Bump hono from 4.4.0 to 4.5.9

[dependabot[bot]]

Bumps hono from 4.4.0 to 4.5.9.

Release notes

Sourced from hono's releases.

v4.5.9

What's Changed

• test(types): broken test in future versions of typescript by @​m-shaka in honojs/hono#3310
• fix(utils/color): Deno does not require permission for NO_COLOR by @​ryuapp in honojs/hono#3306
• feat(jsx): improve type (MIME) attribute types by @​ssssota in honojs/hono#3305
• feat(pretty-json): support custom query by @​nakasyou in honojs/hono#3300

Full Changelog: https://github.com/honojs/hono/compare/v4.5.8...v4.5.9

v4.5.8

Security Fix for CSRF Protection Middleware

Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.

This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.

For more details, see the report here: https://github.com/honojs/hono/security/advisories/GHSA-rpfr-3m35-5vx5

v4.5.7

What's Changed

• fix(jsx/dom): Fixed a bug that caused Script elements to turn into Style elements. by @​usualoma in honojs/hono#3294
• perf(jsx/dom): improve performance by @​usualoma in honojs/hono#3288
• feat(jsx): improve a-tag types with well known values by @​ssssota in honojs/hono#3287
• fix(validator): Fixed a bug in hono/validator where URL Encoded Data could not be validated if the Content-Type included charset. by @​uttk in honojs/hono#3297
• feat(jsx): improve target and formtarget attribute types by @​ssssota in honojs/hono#3299
• docs(README): change Twitter to X by @​nakasyou in honojs/hono#3301
• fix(client): replace optional params to url correctly by @​yusukebe in honojs/hono#3304
• feat(jsx): improve input attribute types based on react by @​ssssota in honojs/hono#3302

New Contributors

• @​uttk made their first contribution in honojs/hono#3297

Full Changelog: https://github.com/honojs/hono/compare/v4.5.6...v4.5.7

v4.5.6

What's Changed

• fix(jsx): handle async component error explicitly and throw the error in the response by @​usualoma in honojs/hono#3274
• fix(validator): support multipart headers without a separating space by @​Ernxst in honojs/hono#3286
• fix(validator): Allow form data will mutliple values appended by @​nicksrandall in honojs/hono#3273
• feat(jsx): improve meta-tag types with well known values by @​ssssota in honojs/hono#3276

New Contributors

• @​Ernxst made their first contribution in honojs/hono#3286
• @​ssssota made their first contribution in honojs/hono#3276

Full Changelog: https://github.com/honojs/hono/compare/v4.5.5...v4.5.6

v4.5.5

What's Changed

... (truncated)

Commits

• f9349ec v4.5.9
• 7ad1f05 feat(pretty-json): support custom query (#3300)
• 33189b8 feat(jsx): improve type (MIME) attribute types (#3305)
• 0a94e53 fix(color): Deno does not require permission for NO_COLOR (#3306)
• 6d7565e fix(types): broken test in future versions of typescript (#3310)
• d1c7f6f v4.5.8
• 41ce840 Merge commit from fork
• b0af71f v4.5.7
• 2646696 feat(jsx): improve input attribute types based on react (#3302)
• 331b3d8 fix(client): replace optional params to url correctly (#3304)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #283.