fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@hono/node-server	^1.11.0 -> ^1.19.5			dependencies	minor
@types/node (source)	^20.12.7 -> ^20.19.19			devDependencies	minor
actions/checkout	v4.2.0 -> v4.3.0			action	minor
actions/setup-node	v4.0.4 -> v4.4.0			action	minor
hono (source)	^4.2.5 -> ^4.9.10			dependencies	minor
node (source)	20 -> 20.19.5				minor
pino (source)	^9.1.0 -> ^9.13.1			devDependencies	minor
pino-pretty	^13.0.0 -> ^13.1.1			devDependencies	minor
pnpm/action-setup	v4.0.0 -> v4.2.0			action	minor
tsx (source)	^4.7.2 -> ^4.20.6			devDependencies	minor
zod (source)	^3.22.5 -> ^3.25.76			devDependencies	minor

---

Release Notes

honojs/node-server (@​hono/node-server)

v1.19.5

Compare Source

What's Changed

• fix: cancel a readable stream if a writable stream is closed before a readable stream is closed. by @​usualoma in #​280

Full Changelog: honojs/node-server@v1.19.4...v1.19.5

v1.19.4

Compare Source

What's Changed

• fix(serve-static): Add error handling in createStreamBody by @​thongdoan in #​278

New Contributors

• @​thongdoan made their first contribution in #​278

Full Changelog: honojs/node-server@v1.19.3...v1.19.4

v1.19.3

Compare Source

What's Changed

• fix: Refactor promise check for response handling by @​kay-is in #​277

New Contributors

• @​kay-is made their first contribution in #​277

Full Changelog: honojs/node-server@v1.19.2...v1.19.3

v1.19.2

Compare Source

What's Changed

• fix: better handle range parse to avoid NaN error by @​zwpaper in #​276

New Contributors

• @​zwpaper made their first contribution in #​276

Full Changelog: honojs/node-server@v1.19.1...v1.19.2

v1.19.1

Compare Source

What's Changed

• fix: Keep lightweight request even if accessing method, url or headers by @​usualoma in #​274
• chore: add packageManager field in package.json by @​yusukebe in #​275

Full Changelog: honojs/node-server@v1.19.0...v1.19.1

v1.19.0

Compare Source

What's Changed

• feat: add log when directory does not exists by @​Its-Just-Nans in #​273

New Contributors

• @​Its-Just-Nans made their first contribution in #​273

Full Changelog: honojs/node-server@v1.18.2...v1.19.0

v1.18.2

Compare Source

What's Changed

• fix: Skip content-length assignment when transfer-encoding is chunked. by @​usualoma in #​271

Full Changelog: honojs/node-server@v1.18.1...v1.18.2

v1.18.1

Compare Source

What's Changed

• fix(listener): Limit retries to a maximum of three. by @​usualoma in #​267

Full Changelog: honojs/node-server@v1.18.0...v1.18.1

v1.18.0

Compare Source

What's Changed

• feat: always respond res.body by @​usualoma in #​262
• ci: add Node.js v24 for CI by @​yusukebe in #​263
• fix(listener): In Node.js v24, some response bodies are not read to the end until the next task queue. by @​usualoma in #​265

Full Changelog: honojs/node-server@v1.17.1...v1.18.0

v1.17.1

Compare Source

What's Changed

• fix: handle client disconnection without canceling stream by @​yusukebe in #​258
• fix: improve serve-static function by @​usualoma in #​261

Full Changelog: honojs/node-server@v1.17.0...v1.17.1

v1.17.0

Compare Source

What's Changed

• docs: separate description of autoCleanupIncoming by @​usualoma in #​255
• chore: rename server_socket.test.ts to server-socket.test.ts by @​yusukebe in #​256
• feat(serve-static): support absolute path by @​yusukebe in #​257

Full Changelog: honojs/node-server@v1.16.0...v1.17.0

v1.16.0

Compare Source

What's Changed

• feat: Clean up the incoming object if the request is not completely finished. by @​usualoma in #​252

Full Changelog: honojs/node-server@v1.15.0...v1.16.0

v1.15.0

Compare Source

What's Changed

• feat(serve-static): pass context to rewriteRequestPath by @​yusukebe in #​247

Full Changelog: honojs/node-server@v1.14.4...v1.15.0

v1.14.4

Compare Source

What's Changed

• fix: flush headers before sending data via readable stream by @​usualoma in #​245

