fix(deps): update dependency hono to v4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
hono (source)	^2.7.5 -> ^4.0.0

---

Release Notes

honojs/hono (hono)

v4.6.12

Compare Source

What's Changed

• ci(perf-measures): support KB by @​EdamAme-x in https://github.com/honojs/hono/pull/3696
• perf(router): sort handlers by score only when necessary by @​EdamAme-x in https://github.com/honojs/hono/pull/3697
• feat(css): add CSP nonce to hono/css related style and script tags by @​meck93 in https://github.com/honojs/hono/pull/3685
• fix(adapter/aws-lambda): add alb event requestContext undefined check for testing convenience by @​ospatil in https://github.com/honojs/hono/pull/3691

New Contributors

• @​meck93 made their first contribution in https://github.com/honojs/hono/pull/3685
• @​ospatil made their first contribution in https://github.com/honojs/hono/pull/3691

Full Changelog: honojs/hono@v4.6.11...v4.6.12

v4.6.11

Compare Source

What's Changed

• docs: changed as even smaller by @​EdamAme-x in https://github.com/honojs/hono/pull/3664
• chore(build): fix progress of log by @​EdamAme-x in https://github.com/honojs/hono/pull/3665
• chore(benchmark): add qs for query-param by @​yusukebe in https://github.com/honojs/hono/pull/3674
• feat(helper/factory): Calculate Context Type in createHandlers by @​sushichan044 in https://github.com/honojs/hono/pull/3670
• ci: compare bundle size by @​EdamAme-x in https://github.com/honojs/hono/pull/3661
• chore: enable formatting perf-measures by @​yusukebe in https://github.com/honojs/hono/pull/3683
• chore: lint build and perf-measures by @​yusukebe in https://github.com/honojs/hono/pull/3686
• ci: Display performance measurement results as custom metrics by @​k2tzumi in https://github.com/honojs/hono/pull/3491
• fix(base): define errorHandler with private not use # by @​yusukebe in https://github.com/honojs/hono/pull/3692

New Contributors

• @​sushichan044 made their first contribution in https://github.com/honojs/hono/pull/3670
• @​k2tzumi made their first contribution in https://github.com/honojs/hono/pull/3491

Full Changelog: honojs/hono@v4.6.10...v4.6.11

v4.6.10

Compare Source

What's Changed

• chore: format no-response.yml by @​yusukebe in https://github.com/honojs/hono/pull/3622
• ci(deno): merge deno runtime coverage by @​usualoma in https://github.com/honojs/hono/pull/3632
• chore: bump devDependencies by @​EdamAme-x in https://github.com/honojs/hono/pull/3633
• fix(jsr): fix missing exports by @​EdamAme-x in https://github.com/honojs/hono/pull/3636
• refactor(hono-base): use object abbreviation notation by @​EdamAme-x in https://github.com/honojs/hono/pull/3640
• chore(build): validate if exporting is correct in package.json and jsr.json by @​EdamAme-x in https://github.com/honojs/hono/pull/3638
• fix(serveStatic): add guard to prevent reading empty folders by @​oussamasf in https://github.com/honojs/hono/pull/3639
• docs(service-worker): fix module docs for service worker adapter by @​rwv in https://github.com/honojs/hono/pull/3645
• refactor(hono-base): remove unneeded processes and variables by @​EdamAme-x in https://github.com/honojs/hono/pull/3649
• perf(trie-router): optimize and remove unnecessary processes by @​EdamAme-x in https://github.com/honojs/hono/pull/3647
• refactor(router): use # for private props to reduce the minified bundle size by @​EdamAme-x in https://github.com/honojs/hono/pull/3660
• fix(middleware/combine): prevent c.req.routeIndex from being changed by @​usualoma in https://github.com/honojs/hono/pull/3663

New Contributors

• @​oussamasf made their first contribution in https://github.com/honojs/hono/pull/3639
• @​rwv made their first contribution in https://github.com/honojs/hono/pull/3645

Full Changelog: honojs/hono@v4.6.9...v4.6.10

v4.6.9

Compare Source

What's Changed

• refactor: fix typos by @​mattn in https://github.com/honojs/hono/pull/3583
• fix(req): correct c.req.param decodes invalid percent strings by @​yusukebe in https://github.com/honojs/hono/pull/3573
• fix(jsx/dom): fix memo for DOM renderer by @​usualoma in https://github.com/honojs/hono/pull/3568
• fix(jsx/dom): fix dom rendering bugs for fragment. by @​usualoma in https://github.com/honojs/hono/pull/3569
• perf(compose): check if it is a instance only once by @​EdamAme-x in https://github.com/honojs/hono/pull/3585
• perf(router): use .concat instead of spread syntax by @​EdamAme-x in https://github.com/honojs/hono/pull/3584
• fix(types): remove any and fix types of adapter/deno by @​EdamAme-x in https://github.com/honojs/hono/pull/3291
• refactor(timing/utils-body): a few minor edits by @​sharma-shray in https://github.com/honojs/hono/pull/3557
• fix(hono-base): remove .matchRoute and reduce bundle size by @​EdamAme-x in https://github.com/honojs/hono/pull/3595
• perf(utils/url): improve performance of url utility by @​EdamAme-x in https://github.com/honojs/hono/pull/3593
• perf(context): improve performance of context (setHeaders) by @​EdamAme-x in https://github.com/honojs/hono/pull/3592
• refactor(helper/html): Prefer Array.isArray over instanceof Array by @​exoego in https://github.com/honojs/hono/pull/3601
• refactor: compare with undefined directly by @​exoego in https://github.com/honojs/hono/pull/3602
• refactor: remove useless spread by @​exoego in https://github.com/honojs/hono/pull/3600
• refactor(context): use simple for-of syntax by @​usualoma in https://github.com/honojs/hono/pull/3598
• feat(context): allow URL object on c.redirect() by @​cometkim in https://github.com/honojs/hono/pull/3609
• ci: Use latest version of Bun and Deno for CI by @​fel1x-developer in https://github.com/honojs/hono/pull/3554
• chore(ISSUE_TEMPLATE): encourage them to add a version if possible by @​EdamAme-x in https://github.com/honojs/hono/pull/3599
• perf(middleware/logger): optimize color status by @​exoego in https://github.com/honojs/hono/pull/3603
• refactor(utils/mime): make object and type commonality by @​EdamAme-x in https://github.com/honojs/hono/pull/3606
• chore: automatically close issues marked as “not bug” over time by @​EdamAme-x in https://github.com/honojs/hono/pull/3611
• perf(utils): use | 0 instead of Math.floor by @​EdamAme-x in https://github.com/honojs/hono/pull/3605
• perf(helper/cookie): fast-path for name specified by @​exoego in https://github.com/honojs/hono/pull/3608
• refactor: use # for private methods to reduce the minified file size by @​yusukebe in https://github.com/honojs/hono/pull/3596
• fix(helper/websocket): allow custom events to be passed to generics by @​EdamAme-x in https://github.com/honojs/hono/pull/3616
• fix(middleware/etag): generate etag hash value from all chunks by @​usualoma in https://github.com/honojs/hono/pull/3604
• fix(utils/crypto): fix types of crypto utility by @​EdamAme-x in https://github.com/honojs/hono/pull/3614

New Contributors

• @​mattn made their first contribution in https://github.com/honojs/hono/pull/3583
• @​sharma-shray made their first contribution in https://github.com/honojs/hono/pull/3557
• @​fel1x-developer made their first contribution in https://github.com/honojs/hono/pull/3554

Full Changelog: honojs/hono@v4.6.8...v4.6.9

v4.6.8

Compare Source

What's Changed

• fix(bun/ws): fix invalid types by @​nakasyou in https://github.com/honojs/hono/pull/3562
• fix(utils/cookie): partitioned typo in CookieOptions by @​imcotton in https://github.com/honojs/hono/pull/3566
• fix(websocket): Fix typo in WSContextInit type by @​Ariel-Moroshko in https://github.com/honojs/hono/pull/3575
• fix(websocket): prevent sending entire buffer when streaming Uint8Array chunks by @​Ariel-Moroshko in https://github.com/honojs/hono/pull/3570
• fix(bun/ws): supoort --hot by @​nakasyou in https://github.com/honojs/hono/pull/3576
• feat(header): suggest name of header and combine in one file by @​EdamAme-x in https://github.com/honojs/hono/pull/3577
• fix(devcontainer): remove unknown flag on docker-compose by @​EdamAme-x in https://github.com/honojs/hono/pull/3582
• fix(types): replace Hono with HonoBase to get better consistency of types by @​m-shaka in https://github.com/honojs/hono/pull/3580

New Contributors

• @​Ariel-Moroshko made their first contribution in https://github.com/honojs/hono/pull/3575

Full Changelog: honojs/hono@v4.6.7...v4.6.8

v4.6.7

Compare Source

What's Changed

• fix(vercel): remove requestContext by @​yusukebe in https://github.com/honojs/hono/pull/3549
• feat(jwt): Support custom secret keys for signing JWTs by @​kaandok in https://github.com/honojs/hono/pull/3546
• feat(ws): Make WebSocket adapter more changeable by @​nakasyou in https://github.com/honojs/hono/pull/3531
• perf(router): improve performance of router by @​EdamAme-x in https://github.com/honojs/hono/pull/3526

New Contributors

• @​kaandok made their first contribution in https://github.com/honojs/hono/pull/3546

Full Changelog: honojs/hono@v4.6.6...v4.6.7

v4.6.6

Compare Source

What's Changed

• docs(powered-by): add JSDoc by @​yusukebe in https://github.com/honojs/hono/pull/3520
• chore: podman support for devcontainer by @​marcomuser in https://github.com/honojs/hono/pull/3529
• refactor(secure-headers): refine secureHeadersNonce init by @​imcotton in https://github.com/honojs/hono/pull/3535
• fix(serve-static): silence NotFound warning on Deno by @​pablo-abc in https://github.com/honojs/hono/pull/3542
• fix(client): return query params in $url by @​alex-grover in https://github.com/honojs/hono/pull/3541

New Contributors

• @​marcomuser made their first contribution in https://github.com/honojs/hono/pull/3529
• @​imcotton made their first contribution in https://github.com/honojs/hono/pull/3535
• @​pablo-abc made their first contribution in https://github.com/honojs/hono/pull/3542
• @​alex-grover made their first contribution in https://github.com/honojs/hono/pull/3541

Full Changelog: honojs/hono@v4.6.5...v4.6.6

v4.6.5

Compare Source

Security fix for CSRF Protection Middleware

This release includes a security fix for CSRF Protection Middleware. If you are using CSRF Protection Middleware, please upgrade this hono package immediately.

Before this release, a request without a Content-Type header can bypass the protection. This fix does not allow it. See: GHSA-2234-fmw7-43wr

What's Changed

• perf(types): replace intersection with union to get better perf by @​m-shaka in https://github.com/honojs/hono/pull/3443
• ci: use Deno v2 by @​yusukebe in https://github.com/honojs/hono/pull/3506
• ci: use Deno v2 for a test running for deno by @​nakasyou in https://github.com/honojs/hono/pull/3509
• fix(types): rm ExcludeEmptyObject to fix massively increased type instantiations by @​m-shaka in https://github.com/honojs/hono/pull/3507
• fix(cors): avoid setting Access-Control-Allow-Origin if there is no matching origin by @​uki00a in https://github.com/honojs/hono/pull/3510
• feat(powered-by): optional server name by @​PatrickJS in https://github.com/honojs/hono/pull/3492
• fix(factory): revert PR #​3498 by @​yusukebe in https://github.com/honojs/hono/pull/3515
• fix(build): remove private fields by @​nakasyou in https://github.com/honojs/hono/pull/3514

