chore(deps): update dependency hono to v4.11.9

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
hono (source)	4.6.10 → 4.11.9

---

Release Notes

honojs/hono (hono)

v4.11.9

Compare Source

v4.11.8

Compare Source

What's Changed

• fix(jsx): preserve context when using await before html helper by @​kaigritun in #​4662
• fix(bearer-auth): make auth-scheme case-insensitive by @​bytaesu in #​4659

New Contributors

• @​kaigritun made their first contribution in #​4662

Full Changelog: honojs/hono@v4.11.7...v4.11.8

v4.11.7

Compare Source

Security Release

This release includes security fixes for multiple vulnerabilities in Hono and related middleware. We recommend upgrading if you are using any of the affected components.

Components

IP Restriction Middleware

Fixed an IPv4 address validation bypass that could allow IP-based access control to be bypassed under certain configurations.

Cache Middleware

Fixed an issue where responses marked with Cache-Control: private or no-store could be cached, potentially leading to information disclosure on some runtimes.

Serve Static Middleware (Cloudflare Workers adapter)

Fixed an issue that could allow unintended access to internal asset keys when serving static files with user-controlled paths.

hono/jsx ErrorBoundary

Fixed a reflected Cross-Site Scripting (XSS) issue in the ErrorBoundary component that could occur when untrusted strings were rendered without proper escaping.

Recommendation

Users are encouraged to upgrade to this release, especially if they:

• Use IP Restriction Middleware
• Use Cache Middleware on Deno, Bun, or Node.js
• Use Serve Static Middleware with user-controlled paths on Cloudflare Workers
• Render untrusted data inside ErrorBoundary components

Security Advisories & CVEs

• IP Restriction Middleware – IPv4 address validation bypass

  • Advisory: GHSA-r354-f388-2fhh
  • CVE: CVE-2026-24398

• Cache Middleware ignores Cache-Control: private

  • Advisory: GHSA-6wqw-2p9w-4vw4
  • CVE: CVE-2026-24472

• Serve Static Middleware (Cloudflare Workers adapter) – Arbitrary key read

  • Advisory: GHSA-w332-q679-j88p
  • CVE: CVE-2026-24473

• hono/jsx ErrorBoundary – Cross-Site Scripting (XSS)

  • Advisory: GHSA-9r54-q6cx-xmh5
  • CVE: Pending

---

Full Changelog: honojs/hono@v4.11.6...v4.11.7

v4.11.6

Compare Source

What's Changed

• refactor: use unique symbol for more accurate typing. by @​usualoma in #​4651
• docs: align CODE_OF_CONDUCT.md wording with Contributor Covenant by @​sano-suguru in #​4630
• fix(sse): handle \r and \r\n line endings in writeSSE by @​AprilNEA in #​4644
• feat(bun): export getBunServer by @​artemtam in #​4626

New Contributors

• @​sano-suguru made their first contribution in #​4630
• @​AprilNEA made their first contribution in #​4644
• @​artemtam made their first contribution in #​4626

Full Changelog: honojs/hono@v4.11.5...v4.11.6

v4.11.5

Compare Source

What's Changed

• fix(client): exclude $all from ClientRequest type by @​paveg in #​4611
• refactor(jwks): mark allowedAlgorithms, so the user can pass a `const… by @​nikeee in #​4641
• feat(jwt): export AlgorithmTypes by @​yusukebe in #​4642

New Contributors

• @​paveg made their first contribution in #​4611
• @​nikeee made their first contribution in #​4641

Full Changelog: honojs/hono@v4.11.4...v4.11.5

v4.11.4

Compare Source

Security

Fixed a JWT algorithm confusion issue in the JWT and JWK/JWKS middleware.

Both middlewares now require an explicit algorithm configuration to prevent the verification algorithm from being influenced by untrusted JWT header values.

If you are using the JWT or JWK/JWKS middleware, please update to the latest version as soon as possible.

JWT middleware

import { jwt } from 'hono/jwt'

app.use(
  '/auth/*',
  jwt({
    secret: 'it-is-very-secret',
    alg: 'HS256', // required
  })
)

JWK/JWKS middleware

import { jwk } from 'hono/jwk'

app.use(
  '/auth/*',
  jwk({
    jwks_uri: 'https://example.com/.well-known/jwks.json',
    alg: ['RS256'], // required (asymmetric algorithms only)
  })
)

For more details, see the Security Advisory.

