build(deps): bump hono from 4.12.14 to 4.12.16 #26

Open

dependabot[bot] wants to merge 1 commit from dependabot/npm_and_yarn/hono-4.12.16 into main

dependabot[bot] commented

2026-05-04 13:33:45 +02:00

(Migrated from github.com)

Bumps hono from 4.12.14 to 4.12.16.

Release notes

Sourced from hono's releases.

v4.12.16

Security fixes

This release includes fixes for the following security issues:

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Affects: hono/jsx. Fixes missing validation of JSX tag names when using jsx() or createElement(), which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432

bodyLimit() can be bypassed for chunked / unknown-length requests

Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v

v4.12.15

What's Changed

fix(jwt): support single-line PEM keys by @hiendv in honojs/hono#4889

New Contributors

@hiendv made their first contribution in honojs/hono#4889

Full Changelog: https://github.com/honojs/hono/compare/v4.12.14...v4.12.15

Commits

90d4182 4.12.16
db05b96 Merge commit from fork
614b834 Merge commit from fork
027e3df fix(method-override): handle Content-Type with charset parameter (#4894)
f774f8d 4.12.15
18fe604 fix(jwt): support single-line PEM keys (#4889)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [hono](https://github.com/honojs/hono) from 4.12.14 to 4.12.16. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.16</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection</h3> <p>Affects: hono/jsx. Fixes missing validation of JSX tag names when using <code>jsx()</code> or <code>createElement()</code>, which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432</p> <h3>bodyLimit() can be bypassed for chunked / unknown-length requests</h3> <p>Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v</p> <h2>v4.12.15</h2> <h2>What's Changed</h2> <ul> <li>fix(jwt): support single-line PEM keys by <a href="https://github.com/hiendv"><code>@hiendv</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4889">honojs/hono#4889</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hiendv"><code>@hiendv</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4889">honojs/hono#4889</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.14...v4.12.15">https://github.com/honojs/hono/compare/v4.12.14...v4.12.15</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/hono/commit/90d4182aabd328e2ec6af3f25ec62ddc574ad8cb"><code>90d4182</code></a> 4.12.16</li> <li><a href="https://github.com/honojs/hono/commit/db05b96d7a4de569ba9e965052b0593663b164fc"><code>db05b96</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/614b834551378bffff70c810b2295495bc6e4d55"><code>614b834</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/027e3dfca9d58bbd6b2e11adef724d26bb4f4123"><code>027e3df</code></a> fix(method-override): handle Content-Type with charset parameter (<a href="https://redirect.github.com/honojs/hono/issues/4894">#4894</a>)</li> <li><a href="https://github.com/honojs/hono/commit/f774f8df49e7ec7e205f15c5076a37132c515ebf"><code>f774f8d</code></a> 4.12.15</li> <li><a href="https://github.com/honojs/hono/commit/18fe604c8cefc2628240651b1af219692e1918c1"><code>18fe604</code></a> fix(jwt): support single-line PEM keys (<a href="https://redirect.github.com/honojs/hono/issues/4889">#4889</a>)</li> <li>See full diff in <a href="https://github.com/honojs/hono/compare/v4.12.14...v4.12.16">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hono&package-manager=npm_and_yarn&previous-version=4.12.14&new-version=4.12.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin dependabot/npm_and_yarn/hono-4.12.16:dependabot/npm_and_yarn/hono-4.12.16

git switch dependabot/npm_and_yarn/hono-4.12.16

Merge

Merge the changes and update on konnos.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff dependabot/npm_and_yarn/hono-4.12.16

git switch dependabot/npm_and_yarn/hono-4.12.16

git rebase main

git switch main

git merge --ff-only dependabot/npm_and_yarn/hono-4.12.16

git switch dependabot/npm_and_yarn/hono-4.12.16

git rebase main

git switch main

git merge --no-ff dependabot/npm_and_yarn/hono-4.12.16

git switch main

git merge --squash dependabot/npm_and_yarn/hono-4.12.16