Bump hono from 4.4.0 to 4.5.10

[dependabot[bot]]

Bumps hono from 4.4.0 to 4.5.10.

Release notes

Sourced from hono's releases.

v4.5.10

What's Changed

• feat(compress): improve compress middleware by @​nitedani in honojs/hono#3317
• feat(jsx): add popover api attributes by @​ssssota in honojs/hono#3323
• feat(jsx): improve form attribute types by @​ssssota in honojs/hono#3330
• chore(test): migrate to vitest v2 by @​yasuaki640 in honojs/hono#3326
• chore(test): replace deprecated vitest type by @​yasuaki640 in honojs/hono#3338
• fix(logger): removing spaces from logger by @​marceloverdijk in honojs/hono#3334

New Contributors

• @​nitedani made their first contribution in honojs/hono#3317
• @​marceloverdijk made their first contribution in honojs/hono#3334

Full Changelog: https://github.com/honojs/hono/compare/v4.5.9...v4.5.10

v4.5.9

What's Changed

• test(types): broken test in future versions of typescript by @​m-shaka in honojs/hono#3310
• fix(utils/color): Deno does not require permission for NO_COLOR by @​ryuapp in honojs/hono#3306
• feat(jsx): improve type (MIME) attribute types by @​ssssota in honojs/hono#3305
• feat(pretty-json): support custom query by @​nakasyou in honojs/hono#3300

Full Changelog: https://github.com/honojs/hono/compare/v4.5.8...v4.5.9

v4.5.8

Security Fix for CSRF Protection Middleware

Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.

This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.

For more details, see the report here: https://github.com/honojs/hono/security/advisories/GHSA-rpfr-3m35-5vx5

v4.5.7

What's Changed

• fix(jsx/dom): Fixed a bug that caused Script elements to turn into Style elements. by @​usualoma in honojs/hono#3294
• perf(jsx/dom): improve performance by @​usualoma in honojs/hono#3288
• feat(jsx): improve a-tag types with well known values by @​ssssota in honojs/hono#3287
• fix(validator): Fixed a bug in hono/validator where URL Encoded Data could not be validated if the Content-Type included charset. by @​uttk in honojs/hono#3297
• feat(jsx): improve target and formtarget attribute types by @​ssssota in honojs/hono#3299
• docs(README): change Twitter to X by @​nakasyou in honojs/hono#3301
• fix(client): replace optional params to url correctly by @​yusukebe in honojs/hono#3304
• feat(jsx): improve input attribute types based on react by @​ssssota in honojs/hono#3302

New Contributors

• @​uttk made their first contribution in honojs/hono#3297

Full Changelog: https://github.com/honojs/hono/compare/v4.5.6...v4.5.7

... (truncated)

Commits

• 040b0d4 v4.5.10
• 6c19429 fix(logger): removing spaces from logger (#3334)
• 72f4c9d chore(test): replace deprecated vitest type (#3338)
• 18f937d chore(test): migrate to vitest v2 (#3326)
• e449c95 feat(jsx): improve form attribute types (#3330)
• bc2b7cf feat(jsx): add popover api attributes (#3323)
• 12893e2 feat(compress): improve compress middleware (#3317)
• f9349ec v4.5.9
• 7ad1f05 feat(pretty-json): support custom query (#3300)
• 33189b8 feat(jsx): improve type (MIME) attribute types (#3305)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #287.