h3 1.15.3 → 1.15.5

package/README.md

@@ -33,11 +33,11 @@ H3 (pronounced as /eɪtʃθriː/, like h-3) is a minimal h(ttp) framework built
 
 <!-- automd:contributors license=MIT author="pi0" -->
 
-Published under the [MIT](https://github.com/unjs/h3/blob/main/LICENSE) license.
-Made by [@pi0](https://github.com/pi0) and [community](https://github.com/unjs/h3/graphs/contributors) 💛
+Published under the [MIT](https://github.com/h3js/h3/blob/main/LICENSE) license.
+Made by [@pi0](https://github.com/pi0) and [community](https://github.com/h3js/h3/graphs/contributors) 💛
 <br><br>
-<a href="https://github.com/unjs/h3/graphs/contributors">
-<img src="https://contrib.rocks/image?repo=unjs/h3" />
+<a href="https://github.com/h3js/h3/graphs/contributors">
+<img src="https://contrib.rocks/image?repo=h3js/h3" />
 </a>
 
 <!-- /automd -->

package/dist/index.cjs

@@ -315,7 +315,8 @@ function getRequestHeader(event, name) {
 const getHeader = getRequestHeader;
 function getRequestHost(event, opts = {}) {
   if (opts.xForwardedHost) {
-    const xForwardedHost = event.node.req.headers["x-forwarded-host"];
+    const _header = event.node.req.headers["x-forwarded-host"];
+    const xForwardedHost = (_header || "").split(",").shift()?.trim();
     if (xForwardedHost) {
       return xForwardedHost;
     }
@@ -417,7 +418,9 @@ function readRawBody(event, encoding = "utf8") {
     });
     return encoding ? promise2.then((buff) => buff.toString(encoding)) : promise2;
   }
-  if (!Number.parseInt(event.node.req.headers["content-length"] || "") && !String(event.node.req.headers["transfer-encoding"] ?? "").split(",").map((e) => e.trim()).filter(Boolean).includes("chunked")) {
+  if (!Number.parseInt(event.node.req.headers["content-length"] || "") && !/\bchunked\b/i.test(
+    String(event.node.req.headers["transfer-encoding"] ?? "")
+  )) {
     return Promise.resolve(void 0);
   }
   const promise = event.node.req[RawBodySymbol] = new Promise(
@@ -1439,11 +1442,16 @@ async function updateSession(event, config, update) {
 async function sealSession(event, config) {
   const sessionName = config.name || DEFAULT_NAME;
   const session = event.context.sessions?.[sessionName] || await getSession(event, config);
-  const sealed = await ironWebcrypto.seal(config.crypto || crypto__default, session, config.password, {
-    ...ironWebcrypto.defaults,
-    ttl: config.maxAge ? config.maxAge * 1e3 : 0,
-    ...config.seal
-  });
+  const sealed = await ironWebcrypto.seal(
+    config.crypto || crypto__default,
+    session,
+    config.password,
+    {
+      ...ironWebcrypto.defaults,
+      ttl: config.maxAge ? config.maxAge * 1e3 : 0,
+      ...config.seal
+    }
+  );
   return sealed;
 }
 async function unsealSession(_event, config, sealed) {

package/dist/index.d.cts

@@ -117,6 +117,12 @@ interface Session<T extends SessionDataT = SessionDataT> {
     data: SessionData<T>;
     [getSessionPromise]?: Promise<Session<T>>;
 }
+interface SessionManager<T extends SessionDataT = SessionDataT> {
+    readonly id: string | undefined;
+    readonly data: SessionData<T>;
+    update: (update: SessionUpdate<T>) => Promise<SessionManager<T>>;
+    clear: () => Promise<SessionManager<T>>;
+}
 interface SessionConfig {
     /** Private key used to encrypt session tokens */
     password: string;
@@ -145,12 +151,7 @@ type CompatEvent = {
 /**
  * Create a session manager for the current request.
  */
-declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<{
-    readonly id: any;
-    readonly data: T;
-    update: (update: SessionUpdate<T>) => Promise</*elided*/ any>;
-    clear: () => Promise</*elided*/ any>;
-}>;
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<SessionManager<T>>;
 /**
  * Get the session for the current request.
  */
@@ -1393,4 +1394,4 @@ declare function toPlainHandler(app: App): PlainHandler;
 declare function fromPlainHandler(handler: PlainHandler): EventHandler<EventHandlerRequest, Promise<unknown>>;
 
 export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendCorsHeaders, appendCorsPreflightHeaders, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearResponseHeaders, clearSession, createApp, createAppEventHandler, createError, createEvent, createEventStream, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, defineRequestMiddleware, defineResponseMiddleware, defineWebSocket, defineWebSocketHandler, deleteCookie, dynamicEventHandler, eventHandler, fetchWithEvent, fromNodeMiddleware, fromPlainHandler, fromWebHandler, getCookie, getHeader, getHeaders, getMethod, getProxyRequestHeaders, getQuery, getRequestFingerprint, getRequestHeader, getRequestHeaders, getRequestHost, getRequestIP, getRequestPath, getRequestProtocol, getRequestURL, getRequestWebStream, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, getValidatedQuery, getValidatedRouterParams, handleCacheHeaders, handleCors, isCorsOriginAllowed, isError, isEvent, isEventHandler, isMethod, isPreflightRequest, isStream, isWebResponse, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readFormData, readMultipartFormData, readRawBody, readValidatedBody, removeResponseHeader, sanitizeStatusCode, sanitizeStatusMessage, sealSession, send, sendError, sendIterable, sendNoContent, sendProxy, sendRedirect, sendStream, sendWebResponse, serveStatic, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, splitCookiesString, toEventHandler, toNodeListener, toPlainHandler, toWebHandler, toWebRequest, unsealSession, updateSession, use, useBase, useSession, writeEarlyHints };
-export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };
+export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, SessionManager, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };

package/dist/index.d.mts

@@ -117,6 +117,12 @@ interface Session<T extends SessionDataT = SessionDataT> {
     data: SessionData<T>;
     [getSessionPromise]?: Promise<Session<T>>;
 }
+interface SessionManager<T extends SessionDataT = SessionDataT> {
+    readonly id: string | undefined;
+    readonly data: SessionData<T>;
+    update: (update: SessionUpdate<T>) => Promise<SessionManager<T>>;
+    clear: () => Promise<SessionManager<T>>;
+}
 interface SessionConfig {
     /** Private key used to encrypt session tokens */
     password: string;
@@ -145,12 +151,7 @@ type CompatEvent = {
 /**
  * Create a session manager for the current request.
  */
-declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<{
-    readonly id: any;
-    readonly data: T;
-    update: (update: SessionUpdate<T>) => Promise</*elided*/ any>;
-    clear: () => Promise</*elided*/ any>;
-}>;
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<SessionManager<T>>;
 /**
  * Get the session for the current request.
  */
@@ -1393,4 +1394,4 @@ declare function toPlainHandler(app: App): PlainHandler;
 declare function fromPlainHandler(handler: PlainHandler): EventHandler<EventHandlerRequest, Promise<unknown>>;
 
 export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendCorsHeaders, appendCorsPreflightHeaders, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearResponseHeaders, clearSession, createApp, createAppEventHandler, createError, createEvent, createEventStream, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, defineRequestMiddleware, defineResponseMiddleware, defineWebSocket, defineWebSocketHandler, deleteCookie, dynamicEventHandler, eventHandler, fetchWithEvent, fromNodeMiddleware, fromPlainHandler, fromWebHandler, getCookie, getHeader, getHeaders, getMethod, getProxyRequestHeaders, getQuery, getRequestFingerprint, getRequestHeader, getRequestHeaders, getRequestHost, getRequestIP, getRequestPath, getRequestProtocol, getRequestURL, getRequestWebStream, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, getValidatedQuery, getValidatedRouterParams, handleCacheHeaders, handleCors, isCorsOriginAllowed, isError, isEvent, isEventHandler, isMethod, isPreflightRequest, isStream, isWebResponse, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readFormData, readMultipartFormData, readRawBody, readValidatedBody, removeResponseHeader, sanitizeStatusCode, sanitizeStatusMessage, sealSession, send, sendError, sendIterable, sendNoContent, sendProxy, sendRedirect, sendStream, sendWebResponse, serveStatic, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, splitCookiesString, toEventHandler, toNodeListener, toPlainHandler, toWebHandler, toWebRequest, unsealSession, updateSession, use, useBase, useSession, writeEarlyHints };
-export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };
+export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, SessionManager, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };

package/dist/index.d.ts

@@ -117,6 +117,12 @@ interface Session<T extends SessionDataT = SessionDataT> {
     data: SessionData<T>;
     [getSessionPromise]?: Promise<Session<T>>;
 }
+interface SessionManager<T extends SessionDataT = SessionDataT> {
+    readonly id: string | undefined;
+    readonly data: SessionData<T>;
+    update: (update: SessionUpdate<T>) => Promise<SessionManager<T>>;
+    clear: () => Promise<SessionManager<T>>;
+}
 interface SessionConfig {
     /** Private key used to encrypt session tokens */
     password: string;
@@ -145,12 +151,7 @@ type CompatEvent = {
 /**
  * Create a session manager for the current request.
  */
-declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<{
-    readonly id: any;
-    readonly data: T;
-    update: (update: SessionUpdate<T>) => Promise</*elided*/ any>;
-    clear: () => Promise</*elided*/ any>;
-}>;
+declare function useSession<T extends SessionDataT = SessionDataT>(event: H3Event | CompatEvent, config: SessionConfig): Promise<SessionManager<T>>;
 /**
  * Get the session for the current request.
  */
@@ -1393,4 +1394,4 @@ declare function toPlainHandler(app: App): PlainHandler;
 declare function fromPlainHandler(handler: PlainHandler): EventHandler<EventHandlerRequest, Promise<unknown>>;
 
 export { H3Error, H3Event, H3Headers, H3Response, MIMES, appendCorsHeaders, appendCorsPreflightHeaders, appendHeader, appendHeaders, appendResponseHeader, appendResponseHeaders, assertMethod, callNodeListener, clearResponseHeaders, clearSession, createApp, createAppEventHandler, createError, createEvent, createEventStream, createRouter, defaultContentType, defineEventHandler, defineLazyEventHandler, defineNodeListener, defineNodeMiddleware, defineRequestMiddleware, defineResponseMiddleware, defineWebSocket, defineWebSocketHandler, deleteCookie, dynamicEventHandler, eventHandler, fetchWithEvent, fromNodeMiddleware, fromPlainHandler, fromWebHandler, getCookie, getHeader, getHeaders, getMethod, getProxyRequestHeaders, getQuery, getRequestFingerprint, getRequestHeader, getRequestHeaders, getRequestHost, getRequestIP, getRequestPath, getRequestProtocol, getRequestURL, getRequestWebStream, getResponseHeader, getResponseHeaders, getResponseStatus, getResponseStatusText, getRouterParam, getRouterParams, getSession, getValidatedQuery, getValidatedRouterParams, handleCacheHeaders, handleCors, isCorsOriginAllowed, isError, isEvent, isEventHandler, isMethod, isPreflightRequest, isStream, isWebResponse, lazyEventHandler, parseCookies, promisifyNodeListener, proxyRequest, readBody, readFormData, readMultipartFormData, readRawBody, readValidatedBody, removeResponseHeader, sanitizeStatusCode, sanitizeStatusMessage, sealSession, send, sendError, sendIterable, sendNoContent, sendProxy, sendRedirect, sendStream, sendWebResponse, serveStatic, setCookie, setHeader, setHeaders, setResponseHeader, setResponseHeaders, setResponseStatus, splitCookiesString, toEventHandler, toNodeListener, toPlainHandler, toWebHandler, toWebRequest, unsealSession, updateSession, use, useBase, useSession, writeEarlyHints };
-export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };
+export type { AddRouteShortcuts, App, AppOptions, AppUse, CacheConditions, CreateRouterOptions, Duplex, DynamicEventHandler, Encoding, EventHandler, EventHandlerObject, EventHandlerRequest, EventHandlerResolver, EventHandlerResponse, EventStream, EventStreamMessage, EventStreamOptions, H3CorsOptions, H3EventContext, HTTPHeaderName, HTTPMethod, InferEventInput, InputLayer, InputStack, Layer, LazyEventHandler, Matcher, MimeType, MultiPartData, NodeEventContext, NodeListener, NodeMiddleware, NodePromisifiedHandler, PlainHandler, PlainRequest, PlainResponse, ProxyOptions, RequestFingerprintOptions, RequestHeaders, RouteNode, Router, RouterMethod, RouterUse, ServeStaticOptions, Session, SessionConfig, SessionData, SessionManager, Stack, StaticAssetMeta, StatusCode, TypedHeaders, ValidateFunction, ValidateResult, WebEventContext, WebHandler, WebSocketOptions, _RequestMiddleware, _ResponseMiddleware };

package/dist/index.mjs

@@ -308,7 +308,8 @@ function getRequestHeader(event, name) {
 const getHeader = getRequestHeader;
 function getRequestHost(event, opts = {}) {
   if (opts.xForwardedHost) {
-    const xForwardedHost = event.node.req.headers["x-forwarded-host"];
+    const _header = event.node.req.headers["x-forwarded-host"];
+    const xForwardedHost = (_header || "").split(",").shift()?.trim();
     if (xForwardedHost) {
       return xForwardedHost;
     }
@@ -410,7 +411,9 @@ function readRawBody(event, encoding = "utf8") {
     });
     return encoding ? promise2.then((buff) => buff.toString(encoding)) : promise2;
   }
-  if (!Number.parseInt(event.node.req.headers["content-length"] || "") && !String(event.node.req.headers["transfer-encoding"] ?? "").split(",").map((e) => e.trim()).filter(Boolean).includes("chunked")) {
+  if (!Number.parseInt(event.node.req.headers["content-length"] || "") && !/\bchunked\b/i.test(
+    String(event.node.req.headers["transfer-encoding"] ?? "")
+  )) {
     return Promise.resolve(void 0);
   }
   const promise = event.node.req[RawBodySymbol] = new Promise(
@@ -1432,11 +1435,16 @@ async function updateSession(event, config, update) {
 async function sealSession(event, config) {
   const sessionName = config.name || DEFAULT_NAME;
   const session = event.context.sessions?.[sessionName] || await getSession(event, config);
-  const sealed = await seal(config.crypto || crypto, session, config.password, {
-    ...defaults,
-    ttl: config.maxAge ? config.maxAge * 1e3 : 0,
-    ...config.seal
-  });
+  const sealed = await seal(
+    config.crypto || crypto,
+    session,
+    config.password,
+    {
+      ...defaults,
+      ttl: config.maxAge ? config.maxAge * 1e3 : 0,
+      ...config.seal
+    }
+  );
   return sealed;
 }
 async function unsealSession(_event, config, sealed) {

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "h3",
-  "version": "1.15.3",
+  "version": "1.15.5",
   "description": "Minimal H(TTP) framework built for high performance and portability.",
-  "repository": "unjs/h3",
+  "repository": "h3js/h3",
   "license": "MIT",
   "sideEffects": false,
   "exports": {
@@ -24,52 +24,55 @@
     "dev": "vitest",
     "lint": "eslint --cache . && prettier -c src test playground examples docs",
     "lint:fix": "eslint --cache . --fix && prettier -c src test playground examples docs -w",
+    "prepack": "pnpm build",
     "play": "listhen -w ./playground/app.ts",
     "profile": "0x -o -D .profile -P 'autocannon -c 100 -p 10 -d 40 http://localhost:$PORT' ./playground/server.cjs",
-    "release": "pnpm test && pnpm build && changelogen --release --publish --publishTag latest && git push --follow-tags",
-    "test": "pnpm lint && vitest --run --coverage"
+    "release": "pnpm test && pnpm build && changelogen --release --publish --publishTag 1x && git push --follow-tags",
+    "test": "pnpm lint && vitest --run --coverage && pnpm test:types",
+    "test:types": "tsgo --noEmit"
   },
   "resolutions": {
     "h3": "^1.14.0"
   },
   "dependencies": {
     "cookie-es": "^1.2.2",
-    "crossws": "^0.3.4",
+    "crossws": "^0.3.5",
     "defu": "^6.1.4",
     "destr": "^2.0.5",
     "iron-webcrypto": "^1.2.1",
-    "node-mock-http": "^1.0.0",
+    "node-mock-http": "^1.0.4",
     "radix3": "^1.1.2",
-    "ufo": "^1.6.1",
+    "ufo": "^1.6.3",
     "uncrypto": "^0.1.3"
   },
   "devDependencies": {
-    "0x": "^5.8.0",
-    "@types/express": "^5.0.1",
-    "@types/node": "^22.15.2",
+    "0x": "^6.0.0",
+    "@types/express": "^5.0.6",
+    "@types/node": "^25.0.8",
     "@types/supertest": "^6.0.3",
-    "@vitest/coverage-v8": "^3.1.2",
+    "@typescript/native-preview": "7.0.0-dev.20260115.1",
+    "@vitest/coverage-v8": "^4.0.17",
     "autocannon": "^8.0.0",
-    "automd": "^0.4.0",
-    "changelogen": "^0.6.1",
+    "automd": "^0.4.2",
+    "changelogen": "^0.6.2",
     "connect": "^3.7.0",
-    "eslint": "^9.25.1",
-    "eslint-config-unjs": "^0.4.2",
-    "express": "^5.1.0",
+    "eslint": "^9.39.2",
+    "eslint-config-unjs": "^0.6.2",
+    "express": "^5.2.1",
     "get-port": "^7.1.0",
-    "h3": "^1.15.1",
-    "jiti": "^2.4.2",
+    "h3": "^2.0.1-rc.8",
+    "jiti": "^2.6.1",
     "listhen": "^1.9.0",
-    "node-fetch-native": "^1.6.6",
-    "prettier": "^3.5.3",
-    "react": "^19.1.0",
-    "react-dom": "^19.1.0",
-    "supertest": "^7.1.0",
-    "typescript": "^5.8.3",
-    "unbuild": "^3.5.0",
-    "undici": "^7.8.0",
-    "vitest": "^3.1.2",
-    "zod": "^3.24.3"
+    "node-fetch-native": "^1.6.7",
+    "prettier": "^3.8.0",
+    "react": "^19.2.3",
+    "react-dom": "^19.2.3",
+    "supertest": "^7.2.2",
+    "typescript": "^5.9.3",
+    "unbuild": "^3.6.1",
+    "undici": "^7.18.2",
+    "vitest": "^4.0.17",
+    "zod": "^4.3.5"
   },
-  "packageManager": "pnpm@10.2.0"
+  "packageManager": "pnpm@10.28.0"
 }