Full Changelog: honojs/node-server@v1.14.3...v1.14.4

v1.14.3

Compare Source

What's Changed

• fix: set RequestError name properly by @​yusukebe in #​243

Full Changelog: honojs/node-server@v1.14.2...v1.14.3

v1.14.2

Compare Source

What's Changed

• perf: keep using the lightweight Response object when retrieving headers, status, and ok, and then drop the getInternalBody function. by @​usualoma in #​242

Full Changelog: honojs/node-server@v1.14.1...v1.14.2

v1.14.1

Compare Source

What's Changed

• fix: Handle Response Errors Correctly by @​jpulec in #​236

New Contributors

• @​jpulec made their first contribution in #​236

Full Changelog: honojs/node-server@v1.14.0...v1.14.1

v1.14.0

Compare Source

What's Changed

• chore: use Bun as a package manager by @​yusukebe in #​224
• fix: #​230 use node:fs specifier prefix vs. fs import by @​firxworx in #​231
• feat: accept absolute-form URI for request-target by @​usualoma in #​232
• fix: fix the return type of responseViaCache by @​yusukebe in #​234

New Contributors

• @​firxworx made their first contribution in #​231

Full Changelog: honojs/node-server@v1.13.8...v1.14.0

v1.13.8

Compare Source

What's Changed

• fix: export ServerOptions type by @​aryasaatvik in #​222
• fix: re-read request body from incoming.rawBody if available by @​usualoma in #​223
• fix: Avoid error if connection is aborted before internal request object is created by @​usualoma in #​221

New Contributors

• @​aryasaatvik made their first contribution in #​222

Full Changelog: honojs/node-server@v1.13.7...v1.13.8

v1.13.7

Compare Source

What's Changed

• fix: detection of client premature close by @​Tomas2D in #​218

New Contributors

• @​Tomas2D made their first contribution in #​218

Full Changelog: honojs/node-server@v1.13.6...v1.13.7

v1.13.6

Compare Source

What's Changed

• fix: conninfo returns server IP by @​nakasyou in #​216

Full Changelog: honojs/node-server@v1.13.5...v1.13.6

v1.13.5

Compare Source

What's Changed

• fix(utils): accept HeadersInit, null, undefined in buildOutgoingHttpHeaders by @​usualoma in #​212

Full Changelog: honojs/node-server@v1.13.4...v1.13.5

v1.13.4

Compare Source

What's Changed

• fix: TypeError: headers is not iterable by @​mjad218 in #​210

New Contributors

• @​mjad218 made their first contribution in #​210

Full Changelog: honojs/node-server@v1.13.3...v1.13.4

v1.13.3

Compare Source

What's Changed

• fix(serve-static): add error handler for decoding uri components by @​alumowa in #​208

New Contributors

• @​alumowa made their first contribution in #​208

Full Changelog: honojs/node-server@v1.13.2...v1.13.3

v1.13.2

Compare Source

What's Changed

• fix(serve): support ipv6 by default by @​sinasab in #​206

New Contributors

• @​sinasab made their first contribution in #​206

Full Changelog: honojs/node-server@v1.13.1...v1.13.2

v1.13.1

Compare Source

What's Changed

• fix(serve-static): use application/octet-stream if the mime type is not detected by @​usualoma in #​201

Full Changelog: honojs/node-server@v1.13.0...v1.13.1

v1.13.0

Compare Source

What's Changed

• chore(lint): use eslint v9 by @​Jayllyz in #​197
• feat(serve-static): add onFound option by @​yusukebe in #​198
• feat(serve-static): add precompressed option by @​yusukebe in #​199

Full Changelog: honojs/node-server@v1.12.2...v1.13.0

v1.12.2

Compare Source

What's Changed

• fix: Declare hono as peer dependency by @​marvinruder in #​192

New Contributors

• @​marvinruder made their first contribution in #​192

Full Changelog: honojs/node-server@v1.12.1...v1.12.2

v1.12.1

Compare Source

What's Changed

• fix: return response from res.body if internal data is not ready to be returned directly by @​usualoma in #​188

Full Changelog: honojs/node-server@v1.12.0...v1.12.1

v1.12.0

Compare Source

What's Changed

• fix(serve-static): supports extension less files by @​yusukebe in #​183
• feat: implement ConnInfo helper by @​nakasyou in #​180

New Contributors

• @​nakasyou made their first contribution in #​180

Full Changelog: honojs/node-server@v1.11.5...v1.12.0

v1.11.5

Compare Source

What's Changed

• fix: make hono as external to build by @​yusukebe in #​182

Full Changelog: honojs/node-server@v1.11.4...v1.11.5

v1.11.4

Compare Source

What's Changed

• Expose ServerType from './types' by @​raighneweng in #​178

New Contributors

• @​raighneweng made their first contribution in #​178

Full Changelog: honojs/node-server@v1.11.3...v1.11.4

v1.11.3

Compare Source

What's Changed

• Update readme with an example of proper "root" when using serveStatic by @​brettimus in #​173
• fix: avoid error when using TRACE method by @​usualoma in #​175

New Contributors

• @​brettimus made their first contribution in #​173

Full Changelog: honojs/node-server@v1.11.2...v1.11.3

v1.11.2

Compare Source

What's Changed

• ci: include tests for node 22 version by @​Jayllyz in #​170
• fix: memory leak by AbortController by @​usualoma in #​172

New Contributors

• @​Jayllyz made their first contribution in #​170

Full Changelog: honojs/node-server@v1.11.1...v1.11.2

v1.11.1

Compare Source

What's Changed

• Update Request to work with ReadableStream polyfills by @​nicksrandall in #​164
• refactor(serve-static): use c.req.path instead of url.pathname by @​yusukebe in #​166

New Contributors

• @​nicksrandall made their first contribution in #​164

Full Changelog: honojs/node-server@v1.11.0...v1.11.1

actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in https://github.com/actions/checkout/pull/1971
• Add internal repos for checking out multiple repositories by @​mouismail in https://github.com/actions/checkout/pull/1977
• Documentation update - add recommended permissions to Readme by @​benwells in https://github.com/actions/checkout/pull/2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in https://github.com/actions/checkout/pull/2044
• Update README.md by @​nebuk89 in https://github.com/actions/checkout/pull/2194
• Update CODEOWNERS for actions by @​TingluoHuang in https://github.com/actions/checkout/pull/2224
• Update package dependencies by @​salmanmkc in https://github.com/actions/checkout/pull/2236
• Prepare release v4.3.0 by @​salmanmkc in https://github.com/actions/checkout/pull/2237

New Contributors

• @​motss made their first contribution in https://github.com/actions/checkout/pull/1971
• @​mouismail made their first contribution in https://github.com/actions/checkout/pull/1977
• @​benwells made their first contribution in https://github.com/actions/checkout/pull/2043
• @​nebuk89 made their first contribution in https://github.com/actions/checkout/pull/2194
• @​salmanmkc made their first contribution in https://github.com/actions/checkout/pull/2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

actions/setup-node (actions/setup-node)

v4.4.0

Compare Source

What's Changed

Bug fixes:

• Make eslint-compact matcher compatible with Stylelint by @​FloEdelmann in #​98
• Add support for indented eslint output by @​fregante in #​1245

Enhancement:

• Support private mirrors by @​marco-ippolito in #​1240

Dependency update:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in #​1262

New Contributors

• @​FloEdelmann made their first contribution in #​98
• @​fregante made their first contribution in #​1245
• @​marco-ippolito made their first contribution in #​1240

Full Changelog: actions/setup-node@v4...v4.4.0

v4.3.0

Compare Source

What's Changed

Dependency updates

• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in #​1200
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​gowridurgad in #​1251
• Upgrade @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in #​1203
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot in #​1220

New Contributors

• @​gowridurgad made their first contribution in #​1251

Full Changelog: actions/setup-node@v4...v4.3.0

v4.2.0

Compare Source

What's Changed

• Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by @​aparnajyothi-y in #​1174
• Add recommended permissions section to readme by @​benwells in #​1193
• Configure Dependabot settings by @​HarithaVattikuti in #​1192
• Upgrade @actions/cache to ^4.0.0 by @​priyagupta108 in #​1191
• Upgrade pnpm/action-setup from 2 to 4 by @​dependabot in #​1194
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in #​1195
• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in #​1196
• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot in #​1201
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in #​1205

New Contributors

• @​benwells made their first contribution in #​1193

Full Changelog: actions/setup-node@v4...v4.2.0

v4.1.0

Compare Source

What's Changed

• Resolve High Security Alerts by upgrading Dependencies by @​aparnajyothi-y in #​1132
• Upgrade IA Publish by @​Jcambass in #​1134
• Revise isGhes logic by @​jww3 in #​1148
• Add architecture to cache key by @​pengx17 in #​843
  This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
  Note: This change may break previous cache keys as they will no longer be compatible with the new format.

