chore(deps): Bump hono from 4.12.7 to 4.12.12 (#20118)

Bumps [hono](https://github.com/honojs/hono) from 4.12.7 to 4.12.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/honojs/hono/releases">hono's
releases</a>.</em></p>
<blockquote>
<h2>v4.12.12</h2>
<h2>Security fixes</h2>
<p>This release includes fixes for the following security issues:</p>
<h3>Middleware bypass via repeated slashes in serveStatic</h3>
<p>Affects: Serve Static middleware. Fixes a path normalization
inconsistency where repeated slashes (<code>//</code>) could bypass
route-based middleware protections and allow access to protected static
files. GHSA-wmmm-f939-6g9c</p>
<h3>Path traversal in toSSG() allows writing files outside the output
directory</h3>
<p>Affects: <code>toSSG()</code> for Static Site Generation. Fixes a
path traversal issue where crafted <code>ssgParams</code> values could
write files outside the configured output directory.
GHSA-xf4j-xp2r-rqqx</p>
<h3>Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6
addresses</h3>
<p>Affects: IP Restriction Middleware. Fixes improper handling of
IPv4-mapped IPv6 addresses (e.g. <code>::ffff:127.0.0.1</code>) that
could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g</p>
<h3>Missing validation of cookie name on write path in setCookie()</h3>
<p>Affects: <code>setCookie()</code>, <code>serialize()</code>, and
<code>serializeSigned()</code> from <code>hono/cookie</code>. Fixes
missing validation of cookie names on the write path, preventing
inconsistent handling between parsing and serialization.
GHSA-26pp-8wgv-hjvm</p>
<h3>Non-breaking space prefix bypass in cookie name handling in
getCookie()</h3>
<p>Affects: <code>getCookie()</code> from <code>hono/cookie</code>.
Fixes a discrepancy in cookie name handling that could allow
attacker-controlled cookies to override legitimate ones and bypass
prefix protections. GHSA-r5rp-j6wh-rvv4</p>
<hr />
<p>Users who use Serve Static, Static Site Generation, Cookie utilities,
or IP restriction middleware are strongly encouraged to upgrade to this
version.</p>
<h2>v4.12.11</h2>
<h2>What's Changed</h2>
<ul>
<li>feat(css): add classNameSlug option to createCssContext by <a
href="https://github.com/flow-pie"><code>@​flow-pie</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/flow-pie"><code>@​flow-pie</code></a>
made their first contribution in <a
href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/honojs/hono/compare/v4.12.10...v4.12.11">https://github.com/honojs/hono/compare/v4.12.10...v4.12.11</a></p>
<h2>v4.12.10</h2>
<h2>What's Changed</h2>
<ul>
<li>test(router): fix <code>Simple capturing group</code> test by <a
href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4838">honojs/hono#4838</a></li>
<li>docs: fix impaired -&gt; inspired typo in benchmark READMEs by <a
href="https://github.com/Abhi3975"><code>@​Abhi3975</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li>
<li>fix(jsx/dom): apply select value after children are rendered by <a
href="https://github.com/usualoma"><code>@​usualoma</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4847">honojs/hono#4847</a></li>
<li>fix(compress): convert strong ETag to weak ETag when compressing by
<a href="https://github.com/usualoma"><code>@​usualoma</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4848">honojs/hono#4848</a></li>
<li>docs(ip-restriction): add clear JSDoc examples and param types by <a
href="https://github.com/VISHNU7KASIREDDY"><code>@​VISHNU7KASIREDDY</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Abhi3975"><code>@​Abhi3975</code></a>
made their first contribution in <a
href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li>
<li><a
href="https://github.com/VISHNU7KASIREDDY"><code>@​VISHNU7KASIREDDY</code></a>
made their first contribution in <a
href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/honojs/hono/commit/c37ba26da9709ad03b803d1972773ed864b7e60d"><code>c37ba26</code></a>
4.12.12</li>
<li><a
href="https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0"><code>cc067c8</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/a586cd72e3f6122792e631ecf1817e5cabb803ec"><code>a586cd7</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/48fa2233bc092f650119f42df043050737cabf39"><code>48fa223</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/b470278920fffcfd6d76002755d6db53db827679"><code>b470278</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/9aff14bd727f8b0435c963363fd803260e7b8e3c"><code>9aff14b</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/2c403c67eb3d7be15aaa9e74ec74d2dcb4b4b4d2"><code>2c403c6</code></a>
4.12.11</li>
<li><a
href="https://github.com/honojs/hono/commit/f82aba8e8ea45d56199e751cee6ea7c067bcd176"><code>f82aba8</code></a>
feat(css): add classNameSlug option to createCssContext (<a
href="https://redirect.github.com/honojs/hono/issues/4834">#4834</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/9f374a55b25c5c644c293bd4ed6ffce016eb3b44"><code>9f374a5</code></a>
4.12.10</li>
<li><a
href="https://github.com/honojs/hono/commit/a8c56a6620597084e97792f7de3ffbd257c004cc"><code>a8c56a6</code></a>
docs(ip-restriction): add clear JSDoc examples and param types (<a
href="https://redirect.github.com/honojs/hono/issues/4851">#4851</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/honojs/hono/compare/v4.12.7...v4.12.12">compare
view</a></li>
</ul>
</details>
<br />

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

dev-packages/cloudflare-integration-tests/package.json

@@ -16,7 +16,7 @@
     "@langchain/langgraph": "^1.0.1",
     "@sentry/cloudflare": "10.48.0",
     "@sentry/hono": "10.48.0",
-    "hono": "^4.12.7"
+    "hono": "^4.12.12"
   },
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20250922.0",

dev-packages/node-integration-tests/package.json

@@ -58,7 +58,7 @@
     "generic-pool": "^3.9.0",
     "graphql": "^16.11.0",
     "graphql-tag": "^2.12.6",
-    "hono": "^4.12.7",
+    "hono": "^4.12.12",
     "http-terminator": "^3.2.0",
     "ioredis": "^5.4.1",
     "kafkajs": "2.2.4",

yarn.lock

@@ -18932,10 +18932,10 @@ homedir-polyfill@^1.0.1:
   dependencies:
     parse-passwd "^1.0.0"
 
-hono@^4.12.7:
-  version "4.12.7"
-  resolved "https://registry.yarnpkg.com/hono/-/hono-4.12.7.tgz#ca000956e965c2b3d791e43540498e616d6c6442"
-  integrity sha512-jq9l1DM0zVIvsm3lv9Nw9nlJnMNPOcAtsbsgiUhWcFzPE99Gvo6yRTlszSLLYacMeQ6quHD6hMfId8crVHvexw==
+hono@^4.12.12:
+  version "4.12.12"
+  resolved "https://registry.yarnpkg.com/hono/-/hono-4.12.12.tgz#1f14b0ffb47c386ff50d457d66e706d9c9a7f09c"
+  integrity sha512-p1JfQMKaceuCbpJKAPKVqyqviZdS0eUxH9v82oWo1kb9xjQ5wA6iP3FNVAPDFlz5/p7d45lO+BpSk1tuSZMF4Q==
 
 hookable@^5.5.3:
   version "5.5.3"