fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@hono/node-server	^1.11.0 -> ^1.19.6			dependencies	minor
@types/node (source)	^20.12.7 -> ^20.19.25			devDependencies	minor
actions/checkout	v4.2.0 -> v4.3.0			action	minor
actions/setup-node	v4.0.4 -> v4.4.0			action	minor
hono (source)	^4.2.5 -> ^4.10.6			dependencies	minor
node (source)	20 -> 20.19.5				minor
pino (source)	^9.1.0 -> ^9.14.0			devDependencies	minor
pino-pretty	^13.0.0 -> ^13.1.2			devDependencies	minor
pnpm/action-setup	v4.0.0 -> v4.2.0			action	minor
tsx (source)	^4.7.2 -> ^4.20.6			devDependencies	minor
zod (source)	^3.22.5 -> ^3.25.76			devDependencies	minor

---

Release Notes

honojs/node-server (@​hono/node-server)

v1.19.6

Compare Source

v1.19.5

Compare Source

What's Changed

• fix: cancel a readable stream if a writable stream is closed before a readable stream is closed. by @​usualoma in #​280

Full Changelog: honojs/node-server@v1.19.4...v1.19.5

v1.19.4

Compare Source

What's Changed

• fix(serve-static): Add error handling in createStreamBody by @​thongdoan in #​278

New Contributors

• @​thongdoan made their first contribution in #​278

Full Changelog: honojs/node-server@v1.19.3...v1.19.4

v1.19.3

Compare Source

What's Changed

• fix: Refactor promise check for response handling by @​kay-is in #​277

New Contributors

• @​kay-is made their first contribution in #​277

Full Changelog: honojs/node-server@v1.19.2...v1.19.3

v1.19.2

Compare Source

What's Changed

• fix: better handle range parse to avoid NaN error by @​zwpaper in #​276

New Contributors

• @​zwpaper made their first contribution in #​276

Full Changelog: honojs/node-server@v1.19.1...v1.19.2

v1.19.1

Compare Source

What's Changed

• fix: Keep lightweight request even if accessing method, url or headers by @​usualoma in #​274
• chore: add packageManager field in package.json by @​yusukebe in #​275

Full Changelog: honojs/node-server@v1.19.0...v1.19.1

v1.19.0

Compare Source

What's Changed

• feat: add log when directory does not exists by @​Its-Just-Nans in #​273

New Contributors

• @​Its-Just-Nans made their first contribution in #​273

Full Changelog: honojs/node-server@v1.18.2...v1.19.0

v1.18.2

Compare Source

What's Changed

• fix: Skip content-length assignment when transfer-encoding is chunked. by @​usualoma in #​271

Full Changelog: honojs/node-server@v1.18.1...v1.18.2

v1.18.1

Compare Source

What's Changed

• fix(listener): Limit retries to a maximum of three. by @​usualoma in #​267

Full Changelog: honojs/node-server@v1.18.0...v1.18.1

v1.18.0

Compare Source

What's Changed

• feat: always respond res.body by @​usualoma in #​262
• ci: add Node.js v24 for CI by @​yusukebe in #​263
• fix(listener): In Node.js v24, some response bodies are not read to the end until the next task queue. by @​usualoma in #​265

Full Changelog: honojs/node-server@v1.17.1...v1.18.0

v1.17.1

Compare Source

What's Changed

• fix: handle client disconnection without canceling stream by @​yusukebe in #​258
• fix: improve serve-static function by @​usualoma in #​261

Full Changelog: honojs/node-server@v1.17.0...v1.17.1

v1.17.0

Compare Source

What's Changed

• docs: separate description of autoCleanupIncoming by @​usualoma in #​255
• chore: rename server_socket.test.ts to server-socket.test.ts by @​yusukebe in #​256
• feat(serve-static): support absolute path by @​yusukebe in #​257

Full Changelog: honojs/node-server@v1.16.0...v1.17.0

v1.16.0

Compare Source

What's Changed

• feat: Clean up the incoming object if the request is not completely finished. by @​usualoma in #​252

Full Changelog: honojs/node-server@v1.15.0...v1.16.0

v1.15.0

Compare Source

What's Changed

• feat(serve-static): pass context to rewriteRequestPath by @​yusukebe in #​247

Full Changelog: honojs/node-server@v1.14.4...v1.15.0

v1.14.4

Compare Source

What's Changed

• fix: flush headers before sending data via readable stream by @​usualoma in #​245

