Bump hono from 3.3.4 to 4.6.5 #189

dependabot · 2024-10-15T17:50:25Z

Bumps hono from 3.3.4 to 4.6.5.

Release notes

v4.6.5

Security fix for CSRF Protection Middleware

This release includes a security fix for CSRF Protection Middleware. If you are using CSRF Protection Middleware, please upgrade this hono package immediately.

Before this release, a request without a Content-Type header can bypass the protection. This fix does not allow it. See: GHSA-2234-fmw7-43wr

What's Changed

perf(types): replace intersection with union to get better perf by @m-shaka in honojs/hono#3443

ci: use Deno v2 by @yusukebe in honojs/hono#3506

ci: use Deno v2 for a test running for deno by @nakasyou in honojs/hono#3509

fix(types): rm ExcludeEmptyObject to fix massively increased type instantiations by @m-shaka in honojs/hono#3507

fix(cors): avoid setting Access-Control-Allow-Origin if there is no matching origin by @uki00a in honojs/hono#3510

feat(powered-by): optional server name by @PatrickJS in honojs/hono#3492

fix(factory): revert PR #3498 by @yusukebe in honojs/hono#3515

fix(build): remove private fields by @nakasyou in honojs/hono#3514

New Contributors

@uki00a made their first contribution in honojs/hono#3510

@PatrickJS made their first contribution in honojs/hono#3492

Full Changelog: honojs/hono@v4.6.4...v4.6.5

v4.6.4

What's Changed

chore: upgrade dependencies by @yusukebe in honojs/hono#3446

chore: remove crypto-js from dev dependencies by @yusukebe in honojs/hono#3447

chore(test): suppress no-unused-vars "'x' is assigned a value but only used as type" by @exoego in honojs/hono#3451

chore(test): include bun coverage by @exoego in honojs/hono#3457

test(deno): remove duplicated app.get by @exoego in honojs/hono#3469

fix(types): add key to IntrinsicAttributes by @codehz in honojs/hono#3474

fix(factory): relax Bindings and Variables for createMiddleware by @yusukebe in honojs/hono#3498

fix(service-worker): bind fetch to globalThis by @sapphi-red in honojs/hono#3500

refactor(jsx): add override to toStringToBuffer in classes extending JSXNode by @yusukebe in honojs/hono#3505

New Contributors

@sapphi-red made their first contribution in honojs/hono#3500

Full Changelog: honojs/hono@v4.6.3...v4.6.4

v4.6.3

This release has many new features, but each feature is small, so we've released it as a patch release.

What's Changed

chore: rename runtime_tests to runtime-tests by @yusukebe in honojs/hono#3419

ci: Type check perf by @m-shaka in honojs/hono#3406

refactor(jsx/streaming): Clarified the type of renderToReadableStream. by @usualoma in honojs/hono#3434

perf(types): use homomorphic mapped type to reduce conditional branches by @m-shaka in honojs/hono#3440

ci: prettify type check result and rm a comment by @m-shaka in honojs/hono#3442

fix(types): useSyncExternalStore type by @codehz in honojs/hono#3437

... (truncated)

Commits

89a0ac1 v4.6.5
c4d19ec chore: update the lockfile
6cf01e5 fix(build): remove private fields (#3514)
aa50e0a Merge commit from fork
f9e6ea7 fix(factory): revert PR #3498 (#3515)
fc9cc6d feat(powered-by): optional server name (#3492)
cebf4e8 fix(cors): avoid setting Access-Control-Allow-Origin if there is no matchin...
3311664 fix(types): rm ExcludeEmptyObject to fix massively increased type instantiati...
bd9effe ci: use Deno v2 for a test running for deno (#3509)
9986b47 ci: use Deno v2 (#3506)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [hono](https://github.com/honojs/hono) from 3.3.4 to 4.6.5. - [Release notes](https://github.com/honojs/hono/releases) - [Commits](honojs/hono@v3.3.4...v4.6.5) --- updated-dependencies: - dependency-name: hono dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Oct 15, 2024

dependabot bot mentioned this pull request Oct 15, 2024

Bump hono from 3.3.4 to 4.5.8 #186

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump hono from 3.3.4 to 4.6.5 #189

Bump hono from 3.3.4 to 4.6.5 #189

dependabot bot commented on behalf of github Oct 15, 2024

Bump hono from 3.3.4 to 4.6.5 #189

Are you sure you want to change the base?

Bump hono from 3.3.4 to 4.6.5 #189

Conversation

dependabot bot commented on behalf of github Oct 15, 2024

v4.6.5

Security fix for CSRF Protection Middleware

What's Changed

New Contributors

v4.6.4

What's Changed

New Contributors

v4.6.3

What's Changed