chore(deps): bump x402 runtime packages

[tomismeta]

Summary\n- bump , , , and from to \n- update the lockfile for the new x402 runtime set\n- leave application code unchanged and validate the payment paths against the new packages\n\n## Validation\n-

pull-md@1.0.0 test:all
npm run test && node --check public/js/app.js && node --check public/js/create.js && node --check public/js/admin.js

pull-md@1.0.0 test
node --test tests/*.test.js

✔ public assets discovery endpoint returns canonical asset response shape (3.953541ms)
✔ scanMarkdownAssetContent flags dangerous URI schemes (13.52875ms)
✔ scanMarkdownAssetContent warns on prompt-injection phrases in advisory mode (2.754917ms)
✔ scanMarkdownAssetContent flags zero-width unicode characters (3.968375ms)
✔ scanMarkdownAssetContent blocks bidi override characters in enforce mode (0.5035ms)
✔ scanMarkdownAssetContent flags confusable homoglyph tokens (0.570416ms)
✔ scanMarkdownAssetContent escalates injection phrase in html comment (0.474292ms)
✔ scanMarkdownAssetContent detects long base64-like encoded payloads (0.378875ms)
✔ scanMarkdownAssetContent detects expanded secret patterns (0.261667ms)
✔ scanMarkdownAssetContent handles scanner runtime errors with fail_closed policy (0.288667ms)
✔ scanMarkdownAssetContent handles scanner runtime errors with fail_open policy (0.286833ms)
✔ scanMarkdownAssetContent returns disabled verdict when mode is off (0.223125ms)
✔ scanMarkdownAssetContent warns on oversized content before scanner execution (168.007625ms)
✔ publishCreatorListingDirect blocks publish when enforce mode finds critical issues (50.274042ms)
✔ api-catalog well-known endpoint returns RFC9727 linkset and head links (0.919375ms)
✔ openapi endpoint exposes canonical REST paths (0.159209ms)
✔ core endpoints include discovery Link headers (12.999083ms)
✔ classifyRedownloadHeaders supports receipt-first primary mode (0.807875ms)
✔ classifyRedownloadHeaders detects strict agent challenge headers (0.071833ms)
✔ classifyRedownloadHeaders requires explicit receipt header for browser redownloads (0.06325ms)
✔ classifyRedownloadHeaders supports session recovery mode (0.053625ms)
✔ classifyRedownloadHeaders supports signed recovery mode (0.054417ms)
✔ classifyRedownloadHeaders rejects incomplete redownload headers (0.047333ms)
✔ classifyRedownloadHeaders ignores cookie-only session token without wallet header (0.0525ms)
✔ classifyRedownloadHeaders ignores cookie-only receipt without wallet header (0.065042ms)
✔ classifyClientMode enables strict agent mode via X-CLIENT-MODE (0.071292ms)
✔ classifyClientMode defaults to non-strict mode when header is absent (0.080625ms)
✔ manifest exposes strict agent guardrails and facilitator capability flags (2.0355ms)
✔ immediate publish + visibility removal flow (151.707292ms)
✔ publishCreatorListingDirect dry_run returns field-level errors and does not persist listings (6.666458ms)
✔ catalog fallback reads Vercel draft directory when MARKETPLACE_DRAFTS_DIR is unset (9.893292ms)
✔ creator auth accepts ISO timestamp and CRLF SIWE message variant (12.671375ms)
✔ moderator auth accepts ISO timestamp and trailing newline SIWE message variant (7.894291ms)
✔ MCP initialize returns protocol capabilities over streamable HTTP (34.542334ms)
✔ MCP initialize works for JSON-only Accept clients (compat mode) (5.401375ms)
✔ MCP tools/list exposes expected tool names (2.850041ms)
✔ MCP tools/call executes list_assets and returns structured content (6.671334ms)
✔ MCP get_auth_challenge returns SIWE template and timestamp guidance (7.165541ms)
✔ MCP get_auth_challenge returns suggested listing for creator publish action (2.866459ms)
✔ MCP get_auth_challenge defaults creator flow action to publish_listing (1.964708ms)
✔ MCP publish_listing auth errors include challenge timestamp metadata (15.705667ms)
✔ MCP tools/call returns tool error payload for unknown tool (4.10025ms)
✔ MCP notifications/initialized supports notification-style no-id request (2.139541ms)
✔ MCP prompts/list and prompts/get return workflow helpers (5.527542ms)
✔ MCP resources/list and resources/read expose discoverable URIs (5.919791ms)
✔ official MCP SDK client can connect and execute PULL.md tools/resources (101.225ms)
✔ official MCP SDK client receives structured tool errors for unknown tool names (11.637417ms)
✔ wallet session auth plain message is rejected (SIWE-only) (159.693ms)
✔ wallet session auth typed-data signature is rejected (SIWE-only) (47.553625ms)
✔ wallet session auth SIWE signature verifies with action=session (10.429042ms)
✔ redownload auth plain message is rejected (SIWE-only) (50.111875ms)
✔ redownload auth SIWE signature verifies (9.007417ms)
✔ redownload auth SIWE with CRLF line-endings verifies (8.253958ms)
✔ redownload session token binds to wallet and expires (14.562625ms)
✔ purchase receipt verifies with legacy secret fallback (6.911916ms)
✔ normalizeTelemetryWindowHours clamps to supported bounds (0.743917ms)
✔ normalizeTelemetrySchema enforces safe postgres identifiers (0.43ms)
✔ recordTelemetryEvent returns unconfigured when no database URL is present (0.64375ms)
✔ telemetry kill switch disables ingestion globally (0.239042ms)
✔ WEBMCP markdown endpoint is generated from manifest contract (1.302208ms)
✔ normalizeAssetTransferMethod recognizes only eip3009 and permit2 (0.638792ms)
✔ strict agent transfer method defaults to eip3009 unless explicitly overridden (0.659041ms)
✔ getTransferMethodFromSubmittedPayment resolves branch deterministically (0.076334ms)
✔ canonicalizeSubmittedPayment normalizes malformed eip3009 nested signature (0.08575ms)
✔ canonicalizeSubmittedPayment normalizes malformed permit2 alias field (0.056834ms)
✔ validatePaymentPayloadContract rejects missing payload object (0.118125ms)
✔ validatePaymentPayloadContract rejects eip3009 signature nested under authorization (0.069334ms)
✔ validatePaymentPayloadContract accepts valid eip3009 signature shape (40.173291ms)
✔ validatePaymentPayloadContract rejects signer mismatch for eip3009 (16.141833ms)
✔ x402 SDK fetch wrapper performs 402 -> sign -> retry and preserves settlement response (30.260833ms)
✔ x402 SDK selector enforces eip3009 default when multiple methods are offered (5.057167ms)
ℹ tests 71
ℹ suites 0
ℹ pass 71
ℹ fail 0
ℹ cancelled 0
ℹ skipped 0
ℹ todo 0
ℹ duration_ms 1013.725041\n- ✔ MCP initialize returns protocol capabilities over streamable HTTP (29.106917ms)
✔ MCP initialize works for JSON-only Accept clients (compat mode) (5.291ms)
✔ MCP tools/list exposes expected tool names (3.227333ms)
✔ MCP tools/call executes list_assets and returns structured content (4.981375ms)
✔ MCP get_auth_challenge returns SIWE template and timestamp guidance (3.116291ms)
✔ MCP get_auth_challenge returns suggested listing for creator publish action (2.134167ms)
✔ MCP get_auth_challenge defaults creator flow action to publish_listing (2.494917ms)
✔ MCP publish_listing auth errors include challenge timestamp metadata (6.851916ms)
✔ MCP tools/call returns tool error payload for unknown tool (2.242416ms)
✔ MCP notifications/initialized supports notification-style no-id request (2.2185ms)
✔ MCP prompts/list and prompts/get return workflow helpers (3.097208ms)
✔ MCP resources/list and resources/read expose discoverable URIs (4.723791ms)
✔ normalizeAssetTransferMethod recognizes only eip3009 and permit2 (0.648791ms)
✔ strict agent transfer method defaults to eip3009 unless explicitly overridden (0.668084ms)
✔ getTransferMethodFromSubmittedPayment resolves branch deterministically (0.074542ms)
✔ canonicalizeSubmittedPayment normalizes malformed eip3009 nested signature (0.08375ms)
✔ canonicalizeSubmittedPayment normalizes malformed permit2 alias field (0.056125ms)
✔ validatePaymentPayloadContract rejects missing payload object (0.117083ms)
✔ validatePaymentPayloadContract rejects eip3009 signature nested under authorization (0.068625ms)
✔ validatePaymentPayloadContract accepts valid eip3009 signature shape (32.925708ms)
✔ validatePaymentPayloadContract rejects signer mismatch for eip3009 (12.152417ms)
ℹ tests 21
ℹ suites 0
ℹ pass 21
ℹ fail 0
ℹ cancelled 0
ℹ skipped 0
ℹ todo 0
ℹ duration_ms 303.551917\n- # npm audit report

