honojs/hono (hono)
### [`v3.11.8`](https://togithub.com/honojs/hono/releases/tag/v3.11.8)
[Compare Source](https://togithub.com/honojs/hono/compare/v3.11.7...v3.11.8)
#### What's Changed
- chore: bump `devDependencies` by [@yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/1820](https://togithub.com/honojs/hono/pull/1820)
- chore(`tsconfig.json`): use `vitest/globals` for types by [@yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/1819](https://togithub.com/honojs/hono/pull/1819)
- fix(factory): infer a merged path correctly by [@yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/1821](https://togithub.com/honojs/hono/pull/1821)
- feat(helper/html): Support Promise\ in html tagged template literals by [@usualoma](https://togithub.com/usualoma) in [https://github.com/honojs/hono/pull/1826](https://togithub.com/honojs/hono/pull/1826)
**Full Changelog**: https://github.com/honojs/hono/compare/v3.11.7...v3.11.8
### [`v3.11.7`](https://togithub.com/honojs/hono/releases/tag/v3.11.7)
[Compare Source](https://togithub.com/honojs/hono/compare/v3.11.6...v3.11.7)
#### Security Update
This release includes a security patch that fixes the vulnerability in TrieRouter.
If you are using the default preset or `hono/quick`, or specifying the router as `TrieRouter`, you **must upgrade** to this version `3.11.7` immediately.
#### How to upgrade
##### For Deno
Just increment the version specifier to `v3.11.7`.
```ts
import { Hono } from 'https://deno.land/x/hono@v3.11.7/mod.ts'
import { serveStatic } from 'https://deno.land/x/hono@v3.11.7/middleware.ts'
```
##### For Node.js
Upgrade the `hono` package via npm:
```txt
npm install hono
// OR
yarn add hono
// OR
pnpm up hono
```
You may not update the `hono` package with `npm update`, so please use `npm install`.
#### The vulnerability detail
The clients may override named path parameter values from previous requests if the application is using TrieRouter. So, there is a risk that a privileged user may use unintended parameters when deleting REST API resources.
TrieRouter is used either explicitly or when the application matches a pattern that is not supported by the default RegExpRouter.
The advisory: https://github.com/honojs/hono/security/advisories/GHSA-f6gv-hh8j-q8vq
#### Our Approach to Security
If you discover such a vulnerability, please contact us immediately. We will respond immediately; we have enabled GitHub's private vulnerability reporting feature, so please use that.
https://github.com/honojs/hono/security/advisories
Thanks.
***
**Full Changelog**: https://github.com/honojs/hono/compare/v3.11.6...v3.11.7
### [`v3.11.6`](https://togithub.com/honojs/hono/releases/tag/v3.11.6)
[Compare Source](https://togithub.com/honojs/hono/compare/v3.11.5...v3.11.6)
#### What's Changed
- fix(context): set `status` correctly by [@yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/1814](https://togithub.com/honojs/hono/pull/1814)
**Full Changelog**: https://github.com/honojs/hono/compare/v3.11.5...v3.11.6
### [`v3.11.5`](https://togithub.com/honojs/hono/releases/tag/v3.11.5)
[Compare Source](https://togithub.com/honojs/hono/compare/v3.11.4...v3.11.5)
#### What's Changed
- fix(context): set headers values correctly by [@yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/1808](https://togithub.com/honojs/hono/pull/1808)
- docs(readme): update `hono/tiny` size by [@ryuapp](https://togithub.com/ryuapp) in [https://github.com/honojs/hono/pull/1809](https://togithub.com/honojs/hono/pull/1809)
- fix(context): `c.json()` allows object and returns JSONParsed by [@yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/1806](https://togithub.com/honojs/hono/pull/1806)
#### New Contributors
- [@ryuapp](https://togithub.com/ryuapp) made their first contribution in [https://github.com/honojs/hono/pull/1809](https://togithub.com/honojs/hono/pull/1809)
**Full Changelog**: https://github.com/honojs/hono/compare/v3.11.4...v3.11.5
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
3.11.4
->3.11.8
Release Notes
honojs/hono (hono)
### [`v3.11.8`](https://togithub.com/honojs/hono/releases/tag/v3.11.8) [Compare Source](https://togithub.com/honojs/hono/compare/v3.11.7...v3.11.8) #### What's Changed - chore: bump `devDependencies` by [@yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/1820](https://togithub.com/honojs/hono/pull/1820) - chore(`tsconfig.json`): use `vitest/globals` for types by [@yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/1819](https://togithub.com/honojs/hono/pull/1819) - fix(factory): infer a merged path correctly by [@yusukebe](https://togithub.com/yusukebe) in [https://github.com/honojs/hono/pull/1821](https://togithub.com/honojs/hono/pull/1821) - feat(helper/html): Support Promise\Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.