New Contributors

• @​uki00a made their first contribution in https://github.com/honojs/hono/pull/3510
• @​PatrickJS made their first contribution in https://github.com/honojs/hono/pull/3492

Full Changelog: honojs/hono@v4.6.4...v4.6.5

v4.6.4

Compare Source

What's Changed

• chore: upgrade dependencies by @​yusukebe in https://github.com/honojs/hono/pull/3446
• chore: remove crypto-js from dev dependencies by @​yusukebe in https://github.com/honojs/hono/pull/3447
• chore(test): suppress no-unused-vars "'x' is assigned a value but only used as type" by @​exoego in https://github.com/honojs/hono/pull/3451
• chore(test): include bun coverage by @​exoego in https://github.com/honojs/hono/pull/3457
• test(deno): remove duplicated app.get by @​exoego in https://github.com/honojs/hono/pull/3469
• fix(types): add key to IntrinsicAttributes by @​codehz in https://github.com/honojs/hono/pull/3474
• fix(factory): relax Bindings and Variables for createMiddleware by @​yusukebe in https://github.com/honojs/hono/pull/3498
• fix(service-worker): bind fetch to globalThis by @​sapphi-red in https://github.com/honojs/hono/pull/3500
• refactor(jsx): add override to toStringToBuffer in classes extending JSXNode by @​yusukebe in https://github.com/honojs/hono/pull/3505

New Contributors

• @​sapphi-red made their first contribution in https://github.com/honojs/hono/pull/3500

Full Changelog: honojs/hono@v4.6.3...v4.6.4

v4.6.3

Compare Source

This release has many new features, but each feature is small, so we've released it as a patch release.

What's Changed

• chore: rename runtime_tests to runtime-tests by @​yusukebe in https://github.com/honojs/hono/pull/3419
• ci: Type check perf by @​m-shaka in https://github.com/honojs/hono/pull/3406
• refactor(jsx/streaming): Clarified the type of renderToReadableStream. by @​usualoma in https://github.com/honojs/hono/pull/3434
• perf(types): use homomorphic mapped type to reduce conditional branches by @​m-shaka in https://github.com/honojs/hono/pull/3440
• ci: prettify type check result and rm a comment by @​m-shaka in https://github.com/honojs/hono/pull/3442
• fix(types): useSyncExternalStore type by @​codehz in https://github.com/honojs/hono/pull/3437
• fix(combine/every): make every middleware work with short-circuiting middlewares by @​paolostyle in https://github.com/honojs/hono/pull/3441
• feat(secureHeader): add CSP Report-Only mode support by @​isoppp in https://github.com/honojs/hono/pull/3413
• feat(jwt): make JwtVariables generic for improved type safety by @​TinsFox in https://github.com/honojs/hono/pull/3428
• feat(request): Make request.ts available throught JSR for frameworks that need to instantiate HonoRequest by @​Sorikairox in https://github.com/honojs/hono/pull/3425
• feat(jsx/precompile): Normalization and stringification of attribute values as renderToString by @​usualoma in https://github.com/honojs/hono/pull/3432
• feat(serve-static): support absolute root by @​yusukebe in https://github.com/honojs/hono/pull/3420

New Contributors

• @​codehz made their first contribution in https://github.com/honojs/hono/pull/3437
• @​paolostyle made their first contribution in https://github.com/honojs/hono/pull/3441
• @​isoppp made their first contribution in https://github.com/honojs/hono/pull/3413
• @​TinsFox made their first contribution in https://github.com/honojs/hono/pull/3428
• @​Sorikairox made their first contribution in https://github.com/honojs/hono/pull/3425

Full Changelog: honojs/hono@v4.6.2...v4.6.3

v4.6.2

Compare Source

What's Changed

• chore(lint): ESLint v9 by @​yusukebe in https://github.com/honojs/hono/pull/3393
• perf(serve-static): performance optimization for precompressed feature by @​usualoma in https://github.com/honojs/hono/pull/3414
• fix(serve-static): use application/octet-stream if the mime type is not detected by @​usualoma in https://github.com/honojs/hono/pull/3415

Full Changelog: honojs/hono@v4.6.1...v4.6.2

v4.6.1

Compare Source

What's Changed

• fix(build): improve addExtension esbuild plugin by @​kt3k in https://github.com/honojs/hono/pull/3405

New Contributors

• @​kt3k made their first contribution in https://github.com/honojs/hono/pull/3405

Full Changelog: honojs/hono@v4.6.0...v4.6.1

v4.6.0

Compare Source

Hono v4.6.0 is now available!

One of the highlights of this release is the Context Storage Middleware. Let's introduce it.

Context Storage Middleware

Many users may have been waiting for this feature. The Context Storage Middleware uses AsyncLocalStorage to allow handling of the current Context object even outside of handlers.

For example, let’s define a Hono app with a variable message: string.

type Env = {
  Variables: {
    message: string
  }
}

const app = new Hono<Env>()

To enable Context Storage Middleware, register contextStorage() as middleware at the top and set the message value.

import { contextStorage } from 'hono/context-storage'

//...

app.use(contextStorage())

app.use(async (c, next) => {
  c.set('message', 'Hello!')
  await next()
})

getContext() returns the current Context object, allowing you to get the value of the message variable outside the handler.

import { getContext } from 'hono/context-storage'

app.get('/', (c) => {
  return c.text(getMessage())
})

// Access the variable outside the handler.
const getMessage = () => {
  return getContext<Env>().var.message
}

In the case of Cloudflare Workers, you can also access the Bindings outside the handler by using this middleware.

type Env = {
  Bindings: {
    KV: KVNamespace
  }
}

const app = new Hono<Env>()

app.use(contextStorage())

const setKV = (value: string) => {
  return getContext<Env>().env.KV.put('key', value)
}

Thanks @​marceloverdijk !

New features

• feat(secureHeader): add Permissions-Policy header to secure headers middleware https://github.com/honojs/hono/pull/3314
• feat(cloudflare-pages): enable c.env.eventContext in handleMiddleware https://github.com/honojs/hono/pull/3332
• feat(websocket): Add generics type to WSContext https://github.com/honojs/hono/pull/3337
• feat(jsx-renderer): set Content-Encoding when stream is true https://github.com/honojs/hono/pull/3355
• feat(serveStatic): add precompressed option https://github.com/honojs/hono/pull/3366
• feat(helper/streaming): Support Promise<string> or (async) JSX.Element in streamSSE https://github.com/honojs/hono/pull/3344
• feat(context): make fetch Response headers mutable https://github.com/honojs/hono/pull/3318
• feat(serve-static): add onFound option https://github.com/honojs/hono/pull/3396
• feat(basic-auth): added custom response message option https://github.com/honojs/hono/pull/3371
• feat(bearer-auth): added custom response message options https://github.com/honojs/hono/pull/3372

Other changes

• chore(jsx-renderer): fix typo in JSDoc by @​taga3s in https://github.com/honojs/hono/pull/3378
• chore(deno): use the latest jsr libraries for testing by @​ryuapp in https://github.com/honojs/hono/pull/3375
• fix(secure-headers): optimize getPermissionsPolicyDirectives function by @​kbkn3 in https://github.com/honojs/hono/pull/3398
• fix(bearer-auth): typo by @​yusukebe in https://github.com/honojs/hono/pull/3404

New Contributors

• @​kbkn3 made their first contribution in https://github.com/honojs/hono/pull/3314
• @​hayatosc made their first contribution in https://github.com/honojs/hono/pull/3337
• @​inetol made their first contribution in https://github.com/honojs/hono/pull/3366

Full Changelog: honojs/hono@v4.5.11...v4.6.0

v4.5.11

Compare Source

What's Changed

• fix(jsx): race condition in ErrorBoundary with event loop by @​usualoma in https://github.com/honojs/hono/pull/3343
• perf(jsx): skip the special behavior when the element is in the head. by @​usualoma in https://github.com/honojs/hono/pull/3352
• refactor(utils/body): shorten the code by @​yusukebe in https://github.com/honojs/hono/pull/3353
• docs: Twitter to X by @​yusukebe in https://github.com/honojs/hono/pull/3354
• chore: fix typo in JSDoc by @​taga3s in https://github.com/honojs/hono/pull/3364
• refactor(utils/basic-auth): Moved Internal function to utils by @​sugar-cat7 in https://github.com/honojs/hono/pull/3359

New Contributors

• @​taga3s made their first contribution in https://github.com/honojs/hono/pull/3364
• @​sugar-cat7 made their first contribution in https://github.com/honojs/hono/pull/3359

Full Changelog: honojs/hono@v4.5.10...v4.5.11

v4.5.10

Compare Source

What's Changed

• feat(compress): improve compress middleware by @​nitedani in https://github.com/honojs/hono/pull/3317
• feat(jsx): add popover api attributes by @​ssssota in https://github.com/honojs/hono/pull/3323
• feat(jsx): improve form attribute types by @​ssssota in https://github.com/honojs/hono/pull/3330
• chore(test): migrate to vitest v2 by @​yasuaki640 in https://github.com/honojs/hono/pull/3326
• chore(test): replace deprecated vitest type by @​yasuaki640 in https://github.com/honojs/hono/pull/3338
• fix(logger): removing spaces from logger by @​marceloverdijk in https://github.com/honojs/hono/pull/3334

New Contributors

• @​nitedani made their first contribution in https://github.com/honojs/hono/pull/3317
• @​marceloverdijk made their first contribution in https://github.com/honojs/hono/pull/3334

Full Changelog: honojs/hono@v4.5.9...v4.5.10

v4.5.9

Compare Source

What's Changed

• test(types): broken test in future versions of typescript by @​m-shaka in https://github.com/honojs/hono/pull/3310
• fix(utils/color): Deno does not require permission for NO_COLOR by @​ryuapp in https://github.com/honojs/hono/pull/3306
• feat(jsx): improve type (MIME) attribute types by @​ssssota in https://github.com/honojs/hono/pull/3305
• feat(pretty-json): support custom query by @​nakasyou in https://github.com/honojs/hono/pull/3300

Full Changelog: honojs/hono@v4.5.8...v4.5.9

v4.5.8

Compare Source

Security Fix for CSRF Protection Middleware

Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.

This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.

For more details, see the report here: GHSA-rpfr-3m35-5vx5

v4.5.7

Compare Source

What's Changed

• fix(jsx/dom): Fixed a bug that caused Script elements to turn into Style elements. by @​usualoma in https://github.com/honojs/hono/pull/3294
• perf(jsx/dom): improve performance by @​usualoma in https://github.com/honojs/hono/pull/3288
• feat(jsx): improve a-tag types with well known values by @​ssssota in https://github.com/honojs/hono/pull/3287
• fix(validator): Fixed a bug in hono/validator where URL Encoded Data could not be validated if the Content-Type included charset. by @​uttk in https://github.com/honojs/hono/pull/3297
• feat(jsx): improve target and formtarget attribute types by @​ssssota in https://github.com/honojs/hono/pull/3299
• docs(README): change Twitter to X by @​nakasyou in https://github.com/honojs/hono/pull/3301
• fix(client): replace optional params to url correctly by @​yusukebe in https://github.com/honojs/hono/pull/3304
• feat(jsx): improve input attribute types based on react by @​ssssota in https://github.com/honojs/hono/pull/3302

New Contributors

• @​uttk made their first contribution in https://github.com/honojs/hono/pull/3297

Full Changelog: honojs/hono@v4.5.6...v4.5.7

v4.5.6

Compare Source

What's Changed

• fix(jsx): handle async component error explicitly and throw the error in the response by @​usualoma in https://github.com/honojs/hono/pull/3274
• fix(validator): support multipart headers without a separating space by @​Ernxst in https://github.com/honojs/hono/pull/3286
• fix(validator): Allow form data will mutliple values appended by @​nicksrandall in https://github.com/honojs/hono/pull/3273
• feat(jsx): improve meta-tag types with well known values by @​ssssota in https://github.com/honojs/hono/pull/3276

New Contributors

• @​Ernxst made their first contribution in https://github.com/honojs/hono/pull/3286
• @​ssssota made their first contribution in https://github.com/honojs/hono/pull/3276

Full Changelog: honojs/hono@v4.5.5...v4.5.6

v4.5.5

Compare Source

What's Changed

• fix(jsx): allow null, undefined, and boolean to be returned from function component by @​usualoma in https://github.com/honojs/hono/pull/3241
• feat(context): Add types for c.header by @​nakasyou in https://github.com/honojs/hono/pull/3221
• fix(jsx): fix draggable type to accept boolean by @​yasuaki640 in https://github.com/honojs/hono/pull/3253
• feat(context): add Context-Type types to c.header by @​nakasyou in https://github.com/honojs/hono/pull/3255
• fix(serve-static): supports directory contains . and not end / by @​yusukebe in https://github.com/honojs/hono/pull/3256

Full Changelog: honojs/hono@v4.5.4...v4.5.5

v4.5.4

Compare Source

What's Changed

• fix(jsx): corrects the type of 'draggable' attribute in intrinsic-elements.ts by @​yasuaki640 in https://github.com/honojs/hono/pull/3224
• feat(jsx): allow to merge CSSProperties declaration by @​jonasnobile in https://github.com/honojs/hono/pull/3228
• feat(client): Add WebSocket Provider Integration Tests and Enhance WebSocket Initialization by @​naporin0624 in https://github.com/honojs/hono/pull/3213
• fix(types): param in ValidationTargets supports optional param by @​yusukebe in https://github.com/honojs/hono/pull/3229

New Contributors

• @​jonasnobile made their first contribution in https://github.com/honojs/hono/pull/3228

Full Changelog: honojs/hono@v4.5.3...v4.5.4

v4.5.3

Compare Source

What's Changed

• fix(validator): Add double quotation marks to multipart checker regex by @​CPlusPatch in https://github.com/honojs/hono/pull/3195
• fix(validator): support application/json with a charset as JSON by @​yusukebe in https://github.com/honojs/hono/pull/3199
• fix(jsx): fix handling of SVG elements in JSX. by @​usualoma in https://github.com/honojs/hono/pull/3204
• fix(jsx/dom): fix performance issue with adding many new node listings by @​usualoma in https://github.com/honojs/hono/pull/3205
• fix(service-worker): refer to self.fetch correctly by @​yusukebe in https://github.com/honojs/hono/pull/3200

New Contributors

• @​CPlusPatch made their first contribution in https://github.com/honojs/hono/pull/3195

Full Changelog: honojs/hono@v4.5.2...v4.5.3

v4.5.2

Compare Source

What's Changed

• fix(helper/adapter): don't check navigator is undefined by @​yusukebe in https://github.com/honojs/hono/pull/3171
• fix(types): handle readonly array correctly by @​m-shaka in https://github.com/honojs/hono/pull/3172
• Revert "fix(helper/adapter): don't check navigator is undefined by @​yusukebe in https://github.com/honojs/hono/pull/3173
• fix(type): degradation of generic type handling by @​m-shaka in https://github.com/honojs/hono/pull/3138
• fix:(csrf) fix typo of csrf middleware by @​yasuaki640 in https://github.com/honojs/hono/pull/3178
• feat(secure-headers): remove "X-Powered-By" should be an option by @​EdamAme-x in https://github.com/honojs/hono/pull/3177

Full Changelog: honojs/hono@v4.5.1...v4.5.2

v4.5.1

Compare Source

What's Changed

• chore: remove rimraf and use bun shell by @​nakasyou in https://github.com/honojs/hono/pull/3146
• chore: moving the setup file of vitest by @​EdamAme-x in https://github.com/honojs/hono/pull/3157
• fix(middleware/jwt): Changed the jwt-secret type to SignatureKey by @​JulesVerner in https://github.com/honojs/hono/pull/3167
• feat(bearer-auth): Allow empty bearer-auth middleware prefixes by @​prevostc in https://github.com/honojs/hono/pull/3161
• chore(factory): remove @experimental from createApp by @​yusukebe in https://github.com/honojs/hono/pull/3164
• fix(client): support array values for query in ws by @​yusukebe in https://github.com/honojs/hono/pull/3169
• fix(validator): ignore content-type mismatches by @​yusukebe in https://github.com/honojs/hono/pull/3165

New Contributors

• @​JulesVerner made their first contribution in https://github.com/honojs/hono/pull/3167
• @​prevostc made their first contribution in https://github.com/honojs/hono/pull/3161

Full Changelog: honojs/hono@v4.5.0...v4.5.1

v4.5.0

Compare Source

v4.4.13

Compare Source

What's Changed

• chore: update benchmark by @​yusukebe in https://github.com/honojs/hono/pull/3102
• chore: replace tsx with Bun by @​nakasyou in https://github.com/honojs/hono/pull/3103
• refactor(http-status): remove unnecessary line of types and use common types by @​EdamAme-x in https://github.com/honojs/hono/pull/3110
• fix(jsx): redefine scope attribute as enum type by @​yasuaki640 in https://github.com/honojs/hono/pull/3118
• fix(types): allow string[] | File[] for RPC form value by @​yusukebe in https://github.com/honojs/hono/pull/3117
• fix(validator-types): type Alignment with Web Standards by @​EdamAme-x in https://github.com/honojs/hono/pull/3120
• fix(types): app.use(path, mw) return correct schema type by @​yusukebe in https://github.com/honojs/hono/pull/3128

Full Changelog: honojs/hono@v4.4.12...v4.4.13

v4.4.12

Compare Source

What's Changed

• fix(aws-lambda): set cookies with comma is bugged by @​NamesMT in https://github.com/honojs/hono/pull/3084
• fix(types): infer path when chaining after use by @​yusukebe in https://github.com/honojs/hono/pull/3087
• chore: update outdated links in JSDoc by @​ryuapp in https://github.com/honojs/hono/pull/3089
• fix(jsx): changes behavior when download attribute is set to a boolean value. by @​oon00b in https://github.com/honojs/hono/pull/3094
• chore: add the triage label by @​mvares in https://github.com/honojs/hono/pull/3092
• feat(types): improve JSONParsed by @​m-shaka in https://github.com/honojs/hono/pull/3074
• fix(helper/streaming): remove slow types by @​yusukebe in https://github.com/honojs/hono/pull/3100
• chore(utils/jwt): add @module docs by @​yusukebe in https://github.com/honojs/hono/pull/3101

New Contributors

• @​oon00b made their first contribution in https://github.com/honojs/hono/pull/3094

Full Changelog: honojs/hono@v4.4.11...v4.4.12

v4.4.11

Compare Source

What's Changed

• refactor: remove unnecessary async keyword from router tests by @​K-tecchan in https://github.com/honojs/hono/pull/3061
• fix(validator): don't return a FormData if formData is cached by @​yusukebe in https://github.com/honojs/hono/pull/3067
• fix(client): Add Query Parameter Support to WebSocket Client in hono/client by @​naporin0624 in https://github.com/honojs/hono/pull/3066
• refactor(types): move HandlerInterface's (path, handler)s overloads down by @​NamesMT in https://github.com/honojs/hono/pull/3072
• test(helper/dev): fix typo of test case name by @​yasuaki640 in https://github.com/honojs/hono/pull/3073
• fix(stream): Fixed a problem that onAbort() is called even if request is normally closed in deno by @​usualoma in https://github.com/honojs/hono/pull/3079

New Contributors

• @​K-tecchan made their first contribution in https://github.com/honojs/hono/pull/3061

Full Changelog: honojs/hono@v4.4.10...v4.4.11

v4.4.10

Compare Source

What's Changed

• chore(jsr): export JWT utils by @​ryuapp in https://github.com/honojs/hono/pull/3056
• fix(streaming