[Snyk] Security upgrade hono from 4.11.4 to 4.11.7

[omercnet]

Snyk has created this PR to fix 4 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• examples/brave-search-mcp-server/package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Use of Cache Containing Sensitive Information SNYK-JS-HONO-15123484	631
	Incorrect Regular Expression SNYK-JS-HONO-15123483	601
	Incorrect Authorization SNYK-JS-HONO-15123868	601
	Cross-site Scripting (XSS) SNYK-JS-HONO-15123927	541

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Incorrect Regular Expression
🦉 Incorrect Authorization
🦉 Cross-site Scripting (XSS)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
ai	Ready	Preview, Comment	Jan 31, 2026 9:48am
nextjs-descope-mcp-server	Ready	Preview, Comment	Jan 31, 2026 9:48am

[netlify]

✅ Deploy Preview for express-mcp-server canceled.

Name	Link
🔨 Latest commit	6d3e565
🔍 Latest deploy log	https://app.netlify.com/projects/express-mcp-server/deploys/697dcfdf2aebc00008e62926

[netlify]

✅ Deploy Preview for mcp-example-oauth canceled.

Name	Link
🔨 Latest commit	6d3e565
🔍 Latest deploy log	https://app.netlify.com/projects/mcp-example-oauth/deploys/697dcfdf9eeab600086b3b24

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	remote-mcp-server-bearer-auth	6d3e565	Jan 31 2026, 09:48 AM

[Copilot]

Pull request overview

This PR upgrades the hono dependency from version 4.11.4 to 4.11.7 in the brave-search-mcp-server example to address 4 medium-severity security vulnerabilities: cache containing sensitive information, incorrect regular expression, incorrect authorization, and cross-site scripting (XSS).

Changes:

• Bumped hono version from ^4.11.4 to ^4.11.7 in package.json to patch security vulnerabilities

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The package.json dependency version has been updated to 4.11.7, but the corresponding pnpm-lock.yaml file still references hono@4.11.4 (lines 873 and 2048). This means the actual installed version will remain at 4.11.4, leaving the security vulnerabilities unfixed. The lock file must be regenerated by running pnpm install before this PR can be merged to ensure the security fixes are actually applied.

Suggested change

	"hono": "^4.11.7",
	"hono": "^4.11.4",