[PR #468] [MERGED] build(deps): bump hono from 4.12.12 to 4.12.14 #488

Closed
opened 2026-06-05 17:23:22 -04:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/langchain-ai/deepagentsjs/pull/468
Author: @dependabot[bot]
Created: 4/15/2026
Status: Merged
Merged: 4/20/2026
Merged by: @hntrl

Base: mainHead: dependabot/npm_and_yarn/hono-4.12.14


📝 Commits (1)

  • 2aaa0e1 build(deps): bump hono from 4.12.12 to 4.12.14

📊 Changes

1 file changed (+7 additions, -7 deletions)

View changed files

📝 pnpm-lock.yaml (+7 -7)

📄 Description

Bumps hono from 4.12.12 to 4.12.14.

Release notes

Sourced from hono's releases.

v4.12.14

Security fixes

This release includes fixes for the following security issues:

Improper handling of JSX attribute names in hono/jsx SSR

Affects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375

Other changes

  • fix(aws-lambda): handle invalid header names in request processing (#4883) fa2c74fe

v4.12.13

What's Changed

New Contributors

Full Changelog: https://github.com/honojs/hono/compare/v4.12.12...v4.12.13

Commits
  • cf2d2b7 4.12.14
  • 66daa2e Merge commit from fork
  • fa2c74f fix(aws-lambda): handle invalid header names in request processing (#4883)
  • 3779927 4.12.13
  • faa6c46 feat(cache): add onCacheNotAvailable option (#4876)
  • f23e97b feat(trailing-slash): add skip option (#4862)
  • 1aa32fb fix(types): infer response type from last handler in app.on 9- and 10-handler...
  • See full diff in compare view


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/langchain-ai/deepagentsjs/pull/468 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/15/2026 **Status:** ✅ Merged **Merged:** 4/20/2026 **Merged by:** [@hntrl](https://github.com/hntrl) **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/hono-4.12.14` --- ### 📝 Commits (1) - [`2aaa0e1`](https://github.com/langchain-ai/deepagentsjs/commit/2aaa0e1bd8a75da67c3d33195ecac127e7b2f9a7) build(deps): bump hono from 4.12.12 to 4.12.14 ### 📊 Changes **1 file changed** (+7 additions, -7 deletions) <details> <summary>View changed files</summary> 📝 `pnpm-lock.yaml` (+7 -7) </details> ### 📄 Description Bumps [hono](https://github.com/honojs/hono) from 4.12.12 to 4.12.14. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.14</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>Improper handling of JSX attribute names in hono/jsx SSR</h3> <p>Affects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375</p> <h2>Other changes</h2> <ul> <li>fix(aws-lambda): handle invalid header names in request processing (<a href="https://redirect.github.com/honojs/hono/issues/4883">#4883</a>) fa2c74fe</li> </ul> <h2>v4.12.13</h2> <h2>What's Changed</h2> <ul> <li>fix(types): infer response type from last handler in app.on 9-/10-handler overloads by <a href="https://github.com/T4ko0522"><code>@​T4ko0522</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4865">honojs/hono#4865</a></li> <li>feat(trailing-slash): add <code>skip</code> option by <a href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4862">honojs/hono#4862</a></li> <li>feat(cache): add <code>onCacheNotAvailable</code> option by <a href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4876">honojs/hono#4876</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/T4ko0522"><code>@​T4ko0522</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4865">honojs/hono#4865</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.12...v4.12.13">https://github.com/honojs/hono/compare/v4.12.12...v4.12.13</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/hono/commit/cf2d2b7edcf07adef2db7614557f4d7f9e2be7ba"><code>cf2d2b7</code></a> 4.12.14</li> <li><a href="https://github.com/honojs/hono/commit/66daa2edef8965544c04fcad82c596ab2acdb5ee"><code>66daa2e</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/fa2c74fe5c3ce996d025d9d97bf5670c207bb82e"><code>fa2c74f</code></a> fix(aws-lambda): handle invalid header names in request processing (<a href="https://redirect.github.com/honojs/hono/issues/4883">#4883</a>)</li> <li><a href="https://github.com/honojs/hono/commit/3779927c17201dc6bfd20697f0e1ec65407da779"><code>3779927</code></a> 4.12.13</li> <li><a href="https://github.com/honojs/hono/commit/faa6c46a1aa3a8b792b29e20fc93bcd6d2a4d720"><code>faa6c46</code></a> feat(cache): add <code>onCacheNotAvailable</code> option (<a href="https://redirect.github.com/honojs/hono/issues/4876">#4876</a>)</li> <li><a href="https://github.com/honojs/hono/commit/f23e97b7f300bcb8571ae864010b8f7cdb5d0d5d"><code>f23e97b</code></a> feat(trailing-slash): add <code>skip</code> option (<a href="https://redirect.github.com/honojs/hono/issues/4862">#4862</a>)</li> <li><a href="https://github.com/honojs/hono/commit/1aa32fb91e7bc1366811d80ebcce61ec0d0c68cb"><code>1aa32fb</code></a> fix(types): infer response type from last handler in app.on 9- and 10-handler...</li> <li>See full diff in <a href="https://github.com/honojs/hono/compare/v4.12.12...v4.12.14">compare view</a></li> </ul> </details> <br /> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-06-05 17:23:22 -04:00
yindo closed this issue 2026-06-05 17:23:22 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: langchain-ai/deepagentsjs#488