chore: verify and recompile agentic workflows after hono/node-server bump

[dependabot]

Dependabot bumped @hono/node-server (1.19.10→1.19.13) and hono (4.12.7→4.12.12) as transitive deps of @sentry/mcp-server via @modelcontextprotocol/sdk. No workflow .md files reference these directly — the only consumer is shared/mcp/sentry.md which already pins @sentry/mcp-server@0.31.0 (latest).

Ran make recompile and gh aw compile --dependabot to verify:

• All 182 workflow files compiled cleanly, zero .lock.yml changes
• npm install --package-lock-only confirmed package-lock.json is already consistent with updated versions

No workflow source changes were needed; the dependabot PR covered the full update.

[pelikhan]

@copilot update agentic workflows that reference those and recompile

[github-actions]

Thanks for the automated security bump, @dependabot[bot]! 🔒 This PR updates @hono/node-server (1.19.10 → 1.19.13) and hono (4.12.7 → 4.12.12), both of which carry important security advisories (GHSA-92pp-h63x-v22m, GHSA-wmmm-f939-6g9c, GHSA-xf4j-xp2r-rqqx, GHSA-xpcf-pg52-r92g, GHSA-26pp-8wgv-hjvm, GHSA-r5rp-j6wh-rvv4). The diff is minimal and tightly scoped to .github/workflows/package-lock.json.

A couple of notes for maintainers reviewing this PR:

• Guidelines gap — CONTRIBUTING.md defines a contribution process exclusively for human community contributors (issue-first → core team implements via agent). It does not explicitly address automated bots like Dependabot. This PR lands outside that documented flow, which is expected for bot-driven security patches, but the guidelines could benefit from a short paragraph acknowledging automated dependency PRs as an accepted exception.
• No tests — No test files were touched. For a pure lock-file bump this is expected, but maintainers should verify that the CI workflow using these packages still passes after the update.
• Scope is .github/workflows/ only — the updated package-lock.json lives under .github/workflows/, not the main application tree. Confirm that no other package-lock.json or package.json in the repo references these packages at older versions.

If you'd like a coding agent to audit the dependency tree and update any other references, use the prompt below:

Audit the repository for any package.json or package-lock.json files (outside of .github/workflows/) that reference `@hono/node-server` or hono at a version below 1.19.13 and 4.12.12 respectively.

For each file found:
1. Update the version to the patched release (1.19.13 for `@hono/node-server`, 4.12.12 for hono).
2. Run `npm install` in that directory to regenerate the lock file.
3. Confirm the updated packages resolve correctly and run any existing tests with `make test` or the project-appropriate test command.
4. Summarise which files were changed and which security advisories each update addresses.

Generated by Contribution Check · ● 2M · ◷

[Copilot]

@copilot update agentic workflows that reference those and recompile

I investigated and ran make recompile + gh aw compile --dependabot. Neither @hono/node-server nor hono are directly referenced in any workflow .md file — they're transitive dependencies of @sentry/mcp-server (via @modelcontextprotocol/sdk). The only relevant workflow is shared/mcp/sentry.md, which already uses the latest @sentry/mcp-server@0.31.0. All 182 workflow files compiled cleanly with no changes to any .lock.yml, and npm install --package-lock-only confirmed the package-lock.json is already correct with the updated versions (@hono/node-server@1.19.13, hono@4.12.12). No further updates are needed.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/graphql
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ml (http block)
  • Triggering command: /usr/bin/gh /usr/bin/gh api graphql -f query=query($owner: String!, $name: String!) { repository(owner: $owner, name: $name) { hasDiscussionsEnabled } } -f owner=github -f name=gh-aw ota=5% yHigh=170M (http block)
• https://api.github.com/repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha get --local $name) { hasDiscussionsEnabled } } credential.usernbash (http block)
  • Triggering command: /usr/bin/gh gh api /repos/astral-sh/setup-uv/git/ref/tags/eac588ad8def6316056a12d4907a9d4d84ff7a3b --jq .object.sha get nd_yarn/dot-github/workflows/npm_and_yarn-84176cb2e3 /home/REDACTED/go/bin/git user.name (http block)
• https://api.github.com/repos/github/gh-aw
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility (http block)
  • Triggering command: /usr/bin/gh gh api /repos/github/gh-aw --jq .visibility --noprofile (http block)
• https://api.github.com/repos/githubnext/agentics/git/ref/tags/-
  • Triggering command: /usr/bin/gh gh api /repos/githubnext/agentics/git/ref/tags/- --jq .object.sha --local user.email (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)