Sourced from hono's releases.

v4.9.6

Security

Fixed a bug in URL path parsing (getPath) that could cause path confusion under malformed requests.

If you rely on reverse proxies (e.g. Nginx) for ACLs or restrict access to endpoints like /admin, please update immediately.

See advisory for details: GHSA-9hp6-4448-45g2

What's Changed

• chore: update packages in the router bench by @​yusukebe in honojs/hono#4386
• chore(benchmarks): remove comment-out from router bench by @​yusukebe in honojs/hono#4387

Full Changelog: https://github.com/honojs/hono/compare/v4.9.5...v4.9.6

v4.9.5

What's Changed

• chore: replace supertest with undici by @​BarryThePenguin in honojs/hono#4365
• fix(aws-lambda): preserve percent-encoded values in query strings by @​yusukebe in honojs/hono#4372
• feat(cors): Allow async functions for origin and allowMethods by @​jobrk in honojs/hono#4373
• feat(cors): Correct origin function return type asynchronously returning null or undefined for origin by @​jobrk in honojs/hono#4375
• fix(service-worker): correct args for app.fetch in handle by @​yusukebe in honojs/hono#4374
• fix(language-detector): Detect language from path after getPath changed by @​iflamed in honojs/hono#4369

New Contributors

• @​jobrk made their first contribution in honojs/hono#4373
• @​iflamed made their first contribution in honojs/hono#4369

Full Changelog: https://github.com/honojs/hono/compare/v4.9.4...v4.9.5

v4.9.4

What's Changed

• chore: add a type cast to run deno publish by @​yusukebe in honojs/hono#4364

Full Changelog: https://github.com/honojs/hono/compare/v4.9.3...v4.9.4

v4.9.3

What's Changed

• feat(csrf): Add modern CSRF protection with Fetch Metadata support by @​meck93 in honojs/hono#4353
• tests: use vitest projects by @​BarryThePenguin in honojs/hono#4359
• feat(proxy): add customFetch option to allow custom fetch function by @​yusukebe in honojs/hono#4360
• chore: update typescript to 5.9.2 by @​yusukebe in honojs/hono#4362
• chore: add packageManager field to package.json by @​yusukebe in honojs/hono#4363

Full Changelog: https://github.com/honojs/hono/compare/v4.9.2...v4.9.3

v4.9.2

... (truncated)

• 7f4311c 4.9.6
• 1d79aed Merge commit from fork
• adecab1 chore(benchmarks): remove comment-out from router bench (#4387)
• b3d5b40 chore: update packages in the router bench (#4386)
• 98cb963 4.9.5
• b3e8cab fix(language-detector): Detect language from path after getPath changed (#4369)
• 0e3db67 fix(service-worker): correct args for app.fetch in handle (#4374)
• c4577e9 fix(cors): Allow returning null or undefined for origin (#4375)
• 5bfbff8 feat(cors): Allow async functions for origin and allowMethods (#4373)
• a268569 fix(aws-lambda): preserve percent-encoded values in query strings (#4372)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)