• GHSA-f67f-6cw9-8mq4
• GHSA-3vhc-576x-3qv4

What's Changed

• test(utils/jwt): add missing algorithm types in jwa.test.ts by @​flathill404 in #​4607
• chore: bump @hono/eslint-config and enable curly rule by @​yusukebe in #​4620
• docs(bun/websocket): Fixed a typo in hono/bun deprecation message and updated test. by @​Itsnotaka in #​4618
• test: support alg option for JWT middleware by @​yusukebe in #​4624

New Contributors

• @​flathill404 made their first contribution in #​4607
• @​Itsnotaka made their first contribution in #​4618

Full Changelog: honojs/hono@v4.11.3...v4.11.4

v4.11.3

Compare Source

What's Changed

• fix(types): fix middleware union type merging in MergeMiddlewareResponse by @​yusukebe in #​4602

Full Changelog: honojs/hono@v4.11.2...v4.11.3

v4.11.2

Compare Source

What's Changed

• docs: improve grammar in contributing documentation by @​Ishiezz in #​4581
• fix(validator): preserve literal union types in input type inference by @​yusukebe in #​4583
• chore: bump typescript-go preview for accurate benchmarking by @​sushichan044 in #​4586
• refactor(hono-base): add type annotations by @​yusukebe in #​4591
• refactor(client): refactor HonoURL types by @​yusukebe in #​4592
• perf(types): reduce Simplify in ToSchema by @​yusukebe in #​4597
• perf(types): optimize MergeMiddlewareResponse type by @​yusukebe in #​4598

New Contributors

• @​Ishiezz made their first contribution in #​4581

Full Changelog: honojs/hono@v4.11.1...v4.11.2

v4.11.1

Compare Source

What's Changed

• fix(types): fix app.on method array type inference by @​kosei28 in #​4578

Full Changelog: honojs/hono@v4.11.0...v4.11.1

v4.11.0

Compare Source

Release Notes

Hono v4.11.0 is now available!

This release includes new features for the Hono client, middleware improvements, and an important type system fix.

Type System Fix for Middleware

We've fixed a bug in the type system for middleware. Previously, app did not have the correct type with pathless handlers:

const app = new Hono()
  .use(async (c, next) => {
    await next()
  })
  .get('/a', async (c, next) => {
    await next()
  })
  .get((c) => {
    return c.text('Hello')
  })

// app's type was incorrect

This has now been fixed.

Thanks @​kosei28!

Typed URL for Hono Client

You can now pass the base URL as the second type parameter to hc to get more precise URL types:

const client = hc<typeof app, 'http://localhost:8787'>(
  'http://localhost:8787/'
)

const url = client.api.posts.$url()
// url is TypedURL with precise type information
// including protocol, host, and path

This is useful when you want to use the URL as a type-safe key for libraries like SWR.

Thanks @​miyaji255!

Custom NotFoundResponse Type

You can now customize the NotFoundResponse type using module augmentation. This allows c.notFound() to return a typed response:

import { Hono, TypedResponse } from 'hono'

declare module 'hono' {
  interface NotFoundResponse
    extends Response,
      TypedResponse<{ error: string }, 404, 'json'> {}
}

const app = new Hono()
  .get('/posts/:id', async (c) => {
    const post = await getPost(c.req.param('id'))
    if (!post) {
      return c.notFound()
    }
    return c.json({ post }, 200)
  })
  .notFound((c) => c.json({ error: 'not found' }, 404))

Now the client can correctly infer the 404 response type.

Thanks @​miyaji255!

tryGetContext Helper

The new tryGetContext() helper in the Context Storage middleware returns undefined instead of throwing an error when the context is not available:

import { tryGetContext } from 'hono/context-storage'

const context = tryGetContext<Env>()
if (context) {
  // Context is available
  console.log(context.var.message)
}

Thanks @​AyushCoder9!

Custom Query Serializer

You can now customize how query parameters are serialized using the buildSearchParams option:

const client = hc<AppType>('http://localhost', {
  buildSearchParams: (query) => {
    const searchParams = new URLSearchParams()
    for (const [k, v] of Object.entries(query)) {
      if (v === undefined) continue
      if (Array.isArray(v)) {
        v.forEach((item) => searchParams.append(`${k}[]`, item))
      } else {
        searchParams.set(k, v)
      }
    }
    return searchParams
  },
})

Thanks @​bolasblack!

New features

• feat(types): make Hono client's $url return the exact URL type #​4502
• feat(types): enhance NotFoundHandler to support custom NotFoundResponse type #​4518
• feat(timing): add wrapTime to simplify usage #​4519
• feat(pretty-json): support force option #​4531
• feat(client): add buildSearchParams option to customize query serialization #​4535
• feat(context-storage): add optional tryGetContext helper #​4539
• feat(secure-headers): add CSP report-to and report-uri directive support #​4555
• fix(types): replace schema-based path tracking with CurrentPath parameter #​4552

All changes

• chore: update esbuild to version 0.27.1 by @​kosei28 in #​4571
• fix(hono/jsx): display blank when children is nullish by @​techfish-11 in #​4573
• feat(types): make Hono client's $url return the exact URL type by @​miyaji255 in #​4502
• feat(types): enhance NotFoundHandler to support custom NotFoundResponse type by @​miyaji255 in #​4518
• feat(timing): add wrapTime to simplify usage by @​PassiDel in #​4519
• feat(pretty-json): support force option by @​missinglink in #​4531
• feat(context-storage): Add optional tryGetContext helper to context-storage middleware by @​AyushCoder9 in #​4539
• feat(client): add buildSearchParams option to customize query serialization by @​bolasblack in #​4535
• feat(secure-headers): Add CSP report-to and report-uri directive support by @​cruzz77 in #​4555
• fix(types): replace schema-based path tracking with CurrentPath parameter by @​kosei28 in #​4552
• Next by @​yusukebe in #​4574

New Contributors

• @​missinglink made their first contribution in #​4531
• @​bolasblack made their first contribution in #​4535
• @​cruzz77 made their first contribution in #​4555

Full Changelog: honojs/hono@v4.10.8...v4.11.0

v4.10.8

Compare Source

What's Changed

• chore: bump linter and formatter by @​ryuapp in #​4568
• chore: bump github actions by @​ryuapp in #​4569
• fix(linear-router): incorrect path matching by @​cromery in #​4567
• docs(cookie): update outdated RFC links by @​AyushCoder9 in #​4557
• feat(csrf): Support async IsAllowedOriginHandler by @​baseballyama in #​4558
• feat(csrf): Support async IsAllowedSecFetchSiteHandler by @​baseballyama in #​4559

New Contributors

• @​cromery made their first contribution in #​4567
• @​AyushCoder9 made their first contribution in #​4557
• @​baseballyama made their first contribution in #​4558

Full Changelog: honojs/hono@v4.10.7...v4.10.8

v4.10.7

Compare Source

What's Changed

• fix(validator): fix incomplete types and wrong tests by @​EdamAme-x in #​4521
• refactor(types): delete type NotSpecified and StrictVerifyOptions by @​ysknsid25 in #​4525
• fix: add JSX type for hono/jsx/dom by @​ssssota in #​4534
• fix(adapter/bun): fix TypeError: null is not an object (#​4429) by @​brenc in #​4538
• chore: add config version to bun.lock by @​yusukebe in #​4548

New Contributors

• @​ysknsid25 made their first contribution in #​4525
• @​brenc made their first contribution in #​4538

Full Changelog: honojs/hono@v4.10.6...v4.10.7

v4.10.6

Compare Source

Deperecated

bearer-auth options

The following options are deprecated and will be removed in a future version:

• noAuthenticationHeaderMessage => use noAuthenticationHeader.message
• invalidAuthenticationHeaderMessage => use invalidAuthenticationHeader.message
• invalidTokenMessage => use invalidToken.message

What's Changed

• feat(aws-lambda): handle AWS Lattice events by @​anho in #​4451
• feat(secure-headers): support CSP TrustedTypePolicy by @​RosApr in #​4500
• feat: Improve auth middlewares by @​MathurAditya724 in #​4485

New Contributors

• @​anho made their first contribution in #​4451

Full Changelog: honojs/hono@v4.10.5...v4.10.6

v4.10.5

Compare Source

What's Changed

• docs(CONTRIBUTING): use bun instead of yarn in local development setup by @​taichi-1 in #​4503
• docs: grammar issue by @​WuMingDao in #​4508
• fix(utils/url): make _getQueryParam search behind question mark by @​tuzi3040 in #​4507
• fix(jsx): self-close wrapped empty tags by @​jakelee8 in #​4511
• chore: improve private field removal by @​BlankParticle in #​4513
• fix(middleware/cache): skip caching when Vary: * is present by @​pHo9UBenaA in #​4504

New Contributors

• @​taichi-1 made their first contribution in #​4503
• @​WuMingDao made their first contribution in #​4508
• @​tuzi3040 made their first contribution in #​4507
• @​jakelee8 made their first contribution in #​4511
• @​pHo9UBenaA made their first contribution in #​4504

Full Changelog: honojs/hono@v4.10.4...v4.10.5

v4.10.4

Compare Source

What's Changed

• chore: add a monochrome logo image by @​yusukebe in #​4487
• chore: fix the monochrome logo by @​yusukebe in #​4488
• fix(secure-headers): proposed features typo spelling mistake by @​RosApr in #​4494
• fix(types): preserve handler response typing in createHandlers by @​s-junio in #​4492

New Contributors

• @​RosApr made their first contribution in #​4494
• @​s-junio made their first contribution in #​4492

Full Changelog: honojs/hono@v4.10.3...v4.10.4

v4.10.3

Compare Source

Securiy Fix

A security issue in the CORS middleware has been fixed. In some cases, a request header could affect the Vary response header. Please update to the latest version if you are using the CORS middleware.

What's Changed

• fix(aws-lambda): serve microsoft office files as binary in lambda handler by @​matthiasfeist in #​4469
• fix(request-id): validation accepts = by @​ryuapp in #​4478
• refactor(jwt): reduce the size of the code generated by minification by @​usualoma in #​4480

New Contributors

• @​matthiasfeist made their first contribution in #​4469

Full Changelog: honojs/hono@v4.10.2...v4.10.3

v4.10.2

Compare Source

v4.10.1

Compare Source

What's Changed

• fix(types): cannot .use non-return mw from createMiddleware by @​NamesMT in #​4465

Full Changelog: honojs/hono@v4.10.0...v4.10.1

v4.10.0

Compare Source

Release Notes

Hono v4.10.0 is now available!

This release brings improved TypeScript support and new utilities.

The main highlight is the enhanced middleware type definitions that solve a long-standing issue with type safety for RPC clients.

Middleware Type Improvements

Imagine the following app:

import { Hono } from 'hono'

const app = new Hono()

const routes = app.get(
  '/',
  (c) => {
    return c.json({ errorMessage: 'Error!' }, 500)
  },
  (c) => {
    return c.json({ message: 'Success!' }, 200)
  }
)

The client with RPC:

import { hc } from 'hono/client'

const client = hc<typeof routes>('/')

const res = await client.index.$get()

if (res.status === 500) {
}

if (res.status === 200) {
}

Previously, it couldn't infer the responses from middleware, so a type error was thrown.

Now the responses are correctly typed.

---

This was a long-standing issue and we were thinking it was super difficult to resolve it. But now come true.

Thank you for the great work @​slawekkolodziej!

cloneRawRequest Utility

The new cloneRawRequest utility allows you to clone the raw Request object after it has been consumed by validators or middleware.

import { cloneRawRequest } from 'hono/request'

app.post('/api', async (c) => {
  const body = await c.req.json()

  // Clone the consumed request
  const clonedRequest = cloneRawRequest(c.req)
  await externalLibrary.process(clonedRequest)
})

Thanks @​kamaal111!

New features

• feat(types): passing middleware types #​4393
• feat(ssg): add default plugin that defines the recommended behavior #​4394
• feat(request): add cloneRawRequest utility for request cloning #​4382

All changes

• feat(types): passing middleware types by @​slawekkolodziej in #​4393
• feat(ssg): add default plugin that defines the recommended behavior by @​3w36zj6 in #​4394
• feat(request): add cloneRawRequest utility for request cloning by @​kamaal111 in #​4382
• fix(proxy): Correct hop-by-hop header handling per RFC 9110 by @​sugar-cat7 in #​4459

New Contributors

• @​slawekkolodziej made their first contribution in #​4393
• @​kamaal111 made their first contribution in #​4382

Full Changelog: honojs/hono@v4.9.12...v4.10.0

v4.9.12

Compare Source

What's Changed

• refactor: internal structure of PreparedRegExpRouter for optimization and added tests by @​usualoma in #​4456
• refactor: use protected methods instead of computed properties to allow tree shaking by @​usualoma in #​4458

Full Changelog: honojs/hono@v4.9.11...v4.9.12

v4.9.11

Compare Source

What's Changed

• fix(types): fix 4.9.8 regression by @​aadito123 in #​4448
• feat(reg-exp-router): Introduced PreparedRegExpRouter by @​usualoma in #​1796

New Contributors

• @​aadito123 made their first contribution in #​4448

Full Changelog: honojs/hono@v4.9.10...v4.9.11

v4.9.10

Compare Source

What's Changed

• fix(context): Fix #​4427 type regression by removing non-public export by @​aantthony in #​4433
• fix(aws-lambda): sanitize non-ASCII header values to prevent ByteString errors by @​yusukebe in #​4437

Full Changelog: honojs/hono@v4.9.9...v4.9.10

v4.9.9

Compare Source

What's Changed

• fix(service-worker): Update service-worker fire() to accept generic variants of Hono app instance by @​harmony7 in #​4420
• fix(service-worker): correct generics for handle by @​yusukebe in #​4421
• feat(helper/route): enable to get route path at specific index by @​usualoma in #​4423

New Contributors

• @​harmony7 made their first contribution in #​4420

Full Changelog: honojs/hono@v4.9.8...v4.9.9

v4.9.8

Compare Source

What's Changed

• fix(types): JSONParsed infer unknown values by @​BarryThePenguin in #​4405
• refactor(types): remove SimplifyDeepArray from json types by @​BarryThePenguin in #​4406
• refactor(types): fix the type definitions in hono-base by @​yusukebe in #​4407
• fix(request): return empty string for empty catch-all param by @​amitksingh0880 in #​4395

New Contributors

• @​amitksingh0880 made their first contribution in #​4395

Full Changelog: honojs/hono@v4.9.7...v4.9.8

v4.9.7

Compare Source

Security

• Fixed an issue in the bodyLimit middleware where the body size limit could be bypassed when both Content-Length and Transfer-Encoding headers were present. If you are using this middleware, please update immediately. Security Advisory

What's Changed

• fix(client): Fix parseResponse not parsing json in react native by @​lr0pb in #​4399
• chore: add .tool-versions file by @​3w36zj6 in #​4397
• chore: update bun install commands to use --frozen-lockfile by @​3w36zj6 in #​4398
• test(jwk): Add tests of JWK token verification by @​buckett in #​4402

New Contributors

• @​lr0pb made their first contribution in #​4399
• @​buckett made their first contribution in #​4402

Full Changelog: honojs/hono@v4.9.6...v4.9.7

v4.9.6

Compare Source

Security

Fixed a bug in URL path parsing (getPath) that could cause path confusion under malformed requests.

If you rely on reverse proxies (e.g. Nginx) for ACLs or restrict access to endpoints like /admin, please update immediately.

See advisory for details: GHSA-9hp6-4448-45g2

What's Changed

• chore: update packages in the router bench by @​yusukebe in #​4386
• chore(benchmarks): remove comment-out from router bench by @​yusukebe in #​4387

Full Changelog: honojs/hono@v4.9.5...v4.9.6

v4.9.5

Compare Source

What's Changed

• chore: replace supertest with undici by @​BarryThePenguin in #​4365
• fix(aws-lambda): preserve percent-encoded values in query strings by @​yusukebe in #​4372
• feat(cors): Allow async functions for origin and allowMethods by @​jobrk in #​4373
• feat(cors): Correct origin function return type asynchronously returning null or undefined for origin by @​jobrk in #​4375
• fix(service-worker): correct args for app.fetch in handle by @​yusukebe in #​4374
• fix(language-detector): Detect language from path after getPath changed by @​iflamed in #​4369

New Contributors

• @​jobrk made their first contribution in #​4373
• @​iflamed made their first contribution in #​4369

Full Changelog: honojs/hono@v4.9.4...v4.9.5

v4.9.4

Compare Source

What's Changed

• chore: add a type cast to run deno publish by @​yusukebe in #​4364

Full Changelog: honojs/hono@v4.9.3...v4.9.4

v4.9.3

Compare Source

What's Changed

• feat(csrf): Add modern CSRF protection with Fetch Metadata support by @​meck93 in #​4353
• tests: use vitest projects by @​BarryThePenguin in #​4359
• feat(proxy): add customFetch option to allow custom fetch function by @​yusukebe in #​4360
• chore: update typescript to 5.9.2 by @​yusukebe in #​4362
• chore: add packageManager field to package.json by @​yusukebe in #​4363

Full Changelog: honojs/hono@v4.9.2...v4.9.3

v4.9.2

Compare Source

What's Changed

• fix(jsx): 'plaintext-only' value for contenteditable attribute by @​object1037 in #​4349
• fix(client): handle query parameters in removeIndexString by @​yusukebe in #​4352

New Contributors

• @​object1037 made their first contribution in #​4349

Full Changelog: honojs/hono@v4.9.1...v4.9.2

v4.9.1

Compare Source

What's Changed

• feat(parseResponse): set DetailedError.name (+ error tests) by @​NamesMT in #​4344
• fix(parseResponse): should not include error responses in result by @​NamesMT in #​4348

Full Changelog: honojs/hono@v4.9.0...v4.9.1

v4.9.0

Compare Source

Release Notes

Hono v4.9.0 is now available!

This release introduces several enhancements and utilities.

The main highlight is the new parseResponse utility that makes it easier to work with RPC client responses.

parseResponse Utility

The new parseResponse utility provides a convenient way to parse responses from Hono RPC clients (hc). It automatically handles different response formats and throws structured errors for failed requests.

import { parseResponse, DetailedError } from 'hono/client'

// result contains the parsed response body (automatically parsed based on Content-Type)
const result = await parseResponse(client.hello.$get()).catch(
  // parseResponse automatically throws an error if response is not ok
  (e: DetailedError) => {
    console.error(e)
  }
)

This makes working with RPC client responses much more straightforward and type-safe.

Thanks @​NamesMT!

New features

• feat(bun): allow importing upgradeWebSocket and websocket directly #​4242
• feat(aws-lambda): specify content-type as binary #​4250
• feat(jwt): add validation for the issuer (iss) claim #​4253
• feat(jwk): add headerName to JWK middleware #​4279
• feat(cookie): add generateCookie and generateSignedCookie helpers #​4285
• feat(serve-static): use join to correct path resolution #​4291
• feat(jwt): expose utility function verifyWithJwks for external use #​4302
• feat: add parseResponse util to smartly parse hc's Response #​4314
• feat(ssg): mark old hook options as deprecated #​4331

All changes

• feat(aws-lambda): specify content-type as binary by @​Kanahiro in #​4250
• feat(jwt): added validation for the issuer (iss) claim by @​yolocat-dev in #​4253
• feat(jwk): Add custom headerName to JWK middleware by @​JoaquinGimenez1 in #​4279
• feat(cookie): generateCookie and generateSignedCookie helpers by @​Soviut in #​4285
• feat(serve-static): use join to correct path resolution by @​yusukebe in #​4291
• feat(jwt): Exposing utility function verifyWithJwks for external use by @​Beyondo in #​4302
• feat: add parseResponse util to smartly parse hc's Response by @​NamesMT in #​4314
• feat(ssg): mark old hook options as deprecated by @​3w36zj6 in #​4331
• fix(bun): exports functions related to websocket by @​yusukebe in #​4341
• Next by @​yusukebe in #​4340
• chore: enable skipLibCheck to resolve TypeScript compilation issues by @​yusukebe in #​4342

New Contributors

• @​yolocat-dev made their first contribution in #​4253
• @​JoaquinGimenez1 made their first contribution in #​4279
• @​Soviut made their first contribution in #​4285

Full Changelog: honojs/hono@v4.8.12...v4.9.0

v4.8.12

Compare Source

What's Changed

• fix(router): support /files/:name{.*} by @​yusukebe in #​4329

Full Changelog: honojs/hono@v4.8.11...v4.8.12

v4.8.11

Compare Source

What's Changed

• fix(types): should populate output type for c.body() by @​NamesMT in #​4318
• ci: add editorconfig-checker by @​3w36zj6 in #​4321
• fix(service-worker): pass FetchEvent as second argument to app.fetch by @​yusukebe in #​4328
• chore(ci): upgrade bun version to 1.2.19 by @​BarryThePenguin in #​4323
• chore: bump @hono/eslint-config by @​yusukebe in #​4330
• chore: autofix ci by @​BarryThePenguin in #​4322

Full Changelog: honojs/hono@v4.8.10...v4.8.11

v4.8.10

Compare Source

What's Changed

• chore: add EditorConfig by @​3w36zj6 in #​4309
• chore: format JSON, YAML, and Markdown by @​yusukebe in #​4310
• chore: format and lint benchmarks/* by @​yusukebe in #​4317
• refactor(types): bring adapter/service-worker types up to date by @​idealsh in #​4315
• chore: add editorconfig-checker by @​3w36zj6 in #​4312
• fix(cookie): support lowercase priority for compatibility with other libraries by @​bytaesu in #​4293

New Contributors

• @​idealsh made their first contribution in #​4315
• @​bytaesu made their first contribution in #​4293

Full Changelog: honojs/hono@v4.8.9...v4.8.10

v4.8.9

Compare Source

What's Changed

• fix(context): use isByteString in c.redirect by @​yusukebe in #​4307

Full Changelog: honojs/hono@v4.8.8...v4.8.9

v4.8.8

Compare Source

What's Changed

• docs: simplify the readme by @​yusukebe in #​4305
• fix(utils/url): prevent double encoding in safeEncodeURI by @​yusukebe in #​4306

Full Changelog: honojs/hono@v4.8.7...v4.8.8

v4.8.7

Compare Source

What's Changed

• chore: fix the deno version for publishing to jsr by @​yusukebe in #​4304

Full Changelog: honojs/hono@v4.8.6...v4.8.7

v4.8.6

Compare Source

What's Changed

• perf(types): remove unnecessary default types by @​yusukebe in #​4282
• fix(context): encode the redirect location by @​yayugu in #​4297

Full Changelog: honojs/hono@v4.8.5...v4.8.6

v4.8.5

Compare Source

What's Changed

• fix(serve-static): support Windows by @​yusukebe in #​3477

Full Changelog: honojs/hono@v4.8.4...v4.8.5

v4.8.4

Compare Source

What's Changed

• test: correct usages of Proxy to support Node.js 24 by @​yusukebe in #​4260
• fix(cookie): remove not used signingSecret option by @​yusukebe in #​4263
• fix(jsx): cloneElement didn't copy children by @​yayugu in #​4257
• fix(client): remove index string when calling $url() by @​yusukebe in #​4267
• fix(ssg): invoke callback when it's only a dynamic route by @​yusukebe in #​4249
• fix(request): req.json() keeps the content as is by @​yusukebe in #​4269

Full Changelog: honojs/hono@v4.8.3...v4.8.4

v4.8.3

Compare Source

What's Changed

• fix(cookie): use tryDecode when parsing cookie by @​yusukebe in #​4240
• fix(jsx): throw new Error instead of string by @​usualoma in #​4241
• fix(jwt): fix the JwtTokenIssuedAt error message by @​yusukebe in #​4244
• fix(jsx): Fix the JSXNode validation. Allow the function type for props.ref by @​yayugu in #​4236
• chore(cr): continuation release to pkg.pr.new by @​NEKOYASAN in #​4245

New Contributors

• @​yayugu made their first contribution in #​4236
• @​NEKOYASAN made their first contribution in #​4245

Full Changelog: honojs/hono@v4.8.2...v4.8.3

[v4.8.2](https://redirect.github.com/