[Snyk] Security upgrade agents from 0.3.10 to 0.4.0

[jscraik]

Snyk has created this PR to fix 15 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• packages/cloudflare-template/package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Interpretation Conflict SNYK-JS-FASTURI-16642394	721
	Directory Traversal SNYK-JS-FASTURI-16642399	721
	Allocation of Resources Without Limits or Throttling SNYK-JS-HONO-16438966	721
	Use of Cache Containing Sensitive Information SNYK-JS-HONO-16624532	631
	Directory Traversal SNYK-JS-HONO-15928824	559
	HTTP Response Splitting SNYK-JS-HONO-15928831	559
	Directory Traversal SNYK-JS-HONONODESERVER-15928840	559
	Improper Encoding or Escaping of Output SNYK-JS-HONO-16624528	551
	Cross-site Scripting (XSS) SNYK-JS-IPADDRESS-16636412	551
	Improper Validation of Specified Quantity in Input SNYK-JS-HONO-16624529	541
	Improper Input Validation SNYK-JS-HONO-15928832	529
	Incorrect Behavior Order: Validate Before Canonicalize SNYK-JS-HONO-15928834	529
	Directory Traversal SNYK-JS-HONO-15928833	509
	Cross-site Scripting (XSS) SNYK-JS-HONO-16080667	479
	HTML Injection SNYK-JS-HONO-16438965	401

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Directory Traversal
🦉 Improper Input Validation
🦉 Cross-site Scripting (XSS)
🦉 More lessons are available in Snyk Learn

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: b4165c4c-334b-46d8-8f0d-46fe1b643e7a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch snyk-fix-f6a8e6ca926654a3ddc8ec90a9d22f8d

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2ece273111

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Update lockfile for bumped agents dependency

Bumping agents to ^0.4.0 in packages/cloudflare-template/package.json without updating pnpm-lock.yaml leaves the lockfile still pinned to 0.3.10 (see pnpm-lock.yaml importer entry at lines 213-215 and package entries around lines 3894/10778). Our CI runs pnpm install --frozen-lockfile --prod=false in .github/workflows/ci.yml (e.g., line 66 and repeated in other jobs), so this commit can fail installs until the lockfile is regenerated and committed.

Useful? React with 👍 / 👎.