Bumps the npm_and_yarn group with 4 updates in the / directory: hono, @hono/node-server, axios and webpack.
Bumps the npm_and_yarn group with 1 update in the /examples/with-express directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-express-auth directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-express-csrf directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-hono directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-multiple-instances directory: semver.
Bumps the npm_and_yarn group with 1 update in the /examples/with-nestjs-module directory: tough-cookie.
Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.
This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.
fix(validator): Fixed a bug in hono/validator where URL Encoded Data could not be validated if the Content-Type included charset. by @uttk in honojs/hono#3297
Bumps the npm_and_yarn group with 4 updates in the / directory: hono, @hono/node-server, axios and webpack. Bumps the npm_and_yarn group with 1 update in the /examples/with-express directory: semver. Bumps the npm_and_yarn group with 1 update in the /examples/with-express-auth directory: semver. Bumps the npm_and_yarn group with 1 update in the /examples/with-express-csrf directory: semver. Bumps the npm_and_yarn group with 1 update in the /examples/with-hono directory: semver. Bumps the npm_and_yarn group with 1 update in the /examples/with-multiple-instances directory: semver. Bumps the npm_and_yarn group with 1 update in the /examples/with-nestjs-module directory: tough-cookie.
Updates
hono
from 4.4.7 to 4.5.8Release notes
Sourced from hono's releases.
... (truncated)
Commits
d1c7f6f
v4.5.841ce840
Merge commit from forkb0af71f
v4.5.72646696
feat(jsx): improve input attribute types based on react (#3302)331b3d8
fix(client): replace optional params to url correctly (#3304)95a6b39
docs(README): change Twitter to X (#3301)54dab7e
feat(jsx): improvetarget
andformtarget
attribute types (#3299)c378dd9
fix(validator): Fixed a bug in hono/validator where URL Encoded Data could no...17c3b9e
feat(jsx): improve a-tag types with well known values (#3287)1854e24
perf(jsx/dom): improve performance (#3288)Updates
@hono/node-server
from 1.10.1 to 1.12.1Release notes
Sourced from
@hono/node-server
's releases.... (truncated)
Commits
e42500f
v1.12.1c8ad154
fix: return response from res.body if internal data is not ready to be return...efc104b
v1.12.04130b9d
docs(readme): add aconnInfo
descriptionb8fb04b
feat: implement ConnInfo helper (#180)fa8cb6b
fix(serve-static): supports extension less files (#183)87ecf60
v1.11.58ab5f3c
fix: makehono
as external to build (#182)19bd7fe
v1.11.45b7d362
fix: Export ServerType (#178)Updates
axios
from 1.6.0 to 1.7.4Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
abd24a7
chore(release): v1.7.4 (#6544)6b6b605
fix(sec): CVE-2024-39338 (#6539) (#6543)07a661a
fix(sec): disregard protocol-relative URL to remediate SSRF (#6539)c6cce43
chore(release): v1.7.3 (#6521)e3c76fc
fix(adapter): fix progress event emitting; (#6518)85d4d0e
fix(fetch): fix withCredentials request config (#6505)92cd8ed
chore(github): update ISSUE_TEMPLATE.md (#6519)8966ee7
fix(xhr): return original config on errors from XHR adapter (#6515)0e4f9fa
chore(release): v1.7.2 (#6414)4f79aef
fix(fetch): enhance fetch API detection; (#6413)Updates
webpack
from 5.88.2 to 5.94.0Release notes
Sourced from webpack's releases.
... (truncated)
Commits
eabf85d
chore(release): 5.94.0955e057
security: fix DOM clobbering in auto public path9822387
test: fixcbb86ed
test: fix5ac3d7f
fix: unexpected asi generation with sequence expression2411661
security: fix DOM clobbering in auto public pathb8c03d4
fix: unexpected asi generation with sequence expressionf46a03c
revert: do not use heuristic fallback for "module-import"60f1898
fix: do not use heuristic fallback for "module-import"66306aa
Revert "fix: module-import get fallback from externalsPresets"Updates
semver
from 7.5.4 to 7.6.3Release notes
Sourced from semver's releases.
... (truncated)
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
0a12d6c
chore: release 7.6.3 (#720)73a3d79
fix: optimize Range parsing and formatting (#726)2975ece
docs: fix extra backtick typo (#719)eb1380b
chore: release 7.6.2 (#714)6466ba9
fix(lru): use map.delete() directly (#713)d777418
chore: release 7.6.1 (#706)988a8de
deps: uninstalllru-cache
(#709)5feeb7f
chore: postinstall for dependabot template-oss PRdd09b60
chore: bump@npmcli/template-oss
to 4.22.0c570a34
fix(linting): no-unused-varsUpdates
semver
from 7.5.4 to 7.6.3Release notes
Sourced from semver's releases.
... (truncated)
Changelog
Sourced from semver's changelog.
... (truncated)
Commits
0a12d6c
chore: release 7.6.3 (#720)73a3d79
fix: optimize Range parsing and formatting (#726)2975ece
docs: fix extra backtick typo (#719)eb1380b
chore: release 7.6.2 (#714)6466ba9
fix(lru): use map.delete() directly (#713)d777418
chore: release 7.6.1 (#706)988a8de
deps: uninstalllru-cache
(#709)5feeb7f
chore: postinstall for dependabot template-oss PRdd09b60
chore: bump@npmcli/template-oss
to 4.22.0c570a34
fix(linting): no-unused-varsUpdates
semver
from 7.5.4 to 7.6.3Release notes
Sourced from semver's releases.