[Snyk] Upgrade hono from 4.1.3 to 4.6.5#41
Open
cnrkuo wants to merge 1 commit into
Open
Conversation
Snyk has created this PR to upgrade hono from 4.1.3 to 4.6.5. See this package in npm: hono See this project in Snyk: https://app.snyk.io/org/kuohuanhuan/project/2ca4f692-ce62-4501-b31a-72f6421684ed?utm_source=github&utm_medium=referral&page=upgrade-pr
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



Snyk has created this PR to upgrade hono from 4.1.3 to 4.6.5.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 62 versions ahead of your current version.
The recommended version was released on a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-HONO-6672874
SNYK-JS-HONO-8220272
SNYK-JS-HONO-7814167
Release notes
Package name: hono
-
4.6.5 - 2024-10-15
- perf(types): replace intersection with union to get better perf by @ m-shaka in #3443
- ci: use Deno
- ci: use Deno v2 for a test running for deno by @ nakasyou in #3509
- fix(types): rm ExcludeEmptyObject to fix massively increased type instantiations by @ m-shaka in #3507
- fix(cors): avoid setting
- feat(powered-by): optional server name by @ PatrickJS in #3492
- fix(factory): revert PR #3498 by @ yusukebe in #3515
- fix(build): remove private fields by @ nakasyou in #3514
- @ uki00a made their first contribution in #3510
- @ PatrickJS made their first contribution in #3492
-
4.6.4 - 2024-10-11
- chore: upgrade dependencies by @ yusukebe in #3446
- chore: remove
- chore(test): suppress no-unused-vars "'x' is assigned a value but only used as type" by @ exoego in #3451
- chore(test): include bun coverage by @ exoego in #3457
- test(deno): remove duplicated app.get by @ exoego in #3469
- fix(types): add key to IntrinsicAttributes by @ codehz in #3474
- fix(factory): relax Bindings and Variables for
- fix(service-worker): bind fetch to
- refactor(jsx): add
- @ sapphi-red made their first contribution in #3500
-
4.6.3 - 2024-09-24
- chore: rename
- ci: Type check perf by @ m-shaka in #3406
- refactor(jsx/streaming): Clarified the type of renderToReadableStream. by @ usualoma in #3434
- perf(types): use homomorphic mapped type to reduce conditional branches by @ m-shaka in #3440
- ci: prettify type check result and rm a comment by @ m-shaka in #3442
- fix(types): useSyncExternalStore type by @ codehz in #3437
- fix(combine/every): make
- feat(secureHeader): add CSP Report-Only mode support by @ isoppp in #3413
- feat(jwt): make JwtVariables generic for improved type safety by @ TinsFox in #3428
- feat(request): Make request.ts available throught JSR for frameworks that need to instantiate HonoRequest by @ Sorikairox in #3425
- feat(jsx/precompile): Normalization and stringification of attribute values as
- feat(serve-static): support absolute root by @ yusukebe in #3420
- @ codehz made their first contribution in #3437
- @ paolostyle made their first contribution in #3441
- @ isoppp made their first contribution in #3413
- @ TinsFox made their first contribution in #3428
- @ Sorikairox made their first contribution in #3425
-
4.6.2 - 2024-09-17
- chore(lint): ESLint v9 by @ yusukebe in #3393
- perf(serve-static): performance optimization for precompressed feature by @ usualoma in #3414
- fix(serve-static): use application/octet-stream if the mime type is not detected by @ usualoma in #3415
-
4.6.1 - 2024-09-11
- fix(build): improve addExtension esbuild plugin by @ kt3k in #3405
- @ kt3k made their first contribution in #3405
-
4.6.0 - 2024-09-11
type Env = {
import { contextStorage } from 'hono/context-storage'
import { getContext } from 'hono/context-storage'
type Env = {
- feat(secureHeader): add Permissions-Policy header to secure headers middleware #3314
- feat(cloudflare-pages): enable
- feat(websocket): Add generics type to
- feat(jsx-renderer): set
- feat(serveStatic): add
- feat(helper/streaming): Support
- feat(context): make fetch Response headers mutable #3318
- feat(serve-static): add
- feat(basic-auth): added custom response message option #3371
- feat(bearer-auth): added custom response message options #3372
- chore(jsx-renderer): fix typo in JSDoc by @ taga3s in #3378
- chore(deno): use the latest jsr libraries for testing by @ ryuapp in #3375
- fix(secure-headers): optimize getPermissionsPolicyDirectives function by @ kbkn3 in #3398
- fix(bearer-auth): typo by @ yusukebe in #3404
- @ kbkn3 made their first contribution in #3314
- @ hayatosc made their first contribution in #3337
- @ inetol made their first contribution in #3366
-
4.5.11 - 2024-09-03
- fix(jsx): race condition in ErrorBoundary with event loop by @ usualoma in #3343
- perf(jsx): skip the special behavior when the element is in the head. by @ usualoma in #3352
- refactor(utils/body): shorten the code by @ yusukebe in #3353
- docs:
- chore: fix typo in JSDoc by @ taga3s in #3364
- refactor(utils/basic-auth): Moved Internal function to utils by @ sugar-cat7 in #3359
- @ taga3s made their first contribution in #3364
- @ sugar-cat7 made their first contribution in #3359
-
4.5.10 - 2024-08-31
- feat(compress): improve compress middleware by @ nitedani in #3317
- feat(jsx): add popover api attributes by @ ssssota in #3323
- feat(jsx): improve form attribute types by @ ssssota in #3330
- chore(test): migrate to vitest v2 by @ yasuaki640 in #3326
- chore(test): replace deprecated vitest type by @ yasuaki640 in #3338
- fix(logger): removing spaces from logger by @ marceloverdijk in #3334
- @ nitedani made their first contribution in #3317
- @ marceloverdijk made their first contribution in #3334
-
4.5.9 - 2024-08-26
- test(types): broken test in future versions of typescript by @ m-shaka in #3310
- fix(utils/color): Deno does not require permission for
- feat(jsx): improve
- feat(pretty-json): support custom query by @ nakasyou in #3300
-
4.5.8 - 2024-08-22
-
4.5.7 - 2024-08-21
-
4.5.6 - 2024-08-17
-
4.5.5 - 2024-08-11
-
4.5.4 - 2024-08-06
-
4.5.3 - 2024-07-29
-
4.5.2 - 2024-07-27
-
4.5.1 - 2024-07-20
-
4.5.0 - 2024-07-16
-
4.5.0-rc.2 - 2024-06-29
-
4.5.0-rc.1 - 2024-06-12
-
4.4.13 - 2024-07-11
-
4.4.12 - 2024-07-06
-
4.4.11 - 2024-07-03
-
4.4.10 - 2024-06-29
-
4.4.9 - 2024-06-27
-
4.4.8 - 2024-06-24
-
4.4.7 - 2024-06-19
-
4.4.6 - 2024-06-13
-
4.4.5 - 2024-06-11
-
4.4.4 - 2024-06-06
-
4.4.3 - 2024-06-03
-
4.4.2 - 2024-05-30
-
4.4.1 - 2024-05-30
-
4.4.0 - 2024-05-27
-
4.4.0-rc.1 - 2024-05-24
-
4.3.11 - 2024-05-24
-
4.3.10 - 2024-05-23
-
4.3.9 - 2024-05-21
-
4.3.8 - 2024-05-19
-
4.3.7 - 2024-05-15
-
4.3.6 - 2024-05-12
-
4.3.5 - 2024-05-12
-
4.3.4 - 2024-05-09
-
4.3.3 - 2024-05-08
-
4.3.2 - 2024-05-04
-
4.3.1 - 2024-05-04
-
4.3.0 - 2024-05-03
-
4.2.9 - 2024-04-29
-
4.2.8 - 2024-04-26
-
4.2.7 - 2024-04-23
-
4.2.6 - 2024-04-22
-
4.2.5 - 2024-04-18
-
4.2.4 - 2024-04-13
-
4.2.3 - 2024-04-09
-
4.2.2 - 2024-04-05
-
4.2.1 - 2024-04-03
-
4.2.0 - 2024-04-02
-
4.2.0-rc.1 - 2024-03-31
