Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade hono from 3.12.0 to 4.4.0 #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade hono from 3.12.0 to 4.4.0 #1

wants to merge 1 commit into from

Conversation

YoutacRandS-VA
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade hono from 3.12.0 to 4.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 62 versions ahead of your current version.

  • The recommended version was released on 24 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 482 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 482 Proof of Concept
medium severity Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
SNYK-JS-HONO-6672874		 482 Proof of Concept
low severity Improper Access Control
SNYK-JS-UNDICI-6564963		 482 No Known Exploit
low severity Improper Authorization
SNYK-JS-UNDICI-6564964		 482 No Known Exploit
Release notes
Package name: hono
  • 4.4.0 - 2024-05-27

    Hono v4.4.0 is now available! Let's take a look at the new features.

    Support JSR

    Now, Hono is available on JSR - a new JavaScript/TypeScript registry! You can install the Hono package from JSR right now. If you want to run your Hono app on Deno, you can install it with the following command:

    deno add @ hono/hono

    Then, use it in your code!

    // main.ts
    import { Hono } from '@ hono/hono'

    const app = new Hono()

    app.get('/', (c) => c.text('Hello JSR!'))

    export default app

    And run it:

    deno serve main.ts

    If you edit the deno.json and set the paths appropriately, the exact same code that you are familiar with will work in Deno, Cloudflare Workers, and Bun.

    deno.json:

    {
  "imports": {
    "hono": "jsr:@ hono/hono@^4.4.0"
  }
}
    Area.mp4
    Area.mp4

    JSR is not exclusive to Deno. You can use it with npm and Bun.

    # npm
    npx jsr add @ hono/hono

    # bun
    bunx jsr add @ hono/hono

    And, removing "slow types" has improved the performance of TypeScript type inference.

    With the introduction of JSR, the previous package publishing from deno.land/x will be obsolete.

    Introduce ConnInfo Helper

    The ConnInfo Helper is a helper helps you to get the connection information. For example, you can get the client's remote address easily.

    import { Hono } from 'hono'
    import { getConnInfo } from 'hono/deno' // For Deno

    const app = new Hono()

    app.get('/', (c) => {
    const info = getConnInfo(c) // info is ConnInfo
    return c.text(Your remote address is <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">info</span><span class="pl-kos">.</span><span class="pl-c1">remote</span><span class="pl-kos">.</span><span class="pl-c1">address</span><span class="pl-kos">}</span></span>)
    })

    export default app

    Thank you for creating the feature, @ nakasyou!

    Introduce Timeout Middleware

    The Timeout Middleware is a middleware enables you to easily manage request timeouts in your application.

    Here is a simple example:

    import { Hono } from 'hono'
    import { timeout } from 'hono/timeout'

    const app = new Hono()

    // Applying a 5-second timeout
    app.use('/api', timeout(5000))

    // Handling a route
    app.get('/api/data', async (c) => {
    // Your route handler logic
    return c.json({ data: 'Your data here' })
    })

    Thank you for creating the feature, @ watany-dev!

    Improving JSDoc

    We are now trying to improve the JSDocs. In the PR, we've added the JSDocs for all middleware. Thank you, @ goisaki!

    Other features

    • URL utility - decode percent-encoded path in getPath #2714
    • Body utility - add dot notation support for parseBody #2675
    • Body utility - specify detailed return type for parseBody #2771
    • SSG Helper - enhance combined hooks #2686
    • JSX DOM - improve compatibility with React - The 2024 May Update #2756
    • JSX DOM - introduce react-dom/client APIs and React.version #2795

    All Updates

    New Contributors

    Full Changelog: v4.3.9...v4.4.0

  • 4.4.0-rc.1 - 2024-05-24

    This is a pre-release.

  • 4.3.11 - 2024-05-24

    What's Changed

    • fix(middleware/jwt): fix incorrect assumption in jwt impl by @ boehs in #2775

    New Contributors

    Full Changelog: v4.3.10...v4.3.11

  • 4.3.10 - 2024-05-23

    What's Changed

    Full Changelog: v4.3.9...v4.3.10

  • 4.3.9 - 2024-05-21

    What's Changed

    • fix(factory): export CreateHandlersInterface by @ yusukebe in #2752
    • feat(aws-lambda): add support for alb multiValueQueryStringParameters by @ yiss in #2751

    Full Changelog: v4.3.8...v4.3.9

  • 4.3.8 - 2024-05-19

    What's Changed

    • test(validator): compatibility with Node.js v20.13.1 by @ yusukebe in #2682
    • refactor(utils/jwt): remove some any by @ fzn0x in #2684
    • refactor(timing): don't use Partial for the options by @ yusukebe in #2712
    • refactor(secure-headers): don't use Partial for the options by @ yusukebe in #2713
    • fix(context): Retain all cookies when passing ResponseInit to c.body by @ codeflows in #2690
    • fix(hono-jsx): make ref unrequried for forward ref by @ dygy in #2715

    New Contributors

    Full Changelog: v4.3.7...v4.3.8

  • 4.3.7 - 2024-05-15

    What's Changed

    • doc(ssg): Define the default value for Content-Type by @ watany-dev in #2666
    • feat(aws-lambda): add alb event processor by @ yiss in #2657
    • feat(utils/cookie): allow setting cookie SameSite attribute in lowercase too by @ BlankParticle in #2668
    • fix(method-override): remove un-needed import of URLSearchParams in method override middleware by @ f5io in #2679

    New Contributors

    Full Changelog: v4.3.6...v4.3.7

  • 4.3.6 - 2024-05-12

    What's Changed

    New Contributors

    Full Changelog: v4.3.5...v4.3.6

  • 4.3.5 - 2024-05-12

    What's Changed

    Full Changelog: v4.3.4...v4.3.5

  • 4.3.4 - 2024-05-09

    What's Changed

    New Contributors

    Full Changelog: v4.3.3...v4.3.4

  • 4.3.3 - 2024-05-08
  • 4.3.2 - 2024-05-04
  • 4.3.1 - 2024-05-04
  • 4.3.0 - 2024-05-03
  • 4.2.9 - 2024-04-29
  • 4.2.8 - 2024-04-26
  • 4.2.7 - 2024-04-23
  • 4.2.6 - 2024-04-22
  • 4.2.5 - 2024-04-18
  • 4.2.4 - 2024-04-13
  • 4.2.3 - 2024-04-09
  • 4.2.2 - 2024-04-05
  • 4.2.1 - 2024-04-03
  • 4.2.0 - 2024-04-02
  • 4.2.0-rc.1 - 2024-03-31
  • 4.1.7 - 2024-03-31
  • 4.1.6 - 2024-03-31
  • 4.1.5 - 2024-03-27
  • 4.1.4 - 2024-03-25
  • 4.1.3 - 2024-03-20
  • 4.1.2 - 2024-03-18
  • 4.1.1 - 2024-03-17
  • 4.1.0 - 2024-03-11
  • 4.1.0-rc.1 - 2024-03-04
  • 4.0.10 - 2024-03-05
  • 4.0.9 - 2024-03-03
  • 4.0.8 - 2024-02-28
  • 4.0.7 - 2024-02-25
  • 4.0.6 - 2024-02-24
  • 4.0.5 - 2024-02-20
  • 4.0.4 - 2024-02-17
  • 4.0.3 - 2024-02-16
  • 4.0.2 - 2024-02-14
  • 4.0.1 - 2024-02-11
  • 4.0.0 - 2024-02-09
  • 4.0.0-rc.4 - 2024-02-03
  • 4.0.0-rc.3 - 2024-01-27
  • 4.0.0-rc.2 - 2024-01-21
  • 4.0.0-rc.1 - 2024-01-18
  • 4.0.0-rc.0 - 2024-01-10
  • 3.12.12 - 2024-02-07
  • 3.12.11 - 2024-02-05
  • 3.12.10 - 2024-02-02
  • 3.12.9 - 2024-01-31
  • 3.12.8 - 2024-01-27
  • 3.12.7 - 2024-01-25
  • 3.12.6 - 2024-01-18
  • 3.12.5 - 2024-01-16
  • 3.12.4 - 2024-01-15
  • 3.12.3 - 2024-01-12
  • 3.12.2 - 2024-01-11
  • 3.12.1 - 2024-01-09
  • 3.12.0 - 2024-01-04
from hono GitHub release notes

Important

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
feat: upgrade hono from 3.12.0 to 4.4.0
717d17d 
Snyk has created this PR to upgrade hono from 3.12.0 to 4.4.0.

See this package in npm:
hono

See this project in Snyk:
https://app.snyk.io/org/youtacrands-va/project/acf57976-c8b4-482c-a85b-a7267ca5a10d?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@YoutacRandS-VA @snyk-bot