v4.9.12

What's Changed

• refactor: internal structure of PreparedRegExpRouter for optimization and added tests by @usualoma in #4456
• refactor: use protected methods instead of computed properties to allow tree shaking by @usualoma in #4458

Full Changelog: v4.9.11...v4.9.12

v4.9.11

What's Changed

• fix(types): fix 4.9.8 regression by @aadito123 in #4448
• feat(reg-exp-router): Introduced PreparedRegExpRouter by @usualoma in #1796

New Contributors

• @aadito123 made their first contribution in #4448

Full Changelog: v4.9.10...v4.9.11

v4.9.10

What's Changed

• fix(context): Fix #4427 type regression by removing non-public export by @aantthony in #4433
• fix(aws-lambda): sanitize non-ASCII header values to prevent ByteString errors by @yusukebe in #4437

Full Changelog: v4.9.9...v4.9.10

v4.9.9

What's Changed

• fix(service-worker): Update service-worker fire() to accept generic variants of Hono app instance by @harmony7 in #4420
• fix(service-worker): correct generics for handle by @yusukebe in #4421
• feat(helper/route): enable to get route path at specific index by @usualoma in #4423

New Contributors

• @harmony7 made their first contribution in #4420

Full Changelog: v4.9.8...v4.9.9

v4.9.8

What's Changed

• fix(types): JSONParsed infer unknown values by @BarryThePenguin in #4405
• refactor(types): remove SimplifyDeepArray from json types by @BarryThePenguin in #4406
• refactor(types): fix the type definitions in hono-base by @yusukebe in #4407
• fix(request): return empty string for empty catch-all param by @amitksingh0880 in #4395

New Contributors

• @amitksingh0880 made their first contribution in #4395

Full Changelog: v4.9.7...v4.9.8

v4.9.7

Security

• Fixed an issue in the bodyLimit middleware where the body size limit could be bypassed when both Content-Length and Transfer-Encoding headers were present. If you are using this middleware, please update immediately. Security Advisory

What's Changed

• fix(client): Fix parseResponse not parsing json in react native by @lr0pb in #4399
• chore: add .tool-versions file by @3w36zj6 in #4397
• chore: update bun install commands to use --frozen-lockfile by @3w36zj6 in #4398
• test(jwk): Add tests of JWK token verification by @buckett in #4402

New Contributors

• @lr0pb made their first contribution in #4399
• @buckett made their first contribution in #4402

Full Changelog: v4.9.6...v4.9.7

v4.9.6

Security

Fixed a bug in URL path parsing (getPath) that could cause path confusion under malformed requests.

If you rely on reverse proxies (e.g. Nginx) for ACLs or restrict access to endpoints like /admin, please update immediately.

See advisory for details: GHSA-9hp6-4448-45g2

What's Changed

• chore: update packages in the router bench by @yusukebe in #4386
• chore(benchmarks): remove comment-out from router bench by @yusukebe in #4387

Full Changelog: v4.9.5...v4.9.6

v4.9.5

What's Changed

• chore: replace supertest with undici by @BarryThePenguin in #4365
• fix(aws-lambda): preserve percent-encoded values in query strings by @yusukebe in #4372
• feat(cors): Allow async functions for origin and allowMethods by @jobrk in #4373
• feat(cors): Correct origin function return type asynchronously returning null or undefined for origin by @jobrk in #4375
• fix(service-worker): correct args for app.fetch in handle by @yusukebe in #4374
• fix(language-detector): Detect language from path after getPath changed by @iflamed in #4369

New Contributors

• @jobrk made their first contribution in #4373
• @iflamed made their first contribution in #4369

Full Changelog: v4.9.4...v4.9.5

v4.9.4

What's Changed

• chore: add a type cast to run deno publish by @yusukebe in #4364

Full Changelog: v4.9.3...v4.9.4

v4.9.3

What's Changed

• feat(csrf): Add modern CSRF protection with Fetch Metadata support by @meck93 in #4353
• tests: use vitest projects by @BarryThePenguin in #4359
• feat(proxy): add customFetch option to allow custom fetch function by @yusukebe in #4360
• chore: update typescript to 5.9.2 by @yusukebe in #4362
• chore: add packageManager field to package.json by @yusukebe in #4363

Full Changelog: v4.9.2...v4.9.3