From 86847bac166b99c37b64decc3500284269e4a8f9 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 24 Jan 2026 01:03:45 +0000
Subject: [PATCH] build(deps): bump cors from 2.8.5 to 2.8.6

Bumps [cors](https://github.com/expressjs/cors) from 2.8.5 to 2.8.6.
- [Release notes](https://github.com/expressjs/cors/releases)
- [Changelog](https://github.com/expressjs/cors/blob/master/HISTORY.md)
- [Commits](https://github.com/expressjs/cors/compare/v2.8.5...v2.8.6)

---
updated-dependencies:
- dependency-name: cors
  dependency-version: 2.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index e47e0cf1..147e618b 100644
--- a/package.json
+++ b/package.json
@@ -45,7 +45,7 @@
     "@feathersjs/socketio": "^5.0.37",
     "cls-hooked": "^4.2.2",
     "compression": "^1.8.1",
-    "cors": "^2.8.5",
+    "cors": "^2.8.6",
     "cross-env": "^10.1.0",
     "feathers-authentication-hooks": "^1.0.2",
     "feathers-hooks-common": "^8.2.1",
diff --git a/yarn.lock b/yarn.lock
index defa83b4..09320f7a 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2997,10 +2997,10 @@ core-js-compat@^3.43.0:
   dependencies:
     browserslist "^4.26.3"
 
-cors@^2.8.5, cors@~2.8.5:
-  version "2.8.5"
-  resolved "https://registry.yarnpkg.com/cors/-/cors-2.8.5.tgz#eac11da51592dd86b9f06f6e7ac293b3df875d29"
-  integrity sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==
+cors@^2.8.5, cors@^2.8.6, cors@~2.8.5:
+  version "2.8.6"
+  resolved "https://registry.yarnpkg.com/cors/-/cors-2.8.6.tgz#ff5dd69bd95e547503820d29aba4f8faf8dfec96"
+  integrity sha512-tJtZBBHA6vjIAaF6EnIaq6laBBP9aq/Y3ouVJjEfoHbRBcHBAHYcMh/w8LDrk2PvIMMq8gmopa5D4V8RmbrxGw==
   dependencies:
     object-assign "^4"
     vary "^1"