Bump hono from 4.4.0 to 4.5.11

[dependabot[bot]]

Bumps hono from 4.4.0 to 4.5.11.

Release notes

Sourced from hono's releases.

v4.5.11

What's Changed

• fix(jsx): race condition in ErrorBoundary with event loop by @​usualoma in honojs/hono#3343
• perf(jsx): skip the special behavior when the element is in the head. by @​usualoma in honojs/hono#3352
• refactor(utils/body): shorten the code by @​yusukebe in honojs/hono#3353
• docs: Twitter to X by @​yusukebe in honojs/hono#3354
• chore: fix typo in JSDoc by @​taga3s in honojs/hono#3364
• refactor(utils/basic-auth): Moved Internal function to utils by @​sugar-cat7 in honojs/hono#3359

New Contributors

• @​taga3s made their first contribution in honojs/hono#3364
• @​sugar-cat7 made their first contribution in honojs/hono#3359

Full Changelog: https://github.com/honojs/hono/compare/v4.5.10...v4.5.11

v4.5.10

What's Changed

• feat(compress): improve compress middleware by @​nitedani in honojs/hono#3317
• feat(jsx): add popover api attributes by @​ssssota in honojs/hono#3323
• feat(jsx): improve form attribute types by @​ssssota in honojs/hono#3330
• chore(test): migrate to vitest v2 by @​yasuaki640 in honojs/hono#3326
• chore(test): replace deprecated vitest type by @​yasuaki640 in honojs/hono#3338
• fix(logger): removing spaces from logger by @​marceloverdijk in honojs/hono#3334

New Contributors

• @​nitedani made their first contribution in honojs/hono#3317
• @​marceloverdijk made their first contribution in honojs/hono#3334

Full Changelog: https://github.com/honojs/hono/compare/v4.5.9...v4.5.10

v4.5.9

What's Changed

• test(types): broken test in future versions of typescript by @​m-shaka in honojs/hono#3310
• fix(utils/color): Deno does not require permission for NO_COLOR by @​ryuapp in honojs/hono#3306
• feat(jsx): improve type (MIME) attribute types by @​ssssota in honojs/hono#3305
• feat(pretty-json): support custom query by @​nakasyou in honojs/hono#3300

Full Changelog: https://github.com/honojs/hono/compare/v4.5.8...v4.5.9

v4.5.8

Security Fix for CSRF Protection Middleware

Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.

This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.

For more details, see the report here: https://github.com/honojs/hono/security/advisories/GHSA-rpfr-3m35-5vx5

v4.5.7

... (truncated)

Commits

• 3500404 v4.5.11
• 1db161e refactor(utils/basic-auth): Moved Internal function to utils (#3359)
• fa19540 chore: fix typo in JSDoc (#3364)
• bdaaa7f docs: Twitter to X (#3354)
• 7593e75 refactor(utils/body): shorten the code (#3353)
• e4cc5aa perf(jsx): skip the special behavior when the element is in the head. (#3352)
• 0712530 fix(jsx): race condition in ErrorBoundary with event loop (#3343)
• 040b0d4 v4.5.10
• 6c19429 fix(logger): removing spaces from logger (#3334)
• 72f4c9d chore(test): replace deprecated vitest type (#3338)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #290.