Skip to content

Commit 7cb960b

Browse files
dependabot[bot]dependabot[bot]
authored
chore(deps): Bump hono from 4.12.7 to 4.12.12 in /dev-packages/e2e-tests/test-applications/cloudflare-hono (#20119)
Bumps [hono](https://github.com/honojs/hono) from 4.12.7 to 4.12.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.12</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>Middleware bypass via repeated slashes in serveStatic</h3> <p>Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (<code>//</code>) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c</p> <h3>Path traversal in toSSG() allows writing files outside the output directory</h3> <p>Affects: <code>toSSG()</code> for Static Site Generation. Fixes a path traversal issue where crafted <code>ssgParams</code> values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx</p> <h3>Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses</h3> <p>Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. <code>::ffff:127.0.0.1</code>) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g</p> <h3>Missing validation of cookie name on write path in setCookie()</h3> <p>Affects: <code>setCookie()</code>, <code>serialize()</code>, and <code>serializeSigned()</code> from <code>hono/cookie</code>. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm</p> <h3>Non-breaking space prefix bypass in cookie name handling in getCookie()</h3> <p>Affects: <code>getCookie()</code> from <code>hono/cookie</code>. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4</p> <hr /> <p>Users who use Serve Static, Static Site Generation, Cookie utilities, or IP restriction middleware are strongly encouraged to upgrade to this version.</p> <h2>v4.12.11</h2> <h2>What's Changed</h2> <ul> <li>feat(css): add classNameSlug option to createCssContext by <a href="https://github.com/flow-pie"><code>@​flow-pie</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/flow-pie"><code>@​flow-pie</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.10...v4.12.11">https://github.com/honojs/hono/compare/v4.12.10...v4.12.11</a></p> <h2>v4.12.10</h2> <h2>What's Changed</h2> <ul> <li>test(router): fix <code>Simple capturing group</code> test by <a href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4838">honojs/hono#4838</a></li> <li>docs: fix impaired -&gt; inspired typo in benchmark READMEs by <a href="https://github.com/Abhi3975"><code>@​Abhi3975</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li> <li>fix(jsx/dom): apply select value after children are rendered by <a href="https://github.com/usualoma"><code>@​usualoma</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4847">honojs/hono#4847</a></li> <li>fix(compress): convert strong ETag to weak ETag when compressing by <a href="https://github.com/usualoma"><code>@​usualoma</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4848">honojs/hono#4848</a></li> <li>docs(ip-restriction): add clear JSDoc examples and param types by <a href="https://github.com/VISHNU7KASIREDDY"><code>@​VISHNU7KASIREDDY</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Abhi3975"><code>@​Abhi3975</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li> <li><a href="https://github.com/VISHNU7KASIREDDY"><code>@​VISHNU7KASIREDDY</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/hono/commit/c37ba26da9709ad03b803d1972773ed864b7e60d"><code>c37ba26</code></a> 4.12.12</li> <li><a href="https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0"><code>cc067c8</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/a586cd72e3f6122792e631ecf1817e5cabb803ec"><code>a586cd7</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/48fa2233bc092f650119f42df043050737cabf39"><code>48fa223</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/b470278920fffcfd6d76002755d6db53db827679"><code>b470278</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/9aff14bd727f8b0435c963363fd803260e7b8e3c"><code>9aff14b</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/2c403c67eb3d7be15aaa9e74ec74d2dcb4b4b4d2"><code>2c403c6</code></a> 4.12.11</li> <li><a href="https://github.com/honojs/hono/commit/f82aba8e8ea45d56199e751cee6ea7c067bcd176"><code>f82aba8</code></a> feat(css): add classNameSlug option to createCssContext (<a href="https://redirect.github.com/honojs/hono/issues/4834">#4834</a>)</li> <li><a href="https://github.com/honojs/hono/commit/9f374a55b25c5c644c293bd4ed6ffce016eb3b44"><code>9f374a5</code></a> 4.12.10</li> <li><a href="https://github.com/honojs/hono/commit/a8c56a6620597084e97792f7de3ffbd257c004cc"><code>a8c56a6</code></a> docs(ip-restriction): add clear JSDoc examples and param types (<a href="https://redirect.github.com/honojs/hono/issues/4851">#4851</a>)</li> <li>Additional commits viewable in <a href="https://github.com/honojs/hono/compare/v4.12.7...v4.12.12">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 parent f83aad7 commit 7cb960b

File tree

1 file changed

+1
-1
lines changed
  • dev-packages/e2e-tests/test-applications/cloudflare-hono

1 file changed

+1
-1
lines changed

dev-packages/e2e-tests/test-applications/cloudflare-hono/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
},
1313
"dependencies": {
1414
"@sentry/cloudflare": "latest || *",
15-
"hono": "4.12.7"
15+
"hono": "4.12.12"
1616
},
1717
"devDependencies": {
1818
"@cloudflare/vitest-pool-workers": "^0.8.31",

0 commit comments

Comments
 (0)