openclaw
diff --git a/‎extensions/acpx/npm-shrinkwrap.json‎
Lines changed: 3 additions & 3 deletions b/‎extensions/acpx/npm-shrinkwrap.json‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎npm-shrinkwrap.json‎
Lines changed: 3 additions & 3 deletions b/‎npm-shrinkwrap.json‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎pnpm-lock.yaml‎
Lines changed: 9 additions & 9 deletions b/‎pnpm-lock.yaml‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎pnpm-workspace.yaml‎
Lines changed: 1 addition & 1 deletion b/‎pnpm-workspace.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/agents/auth-profiles/path-resolve.ts‎
Lines changed: 1 addition & 1 deletion b/‎src/agents/auth-profiles/path-resolve.ts‎
Lines changed: 1 addition & 1 deletion
@@ -70,7 +70,7 @@ overrides:
   "@aws-sdk/core": 3.974.13
   "@aws-sdk/credential-provider-node": 3.972.52
   "@aws-sdk/xml-builder": 3.972.25
-  hono: 4.12.18
+  hono: 4.12.21
   "@hono/node-server": 1.19.14
   axios: 1.16.0
   fast-uri: 3.1.2
 
@@ -66,9 +66,9 @@ export function resolveOAuthRefreshLockPath(provider: string, profileId: string)
   const hash = createHash("sha256");
   // This hashes provider/profile identifiers into a path-safe lock name; it is
   // not password storage or credential verification.
-  // codeql[js/insufficient-password-hash]
   hash.update(provider, "utf8");
   hash.update("\u0000", "utf8"); // NUL separator: unambiguous boundary.
+  // codeql[js/insufficient-password-hash]
   hash.update(profileId, "utf8");
   const safeId = `sha256-${hash.digest("hex")}`;
   return path.join(resolveStateDir(), "locks", "oauth-refresh", safeId);