@hono/node-server <1.19.10
Severity: high
@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware - GHSA-wc8c-qw6v-h7f6
fix available via npm audit fix
node_modules/@hono/node-server

ajv 7.0.0-alpha.0 - 8.17.1
Severity: moderate
ajv has ReDoS when using $data option - GHSA-2g4f-4pwh-qvx6
fix available via npm audit fix
node_modules/ajv

bn.js 5.0.0 - 5.2.2
Severity: moderate
bn.js affected by an infinite loop - GHSA-378v-28hj-76wf
fix available via npm audit fix
node_modules/bn.js

express-rate-limit 8.2.0 - 8.2.1
Severity: high
express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting on servers with dual-stack network - GHSA-46wh-pxpv-q5gq
fix available via npm audit fix
node_modules/express-rate-limit

hono <=4.12.3
Severity: high
Hono added timing comparison hardening in basicAuth and bearerAuth - GHSA-gq3j-xvxp-8hrf
Hono Vulnerable to Cookie Attribute Injection via Unsanitized domain and path in setCookie() - GHSA-5pq2-9x2x-5p6w
Hono Vulnerable to SSE Control Field Injection via CR/LF in writeSSE() - GHSA-p6xx-57qc-3wxr
Hono vulnerable to arbitrary file access via serveStatic vulnerability - GHSA-q5qw-h33p-qvwr
fix available via npm audit fix
node_modules/hono

5 vulnerabilities (2 moderate, 3 high)

To address all issues, run:
npm audit fix (remaining 5 prod findings unchanged; this PR does not materially change audit state)\n\n## Risk\n- medium: payment/runtime dependency upgrade\n- mitigated by focused x402/download/auth test coverage and a clean branch isolated from local workspace edits

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
pull-md	Ready	Preview, Comment	Mar 6, 2026 11:12pm