[Snyk] Upgrade hono from 3.12.12 to 4.6.3 #152
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade hono from 3.12.12 to 4.6.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 81 versions ahead of your current version.
The recommended version was released on 24 days ago.
Release notes
Package name: hono
This release has many new features, but each feature is small, so we've released it as a patch release.
What's Changed
runtime_tests
toruntime-tests
by @ yusukebe in #3419every
middleware work with short-circuiting middlewares by @ paolostyle in #3441renderToString
by @ usualoma in #3432New Contributors
Full Changelog: v4.6.2...v4.6.3
What's Changed
Full Changelog: v4.6.1...v4.6.2
What's Changed
New Contributors
Full Changelog: v4.6.0...v4.6.1
Hono v4.6.0 is now available!
One of the highlights of this release is the Context Storage Middleware. Let's introduce it.
Context Storage Middleware
Many users may have been waiting for this feature. The Context Storage Middleware uses
AsyncLocalStorage
to allow handling of the current Context object even outside of handlers.For example, let’s define a Hono app with a variable
message: string
.Variables: {
message: string
}
}
const app = new Hono<Env>()
To enable Context Storage Middleware, register
contextStorage()
as middleware at the top and set themessage
value.//...
app.use(contextStorage())
app.use(async (c, next) => {
c.set('message', 'Hello!')
await next()
})
getContext()
returns the current Context object, allowing you to get the value of themessage
variable outside the handler.app.get('/', (c) => {
return c.text(getMessage())
})
// Access the variable outside the handler.
const getMessage = () => {
return getContext<Env>().var.message
}
In the case of Cloudflare Workers, you can also access the
Bindings
outside the handler by using this middleware.Bindings: {
KV: KVNamespace
}
}
const app = new Hono<Env>()
app.use(contextStorage())
const setKV = (value: string) => {
return getContext<Env>().env.KV.put('key', value)
}
Thanks @ marceloverdijk !
New features
c.env.eventContext
in handleMiddleware #3332WSContext
#3337Content-Encoding
whenstream
is true #3355precompressed
option #3366Promise<string>
or (async)JSX.Element
instreamSSE
#3344onFound
option #3396Other changes
New Contributors
Full Changelog: v4.5.11...v4.6.0
What's Changed
Twitter
toX
by @ yusukebe in #3354New Contributors
Full Changelog: v4.5.10...v4.5.11
What's Changed
New Contributors
Full Changelog: v4.5.9...v4.5.10
What's Changed
NO_COLOR
by @ ryuapp in #3306type
(MIME) attribute types by @ ssssota in #3305Full Changelog: v4.5.8...v4.5.9
Security Fix for CSRF Protection Middleware
Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including
Content-Types
with uppercase letters (e.g.,Application/x-www-form-urlencoded
) as potential attacks, allowing them to pass.This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.
For more details, see the report here: GHSA-rpfr-3m35-5vx5
What's Changed
target
andformtarget
attribute types by @ ssssota in #3299New Contributors
Full Changelog: v4.5.6...v4.5.7
What's Changed
New Contributors
Full Changelog: v4.5.5...v4.5.6
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: