[Aikido] Fix 19 security issues in h3, lodash, thirdweb and 4 more

[aikido-autofix]

Upgrade dependencies to fix critical SSE injection, arbitrary code execution via template imports, and authentication bypass vulnerabilities.

⚠️ Incomplete breaking changes analysis (6/7 analyzed)

⚠️ Breaking changes analysis not available for: thirdweb

All breaking changes by upgrading lodash from version 4.17.21 to 4.18.0 (CHANGELOG)

Version	Description
4.18.0	_.unset / _.omit now block constructor and prototype as non-terminal path keys unconditionally. Calls that previously returned true and deleted the property now return false and leave the target untouched.
4.18.0	_.template now throws "Invalid imports option passed into _.template" when imports keys contain forbidden identifier characters, which were previously allowed.

All breaking changes by upgrading socket.io-parser from version 4.2.4 to 4.2.6 (CHANGELOG)

Version	Description
4.2.6	Added a limit to the number of binary attachments, which restricts previously unlimited attachment behavior

All breaking changes by upgrading defu from version 6.1.4 to 6.1.5 (CHANGELOG)

Version	Description
v6.1.5	Inherited enumerable properties are now ignored, which may affect code that previously relied on merging inherited properties from prototype chains

✅ 19 CVEs resolved by this upgrade, including 3 critical 🚨 CVEs

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-33128	🚨 CRITICAL	[h3] createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization, allowing attackers who control SSE message fields to inject arbitrary events to connected clients.
GHSA-4hxc-9384-m385	MEDIUM	[h3] The EventStream class fails to sanitize carriage return (\r) characters in data and comment fields, allowing attackers to inject arbitrary SSE events, spoof event types, and split single push() calls into multiple browser-parsed events. This bypasses a prior fix that only addressed newline (\n) injection.
CVE-2026-4800	🚨 CRITICAL	[lodash] A vulnerability in _.template allows arbitrary code execution through untrusted key names in options.imports or prototype pollution, as validation was incomplete after a prior CVE fix. An attacker can inject malicious code that executes during template compilation.
CVE-2025-13465	MEDIUM	[lodash] A prototype pollution vulnerability in _.unset and _.omit functions allows attackers to delete methods from global prototypes via crafted paths. While this prevents property overwriting, it can cause denial of service by removing critical functionality.
CVE-2026-2950	MEDIUM	[lodash] Prototype pollution vulnerability in _.unset and _.omit functions allows attackers to bypass previous fixes using array-wrapped path segments, enabling deletion of properties from built-in prototypes. While this doesn't allow overwriting prototype behavior, it can cause denial of service or unexpected application behavior.
CVE-2026-29045	🚨 CRITICAL	[hono] URL decoding inconsistency between router and serveStatic allows bypassing route-based middleware protections via encoded slashes (%2F), enabling unauthorized access to protected static resources. This vulnerability permits attackers to circumvent authorization checks through path manipulation.
CVE-2026-29085	MEDIUM	[hono] Improper input validation in streamSSE() allows injection of arbitrary SSE fields through unvalidated carriage return and newline characters in event, id, and retry fields, enabling protocol manipulation and potential information disclosure or DoS attacks.
CVE-2026-39409	MEDIUM	[hono] The ipRestriction() middleware fails to normalize IPv4-mapped IPv6 addresses (e.g., ::ffff:127.0.0.1) before applying IPv4 rules, allowing denied clients to bypass restrictions or legitimate clients to be incorrectly rejected. This is an authorization bypass vulnerability affecting IPv4-based access control policies.
CVE-2026-39408	MEDIUM	[hono] Path traversal vulnerability in toSSG() allows attackers to write files outside the configured output directory by injecting traversal sequences into ssgParams values during static site generation. This could lead to arbitrary file writes affecting build artifacts and deployment outputs.
CVE-2026-29086	MEDIUM	[hono] The setCookie() utility fails to validate semicolons, carriage returns, and newlines in domain and path options, allowing attackers to inject additional cookie attributes through untrusted input. This could lead to cookie manipulation and potential security bypasses.
GHSA-26pp-8wgv-hjvm	MEDIUM	[hono] Cookie names are not validated in setCookie(), serialize(), or serializeSigned(), allowing invalid characters that can cause malformed Set-Cookie headers and runtime errors when processing untrusted cookie names.
CVE-2026-39407	MEDIUM	[hono] Path handling inconsistency in serveStatic allows bypassing route-based middleware protection by using repeated slashes (//), enabling unauthorized access to protected static files. The vulnerability occurs because the router and serveStatic normalize paths differently, allowing attackers to circumvent authorization checks.
CVE-2026-39410	MEDIUM	[hono] Cookie prefix protections can be bypassed due to inconsistent parsing of cookie names with non-breaking spaces, allowing attackers to override legitimate cookies. This may lead to session hijacking or bypassing secure cookie protections.
GHSA-v8w9-8mx6-g223	MEDIUM	[hono] Prototype pollution vulnerability in parseBody({ dot: true }) where specially crafted form field names like __proto__.x create objects with __proto__ properties, potentially enabling prototype pollution if merged unsafely into other objects.
GHSA-gq3j-xvxp-8hrf	LOW	[hono] The basicAuth and bearerAuth middlewares used non-timing-safe string comparison for hash validation, potentially allowing timing-based analysis attacks. The vulnerability has been fixed by implementing constant-time comparison to prevent early termination.
CVE-2026-33151	HIGH	[socket.io-parser] A specially crafted Socket.IO packet can cause the server to buffer an excessive number of binary attachments, leading to memory exhaustion and denial of service.
CVE-2026-25639	HIGH	[axios] The mergeConfig function crashes with a TypeError when processing configuration objects containing proto as an own property, allowing attackers to trigger denial of service. An attacker can exploit this by providing a malicious configuration object created via JSON.parse().
CVE-2026-35209	HIGH	[defu] Prototype pollution vulnerability in the defu function allows attackers to override default object properties through crafted __proto__ payloads in unsanitized user input, potentially leading to application logic bypass or information disclosure.
AIKIDO-2024-10466	MEDIUM	[viem] Insufficient entropy in the signature algorithm allows nonce reuse across transactions, enabling attackers to recover the private key and compromise cryptographic security.

🔗 Related Tasks

• https://linear.app/cube-labs/issue/CUB-2899/small-upgrade-for-lodash
• https://linear.app/cube-labs/issue/CUB-2961/small-upgrade-for-hono
• https://linear.app/cube-labs/issue/CUB-2965/minor-upgrade-for-axios
• https://linear.app/cube-labs/issue/CUB-3055/minor-upgrade-for-h3
• https://linear.app/cube-labs/issue/CUB-3051/small-upgrade-for-socketio-parser
• https://linear.app/cube-labs/issue/CUB-3077/small-upgrade-for-defu

🔄 Upgrade impact analysis is in progress. Breaking changes will be added here once finalized.

---

PR-Codex overview

This PR focuses on updating the package.json files and dependency versions across multiple packages, enhancing linting configurations, and improving package management for better compatibility and performance.

Detailed summary

• Updated packageManager to pnpm@10.30.3.
• Modified lint-staged configuration for better formatting.
• Added new dependencies (h3, lodash, hono, socket.io-parser, axios, defu) with specific version constraints.
• Adjusted typesVersions format in packages/agw-react/package.json.
• Updated thirdweb version to 5.93.5-nightly.
• Increased versions for several dependencies in pnpm-lock.yaml.
• Deprecated older versions of @walletconnect packages, indicating reliability improvements.
• Cleaned up outdated or unused dependencies across various packages.

The following files were skipped due to too many changes: pnpm-lock.yaml

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

[changeset-bot]

⚠️ No Changeset found

Latest commit: dad8f57

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR