECtAq9gmsvQa3LW6z/0GXZyHJobrCnmy1cdeE7BjsYg=="],
"fast-copy": ["[email protected]", "", {},
"sha512-58apWr0GUiDFM8+3afrO6eYwJBn9ZAhDOzG3L+/9llab/haCARS2UIfffmOurYLwbgDRs8n0rfr6qAAPEAuAQw=="],
diff --git a/agent-service/package.json b/agent-service/package.json
index 7ab06a1e61..0b42f4ee92 100644
--- a/agent-service/package.json
+++ b/agent-service/package.json
@@ -20,7 +20,7 @@
"ai": "5.0.108",
"ajv": "8.18.0",
"dagre": "0.8.5",
- "elysia": "1.4.18",
+ "elysia": "1.4.27",
"pino": "10.3.1",
"rxjs": "7.8.2",
"zod": "3.25.76"
