search

sakupi01 / saku-apps

https://sakupi01.com
3 stars 0 forks source link

Update dependency hono to v4.6.5 [SECURITY] #104

Open renovate[bot] opened 3 months ago

renovate[bot] commented 3 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
hono (source) 4.3.2 -> 4.6.5 age adoption passing confidence

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2024-43787

Summary

Hono CSRF middleware can be bypassed using crafted Content-Type header.

Details

MIME types are case insensitive, but isRequestedByFormElementRe only matches lower-case.

https://github.com/honojs/hono/blob/b0af71fbcc6dbe44140ea76f16d68dfdb32a99a0/src/middleware/csrf/index.ts#L16-L17

As a result, attacker can bypass csrf middleware using upper-case form-like MIME type, such as "Application/x-www-form-urlencoded".

PoC

<html>
  <head>
    <title>CSRF Test</title>
    <script defer>
      document.addEventListener("DOMContentLoaded", () => {
        document.getElementById("btn").addEventListener("click", async () => {
          const res = await fetch("http://victim.example.com/test", {
            method: "POST",
            credentials: "include",
            headers: {
              "Content-Type": "Application/x-www-form-urlencoded",
            },
          });
        });
      });
    </script>
  </head>
  <body>
    <h1>CSRF Test</h1>
    <button id="btn">Click me!</button>
  </body>
</html>

Impact

Bypass csrf protection implemented with hono csrf middleware.

Discussion

I'm not sure that omitting csrf checks for Simple POST request is a good idea. CSRF prevention and CORS are different concepts even though CORS can prevent CSRF in some cases.

CVE-2024-48913

Summary

Bypass CSRF Middleware by a request without Content-Type herader.

Details

Although the csrf middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe.

https://github.com/honojs/hono/blob/cebf4e87f3984a6a034e60a43f542b4c5225b668/src/middleware/csrf/index.ts#L76-L89

PoC

// server.js
import { Hono } from 'hono'
import { csrf }from 'hono/csrf'
const app = new Hono()
app.use(csrf())
app.get('/', (c) => {
  return c.html('Hello Hono!')
})
app.post('/', async (c) => {
  console.log("executed")
  return c.text( await c.req.text())
})
Deno.serve(app.fetch)
<!-- PoC.html -->
<script>
async function myclick() {
    await fetch("http://evil.example.com", {
    method: "POST",
    credentials: "include",
    body:new Blob([`test`],{}),
    });
}
</script>
<input type="button" onclick="myclick()" value="run" />

Similarly, the fetch API does not add a Content-Type header for requests that do not include a Body.

await fetch("http://localhost:8000", { method: "POST", credentials: "include"});

Impact

Bypass csrf protection implemented with hono csrf middleware.

Release Notes

honojs/hono (hono) ### [`v4.6.5`](https://redirect.github.com/honojs/hono/releases/tag/v4.6.5) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.6.4...v4.6.5) #### Security fix for CSRF Protection Middleware This release includes a security fix for CSRF Protection Middleware. If you are using CSRF Protection Middleware, please upgrade this `hono` package immediately. Before this release, a request without a `Content-Type` header can bypass the protection. This fix does not allow it. See: https://github.com/honojs/hono/security/advisories/GHSA-2234-fmw7-43wr #### What's Changed - perf(types): replace intersection with union to get better perf by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3443](https://redirect.github.com/honojs/hono/pull/3443) - ci: use Deno `v2` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3506](https://redirect.github.com/honojs/hono/pull/3506) - ci: use Deno v2 for a test running for deno by [@​nakasyou](https://redirect.github.com/nakasyou) in [https://github.com/honojs/hono/pull/3509](https://redirect.github.com/honojs/hono/pull/3509) - fix(types): rm ExcludeEmptyObject to fix massively increased type instantiations by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3507](https://redirect.github.com/honojs/hono/pull/3507) - fix(cors): avoid setting `Access-Control-Allow-Origin` if there is no matching origin by [@​uki00a](https://redirect.github.com/uki00a) in [https://github.com/honojs/hono/pull/3510](https://redirect.github.com/honojs/hono/pull/3510) - feat(powered-by): optional server name by [@​PatrickJS](https://redirect.github.com/PatrickJS) in [https://github.com/honojs/hono/pull/3492](https://redirect.github.com/honojs/hono/pull/3492) - fix(factory): revert PR [#​3498](https://redirect.github.com/honojs/hono/issues/3498) by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3515](https://redirect.github.com/honojs/hono/pull/3515) - fix(build): remove private fields by [@​nakasyou](https://redirect.github.com/nakasyou) in [https://github.com/honojs/hono/pull/3514](https://redirect.github.com/honojs/hono/pull/3514) #### New Contributors - [@​uki00a](https://redirect.github.com/uki00a) made their first contribution in [https://github.com/honojs/hono/pull/3510](https://redirect.github.com/honojs/hono/pull/3510) - [@​PatrickJS](https://redirect.github.com/PatrickJS) made their first contribution in [https://github.com/honojs/hono/pull/3492](https://redirect.github.com/honojs/hono/pull/3492) **Full Changelog**: https://github.com/honojs/hono/compare/v4.6.4...v4.6.5 ### [`v4.6.4`](https://redirect.github.com/honojs/hono/releases/tag/v4.6.4) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.6.3...v4.6.4) #### What's Changed - chore: upgrade dependencies by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3446](https://redirect.github.com/honojs/hono/pull/3446) - chore: remove `crypto-js` from dev dependencies by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3447](https://redirect.github.com/honojs/hono/pull/3447) - chore(test): suppress no-unused-vars "'x' is assigned a value but only used as type" by [@​exoego](https://redirect.github.com/exoego) in [https://github.com/honojs/hono/pull/3451](https://redirect.github.com/honojs/hono/pull/3451) - chore(test): include bun coverage by [@​exoego](https://redirect.github.com/exoego) in [https://github.com/honojs/hono/pull/3457](https://redirect.github.com/honojs/hono/pull/3457) - test(deno): remove duplicated app.get by [@​exoego](https://redirect.github.com/exoego) in [https://github.com/honojs/hono/pull/3469](https://redirect.github.com/honojs/hono/pull/3469) - fix(types): add key to IntrinsicAttributes by [@​codehz](https://redirect.github.com/codehz) in [https://github.com/honojs/hono/pull/3474](https://redirect.github.com/honojs/hono/pull/3474) - fix(factory): relax Bindings and Variables for `createMiddleware` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3498](https://redirect.github.com/honojs/hono/pull/3498) - fix(service-worker): bind fetch to `globalThis` by [@​sapphi-red](https://redirect.github.com/sapphi-red) in [https://github.com/honojs/hono/pull/3500](https://redirect.github.com/honojs/hono/pull/3500) - refactor(jsx): add `override` to `toStringToBuffer` in classes extending `JSXNode` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3505](https://redirect.github.com/honojs/hono/pull/3505) #### New Contributors - [@​sapphi-red](https://redirect.github.com/sapphi-red) made their first contribution in [https://github.com/honojs/hono/pull/3500](https://redirect.github.com/honojs/hono/pull/3500) **Full Changelog**: https://github.com/honojs/hono/compare/v4.6.3...v4.6.4 ### [`v4.6.3`](https://redirect.github.com/honojs/hono/releases/tag/v4.6.3) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.6.2...v4.6.3) This release has many new features, but each feature is small, so we've released it as a patch release. #### What's Changed - chore: rename `runtime_tests` to `runtime-tests` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3419](https://redirect.github.com/honojs/hono/pull/3419) - ci: Type check perf by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3406](https://redirect.github.com/honojs/hono/pull/3406) - refactor(jsx/streaming): Clarified the type of renderToReadableStream. by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3434](https://redirect.github.com/honojs/hono/pull/3434) - perf(types): use homomorphic mapped type to reduce conditional branches by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3440](https://redirect.github.com/honojs/hono/pull/3440) - ci: prettify type check result and rm a comment by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3442](https://redirect.github.com/honojs/hono/pull/3442) - fix(types): useSyncExternalStore type by [@​codehz](https://redirect.github.com/codehz) in [https://github.com/honojs/hono/pull/3437](https://redirect.github.com/honojs/hono/pull/3437) - fix(combine/every): make `every` middleware work with short-circuiting middlewares by [@​paolostyle](https://redirect.github.com/paolostyle) in [https://github.com/honojs/hono/pull/3441](https://redirect.github.com/honojs/hono/pull/3441) - feat(secureHeader): add CSP Report-Only mode support by [@​isoppp](https://redirect.github.com/isoppp) in [https://github.com/honojs/hono/pull/3413](https://redirect.github.com/honojs/hono/pull/3413) - feat(jwt): make JwtVariables generic for improved type safety by [@​TinsFox](https://redirect.github.com/TinsFox) in [https://github.com/honojs/hono/pull/3428](https://redirect.github.com/honojs/hono/pull/3428) - feat(request): Make request.ts available throught JSR for frameworks that need to instantiate HonoRequest by [@​Sorikairox](https://redirect.github.com/Sorikairox) in [https://github.com/honojs/hono/pull/3425](https://redirect.github.com/honojs/hono/pull/3425) - feat(jsx/precompile): Normalization and stringification of attribute values as `renderToString` by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3432](https://redirect.github.com/honojs/hono/pull/3432) - feat(serve-static): support absolute root by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3420](https://redirect.github.com/honojs/hono/pull/3420) #### New Contributors - [@​codehz](https://redirect.github.com/codehz) made their first contribution in [https://github.com/honojs/hono/pull/3437](https://redirect.github.com/honojs/hono/pull/3437) - [@​paolostyle](https://redirect.github.com/paolostyle) made their first contribution in [https://github.com/honojs/hono/pull/3441](https://redirect.github.com/honojs/hono/pull/3441) - [@​isoppp](https://redirect.github.com/isoppp) made their first contribution in [https://github.com/honojs/hono/pull/3413](https://redirect.github.com/honojs/hono/pull/3413) - [@​TinsFox](https://redirect.github.com/TinsFox) made their first contribution in [https://github.com/honojs/hono/pull/3428](https://redirect.github.com/honojs/hono/pull/3428) - [@​Sorikairox](https://redirect.github.com/Sorikairox) made their first contribution in [https://github.com/honojs/hono/pull/3425](https://redirect.github.com/honojs/hono/pull/3425) **Full Changelog**: https://github.com/honojs/hono/compare/v4.6.2...v4.6.3 ### [`v4.6.2`](https://redirect.github.com/honojs/hono/releases/tag/v4.6.2) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.6.1...v4.6.2) #### What's Changed - chore(lint): ESLint v9 by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3393](https://redirect.github.com/honojs/hono/pull/3393) - perf(serve-static): performance optimization for precompressed feature by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3414](https://redirect.github.com/honojs/hono/pull/3414) - fix(serve-static): use application/octet-stream if the mime type is not detected by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3415](https://redirect.github.com/honojs/hono/pull/3415) **Full Changelog**: https://github.com/honojs/hono/compare/v4.6.1...v4.6.2 ### [`v4.6.1`](https://redirect.github.com/honojs/hono/releases/tag/v4.6.1) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.6.0...v4.6.1) #### What's Changed - fix(build): improve addExtension esbuild plugin by [@​kt3k](https://redirect.github.com/kt3k) in [https://github.com/honojs/hono/pull/3405](https://redirect.github.com/honojs/hono/pull/3405) #### New Contributors - [@​kt3k](https://redirect.github.com/kt3k) made their first contribution in [https://github.com/honojs/hono/pull/3405](https://redirect.github.com/honojs/hono/pull/3405) **Full Changelog**: https://github.com/honojs/hono/compare/v4.6.0...v4.6.1 ### [`v4.6.0`](https://redirect.github.com/honojs/hono/releases/tag/v4.6.0) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.11...v4.6.0) Hono v4.6.0 is now available! One of the highlights of this release is the **Context Storage Middleware**. Let's introduce it. #### Context Storage Middleware Many users may have been waiting for this feature. The [**Context Storage Middleware**](https://hono.dev/docs/middleware/builtin/context-storage) uses `AsyncLocalStorage` to allow handling of the current Context object even outside of handlers. For example, let’s define a Hono app with a variable `message: string`. ```ts type Env = { Variables: { message: string } } const app = new Hono() ``` To enable Context Storage Middleware, register `contextStorage()` as middleware at the top and set the `message` value. ```ts import { contextStorage } from 'hono/context-storage' //... app.use(contextStorage()) app.use(async (c, next) => { c.set('message', 'Hello!') await next() }) ``` `getContext()` returns the current Context object, allowing you to get the value of the `message` variable outside the handler. ```ts import { getContext } from 'hono/context-storage' app.get('/', (c) => { return c.text(getMessage()) }) // Access the variable outside the handler. const getMessage = () => { return getContext().var.message } ``` In the case of Cloudflare Workers, you can also access the `Bindings` outside the handler by using this middleware. ```ts type Env = { Bindings: { KV: KVNamespace } } const app = new Hono() app.use(contextStorage()) const setKV = (value: string) => { return getContext().env.KV.put('key', value) } ``` Thanks [@​marceloverdijk](https://redirect.github.com/marceloverdijk) ! #### New features - feat(secureHeader): add Permissions-Policy header to secure headers middleware [https://github.com/honojs/hono/pull/3314](https://redirect.github.com/honojs/hono/pull/3314) - feat(cloudflare-pages): enable `c.env.eventContext` in handleMiddleware [https://github.com/honojs/hono/pull/3332](https://redirect.github.com/honojs/hono/pull/3332) - feat(websocket): Add generics type to `WSContext` [https://github.com/honojs/hono/pull/3337](https://redirect.github.com/honojs/hono/pull/3337) - feat(jsx-renderer): set `Content-Encoding` when `stream` is true [https://github.com/honojs/hono/pull/3355](https://redirect.github.com/honojs/hono/pull/3355) - feat(serveStatic): add `precompressed` option [https://github.com/honojs/hono/pull/3366](https://redirect.github.com/honojs/hono/pull/3366) - feat(helper/streaming): Support `Promise` or (async) `JSX.Element` in `streamSSE` [https://github.com/honojs/hono/pull/3344](https://redirect.github.com/honojs/hono/pull/3344) - feat(context): make fetch Response headers mutable [https://github.com/honojs/hono/pull/3318](https://redirect.github.com/honojs/hono/pull/3318) - feat(serve-static): add `onFound` option [https://github.com/honojs/hono/pull/3396](https://redirect.github.com/honojs/hono/pull/3396) - feat(basic-auth): added custom response message option [https://github.com/honojs/hono/pull/3371](https://redirect.github.com/honojs/hono/pull/3371) - feat(bearer-auth): added custom response message options [https://github.com/honojs/hono/pull/3372](https://redirect.github.com/honojs/hono/pull/3372) #### Other changes - chore(jsx-renderer): fix typo in JSDoc by [@​taga3s](https://redirect.github.com/taga3s) in [https://github.com/honojs/hono/pull/3378](https://redirect.github.com/honojs/hono/pull/3378) - chore(deno): use the latest jsr libraries for testing by [@​ryuapp](https://redirect.github.com/ryuapp) in [https://github.com/honojs/hono/pull/3375](https://redirect.github.com/honojs/hono/pull/3375) - fix(secure-headers): optimize getPermissionsPolicyDirectives function by [@​kbkn3](https://redirect.github.com/kbkn3) in [https://github.com/honojs/hono/pull/3398](https://redirect.github.com/honojs/hono/pull/3398) - fix(bearer-auth): typo by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3404](https://redirect.github.com/honojs/hono/pull/3404) #### New Contributors - [@​kbkn3](https://redirect.github.com/kbkn3) made their first contribution in [https://github.com/honojs/hono/pull/3314](https://redirect.github.com/honojs/hono/pull/3314) - [@​hayatosc](https://redirect.github.com/hayatosc) made their first contribution in [https://github.com/honojs/hono/pull/3337](https://redirect.github.com/honojs/hono/pull/3337) - [@​inetol](https://redirect.github.com/inetol) made their first contribution in [https://github.com/honojs/hono/pull/3366](https://redirect.github.com/honojs/hono/pull/3366) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.11...v4.6.0 ### [`v4.5.11`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.11) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.10...v4.5.11) #### What's Changed - fix(jsx): race condition in ErrorBoundary with event loop by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3343](https://redirect.github.com/honojs/hono/pull/3343) - perf(jsx): skip the special behavior when the element is in the head. by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3352](https://redirect.github.com/honojs/hono/pull/3352) - refactor(utils/body): shorten the code by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3353](https://redirect.github.com/honojs/hono/pull/3353) - docs: `Twitter` to `X` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3354](https://redirect.github.com/honojs/hono/pull/3354) - chore: fix typo in JSDoc by [@​taga3s](https://redirect.github.com/taga3s) in [https://github.com/honojs/hono/pull/3364](https://redirect.github.com/honojs/hono/pull/3364) - refactor(utils/basic-auth): Moved Internal function to utils by [@​sugar-cat7](https://redirect.github.com/sugar-cat7) in [https://github.com/honojs/hono/pull/3359](https://redirect.github.com/honojs/hono/pull/3359) #### New Contributors - [@​taga3s](https://redirect.github.com/taga3s) made their first contribution in [https://github.com/honojs/hono/pull/3364](https://redirect.github.com/honojs/hono/pull/3364) - [@​sugar-cat7](https://redirect.github.com/sugar-cat7) made their first contribution in [https://github.com/honojs/hono/pull/3359](https://redirect.github.com/honojs/hono/pull/3359) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.10...v4.5.11 ### [`v4.5.10`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.10) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.9...v4.5.10) #### What's Changed - feat(compress): improve compress middleware by [@​nitedani](https://redirect.github.com/nitedani) in [https://github.com/honojs/hono/pull/3317](https://redirect.github.com/honojs/hono/pull/3317) - feat(jsx): add popover api attributes by [@​ssssota](https://redirect.github.com/ssssota) in [https://github.com/honojs/hono/pull/3323](https://redirect.github.com/honojs/hono/pull/3323) - feat(jsx): improve form attribute types by [@​ssssota](https://redirect.github.com/ssssota) in [https://github.com/honojs/hono/pull/3330](https://redirect.github.com/honojs/hono/pull/3330) - chore(test): migrate to vitest v2 by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/3326](https://redirect.github.com/honojs/hono/pull/3326) - chore(test): replace deprecated vitest type by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/3338](https://redirect.github.com/honojs/hono/pull/3338) - fix(logger): removing spaces from logger by [@​marceloverdijk](https://redirect.github.com/marceloverdijk) in [https://github.com/honojs/hono/pull/3334](https://redirect.github.com/honojs/hono/pull/3334) #### New Contributors - [@​nitedani](https://redirect.github.com/nitedani) made their first contribution in [https://github.com/honojs/hono/pull/3317](https://redirect.github.com/honojs/hono/pull/3317) - [@​marceloverdijk](https://redirect.github.com/marceloverdijk) made their first contribution in [https://github.com/honojs/hono/pull/3334](https://redirect.github.com/honojs/hono/pull/3334) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.9...v4.5.10 ### [`v4.5.9`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.9) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.8...v4.5.9) #### What's Changed - test(types): broken test in future versions of typescript by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3310](https://redirect.github.com/honojs/hono/pull/3310) - fix(utils/color): Deno does not require permission for `NO_COLOR` by [@​ryuapp](https://redirect.github.com/ryuapp) in [https://github.com/honojs/hono/pull/3306](https://redirect.github.com/honojs/hono/pull/3306) - feat(jsx): improve `type` (MIME) attribute types by [@​ssssota](https://redirect.github.com/ssssota) in [https://github.com/honojs/hono/pull/3305](https://redirect.github.com/honojs/hono/pull/3305) - feat(pretty-json): support custom query by [@​nakasyou](https://redirect.github.com/nakasyou) in [https://github.com/honojs/hono/pull/3300](https://redirect.github.com/honojs/hono/pull/3300) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.8...v4.5.9 ### [`v4.5.8`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.8) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.7...v4.5.8) ##### Security Fix for CSRF Protection Middleware Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including `Content-Types` with uppercase letters (e.g., `Application/x-www-form-urlencoded`) as potential attacks, allowing them to pass. This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately. For more details, see the report here: https://github.com/honojs/hono/security/advisories/GHSA-rpfr-3m35-5vx5 ### [`v4.5.7`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.7) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.6...v4.5.7) ##### What's Changed - fix(jsx/dom): Fixed a bug that caused Script elements to turn into Style elements. by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3294](https://redirect.github.com/honojs/hono/pull/3294) - perf(jsx/dom): improve performance by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3288](https://redirect.github.com/honojs/hono/pull/3288) - feat(jsx): improve a-tag types with well known values by [@​ssssota](https://redirect.github.com/ssssota) in [https://github.com/honojs/hono/pull/3287](https://redirect.github.com/honojs/hono/pull/3287) - fix(validator): Fixed a bug in hono/validator where URL Encoded Data could not be validated if the Content-Type included charset. by [@​uttk](https://redirect.github.com/uttk) in [https://github.com/honojs/hono/pull/3297](https://redirect.github.com/honojs/hono/pull/3297) - feat(jsx): improve `target` and `formtarget` attribute types by [@​ssssota](https://redirect.github.com/ssssota) in [https://github.com/honojs/hono/pull/3299](https://redirect.github.com/honojs/hono/pull/3299) - docs(README): change Twitter to X by [@​nakasyou](https://redirect.github.com/nakasyou) in [https://github.com/honojs/hono/pull/3301](https://redirect.github.com/honojs/hono/pull/3301) - fix(client): replace optional params to url correctly by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3304](https://redirect.github.com/honojs/hono/pull/3304) - feat(jsx): improve input attribute types based on react by [@​ssssota](https://redirect.github.com/ssssota) in [https://github.com/honojs/hono/pull/3302](https://redirect.github.com/honojs/hono/pull/3302) ##### New Contributors - [@​uttk](https://redirect.github.com/uttk) made their first contribution in [https://github.com/honojs/hono/pull/3297](https://redirect.github.com/honojs/hono/pull/3297) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.6...v4.5.7 ### [`v4.5.6`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.6) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.5...v4.5.6) #### What's Changed - fix(jsx): handle async component error explicitly and throw the error in the response by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3274](https://redirect.github.com/honojs/hono/pull/3274) - fix(validator): support multipart headers without a separating space by [@​Ernxst](https://redirect.github.com/Ernxst) in [https://github.com/honojs/hono/pull/3286](https://redirect.github.com/honojs/hono/pull/3286) - fix(validator): Allow form data will mutliple values appended by [@​nicksrandall](https://redirect.github.com/nicksrandall) in [https://github.com/honojs/hono/pull/3273](https://redirect.github.com/honojs/hono/pull/3273) - feat(jsx): improve meta-tag types with well known values by [@​ssssota](https://redirect.github.com/ssssota) in [https://github.com/honojs/hono/pull/3276](https://redirect.github.com/honojs/hono/pull/3276) #### New Contributors - [@​Ernxst](https://redirect.github.com/Ernxst) made their first contribution in [https://github.com/honojs/hono/pull/3286](https://redirect.github.com/honojs/hono/pull/3286) - [@​ssssota](https://redirect.github.com/ssssota) made their first contribution in [https://github.com/honojs/hono/pull/3276](https://redirect.github.com/honojs/hono/pull/3276) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.5...v4.5.6 ### [`v4.5.5`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.5) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.4...v4.5.5) #### What's Changed - fix(jsx): allow null, undefined, and boolean to be returned from function component by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3241](https://redirect.github.com/honojs/hono/pull/3241) - feat(context): Add types for `c.header` by [@​nakasyou](https://redirect.github.com/nakasyou) in [https://github.com/honojs/hono/pull/3221](https://redirect.github.com/honojs/hono/pull/3221) - fix(jsx): fix draggable type to accept boolean by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/3253](https://redirect.github.com/honojs/hono/pull/3253) - feat(context): add Context-Type types to `c.header` by [@​nakasyou](https://redirect.github.com/nakasyou) in [https://github.com/honojs/hono/pull/3255](https://redirect.github.com/honojs/hono/pull/3255) - fix(serve-static): supports directory contains `.