Full Changelog: honojs/node-server@v1.14.3...v1.14.4

v1.14.3

Compare Source

What's Changed

• fix: set RequestError name properly by @​yusukebe in #​243

Full Changelog: honojs/node-server@v1.14.2...v1.14.3

v1.14.2

Compare Source

What's Changed

• perf: keep using the lightweight Response object when retrieving headers, status, and ok, and then drop the getInternalBody function. by @​usualoma in #​242

Full Changelog: honojs/node-server@v1.14.1...v1.14.2

v1.14.1

Compare Source

What's Changed

• fix: Handle Response Errors Correctly by @​jpulec in #​236

New Contributors

• @​jpulec made their first contribution in #​236

Full Changelog: honojs/node-server@v1.14.0...v1.14.1

v1.14.0

Compare Source

What's Changed

• chore: use Bun as a package manager by @​yusukebe in #​224
• fix: #​230 use node:fs specifier prefix vs. fs import by @​firxworx in #​231
• feat: accept absolute-form URI for request-target by @​usualoma in #​232
• fix: fix the return type of responseViaCache by @​yusukebe in #​234

New Contributors

• @​firxworx made their first contribution in #​231

Full Changelog: honojs/node-server@v1.13.8...v1.14.0

v1.13.8

Compare Source

What's Changed

• fix: export ServerOptions type by @​aryasaatvik in #​222
• fix: re-read request body from incoming.rawBody if available by @​usualoma in #​223
• fix: Avoid error if connection is aborted before internal request object is created by @​usualoma in #​221

New Contributors

• @​aryasaatvik made their first contribution in #​222

Full Changelog: honojs/node-server@v1.13.7...v1.13.8

v1.13.7

Compare Source

What's Changed

• fix: detection of client premature close by @​Tomas2D in #​218

New Contributors

• @​Tomas2D made their first contribution in #​218

Full Changelog: honojs/node-server@v1.13.6...v1.13.7

v1.13.6

Compare Source

What's Changed

• fix: conninfo returns server IP by @​nakasyou in #​216

Full Changelog: honojs/node-server@v1.13.5...v1.13.6

v1.13.5

Compare Source

What's Changed

• fix(utils): accept HeadersInit, null, undefined in buildOutgoingHttpHeaders by @​usualoma in #​212

Full Changelog: honojs/node-server@v1.13.4...v1.13.5

v1.13.4

Compare Source

What's Changed

• fix: TypeError: headers is not iterable by @​mjad218 in #​210

New Contributors

• @​mjad218 made their first contribution in #​210

Full Changelog: honojs/node-server@v1.13.3...v1.13.4

v1.13.3

Compare Source

What's Changed

• fix(serve-static): add error handler for decoding uri components by @​alumowa in #​208

New Contributors

• @​alumowa made their first contribution in #​208

Full Changelog: honojs/node-server@v1.13.2...v1.13.3

v1.13.2

Compare Source

What's Changed

• fix(serve): support ipv6 by default by @​sinasab in #​206

New Contributors

• @​sinasab made their first contribution in #​206

Full Changelog: honojs/node-server@v1.13.1...v1.13.2

v1.13.1

Compare Source

What's Changed

• fix(serve-static): use application/octet-stream if the mime type is not detected by @​usualoma in #​201

Full Changelog: honojs/node-server@v1.13.0...v1.13.1

v1.13.0

Compare Source

What's Changed

• chore(lint): use eslint v9 by @​Jayllyz in #​197
• feat(serve-static): add onFound option by @​yusukebe in #​198
• feat(serve-static): add precompressed option by @​yusukebe in #​199

Full Changelog: honojs/node-server@v1.12.2...v1.13.0

v1.12.2

Compare Source

What's Changed

• fix: Declare hono as peer dependency by @​marvinruder in #​192

New Contributors

• @​marvinruder made their first contribution in #​192

Full Changelog: honojs/node-server@v1.12.1...v1.12.2

v1.12.1

Compare Source

What's Changed

• fix: return response from res.body if internal data is not ready to be returned directly by @​usualoma in #​188