New Contributors

• @​jww3 made their first contribution in #​1148
• @​pengx17 made their first contribution in #​843

Full Changelog: actions/setup-node@v4...v4.1.0

honojs/hono (hono)

v4.9.10

Compare Source

What's Changed

• fix(context): Fix #​4427 type regression by removing non-public export by @​aantthony in #​4433
• fix(aws-lambda): sanitize non-ASCII header values to prevent ByteString errors by @​yusukebe in #​4437

Full Changelog: honojs/hono@v4.9.9...v4.9.10

v4.9.9

Compare Source

What's Changed

• fix(service-worker): Update service-worker fire() to accept generic variants of Hono app instance by @​harmony7 in #​4420
• fix(service-worker): correct generics for handle by @​yusukebe in #​4421
• feat(helper/route): enable to get route path at specific index by @​usualoma in #​4423

New Contributors

• @​harmony7 made their first contribution in #​4420

Full Changelog: honojs/hono@v4.9.8...v4.9.9

v4.9.8

Compare Source

What's Changed

• fix(types): JSONParsed infer unknown values by @​BarryThePenguin in #​4405
• refactor(types): remove SimplifyDeepArray from json types by @​BarryThePenguin in #​4406
• refactor(types): fix the type definitions in hono-base by @​yusukebe in #​4407
• fix(request): return empty string for empty catch-all param by @​amitksingh0880 in #​4395

New Contributors

• @​amitksingh0880 made their first contribution in #​4395

Full Changelog: honojs/hono@v4.9.7...v4.9.8

v4.9.7

Compare Source

Security

• Fixed an issue in the bodyLimit middleware where the body size limit could be bypassed when both Content-Length and Transfer-Encoding headers were present. If you are using this middleware, please update immediately. Security Advisory

What's Changed

• fix(client): Fix parseResponse not parsing json in react native by @​lr0pb in #​4399
• chore: add .tool-versions file by @​3w36zj6 in #​4397
• chore: update bun install commands to use --frozen-lockfile by @​3w36zj6 in #​4398
• test(jwk): Add tests of JWK token verification by @​buckett in #​4402

New Contributors

• @​lr0pb made their first contribution in #​4399
• @​buckett made their first contribution in #​4402

Full Changelog: honojs/hono@v4.9.6...v4.9.7

v4.9.6

Compare Source

Security

Fixed a bug in URL path parsing (getPath) that could cause path confusion under malformed requests.

If you rely on reverse proxies (e.g. Nginx) for ACLs or restrict access to endpoints like /admin, please update immediately.

See advisory for details: GHSA-9hp6-4448-45g2

What's Changed

• chore: update packages in the router bench by @​yusukebe in #​4386
• chore(benchmarks): remove comment-out from router bench by @​yusukebe in #​4387

Full Changelog: honojs/hono@v4.9.5...v4.9.6

v4.9.5

Compare Source

What's Changed

• chore: replace supertest with undici by @​BarryThePenguin in #​4365
• fix(aws-lambda): preserve percent-encoded values in query strings by @​yusukebe in #​4372
• feat(cors): Allow async functions for origin and allowMethods by @​jobrk in #​4373
• feat(cors): Correct origin function return type asynchronously returning null or undefined for origin by @​jobrk in #​4375
• fix(service-worker): correct args for app.fetch in handle by @​yusukebe in #​4374
• fix(language-detector): Detect language from path after getPath changed by @​iflamed in #​4369

New Contributors

• @​jobrk made their first contribution in #​4373
• @​iflamed made their first contribution in #​4369

Full Changelog: honojs/hono@v4.9.4...v4.9.5

v4.9.4

Compare Source

What's Changed

• chore: add a type cast to run deno publish by @​yusukebe in #​4364

Full Changelog: honojs/hono@v4.9.3...v4.9.4

v4.9.3

Compare Source

What's Changed

• feat(csrf): Add modern CSRF protection with Fetch Metadata support by @​meck93 in #​4353
• tests: use vitest projects by @​BarryThePenguin in #​4359
• feat(proxy): add customFetch option to allow custom fetch function by @​yusukebe in #​4360
• chore: update typescript to 5.9.2 by @​yusukebe in #​4362
• chore: add packageManager field to package.json by @​yusukebe in #​4363

Full Changelog: honojs/hono@v4.9.2...v4.9.3

v4.9.2

Compare Source

What's Changed

• fix(jsx): 'plaintext-only' value for contenteditable attribute by @​object1037 in #​4349
• fix(client): handle query parameters in removeIndexString by @​yusukebe in #​4352

New Contributors

• @​object1037 made their first contribution in #​4349

Full Changelog: honojs/hono@v4.9.1...v4.9.2

v4.9.1

Compare Source

What's Changed

• feat(parseResponse): set DetailedError.name (+ error tests) by @​NamesMT in #​4344
• fix(parseResponse): should not include error responses in result by @​NamesMT in #​4348

Full Changelog: honojs/hono@v4.9.0...v4.9.1

v4.9.0

Compare Source

Release Notes

Hono v4.9.0 is now available!