` and not end `/` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3256](https://redirect.github.com/honojs/hono/pull/3256) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.4...v4.5.5 ### [`v4.5.4`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.4) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.3...v4.5.4) ##### What's Changed - fix(jsx): corrects the type of 'draggable' attribute in intrinsic-elements.ts by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/3224](https://redirect.github.com/honojs/hono/pull/3224) - feat(jsx): allow to merge CSSProperties declaration by [@​jonasnobile](https://redirect.github.com/jonasnobile) in [https://github.com/honojs/hono/pull/3228](https://redirect.github.com/honojs/hono/pull/3228) - feat(client): Add WebSocket Provider Integration Tests and Enhance WebSocket Initialization by [@​naporin0624](https://redirect.github.com/naporin0624) in [https://github.com/honojs/hono/pull/3213](https://redirect.github.com/honojs/hono/pull/3213) - fix(types): `param` in `ValidationTargets` supports optional param by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3229](https://redirect.github.com/honojs/hono/pull/3229) ##### New Contributors - [@​jonasnobile](https://redirect.github.com/jonasnobile) made their first contribution in [https://github.com/honojs/hono/pull/3228](https://redirect.github.com/honojs/hono/pull/3228) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.3...v4.5.4 ### [`v4.5.3`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.3) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.2...v4.5.3) #### What's Changed - fix(validator): Add double quotation marks to multipart checker regex by [@​CPlusPatch](https://redirect.github.com/CPlusPatch) in [https://github.com/honojs/hono/pull/3195](https://redirect.github.com/honojs/hono/pull/3195) - fix(validator): support `application/json` with a charset as JSON by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3199](https://redirect.github.com/honojs/hono/pull/3199) - fix(jsx): fix handling of SVG elements in JSX. by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3204](https://redirect.github.com/honojs/hono/pull/3204) - fix(jsx/dom): fix performance issue with adding many new node listings by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3205](https://redirect.github.com/honojs/hono/pull/3205) - fix(service-worker): refer to `self.fetch` correctly by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3200](https://redirect.github.com/honojs/hono/pull/3200) #### New Contributors - [@​CPlusPatch](https://redirect.github.com/CPlusPatch) made their first contribution in [https://github.com/honojs/hono/pull/3195](https://redirect.github.com/honojs/hono/pull/3195) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.2...v4.5.3 ### [`v4.5.2`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.2) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.1...v4.5.2) #### What's Changed - fix(helper/adapter): don't check `navigator` is `undefined` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3171](https://redirect.github.com/honojs/hono/pull/3171) - fix(types): handle readonly array correctly by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3172](https://redirect.github.com/honojs/hono/pull/3172) - Revert "fix(helper/adapter): don't check `navigator` is `undefined` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3173](https://redirect.github.com/honojs/hono/pull/3173) - fix(type): degradation of generic type handling by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3138](https://redirect.github.com/honojs/hono/pull/3138) - fix:(csrf) fix typo of csrf middleware by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/3178](https://redirect.github.com/honojs/hono/pull/3178) - feat(secure-headers): remove "X-Powered-By" should be an option by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/3177](https://redirect.github.com/honojs/hono/pull/3177) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.1...v4.5.2 ### [`v4.5.1`](https://redirect.github.com/honojs/hono/releases/tag/v4.5.1) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.5.0...v4.5.1) #### What's Changed - chore: remove rimraf and use bun shell by [@​nakasyou](https://redirect.github.com/nakasyou) in [https://github.com/honojs/hono/pull/3146](https://redirect.github.com/honojs/hono/pull/3146) - chore: moving the setup file of vitest by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/3157](https://redirect.github.com/honojs/hono/pull/3157) - fix(middleware/jwt): Changed the jwt-secret type to SignatureKey by [@​JulesVerner](https://redirect.github.com/JulesVerner) in [https://github.com/honojs/hono/pull/3167](https://redirect.github.com/honojs/hono/pull/3167) - feat(bearer-auth): Allow empty bearer-auth middleware prefixes by [@​prevostc](https://redirect.github.com/prevostc) in [https://github.com/honojs/hono/pull/3161](https://redirect.github.com/honojs/hono/pull/3161) - chore(factory): remove `@experimental` from `createApp` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3164](https://redirect.github.com/honojs/hono/pull/3164) - fix(client): support array values for `query` in `ws` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3169](https://redirect.github.com/honojs/hono/pull/3169) - fix(validator): ignore content-type mismatches by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3165](https://redirect.github.com/honojs/hono/pull/3165) #### New Contributors - [@​JulesVerner](https://redirect.github.com/JulesVerner) made their first contribution in [https://github.com/honojs/hono/pull/3167](https://redirect.github.com/honojs/hono/pull/3167) - [@​prevostc](https://redirect.github.com/prevostc) made their first contribution in [https://github.com/honojs/hono/pull/3161](https://redirect.github.com/honojs/hono/pull/3161) **Full Changelog**: https://github.com/honojs/hono/compare/v4.5.0...v4.5.1 ### [`v4.5.0`](https://redirect.github.com/honojs/hono/compare/v4.4.13...v4.5.0) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.13...v4.5.0) ### [`v4.4.13`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.13) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.12...v4.4.13) ##### What's Changed - chore: update benchmark by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3102](https://redirect.github.com/honojs/hono/pull/3102) - chore: replace tsx with Bun by [@​nakasyou](https://redirect.github.com/nakasyou) in [https://github.com/honojs/hono/pull/3103](https://redirect.github.com/honojs/hono/pull/3103) - refactor(http-status): remove unnecessary line of types and use common types by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/3110](https://redirect.github.com/honojs/hono/pull/3110) - fix(jsx): redefine scope attribute as enum type by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/3118](https://redirect.github.com/honojs/hono/pull/3118) - fix(types): allow `string[] | File[]` for RPC form value by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3117](https://redirect.github.com/honojs/hono/pull/3117) - fix(validator-types): type Alignment with Web Standards by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/3120](https://redirect.github.com/honojs/hono/pull/3120) - fix(types): `app.use(path, mw)` return correct schema type by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3128](https://redirect.github.com/honojs/hono/pull/3128) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.12...v4.4.13 ### [`v4.4.12`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.12) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.11...v4.4.12) #### What's Changed - fix(aws-lambda): set cookies with comma is bugged by [@​NamesMT](https://redirect.github.com/NamesMT) in [https://github.com/honojs/hono/pull/3084](https://redirect.github.com/honojs/hono/pull/3084) - fix(types): infer `path` when chaining after `use` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3087](https://redirect.github.com/honojs/hono/pull/3087) - chore: update outdated links in JSDoc by [@​ryuapp](https://redirect.github.com/ryuapp) in [https://github.com/honojs/hono/pull/3089](https://redirect.github.com/honojs/hono/pull/3089) - fix(jsx): changes behavior when `download` attribute is set to a boolean value. by [@​oon00b](https://redirect.github.com/oon00b) in [https://github.com/honojs/hono/pull/3094](https://redirect.github.com/honojs/hono/pull/3094) - chore: add the triage label by [@​mvares](https://redirect.github.com/mvares) in [https://github.com/honojs/hono/pull/3092](https://redirect.github.com/honojs/hono/pull/3092) - feat(types): improve JSONParsed by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3074](https://redirect.github.com/honojs/hono/pull/3074) - fix(helper/streaming): remove slow types by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3100](https://redirect.github.com/honojs/hono/pull/3100) - chore(utils/jwt): add `@module` docs by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3101](https://redirect.github.com/honojs/hono/pull/3101) #### New Contributors - [@​oon00b](https://redirect.github.com/oon00b) made their first contribution in [https://github.com/honojs/hono/pull/3094](https://redirect.github.com/honojs/hono/pull/3094) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.11...v4.4.12 ### [`v4.4.11`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.11) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.10...v4.4.11) #### What's Changed - refactor: remove unnecessary async keyword from router tests by [@​K-tecchan](https://redirect.github.com/K-tecchan) in [https://github.com/honojs/hono/pull/3061](https://redirect.github.com/honojs/hono/pull/3061) - fix(validator): don't return a FormData if formData is cached by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3067](https://redirect.github.com/honojs/hono/pull/3067) - fix(client): Add Query Parameter Support to WebSocket Client in `hono/client` by [@​naporin0624](https://redirect.github.com/naporin0624) in [https://github.com/honojs/hono/pull/3066](https://redirect.github.com/honojs/hono/pull/3066) - refactor(types): move `HandlerInterface`'s `(path, handler)`s overloads down by [@​NamesMT](https://redirect.github.com/NamesMT) in [https://github.com/honojs/hono/pull/3072](https://redirect.github.com/honojs/hono/pull/3072) - test(helper/dev): fix typo of test case name by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/3073](https://redirect.github.com/honojs/hono/pull/3073) - fix(stream): Fixed a problem that onAbort() is called even if request is normally closed in deno by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3079](https://redirect.github.com/honojs/hono/pull/3079) #### New Contributors - [@​K-tecchan](https://redirect.github.com/K-tecchan) made their first contribution in [https://github.com/honojs/hono/pull/3061](https://redirect.github.com/honojs/hono/pull/3061) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.10...v4.4.11 ### [`v4.4.10`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.10) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.9...v4.4.10) #### What's Changed - chore(jsr): export JWT utils by [@​ryuapp](https://redirect.github.com/ryuapp) in [https://github.com/honojs/hono/pull/3056](https://redirect.github.com/honojs/hono/pull/3056) - fix(streaming): call stream.abort() explicitly when request is aborted by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/3042](https://redirect.github.com/honojs/hono/pull/3042) - fix(client): set Path as the default of Original by [@​m-shaka](https://redirect.github.com/m-shaka) in [https://github.com/honojs/hono/pull/3058](https://redirect.github.com/honojs/hono/pull/3058) #### New Contributors - [@​m-shaka](https://redirect.github.com/m-shaka) made their first contribution in [https://github.com/honojs/hono/pull/3058](https://redirect.github.com/honojs/hono/pull/3058) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.9...v4.4.10 ### [`v4.4.9`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.9) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.8...v4.4.9) #### What's Changed - perf(context): improve initializing `Context` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3046](https://redirect.github.com/honojs/hono/pull/3046) - fix(types): correct inferring env when routes channing by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3051](https://redirect.github.com/honojs/hono/pull/3051) - docs: update the description of `package.json` and README by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3052](https://redirect.github.com/honojs/hono/pull/3052) - fix(timing): prevent duplicate applications by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3054](https://redirect.github.com/honojs/hono/pull/3054) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.8...v4.4.9 ### [`v4.4.8`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.8) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.7...v4.4.8) #### What's Changed - fix(jsx): add an explicit type by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3007](https://redirect.github.com/honojs/hono/pull/3007) - ci: use `env` for codecov GitHub Actions by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/3010](https://redirect.github.com/honojs/hono/pull/3010) - chore: Fix typos in JSDoc by [@​NicoPlyley](https://redirect.github.com/NicoPlyley) in [https://github.com/honojs/hono/pull/3002](https://redirect.github.com/honojs/hono/pull/3002) - fix: change to allow use of websocket options by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/2999](https://redirect.github.com/honojs/hono/pull/2999) - perf: parseAccept without spread operator by [@​Jayllyz](https://redirect.github.com/Jayllyz) in [https://github.com/honojs/hono/pull/3003](https://redirect.github.com/honojs/hono/pull/3003) - test: add tests for buffer.ts by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/3004](https://redirect.github.com/honojs/hono/pull/3004) - chore: upload bun test coverage to CodeCov by [@​exoego](https://redirect.github.com/exoego) in [https://github.com/honojs/hono/pull/3022](https://redirect.github.com/honojs/hono/pull/3022) - refactor: remove unneeded import statements by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/3014](https://redirect.github.com/honojs/hono/pull/3014) - perf(utils/buffer): use promise all for better performance by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/3031](https://redirect.github.com/honojs/hono/pull/3031) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.7...v4.4.8 ### [`v4.4.7`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.7) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.6...v4.4.7) #### What's Changed - use correct return type for c.html depending on input by [@​asmadsen](https://redirect.github.com/asmadsen) in [https://github.com/honojs/hono/pull/2973](https://redirect.github.com/honojs/hono/pull/2973) - test: test uncovered return statement by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/2985](https://redirect.github.com/honojs/hono/pull/2985) - test: Update request.test.ts to remove duplicate checks by [@​JoaquimLey](https://redirect.github.com/JoaquimLey) in [https://github.com/honojs/hono/pull/2984](https://redirect.github.com/honojs/hono/pull/2984) - fix(types): env variables override ContextVariableMap by [@​KaelWD](https://redirect.github.com/KaelWD) in [https://github.com/honojs/hono/pull/2987](https://redirect.github.com/honojs/hono/pull/2987) #### New Contributors - [@​asmadsen](https://redirect.github.com/asmadsen) made their first contribution in [https://github.com/honojs/hono/pull/2973](https://redirect.github.com/honojs/hono/pull/2973) - [@​JoaquimLey](https://redirect.github.com/JoaquimLey) made their first contribution in [https://github.com/honojs/hono/pull/2984](https://redirect.github.com/honojs/hono/pull/2984) - [@​KaelWD](https://redirect.github.com/KaelWD) made their first contribution in [https://github.com/honojs/hono/pull/2987](https://redirect.github.com/honojs/hono/pull/2987) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.6...v4.4.7 ### [`v4.4.6`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.6) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.5...v4.4.6) ##### What's Changed - fix(aws-lambda): handle multiple cookies in streaming responses by [@​KnisterPeter](https://redirect.github.com/KnisterPeter) in [https://github.com/honojs/hono/pull/2926](https://redirect.github.com/honojs/hono/pull/2926) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.5...v4.4.6 ### [`v4.4.5`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.5) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.4...v4.4.5) ##### What's Changed - fix(cors): allow custom vary header by [@​fzn0x](https://redirect.github.com/fzn0x) in [https://github.com/honojs/hono/pull/2934](https://redirect.github.com/honojs/hono/pull/2934) - fix(jsx): rename `Hono` to `JSX` and export `JSX` namespace by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2937](https://redirect.github.com/honojs/hono/pull/2937) - refactor(hono-base): make 2nd arg of `app.route()` required by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2945](https://redirect.github.com/honojs/hono/pull/2945) - refactor(hono-base): don't check 1st argument of `app.on()` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2946](https://redirect.github.com/honojs/hono/pull/2946) - refactor(context): remove unnecessary initialization add add tests for Context by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2949](https://redirect.github.com/honojs/hono/pull/2949) - test(hono-base): add tests for covering 100% by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2952](https://redirect.github.com/honojs/hono/pull/2952) - fix(context): default JSONRespond and TextRespond StatusCode generic arg by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/2954](https://redirect.github.com/honojs/hono/pull/2954) - refactor(request): shorten `parseBody` and remove unnecessary check by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2947](https://redirect.github.com/honojs/hono/pull/2947) - refactor(jsx): reduce code size and improve maintainability by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/2956](https://redirect.github.com/honojs/hono/pull/2956) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.4...v4.4.5 ### [`v4.4.4`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.4) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.3...v4.4.4) #### What's Changed - fix(typo): Fix typo in request.test.ts by [@​yasuaki640](https://redirect.github.com/yasuaki640) in [https://github.com/honojs/hono/pull/2899](https://redirect.github.com/honojs/hono/pull/2899) - feat(hono-base): skip import HTTPException by using HTTPResponseError by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/2898](https://redirect.github.com/honojs/hono/pull/2898) - chore: improve unfinalized response error by [@​Cherry](https://redirect.github.com/Cherry) in [https://github.com/honojs/hono/pull/2902](https://redirect.github.com/honojs/hono/pull/2902) - chore: create .gitpod.yml by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/2868](https://redirect.github.com/honojs/hono/pull/2868) - fix(cloudflare-workers): export getConnInfo() by [@​ryuapp](https://redirect.github.com/ryuapp) in [https://github.com/honojs/hono/pull/2906](https://redirect.github.com/honojs/hono/pull/2906) - fix(hono-base): return 404 if lacking response in a single sync handler by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2909](https://redirect.github.com/honojs/hono/pull/2909) - refactor: remove `Prettify` as duplicated with `Simplify` by [@​NamesMT](https://redirect.github.com/NamesMT) in [https://github.com/honojs/hono/pull/2914](https://redirect.github.com/honojs/hono/pull/2914) - fix(types): [#​2912](https://redirect.github.com/honojs/hono/issues/2912): interfaces array's respond typed as `never` by [@​NamesMT](https://redirect.github.com/NamesMT) in [https://github.com/honojs/hono/pull/2915](https://redirect.github.com/honojs/hono/pull/2915) - feat(context): `c.redirect()` supports `TypedResponse` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2908](https://redirect.github.com/honojs/hono/pull/2908) - feat(jsx): support htmlfor attribute alias by [@​akira-tsuno](https://redirect.github.com/akira-tsuno) in [https://github.com/honojs/hono/pull/2916](https://redirect.github.com/honojs/hono/pull/2916) - fix(filepath): allow suffix includes `-` and `_` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2910](https://redirect.github.com/honojs/hono/pull/2910) - fix(types): add `_` prefix to `TypedResponse` properties by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2917](https://redirect.github.com/honojs/hono/pull/2917) - fix(types): `SimplifyDeepArray` should now actually be "deep" by [@​NamesMT](https://redirect.github.com/NamesMT) in [https://github.com/honojs/hono/pull/2920](https://redirect.github.com/honojs/hono/pull/2920) - refactor(middleware/serve-static): call getContent only once if the file does not exist by [@​usualoma](https://redirect.github.com/usualoma) in [https://github.com/honojs/hono/pull/2922](https://redirect.github.com/honojs/hono/pull/2922) - chore: add `text` and `html` for coverage reporter by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2923](https://redirect.github.com/honojs/hono/pull/2923) - refactor(conninfo): create `types.ts` for type definitions by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2924](https://redirect.github.com/honojs/hono/pull/2924) #### New Contributors - [@​yasuaki640](https://redirect.github.com/yasuaki640) made their first contribution in [https://github.com/honojs/hono/pull/2899](https://redirect.github.com/honojs/hono/pull/2899) - [@​Cherry](https://redirect.github.com/Cherry) made their first contribution in [https://github.com/honojs/hono/pull/2902](https://redirect.github.com/honojs/hono/pull/2902) - [@​akira-tsuno](https://redirect.github.com/akira-tsuno) made their first contribution in [https://github.com/honojs/hono/pull/2916](https://redirect.github.com/honojs/hono/pull/2916) **Full Changelog**: https://github.com/honojs/hono/compare/v4.4.3...v4.4.4 ### [`v4.4.3`](https://redirect.github.com/honojs/hono/releases/tag/v4.4.3) [Compare Source](https://redirect.github.com/honojs/hono/compare/v4.4.2...v4.4.3) #### What's Changed - ci: Update workflow name of release.yml by [@​siguici](https://redirect.github.com/siguici) in [https://github.com/honojs/hono/pull/2874](https://redirect.github.com/honojs/hono/pull/2874) - refactor: removed unnecessary line by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/2869](https://redirect.github.com/honojs/hono/pull/2869) - ci: change name of workflow jobs by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/2875](https://redirect.github.com/honojs/hono/pull/2875) - docs(jsdoc): add jsdoc of some modules by [@​EdamAme-x](https://redirect.github.com/EdamAme-x) in [https://github.com/honojs/hono/pull/2836](https://redirect.github.com/honojs/hono/pull/2836) - ci: Report coverage with CodeCov by [@​exoego](https://redirect.github.com/exoego) in [https://github.com/honojs/hono/pull/2862](https://redirect.github.com/honojs/hono/pull/2862) - docs: update readme and migrate guide for migrating `deno.land/x` to JSR by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2879](https://redirect.github.com/honojs/hono/pull/2879) - chore: add coverage badge to README by [@​exoego](https://redirect.github.com/exoego) in [https://github.com/honojs/hono/pull/2881](https://redirect.github.com/honojs/hono/pull/2881) - fix(websocket): the onopen event cannot be triggered during delayed operations in deno by [@​JetLua](https://redirect.github.com/JetLua) in [https://github.com/honojs/hono/pull/2864](https://redirect.github.com/honojs/hono/pull/2864) - fix(cloudflare-workers): Update websocket.ts to return 101 status code by [@​ronkeiser](https://redirect.github.com/ronkeiser) in [https://github.com/honojs/hono/pull/2886](https://redirect.github.com/honojs/hono/pull/2886) - test(workerd): rename the runtime test `wrangler` to `workerd` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2888](https://redirect.github.com/honojs/hono/pull/2888) - test(workerd): add tests for WebSocket by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2891](https://redirect.github.com/honojs/hono/pull/2891) - refactor(aws-lambda): merge custom-context into types by [@​exoego](https://redirect.github.com/exoego) in [https://github.com/honojs/hono/pull/2889](https://redirect.github.com/honojs/hono/pull/2889) - chore: Exclude type-only files from coverage by [@​exoego](https://redirect.github.com/exoego) in [https://github.com/honojs/hono/pull/2890](https://redirect.github.com/honojs/hono/pull/2890) - test(presets): add tests for `hono/quick` and `hono/tiny` by [@​yusukebe](https://redirect.github.com/yusukebe) in [https://github.com/honojs/hono/pull/2892](https://redirect.github.com/honojs/hono/pull/2892) - fix(types): fix typo for unofficial status code type by [@​ryuapp](https://redirect.github.com/ryuapp) in [

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] commented 3 months ago

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

The artifact failure details are included below:

File name: yarn.lock
error This project's package.json defines "packageManager": "yarn@bun@1.0.25". However the current global version of Yarn is 1.22.22.

Presence of the "packageManager" field indicates that the project is meant to be used with Corepack, a tool included by default with all official Node.js distributions starting from 16.9 and 14.19.
Corepack must currently be enabled by running corepack enable in your terminal. For more information, check out https://yarnpkg.com/corepack.
vercel[bot] commented 3 months ago

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments | Name | Status | Preview | Comments | Updated (UTC) | | :--- | :----- | :------ | :------- | :------ | | **saku-apps-blog** | ⬜️ Ignored ([Inspect](https://vercel.com/sakupi01s-projects/saku-apps-blog/GK5LWgkPWQMnbtM3jtEfkgL3g4NE)) | [Visit Preview](https://saku-apps-blog-git-renovate-npm-hono-d75fe5-sakupi01s-projects.vercel.app) | | Nov 24, 2024 3:35pm | | **blog.sakupi01.com** | ⬜️ Skipped ([Inspect](https://vercel.com/sakupi01s-projects/blog.sakupi01.com/EYggaAk53pGdpwqYF5SzBXy2z6Uk)) | | | Nov 24, 2024 3:35pm | | **git-kusa** | ⬜️ Skipped ([Inspect](https://vercel.com/sakupi01s-projects/git-kusa/4jVgWRwUMgcU9R8pkRJh18nHfA1n)) | | | Nov 24, 2024 3:35pm |
codspeed-hq[bot] commented 7 hours ago

CodSpeed Performance Report

Merging #104 will not alter performance

Comparing renovate/npm-hono-vulnerability (ff14e20) with main (687427f)

Summary

✅ 3 untouched benchmarks