Skip to content

deps: bump hono from 4.12.12 to 4.12.14 in the npm_security group across 1 directory#67

Merged
GeiserX merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm_security-da47bb892b
Apr 16, 2026
Merged

deps: bump hono from 4.12.12 to 4.12.14 in the npm_security group across 1 directory#67
GeiserX merged 1 commit intomainfrom
dependabot/npm_and_yarn/npm_security-da47bb892b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 16, 2026

Bumps the npm_security group with 1 update in the / directory: hono.

Updates hono from 4.12.12 to 4.12.14

Release notes

Sourced from hono's releases.

v4.12.14

Security fixes

This release includes fixes for the following security issues:

Improper handling of JSX attribute names in hono/jsx SSR

Affects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which could allow malformed attribute keys to corrupt the generated HTML output and inject unintended attributes or elements. GHSA-458j-xx4x-4375

Other changes

  • fix(aws-lambda): handle invalid header names in request processing (#4883) fa2c74fe

v4.12.13

What's Changed

New Contributors

Full Changelog: honojs/hono@v4.12.12...v4.12.13

Commits
  • cf2d2b7 4.12.14
  • 66daa2e Merge commit from fork
  • fa2c74f fix(aws-lambda): handle invalid header names in request processing (#4883)
  • 3779927 4.12.13
  • faa6c46 feat(cache): add onCacheNotAvailable option (#4876)
  • f23e97b feat(trailing-slash): add skip option (#4862)
  • 1aa32fb fix(types): infer response type from last handler in app.on 9- and 10-handler...
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
deps: bump hono in the npm_security group across 1 directory
3898e24 
Bumps the npm_security group with 1 update in the / directory: [hono](https://github.com/honojs/hono).


Updates `hono` from 4.12.12 to 4.12.14
- [Release notes](https://github.com/honojs/hono/releases)
- [Commits](honojs/hono@v4.12.12...v4.12.14)

---
updated-dependencies:
- dependency-name: hono
  dependency-version: 4.12.14
  dependency-type: indirect
  dependency-group: npm_security
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added automated Automated PRs dependencies Dependency updates labels Apr 16, 2026
@dependabot dependabot Bot requested a review from GeiserX as a code owner April 16, 2026 03:05
@dependabot dependabot Bot added automated Automated PRs dependencies Dependency updates labels Apr 16, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 16, 2026

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json, !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: dece2f17-9c24-4172-bf19-415ed43c4812

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/npm_security-da47bb892b

Comment @coderabbitai help to get the list of available commands and usage tips.

@GeiserX GeiserX merged commit f9a76a5 into main Apr 16, 2026
11 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm_security-da47bb892b branch April 16, 2026 07:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GeiserX GeiserX Awaiting requested review from GeiserX GeiserX is a code owner

Assignees

No one assigned

Labels

automated Automated PRs dependencies Dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GeiserX