This release introduces several enhancements and utilities.

The main highlight is the new parseResponse utility that makes it easier to work with RPC client responses.

parseResponse Utility

The new parseResponse utility provides a convenient way to parse responses from Hono RPC clients (hc). It automatically handles different response formats and throws structured errors for failed requests.

import { parseResponse, DetailedError } from 'hono/client'

// result contains the parsed response body (automatically parsed based on Content-Type)
const result = await parseResponse(client.hello.$get()).catch(
  // parseResponse automatically throws an error if response is not ok
  (e: DetailedError) => {
    console.error(e)
  }
)

This makes working with RPC client responses much more straightforward and type-safe.

Thanks @​NamesMT!

New features

• feat(bun): allow importing upgradeWebSocket and websocket directly #​4242
• feat(aws-lambda): specify content-type as binary #​4250
• feat(jwt): add validation for the issuer (iss) claim #​4253
• feat(jwk): add headerName to JWK middleware #​4279
• feat(cookie): add generateCookie and generateSignedCookie helpers #​4285
• feat(serve-static): use join to correct path resolution #​4291
• feat(jwt): expose utility function verifyWithJwks for external use #​4302
• feat: add parseResponse util to smartly parse hc's Response #​4314
• feat(ssg): mark old hook options as deprecated #​4331

All changes

• feat(aws-lambda): specify content-type as binary by @​Kanahiro in #​4250
• feat(jwt): added validation for the issuer (iss) claim by @​yolocat-dev in #​4253
• feat(jwk): Add custom headerName to JWK middleware by @​JoaquinGimenez1 in #​4279
• feat(cookie): generateCookie and generateSignedCookie helpers by @​Soviut in #​4285
• feat(serve-static): use join to correct path resolution by @​yusukebe in #​4291
• feat(jwt): Exposing utility function verifyWithJwks for external use by @​Beyondo in #​4302
• feat: add parseResponse util to smartly parse hc's Response by @​NamesMT in #​4314
• feat(ssg): mark old hook options as deprecated by @​3w36zj6 in #​4331
• fix(bun): exports functions related to websocket by @​yusukebe in #​4341
• Next by @​yusukebe in #​4340
• chore: enable skipLibCheck to resolve TypeScript compilation issues by @​yusukebe in #​4342

New Contributors

• @​yolocat-dev made their first contribution in #​4253
• @​JoaquinGimenez1 made their first contribution in #​4279
• @​Soviut made their first contribution in #​4285

Full Changelog: honojs/hono@v4.8.12...v4.9.0

v4.8.12

Compare Source

What's Changed

• fix(router): support /files/:name{.*} by @​yusukebe in #​4329

Full Changelog: honojs/hono@v4.8.11...v4.8.12

v4.8.11

Compare Source

What's Changed

• fix(types): should populate output type for c.body() by @​NamesMT in #​4318
• ci: add editorconfig-checker by @​3w36zj6 in #​4321
• fix(service-worker): pass FetchEvent as second argument to app.fetch by @​yusukebe in #​4328
• chore(ci): upgrade bun version to 1.2.19 by @​BarryThePenguin in #​4323
• chore: bump @hono/eslint-config by @​yusukebe in #​4330
• chore: autofix ci by @​BarryThePenguin in #​4322

Full Changelog: honojs/hono@v4.8.10...v4.8.11

v4.8.10

Compare Source

What's Changed

• chore: add EditorConfig by @​3w36zj6 in #​4309
• chore: format JSON, YAML, and Markdown by @​yusukebe in #​4310
• chore: format and lint benchmarks/* by @​yusukebe in #​4317
• refactor(types): bring adapter/service-worker types up to date by @​idealsh in #​4315
• chore: add editorconfig-checker by @​3w36zj6 in #​4312
• fix(cookie): support lowercase priority for compatibility with other libraries by @​bytaesu in #​4293

New Contributors

[changeset-bot]

⚠️ No Changeset found

Latest commit: 57b63f6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR