Skip to content

chore(deps): bump hono from 4.12.9 to 4.12.12#88

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/hono-4.12.12
Closed

chore(deps): bump hono from 4.12.9 to 4.12.12#88
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/hono-4.12.12

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps hono from 4.12.9 to 4.12.12.

Release notes

Sourced from hono's releases.

v4.12.12

Security fixes

This release includes fixes for the following security issues:

Middleware bypass via repeated slashes in serveStatic

Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (//) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c

Path traversal in toSSG() allows writing files outside the output directory

Affects: toSSG() for Static Site Generation. Fixes a path traversal issue where crafted ssgParams values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx

Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g

Missing validation of cookie name on write path in setCookie()

Affects: setCookie(), serialize(), and serializeSigned() from hono/cookie. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm

Non-breaking space prefix bypass in cookie name handling in getCookie()

Affects: getCookie() from hono/cookie. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4

Users who use Serve Static, Static Site Generation, Cookie utilities, or IP restriction middleware are strongly encouraged to upgrade to this version.

v4.12.11

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.10...v4.12.11

v4.12.10

What's Changed

New Contributors

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 8, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 8, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
snap-docs Ready Ready Preview, Comment Apr 15, 2026 4:12pm

Request Review

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 381f3e6 to 06205cf Compare April 8, 2026 17:41
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 06205cf to f5fc264 Compare April 8, 2026 17:58
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from f5fc264 to ae70a33 Compare April 8, 2026 19:38
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from ae70a33 to 6ad359c Compare April 9, 2026 00:16
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 6ad359c to c18080f Compare April 9, 2026 00:41
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from c18080f to 391905a Compare April 9, 2026 02:17
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 391905a to 8157388 Compare April 9, 2026 02:36
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 8157388 to f099698 Compare April 9, 2026 03:13
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from f099698 to d948041 Compare April 9, 2026 03:58
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from d948041 to fdefa5e Compare April 9, 2026 04:08
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from fdefa5e to a9c5973 Compare April 9, 2026 04:30
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from a9c5973 to 0b8d83b Compare April 9, 2026 04:44
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 0b8d83b to fc38cb9 Compare April 9, 2026 16:33
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from fc38cb9 to 7f95696 Compare April 9, 2026 19:31
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 7f95696 to e89c8c4 Compare April 9, 2026 22:21
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from e89c8c4 to 0eb7b97 Compare April 10, 2026 01:15
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 0eb7b97 to ce6cabc Compare April 10, 2026 01:32
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from ce6cabc to 1d818ab Compare April 10, 2026 02:10
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 1d818ab to 0813111 Compare April 11, 2026 01:33
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 0813111 to 2a74d99 Compare April 11, 2026 01:40
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from 2a74d99 to de3df38 Compare April 11, 2026 19:49
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from de3df38 to a6fc8d7 Compare April 11, 2026 20:06
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from a6fc8d7 to f3efbd1 Compare April 14, 2026 15:46
@dependabot
chore(deps): bump hono from 4.12.9 to 4.12.12
d44b50e 
Bumps [hono](https://github.com/honojs/hono) from 4.12.9 to 4.12.12.
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.9...v4.12.12)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/hono-4.12.12 branch from f3efbd1 to d44b50e Compare April 15, 2026 16:11
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 16, 2026

Superseded by #150.

@dependabot dependabot Bot closed this Apr 16, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/hono-4.12.12 branch April 16, 2026 02:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants