Bump hono from 4.12.3 to 4.12.19 in /frontend
Type: Pull Request
State: Closed
![dependabot[bot]](https://github.com/dependabot.png){kind=small}
dependabot[bot]Association: Unknown
Comments: 1
(28 days ago)
(6 days ago)
(6 days ago)
dependencies javascript
Bumps hono from 4.12.3 to 4.12.19.
Release notes
Sourced from hono's releases.
v4.12.19
What's Changed
- ci: pin GitHub Actions to SHAs by
@yusukebein honojs/hono#4932- fix(serveStatic): make options parameter optional in all adapters by
@mixelburgin honojs/hono#4934- fix(cookie): return the first cookie when there are multiple cookies with the same name by
@usualomain honojs/hono#4922- feat(bearer-auth): make bearerAuth generic for typed context in verifyToken by
@justinnaisin honojs/hono#4913- feat(cache): key cache entries by configured vary headers by
@usualomain honojs/hono#4915- feat(request): add
bytes()by@yusukebein honojs/hono#4921- fix(stream): upgrade
@hono/node-serverto v2 and fix abort handling by@yusukebein honojs/hono#4940New Contributors
@justinnaismade their first contribution in honojs/hono#4913Full Changelog: https://github.com/honojs/hono/compare/v4.12.18...v4.12.19
v4.12.18
Security fixes
This release includes fixes for the following security issues:
Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Affects: Cache Middleware. Fixes missing cache-skip handling for
Vary: AuthorizationandVary: Cookie, where a response cached for one authenticated user could be served to other users. GHSA-p77w-8qqv-26rmCSS Declaration Injection via Style Object Values in JSX SSR
Affects: hono/jsx. Fixes a missing CSS-context escape for
styleobject values and property names, where untrusted input could inject additional CSS declarations. The impact is limited to CSS and does not allow JavaScript execution. GHSA-qp7p-654g-cw7pImproper validation of NumericDate claims (exp, nbf, iat) in JWT verify()
Affects:
hono/utils/jwt. Fixes improper validation ofexp,nbf, andiatclaims, where falsy, non-finite, or non-numeric values could silently bypass time-based checks instead of being rejected per RFC 7519. GHSA-hm8q-7f3q-5f36
Users who use the JWT helper, hono/jsx, or the Cache middleware are strongly encouraged to upgrade to this version.
v4.12.17
What's Changed
- fix(jsx): normalize SVG attributes on the root element by
@kfly8in honojs/hono#4893- fix(ssg): add
atom+xmlandrss+xmltodefaultExtensionMapby@yuinteiin honojs/hono#4899- fix(cors): make origin optional in CORSOptions by
@truffle-devin honojs/hono#4905- fix(types): propagate middleware response types to app.on overloads by
@T4ko0522in honojs/hono#4906New Contributors
@kfly8made their first contribution in honojs/hono#4893@truffle-devmade their first contribution in honojs/hono#4905Full Changelog: https://github.com/honojs/hono/compare/v4.12.16...v4.12.17
v4.12.16
... (truncated)
Commits
7e62bcd4.12.19e2f252afix(stream): upgrade@hono/node-serverto v2 and fix abort handling (#4940)54f2f0cfeat(request): addbytes()(#4921)e59db59feat(cache): key cache entries by configured vary headers (#4915)48a7ccbfeat(bearer-auth): make bearerAuth generic for typed context in verifyToken (...ff7522ffix(cookie): return the first cookie when there are multiple cookies with the...26f8c33fix(serveStatic): make options parameter optional in all adapters (#4934)16c4e38ci: pin GitHub Actions to SHAs (#4932)f10dee84.12.18a5bd9ebMerge commit from fork- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Package Dependencies
Security Advisories
Hono has CSS Declaration Injection via Style Object Values in JSX SSR
Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()
Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cross-user cache leakage
Technical Details
| ID: | 16013091 |
| UUID: | 4462386956 |
| Node ID: | PR_kwDORYOrTc7cUuKr |
| Host: | GitHub |
| Repository: | dataengineeringformachinelearning/dataengineeringformachinelearning |