-
4.1.7 - 2024-03-31
-
4.1.6 - 2024-03-31
-
4.1.5 - 2024-03-27
-
4.1.4 - 2024-03-25
-
4.1.3 - 2024-03-20
fromSecurity fix for CSRF Protection Middleware
This release includes a security fix for CSRF Protection Middleware. If you are using CSRF Protection Middleware, please upgrade this
honopackage immediately.Before this release, a request without a
Content-Typeheader can bypass the protection. This fix does not allow it. See: GHSA-2234-fmw7-43wrWhat's Changed
v2by @ yusukebe in #3506Access-Control-Allow-Originif there is no matching origin by @ uki00a in #3510New Contributors
Full Changelog: v4.6.4...v4.6.5
What's Changed
crypto-jsfrom dev dependencies by @ yusukebe in #3447createMiddlewareby @ yusukebe in #3498globalThisby @ sapphi-red in #3500overridetotoStringToBufferin classes extendingJSXNodeby @ yusukebe in #3505New Contributors
Full Changelog: v4.6.3...v4.6.4
This release has many new features, but each feature is small, so we've released it as a patch release.
What's Changed
runtime_teststoruntime-testsby @ yusukebe in #3419everymiddleware work with short-circuiting middlewares by @ paolostyle in #3441renderToStringby @ usualoma in #3432New Contributors
Full Changelog: v4.6.2...v4.6.3
What's Changed
Full Changelog: v4.6.1...v4.6.2
What's Changed
New Contributors
Full Changelog: v4.6.0...v4.6.1
Hono v4.6.0 is now available!
One of the highlights of this release is the Context Storage Middleware. Let's introduce it.
Context Storage Middleware
Many users may have been waiting for this feature. The Context Storage Middleware uses
AsyncLocalStorageto allow handling of the current Context object even outside of handlers.For example, let’s define a Hono app with a variable
message: string.Variables: {
message: string
}
}
const app = new Hono<Env>()
To enable Context Storage Middleware, register
contextStorage()as middleware at the top and set themessagevalue.//...
app.use(contextStorage())
app.use(async (c, next) => {
c.set('message', 'Hello!')
await next()
})
getContext()returns the current Context object, allowing you to get the value of themessagevariable outside the handler.app.get('/', (c) => {
return c.text(getMessage())
})
// Access the variable outside the handler.
const getMessage = () => {
return getContext<Env>().var.message
}
In the case of Cloudflare Workers, you can also access the
Bindingsoutside the handler by using this middleware.Bindings: {
KV: KVNamespace
}
}
const app = new Hono<Env>()
app.use(contextStorage())
const setKV = (value: string) => {
return getContext<Env>().env.KV.put('key', value)
}
Thanks @ marceloverdijk !
New features
c.env.eventContextin handleMiddleware #3332WSContext#3337Content-Encodingwhenstreamis true #3355precompressedoption #3366Promise<string>or (async)JSX.ElementinstreamSSE#3344onFoundoption #3396Other changes
New Contributors
Full Changelog: v4.5.11...v4.6.0
What's Changed
TwittertoXby @ yusukebe in #3354New Contributors
Full Changelog: v4.5.10...v4.5.11
What's Changed
New Contributors
Full Changelog: v4.5.9...v4.5.10
What's Changed
NO_COLORby @ ryuapp in #3306type(MIME) attribute types by @ ssssota in #3305Full Changelog: v4.5.8...v4.5.9
Security Fix for CSRF Protection Middleware
Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including
Content-Typeswith uppercase letters (e.g.,Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.
For more details, see the report here: GHSA-rpfr-3m35-5vx5