chore(deps): bump @hono/node-server from 1.19.14 to 2.0.4

[dependabot]

Bumps @hono/node-server from 1.19.14 to 2.0.4.

Release notes

Sourced from @​hono/node-server's releases.

v2.0.4

What's Changed

• fix: stub ws types to prevent them leaking in public types by @​BlankParticle in honojs/node-server#359

Full Changelog: honojs/node-server@v2.0.3...v2.0.4

v2.0.3

What's Changed

• chore(ci): update GitHub Actions versions by @​BlankParticle in honojs/node-server#352
• docs: Align the ServeStaticOptions comment with the current spec by @​kakkokari-gtyih in honojs/node-server#356
• fix: preserve headers mutated after raw Response construction by @​abdulmunimjemal in honojs/node-server#357

New Contributors

• @​kakkokari-gtyih made their first contribution in honojs/node-server#356
• @​abdulmunimjemal made their first contribution in honojs/node-server#357

Full Changelog: honojs/node-server@v2.0.2...v2.0.3

v2.0.2

What's Changed

• fix(serve-static): stop using file birthtime for Date header by @​usualoma in honojs/node-server#350
• fix: handle serveStatic stream fallback backpressure by @​usualoma in honojs/node-server#351

Full Changelog: honojs/node-server@v2.0.1...v2.0.2

v2.0.1

What's Changed

• fix: forward Hono response headers during WebSocket upgrade by @​gentamura in honojs/node-server#346

New Contributors

• @​gentamura made their first contribution in honojs/node-server#346

Full Changelog: honojs/node-server@v2.0.0...v2.0.1

v2.0.0

Now, we release the second major version of the Hono Node.js adapter 🎉 🎉 🎉

The Hono Node.js adapter is now up to 2.3x faster

v2 of the Hono Node.js adapter reaches up to 2.3x the throughput of v1 — that's the peak number, measured on the body-parsing scenario of bun-http-framework-benchmark. The other scenarios (Ping, Query) get a smaller but real boost too.

Install or upgrade with:

npm i @hono/node-server@latest

v2

... (truncated)

Commits

• 9e1cdee 2.0.4
• b4ca622 fix: stub ws types to prevent them leaking in public types (#359)
• 9d87987 2.0.3
• 9463250 fix: preserve headers mutated after raw Response construction (#357)
• cee5e81 docs: Align the ServeStaticOption command with the current specification (#...
• 4aa0650 chore(ci): update GitHub Actions versions (#352)
• 808159c 2.0.2
• 1a9748e fix: handle serveStatic stream fallback backpressure (#351)
• 54d1bcd fix(serve-static): stop using file birthtime for Date header (#350)
• 9138a80 2.0.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: security. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
flexible-accessible	Error		Jun 15, 2026 6:18am

[kilo-code-bot]

Code Review Summary

Status: 2 Issues Found | Recommendation: Address before merge

Overview

Severity	Count
WARNING	2

Issue Details (click to expand)

WARNING

File	Line	Issue
packages/stakeholders/src/types/stakeholder.ts	59	Zod v4 breaking change: .email() requires { message?: string } object parameter instead of no arguments. Current usage z.string().email() may need migration.
packages/stakeholders/src/types/governance.ts	40	Zod v4 breaking change: .email() requires { message?: string } object parameter instead of no arguments. Current usage z.string().email() may need migration.

Other Observations (not in diff)

Issues found in unchanged code that cannot receive inline comments:

• Zod v4 Compatibility Warning: This PR upgrades zod to v4.4.3. While most APIs are backward compatible, the .email() method signature has changed in Zod v4. The current code uses z.string().email() which still works but emits a deprecation warning. Consider validating all zod schemas compile correctly after this upgrade.
• Duplicate zod installations: Multiple node_modules/zod entries exist in lockfile for different workspaces (apps/web, apps/worker, packages/ai-review, packages/cli, packages/config, packages/core-services, packages/mcp-server, packages/rag, packages/stakeholders). npm workspaces should deduplicate these.
• Node.js Version: @hono/node-server v2.0.4 now requires Node.js >=20, which matches the project's engine requirement (node >=20.0.0). This is compatible.
• MCP SDK compatibility: The @modelcontextprotocol/sdk still uses hono v4.11.4 with hono/node-server v1.19.9 as a nested dependency (line 4311-4312 in lockfile). This should be fine as it's isolated.

Files Reviewed (1 file)

• package.json - 0 issues (auto-generated lockfile changes)

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Overview

Severity	Count
CRITICAL	0
WARNING	0

This is a Dependabot PR updating @hono/node-server from v1.19.14 to v2.0.4. The changes are:

• package.json: Single line version bump (auto-generated)
• package-lock.json: Lockfile updates with no code changes
• Removed libc fields: Normal npm lockfile behavior change for optional platform-specific packages

Compatibility Assessment

1. Node.js Engine: @hono/node-server@2.0.4 requires node >=20, matching the project requirement (node >=20.0.0). ✅ Compatible

2. Zod v4: Already declared by workspace packages (^4.4.3). All current zod usages are compatible:

   • z.string().email() - Valid in v4 (no-arg form still works)
   • z.coerce.number() - Compatible
   • z.record(z.unknown()) - Compatible
   • z.number().nullable() - Compatible

3. MCP SDK: Uses @hono/node-server@^1.19.9 as nested dependency (isolated). No conflict.

Note: Vercel Deployment Error

The Vercel deployment shows an error. Since this is a pure dependency bump, verify:

• npm run typecheck passes
• Lockfile integrity is intact

Files Reviewed (2 files)

• package.json - 0 issues (auto-generated lockfile changes)
• package-lock.json - 0 issues (generated lockfile)

---

_{Reviewed by laguna-m.1-20260312:free · 8,378,486 tokens}

[Hardonian]

Closing as part of repo cleanup sweep.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.