Full Changelog: honojs/node-server@v1.12.0...v1.12.1

v1.12.0

Compare Source

What's Changed

• fix(serve-static): supports extension less files by @​yusukebe in #​183
• feat: implement ConnInfo helper by @​nakasyou in #​180

New Contributors

• @​nakasyou made their first contribution in #​180

Full Changelog: honojs/node-server@v1.11.5...v1.12.0

v1.11.5

Compare Source

What's Changed

• fix: make hono as external to build by @​yusukebe in #​182

Full Changelog: honojs/node-server@v1.11.4...v1.11.5

v1.11.4

Compare Source

What's Changed

• Expose ServerType from './types' by @​raighneweng in #​178

New Contributors

• @​raighneweng made their first contribution in #​178

Full Changelog: honojs/node-server@v1.11.3...v1.11.4

v1.11.3

Compare Source

What's Changed

• Update readme with an example of proper "root" when using serveStatic by @​brettimus in #​173
• fix: avoid error when using TRACE method by @​usualoma in #​175

New Contributors

• @​brettimus made their first contribution in #​173

Full Changelog: honojs/node-server@v1.11.2...v1.11.3

v1.11.2

Compare Source

What's Changed

• ci: include tests for node 22 version by @​Jayllyz in #​170
• fix: memory leak by AbortController by @​usualoma in #​172

New Contributors

• @​Jayllyz made their first contribution in #​170

Full Changelog: honojs/node-server@v1.11.1...v1.11.2

v1.11.1

Compare Source

What's Changed

• Update Request to work with ReadableStream polyfills by @​nicksrandall in #​164
• refactor(serve-static): use c.req.path instead of url.pathname by @​yusukebe in #​166

New Contributors

• @​nicksrandall made their first contribution in #​164

Full Changelog: honojs/node-server@v1.11.0...v1.11.1

actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

actions/setup-node (actions/setup-node)

v4.4.0

Compare Source

What's Changed

Bug fixes:

• Make eslint-compact matcher compatible with Stylelint by @​FloEdelmann in #​98
• Add support for indented eslint output by @​fregante in #​1245

Enhancement:

• Support private mirrors by @​marco-ippolito in #​1240

Dependency update:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in #​1262

New Contributors

• @​FloEdelmann made their first contribution in #​98
• @​fregante made their first contribution in #​1245
• @​marco-ippolito made their first contribution in #​1240

Full Changelog: actions/setup-node@v4...v4.4.0

v4.3.0

Compare Source

What's Changed

Dependency updates

• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in #​1200
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​gowridurgad in #​1251
• Upgrade @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in #​1203
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot in #​1220

New Contributors

• @​gowridurgad made their first contribution in #​1251

Full Changelog: actions/setup-node@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

• Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by @​aparnajyothi-y in #​1174
• Add recommended permissions section to readme by @​benwells in #​1193
• Configure Dependabot settings by @​HarithaVattikuti in #​1192
• Upgrade @actions/cache to ^4.0.0 by @​priyagupta108 in #​1191
• Upgrade pnpm/action-setup from 2 to 4 by @​dependabot in #​1194
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in #​1195
• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in #​1196
• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot in #​1201
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in #​1205

New Contributors

• @​benwells made their first contribution in #​1193

Full Changelog: actions/setup-node@v4...v4.2.0

v4.1.0

Compare Source

What's Changed

• Resolve High Security Alerts by upgrading Dependencies by @​aparnajyothi-y in #​1132
• Upgrade IA Publish by @​Jcambass in #​1134
• Revise isGhes logic by @​jww3 in #​1148
• Add architecture to cache key by @​pengx17 in #​843
  This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
  Note: This change may break previous cache keys as they will no longer be compatible with the new format.

New Contributors

• @​jww3 made their first contribution in #​1148
• @​pengx17 made their first contribution in #​843

Full Changelog: actions/setup-node@v4...v4.1.0

honojs/hono (hono)

v4.10.6

Compare Source

v4.10.5

Compare Source

What's Changed

• docs(CONTRIBUTING): use bun instead of yarn in local development setup by @​taichi-1 in #​4503
• docs: grammar issue by @​WuMingDao in #​4508
• fix(utils/url): make _getQueryParam search behind question mark by @​tuzi3040 in #​4507
• fix(jsx): self-close wrapped empty tags by @​jakelee8 in #​4511
• chore: improve private field removal by @​BlankParticle in #​4513
• fix(middleware/cache): skip caching when Vary: * is present by @​pHo9UBenaA in #​4504

New Contributors

• @​taichi-1 made their first contribution in #​4503
• @​WuMingDao made their first contribution in #​4508
• @​tuzi3040 made their first contribution in #​4507
• @​jakelee8 made their first contribution in #​4511
• @​pHo9UBenaA made their first contribution in #​4504

Full Changelog: honojs/hono@v4.10.4...v4.10.5

v4.10.4

Compare Source

What's Changed

• chore: add a monochrome logo image by @​yusukebe in #​4487
• chore: fix the monochrome logo by @​yusukebe in #​4488
• fix(secure-headers): proposed features typo spelling mistake by @​RosApr in #​4494
• fix(types): preserve handler response typing in createHandlers by @​s-junio in #​4492

New Contributors

• @​RosApr made their first contribution in #​4494
• @​s-junio made their first contribution in #​4492

Full Changelog: honojs/hono@v4.10.3...v4.10.4

v4.10.3

Compare Source

Securiy Fix

A security issue in the CORS middleware has been fixed. In some cases, a request header could affect the Vary response header. Please update to the latest version if you are using the CORS middleware.

What's Changed

• fix(aws-lambda): serve microsoft office files as binary in lambda handler by @​matthiasfeist in #​4469
• fix(request-id): validation accepts = by @​ryuapp in #​4478
• refactor(jwt): reduce the size of the code generated by minification by @​usualoma in #​4480

New Contributors

• @​matthiasfeist made their first contribution in #​4469

Full Changelog: honojs/hono@v4.10.2...v4.10.3

v4.10.2

Compare Source

v4.10.1

Compare Source

What's Changed

• fix(types): cannot .use non-return mw from createMiddleware by @​NamesMT in #​4465

Full Changelog: honojs/hono@v4.10.0...v4.10.1

v4.10.0

Compare Source

Release Notes

Hono v4.10.0 is now available!

This release brings improved TypeScript support and new utilities.

The main highlight is the enhanced middleware type definitions that solve a long-standing issue with type safety for RPC clients.

Middleware Type Improvements

Imagine the following app:

import { Hono } from 'hono'

const app = new Hono()

const routes = app.get(
  '/',
  (c) => {
    return c.json({ errorMessage: 'Error!' }, 500)
  },
  (c) => {
    return c.json({ message: 'Success!' }, 200)
  }
)

The client with RPC:

import { hc } from 'hono/client'

const client = hc<typeof routes>('/')

const res = await client.index.$get()

if (res.status === 500) {
}

if (res.status === 200) {
}

Previously, it couldn't infer the responses from middleware, so a type error was thrown.

Now the responses are correctly typed.

---

This was a long-standing issue and we were thinking it was super difficult to resolve it. But now come true.

Thank you for the great work @​slawekkolodziej!

cloneRawRequest Utility

The new cloneRawRequest utility allows you to clone the raw Request object after it has been consumed by validators or middleware.

import { cloneRawRequest } from 'hono/request'

app.post('/api', async (c) => {
  const body = await c.req.json()

  // Clone the consumed request
  const clonedRequest = cloneRawRequest(c.req)
  await externalLibrary.process(clonedRequest)
})

Thanks @​kamaal111!

New features

• feat(types): passing middleware types #​4393
• feat(ssg): add default plugin that defines the recommended behavior #​4394
• feat(request): add cloneRawRequest utility for request cloning #​4382

All changes

• feat(types): passing middleware types by @​slawekkolodziej in #​4393
• feat(ssg): add default plugin that defines the recommended behavior by @​3w36zj6 in #​4394
• feat(request): add cloneRawRequest utility for request cloning by @​kamaal111 in #​4382
• fix(proxy): Correct hop-by-hop header handling per RFC 9110 by @​sugar-cat7 in #​4459

New Contributors

• @​slawekkolodziej made their first contribution in #​4393
• @​kamaal111 made their first contribution in #​4382

Full Changelog: honojs/hono@v4.9.12...v4.10.0

v4.9.12

Compare Source

What's Changed

• refactor: internal structure of PreparedRegExpRouter for optimization and added tests by @​usualoma in #​4456
• refactor: use protected methods instead of computed properties to allow tree shaking by @​usualoma in #​4458

Full Changelog: honojs/hono@v4.9.11...v4.9.12

v4.9.11

Compare Source

What's Changed

• fix(types): fix 4.9.8 regression by @​aadito123 in #​4448
• feat(reg-exp-router): Introduced PreparedRegExpRouter by @​usualoma in #​1796

New Contributors

• @​aadito123 made their first contribution in #​4448

Full Changelog: honojs/hono@v4.9.10...v4.9.11

v4.9.10

Compare Source

What's Changed

• fix(context): Fix #​4427 type regression by removing non-public export by @​aantthony in #​4433
• fix(aws-lambda): sanitize non-ASCII header values to prevent ByteString errors by @​yusukebe in #​4437

Full Changelog: honojs/hono@v4.9.9...v4.9.10

v4.9.9

Compare Source

What's Changed

• fix(service-worker): Update service-worker fire() to accept generic variants of Hono app instance by @​harmony7 in #​4420
• fix(service-worker): correct generics for handle by @​yusukebe in #​4421
• feat(helper/route): enable to get route path at specific index by @​usualoma in #​4423

New Contributors

• @​harmony7 made their first contribution in #​4420

Full Changelog: honojs/hono@v4.9.8...v4.9.9

v4.9.8

Compare Source

What's Changed

• fix(types): JSONParsed infer unknown values by @​BarryThePenguin in #​4405
• refactor(types): remove SimplifyDeepArray from json types by @​BarryThePenguin in #​4406
• refactor(types): fix the type definitions in hono-base by @​yusukebe in #​4407
• fix(request): return empty string for empty catch-all param by @​amitksingh0880 in #​4395

New Contributors

• @​amitksingh0880 made their first contribution in #​4395

Full Changelog: honojs/hono@v4.9.7...v4.9.8

v4.9.7

Compare Source

Security

• Fixed an issue in the bodyLimit middleware where the body size limit could be bypassed when both Content-Length and Transfer-Encoding headers were present. If you are using this middleware, please update immediately. Security Advisory

What's Changed

• fix(client): Fix parseResponse not parsing json in react native by @​lr0pb in #​4399
• chore: add .tool-versions file by @​3w36zj6 in #​4397
• chore: update bun install commands to use --frozen-lockfile by @​3w36zj6 in #​4398
• test(jwk): Add tests of JWK token verification by @​buckett in #​4402

New Contributors

• @​lr0pb made their first contribution in #​4399
• @​buckett made their first contribution in #​4402

Full Changelog: honojs/hono@v4.9.6...v4.9.7

v4.9.6

Compare Source

Security

Fixed a bug in URL path parsing (getPath) that could cause path confusion under malformed requests.

If you rely on reverse proxies (e.g. Nginx) for ACLs or restrict access to endpoints like /admin, please update immediately.

See advisory for details: GHSA-9hp6-4448-45g2

What's Changed

• chore: update packages in the router bench by @​yusukebe in #​4386
• chore(benchmarks): remove comment-out from router bench by @​yusukebe in #​4387

Full Changelog: honojs/hono@v4.9.5...v4.9.6

v4.9.5

Compare Source

What's Changed

• chore: replace supertest with undici by @​BarryThePenguin in #​4365
• fix(aws-lambda): preserve percent-encoded values in query strings by @​yusukebe in #​4372
• feat(cors): Allow async functions for origin and allowMethods by @​jobrk in #​4373
• feat(cors): Correct origin function return type asynchronously returning null or undefined for origin by @​jobrk in #​4375
• fix(service-worker): correct args for app.fetch in handle by @​yusukebe in #​4374
• fix(language-detector): Detect language from path after getPath changed by @​iflamed in #​4369

New Contributors

• @​jobrk made their first contribution in #​4373
• @​iflamed made their first contribution in #​4369

Full Changelog: honojs/hono@v4.9.4...v4.9.5

v4.9.4

Compare Source

What's Changed

• chore: add a type cast to run deno publish by @​yusukebe in #​4364

Full Changelog: <https://github.com/honojs/hono/compare/v4.9.

[changeset-bot]

⚠️ No Changeset found

Latest commit: c369eec

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR