Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade: hono, typescript #73

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: hono, typescript #73

wants to merge 1 commit into from

Conversation

Laurry-gee
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Name Versions Released on

hono
from 2.7.8 to 4.5.10 | 202 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 21 days ago
on 2024-08-31
typescript
from 4.9.5 to 5.5.4 | 595 versions ahead of your current version
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
on 2024-07-22

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Arbitrary Code Injection
SNYK-JS-HONO-6129070		 531 Proof of Concept
medium severity Improper Control of Generation of Code ('Code Injection')
SNYK-JS-HONO-6129121		 531 Proof of Concept
medium severity Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
SNYK-JS-HONO-6672874		 531 Proof of Concept
low severity Cross-Site Request Forgery (CSRF)
SNYK-JS-HONO-7814167		 531 Proof of Concept
Release notes
Package name: hono
  • 4.5.10 - 2024-08-31

    What's Changed

    New Contributors

    Full Changelog: v4.5.9...v4.5.10

  • 4.5.9 - 2024-08-26

    What's Changed

    • test(types): broken test in future versions of typescript by @ m-shaka in #3310
    • fix(utils/color): Deno does not require permission for NO_COLOR by @ ryuapp in #3306
    • feat(jsx): improve type (MIME) attribute types by @ ssssota in #3305
    • feat(pretty-json): support custom query by @ nakasyou in #3300

    Full Changelog: v4.5.8...v4.5.9

  • 4.5.8 - 2024-08-22

    Security Fix for CSRF Protection Middleware

    Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.

    This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.

    For more details, see the report here: GHSA-rpfr-3m35-5vx5

  • 4.5.7 - 2024-08-21

    What's Changed

    • fix(jsx/dom): Fixed a bug that caused Script elements to turn into Style elements. by @ usualoma in #3294
    • perf(jsx/dom): improve performance by @ usualoma in #3288
    • feat(jsx): improve a-tag types with well known values by @ ssssota in #3287
    • fix(validator): Fixed a bug in hono/validator where URL Encoded Data could not be validated if the Content-Type included charset. by @ uttk in #3297
    • feat(jsx): improve target and formtarget attribute types by @ ssssota in #3299
    • docs(README): change Twitter to X by @ nakasyou in #3301
    • fix(client): replace optional params to url correctly by @ yusukebe in #3304
    • feat(jsx): improve input attribute types based on react by @ ssssota in #3302

    New Contributors

    Full Changelog: v4.5.6...v4.5.7

  • 4.5.6 - 2024-08-17

    What's Changed

    • fix(jsx): handle async component error explicitly and throw the error in the response by @ usualoma in #3274
    • fix(validator): support multipart headers without a separating space by @ Ernxst in #3286
    • fix(validator): Allow form data will mutliple values appended by @ nicksrandall in #3273
    • feat(jsx): improve meta-tag types with well known values by @ ssssota in #3276

    New Contributors

    Full Changelog: v4.5.5...v4.5.6

  • 4.5.5 - 2024-08-11

    What's Changed

    • fix(jsx): allow null, undefined, and boolean to be returned from function component by @ usualoma in #3241
    • feat(context): Add types for c.header by @ nakasyou in #3221
    • fix(jsx): fix draggable type to accept boolean by @ yasuaki640 in #3253
    • feat(context): add Context-Type types to c.header by @ nakasyou in #3255
    • fix(serve-static): supports directory contains . and not end / by @ yusukebe in #3256

    Full Changelog: v4.5.4...v4.5.5

  • 4.5.4 - 2024-08-06

    What's Changed

    • fix(jsx): corrects the type of 'draggable' attribute in intrinsic-elements.ts by @ yasuaki640 in #3224
    • feat(jsx): allow to merge CSSProperties declaration by @ jonasnobile in #3228
    • feat(client): Add WebSocket Provider Integration Tests and Enhance WebSocket Initialization by @ naporin0624 in #3213
    • fix(types): param in ValidationTargets supports optional param by @ yusukebe in #3229

    New Contributors

    Full Changelog: v4.5.3...v4.5.4

  • 4.5.3 - 2024-07-29

    What's Changed

    • fix(validator): Add double quotation marks to multipart checker regex by @ CPlusPatch in #3195
    • fix(validator): support application/json with a charset as JSON by @ yusukebe in #3199
    • fix(jsx): fix handling of SVG elements in JSX. by @ usualoma in #3204
    • fix(jsx/dom): fix performance issue with adding many new node listings by @ usualoma in #3205
    • fix(service-worker): refer to self.fetch correctly by @ yusukebe in #3200

    New Contributors

    Full Changelog: v4.5.2...v4.5.3

  • 4.5.2 - 2024-07-27

    What's Changed

    • fix(helper/adapter): don't check navigator is undefined by @ yusukebe in #3171
    • fix(types): handle readonly array correctly by @ m-shaka in #3172
    • Revert "fix(helper/adapter): don't check navigator is undefined by @ yusukebe in #3173
    • fix(type): degradation of generic type handling by @ m-shaka in #3138
    • fix:(csrf) fix typo of csrf middleware by @ yasuaki640 in #3178
    • feat(secure-headers): remove "X-Powered-By" should be an option by @ EdamAme-x in #3177

    Full Changelog: v4.5.1...v4.5.2

  • 4.5.1 - 2024-07-20

    What's Changed

    New Contributors

    Full Changelog: v4.5.0...v4.5.1

  • 4.5.0 - 2024-07-16
  • 4.5.0-rc.2 - 2024-06-29
  • 4.5.0-rc.1 - 2024-06-12
  • 4.4.13 - 2024-07-11
  • 4.4.12 - 2024-07-06
  • 4.4.11 - 2024-07-03
  • 4.4.10 - 2024-06-29
  • 4.4.9 - 2024-06-27
  • 4.4.8 - 2024-06-24
  • 4.4.7 - 2024-06-19
  • 4.4.6 - 2024-06-13
  • 4.4.5 - 2024-06-11
  • 4.4.4 - 2024-06-06
  • 4.4.3 - 2024-06-03
  • 4.4.2 - 2024-05-30
  • 4.4.1 - 2024-05-30
  • 4.4.0 - 2024-05-27
  • 4.4.0-rc.1 - 2024-05-24
  • 4.3.11 - 2024-05-24
  • 4.3.10 - 2024-05-23
  • 4.3.9 - 2024-05-21
  • 4.3.8 - 2024-05-19
  • 4.3.7 - 2024-05-15
  • 4.3.6 - 2024-05-12
  • 4.3.5 - 2024-05-12
  • 4.3.4 - 2024-05-09
  • 4.3.3 - 2024-05-08
  • 4.3.2 - 2024-05-04
  • 4.3.1 - 2024-05-04
  • 4.3.0 - 2024-05-03
  • 4.2.9 - 2024-04-29
  • 4.2.8 - 2024-04-26
  • 4.2.7 - 2024-04-23
  • 4.2.6 - 2024-04-22
  • 4.2.5 - 2024-04-18
  • 4.2.4 - 2024-04-13
  • 4.2.3 - 2024-04-09
  • 4.2.2 - 2024-04-05
  • 4.2.1 - 2024-04-03
  • 4.2.0 - 2024-04-02
  • 4.2.0-rc.1 - 2024-03-31
  • 4.1.7 - 2024-03-31
  • 4.1.6 - 2024-03-31
  • 4.1.5 - 2024-03-27
  • 4.1.4 - 2024-03-25
  • 4.1.3 - 2024-03-20
  • 4.1.2 - 2024-03-18
  • 4.1.1 - 2024-03-17
  • 4.1.0 - 2024-03-11
  • 4.1.0-rc.1 - 2024-03-04
  • 4.0.10 - 2024-03-05
  • 4.0.9 - 2024-03-03
  • 4.0.8 - 2024-02-28
  • 4.0.7 - 2024-02-25
  • 4.0.6 - 2024-02-24
  • 4.0.5 - 2024-02-20
  • 4.0.4 - 2024-02-17
  • 4.0.3 - 2024-02-16
  • 4.0.2 - 2024-02-14
  • 4.0.1 - 2024-02-11
  • 4.0.0 - 2024-02-09
  • 4.0.0-rc.4 - 2024-02-03
  • 4.0.0-rc.3 - 2024-01-27
  • 4.0.0-rc.2 - 2024-01-21
  • 4.0.0-rc.1 - 2024-01-18
  • 4.0.0-rc.0 - 2024-01-10
  • 3.12.12 - 2024-02-07
  • 3.12.11 - 2024-02-05
  • 3.12.10 - 2024-02-02
  • 3.12.9 - 2024-01-31
  • 3.12.8 - 2024-01-27
  • 3.12.7 - 2024-01-25
  • 3.12.6 - 2024-01-18
  • 3.12.5 - 2024-01-16
  • 3.12.4 - 2024-01-15
  • 3.12.3 - 2024-01-12
  • 3.12.2 - 2024-01-11
  • 3.12.1 - 2024-01-09
  • 3.12.0 - 2024-01-04
  • 3.11.12 - 2024-01-01
  • 3.11.11 - 2023-12-26
  • 3.11.10 - 2023-12-24
  • 3.11.9 - 2023-12-21
  • 3.11.8 - 2023-12-16
  • 3.11.7 - 2023-12-14
  • 3.11.6 - 2023-12-13
  • 3.11.5 - 2023-12-13
  • 3.11.4 - 2023-12-09
  • 3.11.3 - 2023-12-07
  • 3.11.2 - 2023-12-05
  • 3.11.1 - 2023-12-04
  • 3.11.0 - 2023-12-04
  • 3.10.5 - 2023-12-03
  • 3.10.4 - 2023-12-01
  • 3.10.3 - 2023-11-28
  • 3.10.2 - 2023-11-21
  • 3.10.1 - 2023-11-15
  • 3.10.0 - 2023-11-13
  • 3.10.0-rc.2 - 2023-11-08
  • 3.10.0-rc.1 - 2023-11-06
  • 3.9.2 - 2023-11-03
  • 3.9.1 - 2023-10-31
  • 3.9.0 - 2023-10-27
  • 3.9.0-rc.1 - 2023-10-26
  • 3.8.4 - 2023-10-26
  • 3.8.3 - 2023-10-22
  • 3.8.2 - 2023-10-21
  • 3.8.1 - 2023-10-18
  • 3.8.0 - 2023-10-17
  • 3.8.0-rc.3 - 2023-10-16
  • 3.8.0-rc.2 - 2023-10-05
  • 3.8.0-rc.1 - 2023-10-05
  • 3.7.6 - 2023-10-12
  • 3.7.5 - 2023-10-05
  • 3.7.4 - 2023-10-04
  • 3.7.3 - 2023-09-30
  • 3.7.2 - 2023-09-23
  • 3.7.1 - 2023-09-21
  • 3.7.0 - 2023-09-21
  • 3.7.0-rc.2 - 2023-09-20
  • 3.7.0-rc.1 - 2023-09-17
  • 3.6.3 - 2023-09-16
  • 3.6.2 - 2023-09-16
  • 3.6.1 - 2023-09-15
  • 3.6.0 - 2023-09-10
  • 3.6.0-rc.2 - 2023-09-09
  • 3.6.0-rc.1 - 2023-09-05
  • 3.5.8 - 2023-09-05
  • 3.5.7 - 2023-09-03
  • 3.5.6 - 2023-08-29
  • 3.5.5 - 2023-08-28
  • 3.5.4 - 2023-08-24
  • 3.5.3 - 2023-08-24
  • 3.5.2 - 2023-08-24
  • 3.5.1 - 2023-08-23
  • 3.5.0 - 2023-08-21
  • 3.5.0-rc.1 - 2023-08-21
  • 3.4.3 - 2023-08-14
  • 3.4.2 - 2023-08-14
  • 3.4.1 - 2023-08-08
  • 3.4.0 - 2023-08-08
  • 3.3.4 - 2023-07-27
  • 3.3.3 - 2023-07-23
  • 3.3.2 - 2023-07-20
  • 3.3.1 - 2023-07-16
  • 3.3.0 - 2023-07-11
  • 3.3.0-rc.1 - 2023-07-08
  • 3.2.7 - 2023-06-29
  • 3.2.6 - 2023-06-22
  • 3.2.5 - 2023-06-07
  • 3.2.4 - 2023-06-04
  • 3.2.3 - 2023-05-27
  • 3.2.2 - 2023-05-24
  • 3.2.1 - 2023-05-20
  • 3.2.0 - 2023-05-19
  • 3.2.0-rc.4 - 2023-05-17
  • 3.2.0-rc.3 - 2023-05-14
  • 3.2.0-rc.2 - 2023-05-12
  • 3.2.0-rc.1 - 2023-05-09
  • 3.1.8 - 2023-05-02
  • 3.1.7 - 2023-04-28
  • 3.1.6 - 2023-04-16
  • 3.1.5 - 2023-03-31
  • 3.1.4 - 2023-03-30
  • 3.1.3 - 2023-03-26
  • 3.1.2 - 2023-03-20
  • 3.1.1 - 2023-03-19
  • 3.1.0 - 2023-03-17
  • 3.1.0-rc.2 - 2023-03-13
  • 3.1.0-rc.1 - 2023-03-13
  • 3.0.5 - 2023-03-13
  • 3.0.4 - 2023-03-13
  • 3.0.3 - 2023-03-02
  • 3.0.2 - 2023-02-25
  • 3.0.1 - 2023-02-20
  • 3.0.0 - 2023-02-18
  • 3.0.0-rc.16 - 2023-02-17
  • 3.0.0-rc.15 - 2023-02-15
  • 3.0.0-rc.14 - 2023-02-12
  • 3.0.0-rc.13 - 2023-02-11
  • 3.0.0-rc.12 - 2023-02-10
  • 3.0.0-rc.11 - 2023-02-09
  • 3.0.0-rc.10 - 2023-02-01
  • 3.0.0-rc.9 - 2023-01-31
  • 3.0.0-rc.8 - 2023-01-19
  • 3.0.0-rc.7 - 2023-01-18
  • 3.0.0-rc.6 - 2023-01-18
  • 3.0.0-rc.5 - 2023-01-14
  • 3.0.0-rc.4 - 2023-01-08
  • 3.0.0-rc.3 - 2023-01-01
  • 3.0.0-rc.2 - 2022-12-30
  • 3.0.0-0 - 2022-12-29
  • 2.7.8 - 2023-02-12
from hono GitHub release notes
Package name: typescript
  • 5.5.4 - 2024-07-22

    For release notes, check out the release announcement.

    For the complete list of fixed issues, check out the

    Downloads are available on:

  • 5.5.3 - 2024-07-01

    For release notes, check out the release announcement.

    For the complete list of fixed issues, check out the

    Downloads are available on:

  • 5.5.2 - 2024-06-20

    For release notes, check out the release announcement.

    For the complete list of fixed issues, check out the

    Downloads are available on:

  • 5.5.1-rc - 2024-06-06
  • 5.5.0-dev.20240603 - 2024-06-03
  • 5.5.0-dev.20240602 - 2024-06-02
  • 5.5.0-dev.20240601 - 2024-06-01
  • 5.5.0-dev.20240531 - 2024-05-31
  • 5.5.0-dev.20240530 - 2024-05-30
  • 5.5.0-dev.20240529 - 2024-05-29
  • 5.5.0-dev.20240528 - 2024-05-28
  • 5.5.0-dev.20240527 - 2024-05-27
  • 5.5.0-dev.20240526 - 2024-05-26
  • 5.5.0-dev.20240525 - 2024-05-25
  • 5.5.0-dev.20240524 - 2024-05-24
  • 5.5.0-dev.20240523 - 2024-05-23
  • 5.5.0-dev.20240522 - 2024-05-22
  • 5.5.0-dev.20240521 - 2024-05-21
  • 5.5.0-dev.20240520 - 2024-05-20
  • 5.5.0-dev.20240519 - 2024-05-19
  • 5.5.0-dev.20240518 - 2024-05-18
  • 5.5.0-dev.20240517 - 2024-05-17
  • 5.5.0-dev.20240516 - 2024-05-16
  • 5.5.0-dev.20240515 - 2024-05-15
  • 5.5.0-dev.20240514 - 2024-05-14
  • 5.5.0-dev.20240513 - 2024-05-13
  • 5.5.0-dev.20240512 - 2024-05-12
  • 5.5.0-dev.20240511 - 2024-05-11
  • 5.5.0-dev.20240510 - 2024-05-10
  • 5.5.0-dev.20240509 - 2024-05-09
  • 5.5.0-dev.20240508 - 2024-05-08
  • 5.5.0-dev.20240507 - 2024-05-07
  • 5.5.0-dev.20240506 - 2024-05-06
  • 5.5.0-dev.20240505 - 2024-05-05
  • 5.5.0-dev.20240504 - 2024-05-04
  • 5.5.0-dev.20240503 - 2024-05-03
  • 5.5.0-dev.20240502 - 2024-05-02
  • 5.5.0-dev.20240501 - 2024-05-01
  • 5.5.0-dev.20240430 - 2024-04-30
  • 5.5.0-dev.20240429 - 2024-04-29
  • 5.5.0-dev.20240428 - 2024-04-28
  • 5.5.0-dev.20240427 - 2024-04-27
  • 5.5.0-dev.20240426 - 2024-04-26
  • 5.5.0-dev.20240425 - 2024-04-25
  • 5.5.0-dev.20240424 - 2024-04-24
  • 5.5.0-dev.20240423 - 2024-04-23
  • 5.5.0-dev.20240422 - 2024-04-22
  • 5.5.0-dev.20240421 - 2024-04-21
  • 5.5.0-dev.20240420 - 2024-04-20
  • 5.5.0-dev.20240419 - 2024-04-19
  • 5.5.0-dev.20240418 - 2024-04-18
  • 5.5.0-dev.20240417 - 2024-04-17
  • 5.5.0-dev.20240416 - 2024-04-16
  • 5.5.0-dev.20240415 - 2024-04-15
  • 5.5.0-dev.20240414 - 2024-04-14
  • 5.5.0-dev.20240413 - 2024-04-13
  • 5.5.0-dev.20240412 - 2024-04-12
  • 5.5.0-dev.20240411 - 2024-04-11
  • 5.5.0-dev.20240410 - 2024-04-10
  • 5.5.0-dev.20240409 - 2024-04-09
  • 5.5.0-dev.20240408 - 2024-04-08
  • 5.5.0-dev.20240405 - 2024-04-05
  • 5.5.0-dev.20240404 - 2024-04-04
  • 5.5.0-dev.20240402 - 2024-04-02
  • 5.5.0-dev.20240401 - 2024-04-01
  • 5.5.0-dev.20240331 - 2024-03-31
  • 5.5.0-dev.20240330 - 2024-03-30
  • 5.5.0-dev.20240329 - 2024-03-29
  • 5.5.0-dev.20240328 - 2024-03-28
  • 5.5.0-dev.20240327 - 2024-03-27
  • 5.5.0-dev.20240326 - 2024-03-26
  • 5.5.0-dev.20240325 - 2024-03-25
  • 5.5.0-dev.20240324 - 2024-03-24
  • 5.5.0-dev.20240323 - 2024-03-23
  • 5.5.0-dev.20240322 - 2024-03-22
  • 5.5.0-dev.20240321 - 2024-03-21
  • 5.5.0-dev.20240320 - 2024-03-20
  • 5.5.0-dev.20240319 - 2024-03-19
  • 5.5.0-dev.20240318 - 2024-03-18
  • 5.5.0-dev.20240317 - 2024-03-17
  • 5.5.0-dev.20240316 - 2024-03-16
  • 5.5.0-dev.20240315 - 2024-03-15
  • 5.5.0-dev.20240314 - 2024-03-14
  • 5.5.0-dev.20240313 - 2024-03-13
  • 5.5.0-dev.20240312 - 2024-03-12
  • 5.5.0-dev.20240311 - 2024-03-11
  • 5.5.0-dev.20240310 - 2024-03-10
  • 5.5.0-dev.20240309 - 2024-03-09
  • 5.5.0-dev.20240308 - 2024-03-08
  • 5.5.0-dev.20240307 - 2024-03-07
  • 5.5.0-dev.20240306<...

@snyk-bot
feat: upgrade multiple dependencies with Snyk
ac0a8be 
Snyk has created this PR to upgrade:
  - hono from 2.7.8 to 4.5.10.
    See this package in npm: https://www.npmjs.com/package/hono
  - typescript from 4.9.5 to 5.5.4.
    See this package in npm: https://www.npmjs.com/package/typescript

See this project in Snyk:
https://app.snyk.io/org/laurry-gee/project/b5f5690f-a110-484e-85a4-d96c843d311a?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Laurry-gee @snyk-bot