fix(deps): update dependency hono to v4.8.5 - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
hono (source)	4.6.8 -> 4.8.5

---

Release Notes

honojs/hono (hono)

v4.8.5

Compare Source

What's Changed

• fix(serve-static): support Windows by @​yusukebe in https://github.com/honojs/hono/pull/3477

Full Changelog: honojs/hono@v4.8.4...v4.8.5

v4.8.4

Compare Source

What's Changed

• test: correct usages of Proxy to support Node.js 24 by @​yusukebe in https://github.com/honojs/hono/pull/4260
• fix(cookie): remove not used signingSecret option by @​yusukebe in https://github.com/honojs/hono/pull/4263
• fix(jsx): cloneElement didn't copy children by @​yayugu in https://github.com/honojs/hono/pull/4257
• fix(client): remove index string when calling $url() by @​yusukebe in https://github.com/honojs/hono/pull/4267
• fix(ssg): invoke callback when it's only a dynamic route by @​yusukebe in https://github.com/honojs/hono/pull/4249
• fix(request): req.json() keeps the content as is by @​yusukebe in https://github.com/honojs/hono/pull/4269

Full Changelog: honojs/hono@v4.8.3...v4.8.4

v4.8.3

Compare Source

What's Changed

• fix(cookie): use tryDecode when parsing cookie by @​yusukebe in https://github.com/honojs/hono/pull/4240
• fix(jsx): throw new Error instead of string by @​usualoma in https://github.com/honojs/hono/pull/4241
• fix(jwt): fix the JwtTokenIssuedAt error message by @​yusukebe in https://github.com/honojs/hono/pull/4244
• fix(jsx): Fix the JSXNode validation. Allow the function type for props.ref by @​yayugu in https://github.com/honojs/hono/pull/4236
• chore(cr): continuation release to pkg.pr.new by @​NEKOYASAN in https://github.com/honojs/hono/pull/4245

New Contributors

• @​yayugu made their first contribution in https://github.com/honojs/hono/pull/4236
• @​NEKOYASAN made their first contribution in https://github.com/honojs/hono/pull/4245

Full Changelog: honojs/hono@v4.8.2...v4.8.3

v4.8.2

Compare Source

What's Changed

• fix(utils/color): avoid resolving pacakages via Bun.build by @​ryuapp in https://github.com/honojs/hono/pull/4239

Full Changelog: honojs/hono@v4.8.1...v4.8.2

v4.8.1

Compare Source

What's Changed

• docs(bearer-auth): fix typo by @​Einherjar1632 in https://github.com/honojs/hono/pull/4238
• fix(utils/color): avoid unhandled scheme errors by @​ryuapp in https://github.com/honojs/hono/pull/4234

New Contributors

• @​Einherjar1632 made their first contribution in https://github.com/honojs/hono/pull/4238

Full Changelog: honojs/hono@v4.8.0...v4.8.1

v4.8.0

Compare Source

Release Notes

Hono v4.8.0 is now available!

This release enhances existing features with new options and introduces powerful helpers for routing and static site generation. Additionally, we're introducing new third-party middleware packages.

• Route Helper
• JWT Custom Header Location
• JSX Streaming Nonce Support
• CORS Dynamic allowedMethods
• JWK Allow Anonymous Access
• Cache Status Codes Option
• Service Worker fire() Function
• SSG Plugin System

Plus new third-party middleware:

• MCP Middleware
• UA Blocker Middleware
• Zod Validator v4 Support

Let's look at each of these.

Reduced the code size

First, this update reduces the code size! The smallest hono/tiny package has been reduced by about 800 bytes from v4.7.11, bringing it down to approximately 11 KB. When gzipped, it's only 4.5 KB. Very tiny!

Route Helper

New route helper functions provide easy access to route information and path utilities.

import { Hono } from 'hono'
import {
  matchedRoutes,
  routePath,
  baseRoutePath,
  basePath,
} from 'hono/route'

const api = new Hono()

api.get('/users/:id/posts/:postId', (c) => {
  const matched = matchedRoutes(c) // Array of matched route handlers
  const current = routePath(c) // '/api/users/:id/posts/:postId'
  const base = baseRoutePath(c) // '/api' Base route path
  const appBase = basePath(c) // '/api' Base path
  return c.json({ matched, current, base, appBase })
})

const app = new Hono()
app.route('/api', api)

export default app

These helpers make route introspection cleaner and more explicit.

Thanks @​usualoma!

JWT Custom Header Location

JWT middleware now supports custom header locations beyond the standard Authorization header. You can specify any header name to retrieve JWT tokens from.

import { Hono } from 'hono'
import { jwt } from 'hono/jwt'

const app = new Hono()

app.use(
  '/api/*',
  jwt({
    secret: 'secret-key',
    headerName: 'X-Auth-Token', // Custom header name
  })
)

app.get('/api/protected', (c) => {
  return c.json({ message: 'Protected resource' })
})

This is useful when working with APIs that use non-standard authentication headers.

Thanks @​kunalbhagawati!

JSX Streaming Nonce Support

JSX streaming now supports nonce values for Content Security Policy (CSP) compliance. The streaming context can include a nonce that gets applied to inline scripts.

import { Hono } from 'hono'
import {
  renderToReadableStream,
  Suspense,
  StreamingContext,
} from 'hono/jsx/streaming'

const app = new Hono()

app.get('/', (c) => {
  const stream = renderToReadableStream(
    <html>
      <body>
        <StreamingContext
          value={{ scriptNonce: 'random-nonce-value' }}
        >
          <Suspense fallback={<div>Loading...</div>}>
            <AsyncComponent />
          </Suspense>
        </StreamingContext>
      </body>
    </html>
  )

  return c.body(stream, {
    headers: {
      'Content-Type': 'text/html; charset=UTF-8',
      'Transfer-Encoding': 'chunked',
      'Content-Security-Policy':
        "script-src 'nonce-random-nonce-value'",
    },
  })
})

Thanks @​usualoma!

CORS Dynamic allowedMethods

CORS middleware now supports dynamic allowedMethods based on the request origin. You can provide a function that returns different allowed methods depending on the origin.

import { Hono } from 'hono'
import { cors } from 'hono/cors'

const app = new Hono()

app.use(
  '*',
  cors({
    origin: ['https://example.com', 'https://api.example.com'],
    allowMethods: (origin) => {
      if (origin === 'https://api.example.com') {
        return ['GET', 'POST', 'PUT', 'DELETE']
      }
      return ['GET', 'POST'] // Default for other origins
    },
  })
)

This enables fine-grained control over CORS policies per origin.

Thanks @​Kanahiro!

JWK Allow Anonymous Access

JWK middleware now supports anonymous access with the allow_anon option. When enabled, requests without valid tokens can still proceed to your handlers.

import { Hono } from 'hono'
import { jwk } from 'hono/jwk'

const app = new Hono()

app.use(
  '/api/*',
  jwk({
    jwks_uri: 'https://example.com/.well-known/jwks.json',
    allow_anon: true,
  })
)

app.get('/api/data', (c) => {
  const payload = c.get('jwtPayload')
  if (payload) {
    return c.json({ message: 'Authenticated user', user: payload })
  }
  return c.json({ message: 'Anonymous access' })
})

Additionally, keys and jwks_uri options now support functions that receive the context, enabling dynamic key resolution.

Thanks @​Beyondo!

Cache Status Codes Option

Cache middleware now allows you to specify which status codes should be cached using the cacheableStatusCodes option.

import { Hono } from 'hono'
import { cache } from 'hono/cache'

const app = new Hono()

app.use(
  '*',
  cache({
    cacheName: 'my-cache',
    cacheControl: 'max-age=3600',
    cacheableStatusCodes: [200, 404], // Cache both success and not found responses
  })
)

Thanks @​miyamo2!

Service Worker fire() Function

A new fire() function is available from the Service Worker adapter, providing a cleaner alternative to app.fire().

import { Hono } from 'hono'
import { fire } from 'hono/service-worker'

const app = new Hono()

app.get('/', (c) => c.text('Hello from Service Worker!'))

// Use the standalone fire function
fire(app)

The app.fire() method is now deprecated in favor of this approach. Goodbye app.fire().

SSG Plugin System

Static Site Generation (SSG) now supports a plugin system that allows you to extend the generation process with custom functionality.

For example, the following is easy implementation of a sitemap plugin:

// plugins.ts
import fs from 'node:fs/promises'
import path from 'node:path'
import type { SSGPlugin } from 'hono/ssg'
import { DEFAULT_OUTPUT_DIR } from 'hono/ssg'

export const sitemapPlugin = (baseURL: string): SSGPlugin => {
  return {
    afterGenerateHook: (result, fsModule, options) => {
      const outputDir = options?.dir ?? DEFAULT_OUTPUT_DIR
      const filePath = path.join(outputDir, 'sitemap.xml')
      const urls = result.files.map((file) =>
        new URL(file, baseURL).toString()
      )
      const siteMapText = `<?xml version="1.0" encoding="UTF-8"?>
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
${urls.map((url) => `<url><loc>${url}</loc></url>`).join('\n')}
</urlset>`
      fsModule.writeFile(filePath, siteMapText)
    },
  }
}

Applying the plugin:

import { toSSG } from 'hono/ssg'
import { sitemapPlugin } from './plugins'

toSSG(app, fs, {
  plugins: [sitemapPlugin('https://example.com')],
})

Plugins can hook into various stages of the generation process to perform custom actions.

Thanks @​3w36zj6!

Third-party Middleware Updates

In addition to core Hono features, we're excited to introduce new third-party middleware packages that extend Hono's capabilities.

MCP Middleware

A new middleware package @hono/mcp enables creating remote MCP (Model Context Protocol) servers over Streamable HTTP Transport. This is the initial release with more features planned for the future.

import { McpServer } from '@​modelcontextprotocol/sdk/server/mcp.js'
import { StreamableHTTPTransport } from '@​hono/mcp'
import { Hono } from 'hono'

const app = new Hono()

// Your MCP server implementation
const mcpServer = new McpServer({
  name: 'my-mcp-server',
  version: '1.0.0',
})

app.all('/mcp', async (c) => {
  const transport = new StreamableHTTPTransport()
  await mcpServer.connect(transport)
  return transport.handleRequest(c)
})

Currently, this is ideal for creating stateless and authentication-less remote MCP servers.

Thanks @​MathurAditya724!

UA Blocker Middleware

The new @hono/ua-blocker middleware allows blocking requests based on user agent headers. It includes blocking AI bots functions.

import { uaBlocker } from '@​hono/ua-blocker'
import { aiBots } from '@​hono/ua-blocker/ai-bots'
import { Hono } from 'hono'

const app = new Hono()

// Block specific user agents
app.use(
  '*',
  uaBlocker({
    blocklist: ['ForbiddenBot', 'Not You'],
  })
)

// Block all AI bots
app.use(
  '*',
  uaBlocker({
    blocklist: aiBots,
  })
)

// Serve robots.txt to discourage AI bots
app.use('/robots.txt', useAiRobotsTxt())

Thanks @​finxol!

Zod Validator v4 Support

The @hono/zod-validator middleware now supports Zod v4!

All Changes

• fix(etag): fallback if res.clone() is not supported by @​yusukebe in https://github.com/honojs/hono/pull/4198
• Revert "fix(etag): fallback if res.clone() is not supported (#​4198)" by @​yusukebe in https://github.com/honojs/hono/pull/4200
• chore(devcontainer): remove obsolete version field from docker-compose.yml by @​kyodaj in https://github.com/honojs/hono/pull/4208
• docs(context): fix docstring link in the set header method by @​Carlos-err406 in https://github.com/honojs/hono/pull/4221
• ci: consolidate perf-measures GitHub Actions comments by @​yusukebe in https://github.com/honojs/hono/pull/4222
• chore(secure-headers): format by @​yusukebe in https://github.com/honojs/hono/pull/4224
• ci: add HTTP speed check by @​yusukebe in https://github.com/honojs/hono/pull/4220
• ci: simplify HTTP benchmark implementation by @​yusukebe in https://github.com/honojs/hono/pull/4226
• feat(middleware/cache): add cacheableStatusCodes option by @​miyamo2 in https://github.com/honojs/hono/pull/3943
• feat(hono/jwk): Extended with allow_anon option & passing Context to callbacks by @​Beyondo in https://github.com/honojs/hono/pull/3961
• fix(context): add props to ExecutionContext by @​yusukebe in https://github.com/honojs/hono/pull/4030
• feat(hono/testing): Allow passing hc options to testClient by @​kbrgl in https://github.com/honojs/hono/pull/4059
• feat(cors): allowedMethods by function by @​Kanahiro in https://github.com/honojs/hono/pull/4060
• feat(mime): support webmanifest by @​sushichan044 in https://github.com/honojs/hono/pull/4085
• feat(jsx): enable to add nonce to script tag generated by Suspense and ErrorBoundary by @​usualoma in https://github.com/honojs/hono/pull/4216
• fix(utils/body): normalize key names in parseBody (#​4108) by @​hiroki-307 in https://github.com/honojs/hono/pull/4183
• feat(logger): support for NO_COLOR on cloudflare workers by @​ryuapp in https://github.com/honojs/hono/pull/4094
• feat: introduce Route Helper by @​usualoma in https://github.com/honojs/hono/pull/4204
• feat: support http+unix scheme by @​usualoma in https://github.com/honojs/hono/pull/4148
• feat(jwt): Add custom header location by @​kunalbhagawati in https://github.com/honojs/hono/pull/4218
• fix: reduce Context code by @​yusukebe in https://github.com/honojs/hono/pull/4100
• fix(req): don't throw if the query param is invalid by @​yusukebe in https://github.com/honojs/hono/pull/4110
• perf(trie-router): improve performance and reduce file size by @​yusukebe in https://github.com/honojs/hono/pull/4217
• ci: handle fork PRs in http-benchmark workflow by @​yusukebe in https://github.com/honojs/hono/pull/4229
• feat(service-worker): add fire() by @​yusukebe in https://github.com/honojs/hono/pull/4214
• feat(hono-base): mark app.fire() as deprecated by @​yusukebe in https://github.com/honojs/hono/pull/4231
• feat(ssg): add plugin system by @​3w36zj6 in https://github.com/honojs/hono/pull/4156
• Next by @​yusukebe in https://github.com/honojs/hono/pull/4227

New Contributors

• @​kyodaj made their first contribution in https://github.com/honojs/hono/pull/4208
• @​Carlos-err406 made their first contribution in https://github.com/honojs/hono/pull/4221
• @​miyamo2 made their first contribution in https://github.com/honojs/hono/pull/3943
• @​kbrgl made their first contribution in https://github.com/honojs/hono/pull/4059
• @​hiroki-307 made their first contribution in https://github.com/honojs/hono/pull/4183
• @​kunalbhagawati made their first contribution in https://github.com/honojs/hono/pull/4218
• @​3w36zj6 made their first contribution in https://github.com/honojs/hono/pull/4156

Full Changelog: honojs/hono@v4.7.11...v4.8.0

v4.7.11

Compare Source

What's Changed

• chore(benchmark): add URLSearchParams to the query-params benchmark by @​yusukebe in https://github.com/honojs/hono/pull/4149
• ci: skip lib check in type check benchmark by @​sushichan044 in https://github.com/honojs/hono/pull/4162
• CI: add type benchmark with typescript-go preview by @​sushichan044 in https://github.com/honojs/hono/pull/4161
• chore: ignore CLAUDE.local.md in gitignore by @​yusukebe in https://github.com/honojs/hono/pull/4176
• fix(middleware/etag): should return 304 when weak etag is passed in 'If-None-Match' by @​techfish-11 in https://github.com/honojs/hono/pull/4171
• docs(readme): Added Deepwiki link in README by @​MathurAditya724 in https://github.com/honojs/hono/pull/4179
• fix(base): use c.newResponse() for the response of err.getResponse() by @​yusukebe in https://github.com/honojs/hono/pull/4181

New Contributors

• @​techfish-11 made their first contribution in https://github.com/honojs/hono/pull/4171

Full Changelog: honojs/hono@v4.7.10...v4.7.11

v4.7.10

Compare Source

What's Changed

• fix(hono-base): copy notfound and error handlers in #clone() by @​yusukebe in https://github.com/honojs/hono/pull/4139
• fix(jwt): use header.alg as fallback in verifyFromJwks by @​yusukebe in https://github.com/honojs/hono/pull/4144

Full Changelog: honojs/hono@v4.7.9...v4.7.10

v4.7.9

Compare Source

What's Changed

• fix(helper/cookie): correct getSignedCookie parameters type by @​Hill-98 in https://github.com/honojs/hono/pull/4123
• fix(ssg): Fix SSG Extension Map by @​pspeter3 in https://github.com/honojs/hono/pull/4130
• fix(cookie): get deleted value with prefix by @​BarryThePenguin in https://github.com/honojs/hono/pull/4133

New Contributors

• @​Hill-98 made their first contribution in https://github.com/honojs/hono/pull/4123
• @​pspeter3 made their first contribution in https://github.com/honojs/hono/pull/4130

Full Changelog: honojs/hono@v4.7.8...v4.7.9

v4.7.8

Compare Source

What's Changed

• chore(deps): bump wrangler to 4.12.0 by @​yusukebe in https://github.com/honojs/hono/pull/4096
• feat(ws): allow to use upgradeWebSocket in handler by @​nakasyou in https://github.com/honojs/hono/pull/3942
• feat(hono-base): Added replaceRequest: false option for .mount by @​geelen in https://github.com/honojs/hono/pull/4113

New Contributors

• @​geelen made their first contribution in https://github.com/honojs/hono/pull/4113

Full Changelog: honojs/hono@v4.7.7...v4.7.8

v4.7.7

Compare Source

What's Changed

• fix(trailing-slash): handle HEAD request in trailing slash middleware by @​sushichan044 in https://github.com/honojs/hono/pull/4049
• fix(proxy): accept a Request object as proxyInit by @​usualoma in https://github.com/honojs/hono/pull/4067
• test(deno): wait for stream to start before aborting request by @​yusukebe in https://github.com/honojs/hono/pull/4068
• ci: Add Bundle Analysis by @​katia-sentry in https://github.com/honojs/hono/pull/4072
• chore: Revert "ci: Add Bundle Analysis (#​4072)" by @​yusukebe in https://github.com/honojs/hono/pull/4076
• fix(context): don't throw the error with c.header() when it's finalized by @​yusukebe in https://github.com/honojs/hono/pull/4078

New Contributors

• @​katia-sentry made their first contribution in https://github.com/honojs/hono/pull/4072

Full Changelog: honojs/hono@v4.7.6...v4.7.7

v4.7.6

Compare Source

What's Changed

• fix(compress): avoid compressing if transfer-encoding is set by @​usualoma in https://github.com/honojs/hono/pull/4027
• chore(lint): patch warnings by @​EdamAme-x in https://github.com/honojs/hono/pull/4034
• chore(april-fool): change hono is cool to hono is hot by @​EdamAme-x in https://github.com/honojs/hono/pull/4035
• fix(client): Support browsers without Array.prototype.at by @​isnifer in https://github.com/honojs/hono/pull/4057

New Contributors

• @​isnifer made their first contribution in https://github.com/honojs/hono/pull/4057

Full Changelog: honojs/hono@v4.7.5...v4.7.6

v4.7.5

Compare Source

What's Changed

• docs(MIGRATION): Fix typo by @​movahhedi in https://github.com/honojs/hono/pull/3999
• fix(bun): export BunWebSocketData and BunWebSocketHandler by @​yusukebe in https://github.com/honojs/hono/pull/4002
• types(compose): follow up #​3932 by @​EdamAme-x in https://github.com/honojs/hono/pull/3934
• fix(adapter/aws-lambda): APIGWProxyResult should contain either of headers or multiValueHeaders, not both by @​exoego in https://github.com/honojs/hono/pull/3883

New Contributors

• @​movahhedi made their first contribution in https://github.com/honojs/hono/pull/3999

Full Changelog: honojs/hono@v4.7.4...v4.7.5

v4.7.4

Compare Source

What's Changed

• fix(types): fix unhandled types for Deno 2.2 by @​yusukebe in https://github.com/honojs/hono/pull/3977

Full Changelog: honojs/hono@v4.7.3...v4.7.4

v4.7.3

Compare Source

What's Changed

• refactor: support TypeScript 5.7 for Deno 2.2 by @​yusukebe in https://github.com/honojs/hono/pull/3939
• refactor(pattern-router): reduce bundle size and fix comments by @​EdamAme-x in https://github.com/honojs/hono/pull/3936
• fix(bun): export BunWebSocketHandler by @​yusukebe in https://github.com/honojs/hono/pull/3964
• fix(hono-base): prevent options object mutation by @​yusukebe in https://github.com/honojs/hono/pull/3975
• perf(utils/url): Short circuit the regex in checkOptionalParameter by @​csainty in https://github.com/honojs/hono/pull/3974

New Contributors

• @​csainty made their first contribution in https://github.com/honojs/hono/pull/3974

Full Changelog: honojs/hono@v4.7.2...v4.7.3

v4.7.2

Compare Source

What's Changed

• fix(proxy): fix header overwrite by @​usualoma in https://github.com/honojs/hono/pull/3922
• fix(proxy): include original request signal in proxy request by @​BarryThePenguin in https://github.com/honojs/hono/pull/3925
• fix(helper/proxy): missing proxy response status by @​BarryThePenguin in https://github.com/honojs/hono/pull/3927
• fix(proxy): remove spread operator from Request and Response classes by @​BarryThePenguin in https://github.com/honojs/hono/pull/3928
• refactor(compose): remove unnecessary complexity and improve testing by @​EdamAme-x in https://github.com/honojs/hono/pull/3932

Full Changelog: honojs/hono@v4.7.1...v4.7.2

v4.7.1

Compare Source

What's Changed

• refactor(helper/streaming): remove unused variables by @​EdamAme-x in https://github.com/honojs/hono/pull/3904
• fix(combine): halt middleware evaluation if error in next() by @​usualoma in https://github.com/honojs/hono/pull/3905
• fix(utils/url): calculate ends with slash on every iteration by @​luxass in https://github.com/honojs/hono/pull/3910
• perf(utils/url): shorten mergePath and optimize for normal use cases. by @​usualoma in https://github.com/honojs/hono/pull/3911
• fix(adapter/aws-lambda): remove unneeded import and compatibility for LLRT by @​EdamAme-x in https://github.com/honojs/hono/pull/3915
• fix(etag): change where to check for crypto by @​EdamAme-x in https://github.com/honojs/hono/pull/3916

New Contributors

• @​luxass made their first contribution in https://github.com/honojs/hono/pull/3910

Full Changelog: honojs/hono@v4.7.0...v4.7.1

v4.7.0

Compare Source

Release Notes

Hono v4.7.0 is now available!

This release introduces one helper and two middleware.

• Proxy Helper
• Language Middleware
• JWK Auth Middleware

Plus, Standard Schema Validator has been born.

Let's look at each of these.

Proxy Helper

We sometimes use the Hono application as a reverse proxy. In that case, it accesses the backend using fetch. However, it sends an unintended headers.

app.all('/proxy/:path', (c) => {
  // Send unintended header values to the origin server
  return fetch(`http://${originServer}/${c.req.param('path')}`)
})

For example, fetch may send Accept-Encoding, causing the origin server to return a compressed response. Some runtimes automatically decode it, leading to a Content-Length mismatch and potential client-side errors.

Also, you should probably remove some of the headers sent from the origin server, such as Transfer-Encoding.

Proxy Helper will send requests to the origin and handle responses properly. The above headers problem is solved simply by writing as follows.

import { Hono } from 'hono'
import { proxy } from 'hono/proxy'

app.get('/proxy/:path', (c) => {
  return proxy(`http://${originServer}/${c.req.param('path')}`)
})

You can also use it in more complex ways.

app.get('/proxy/:path', async (c) => {
  const res = await proxy(
    `http://${originServer}/${c.req.param('path')}`,
    {
      headers: {
        ...c.req.header(),
        'X-Forwarded-For': '127.0.0.1',
        'X-Forwarded-Host': c.req.header('host'),
        Authorization: undefined,
      },
    }
  )
  res.headers.delete('Set-Cookie')
  return res
})

Thanks @​usualoma!

Language Middleware

Language Middleware provides 18n functions to Hono applications. By using the languageDetector function, you can get the language that your application should support.

import { Hono } from 'hono'
import { languageDetector } from 'hono/language'

const app = new Hono()

app.use(
  languageDetector({
    supportedLanguages: ['en', 'ar', 'ja'], // Must include fallback
    fallbackLanguage: 'en', // Required
  })
)

app.get('/', (c) => {
  const lang = c.get('language')
  return c.text(`Hello! Your language is ${lang}`)
})

You can get the target language in various ways, not just by using Accept-Language.

• Query parameters
• Cookies
• Accept-Language header
• URL path

Thanks @​lord007tn!

JWK Auth Middleware

Finally, middleware that supports JWK (JSON Web Key) has landed. Using JWK Auth Middleware, you can authenticate by verifying JWK tokens. It can access keys fetched from the specified URL.

import { Hono } from 'hono'
import { jwk } from 'hono/jwk'

app.use(
  '/auth/*',
  jwk({
    jwks_uri: `https://${backendServer}/.well-known/jwks.json`,
  })
)

app.get('/auth/page', (c) => {
  return c.text('You are authorized')
})

Thanks @​Beyondo!

Standard Schema Validator

Standard Schema provides a common interface for TypeScript validator libraries. Standard Schema Validator is a validator that uses it. This means that Standard Schema Validator can handle several validators, such as Zod, Valibot, and ArkType, with the same interface.

The code below really works!

import { Hono } from 'hono'
import { sValidator } from '@​hono/standard-validator'
import { type } from 'arktype'
import * as v from 'valibot'
import { z } from 'zod'

const aSchema = type({
  agent: 'string',
})

const vSchema = v.object({
  slag: v.string(),
})

const zSchema = z.object({
  name: z.string(),
})

const app = new Hono()

app.get(
  '/:slag',
  sValidator('header', aSchema),
  sValidator('param', vSchema),
  sValidator('query', zSchema),
  (c) => {
    const headerValue = c.req.valid('header')
    const paramValue = c.req.valid('param')
    const queryValue = c.req.valid('query')
    return c.json({ headerValue, paramValue, queryValue })
  }
)

const res = await app.request('/foo?name=foo', {
  headers: {
    agent: 'foo',
  },
})

console.log(await res.json())

Thanks @​muningis!

New features

• feat(helper/proxy): introduce proxy helper https://github.com/honojs/hono/pull/3589
• feat(logger): include query params https://github.com/honojs/hono/pull/3702
• feat: add language detector middleware and helpers https://github.com/honojs/hono/pull/3787
• feat(hono/context): add buffer returns https://github.com/honojs/hono/pull/3813
• feat(hono/jwk): JWK Auth Middleware https://github.com/honojs/hono/pull/3826
• feat(etag): allow for custom hashing methods to be used to etag https://github.com/honojs/hono/pull/3832
• feat(router): support greedy matches with subsequent static components https://github.com/honojs/hono/pull/3888

All changes

• docs(CONTRIBUTING): remove text about yarn by @​EdamAme-x in https://github.com/honojs/hono/pull/3878
• refactor(request): toLowerCase() is unnecessary for req.header() by @​yusukebe in https://github.com/honojs/hono/pull/3880
• fix(helper/adapter): correct env type by @​yusukebe in https://github.com/honojs/hono/pull/3885
• chore(test): update to vitest 3 by @​yasuaki640 in https://github.com/honojs/hono/pull/3861
• fix(router/trie-router): fix label with trailing wildcard pattern by @​usualoma in https://github.com/honojs/hono/pull/3892
• feat(helper/proxy): introduce proxy helper by @​usualoma in https://github.com/honojs/hono/pull/3589
• feat(logger): include query params by @​ryuapp in https://github.com/honojs/hono/pull/3702
• feat(factory): Allow HonoOptions with factory by @​miyaji255 in https://github.com/honojs/hono/pull/3786
• feat: add language detector middleware and helpers by @​lord007tn in https://github.com/honojs/hono/pull/3787
• feat(hono/context): add buffer returns by @​askorupskyy in https://github.com/honojs/hono/pull/3813
• feat(hono/jwk): JWK Auth Middleware by @​Beyondo in https://github.com/honojs/hono/pull/3826
• feat(etag): allow for custom hashing methods to be used to etag by @​EdamAme-x in https://github.com/honojs/hono/pull/3832
• feat(router): support greedy matches with subsequent static components. by @​usualoma in https://github.com/honojs/hono/pull/3888
• fix(client): correct inferring empty object fromc.json({}) by @​yusukebe in https://github.com/honojs/hono/pull/3873
• Next by @​yusukebe in https://github.com/honojs/hono/pull/3896
• chore(runtime-tests): add deno.lock by @​yusukebe in https://github.com/honojs/hono/pull/3897

New Contributors

• @​lord007tn made their first contribution in https://github.com/honojs/hono/pull/3787

Full Changelog: honojs/hono@v4.6.20...v4.7.0

v4.6.20

Compare Source

What's Changed

• refactor(helper/streaming): Avoid attaching AbortSignal on newer versions of Bun by @​Jarred-Sumner in https://github.com/honojs/hono/pull/3859
• chore: Use new text-based bun lockfile by @​ryoppippi in https://github.com/honojs/hono/pull/3846
• chore: bump np by @​yusukebe in https://github.com/honojs/hono/pull/3874
• fix(lambda-edge-adapter): Support Alternate Domain Names and Multiple Cookies in Lambda@Edge by @​kentkwee in https://github.com/honojs/hono/pull/3858

New Contributors

• @​Jarred-Sumner made their first contribution in https://github.com/honojs/hono/pull/3859
• @​kentkwee made their first contribution in https://github.com/honojs/hono/pull/3858

Full Changelog: honojs/hono@v4.6.19...v4.6.20

v4.6.19

Compare Source

What's Changed

• fix(types): missing response type on OnHandlerInterface by @​sor4chi in https://github.com/honojs/hono/pull/3852
• fix(helper/adapter): env should set c type correctly by @​yusukebe in https://github.com/honojs/hono/pull/3856

Full Changelog: honojs/hono@v4.6.18...v4.6.19

v4.6.18

Compare Source

What's Changed

• perf(types): improve Utilities in types.ts by @​yusukebe in https://github.com/honojs/hono/pull/3836
• perf(types): define ParamKey simply by @​yusukebe in https://github.com/honojs/hono/pull/3837
• fix(types): Calculate Context type for each handler by @​sushichan044 in https://github.com/honojs/hono/pull/3675
• fix(factory): correct the type of factory.createMiddleware() by @​yusukebe in https://github.com/honojs/hono/pull/3849

Full Changelog: honojs/hono@v4.6.17...v4.6.18

v4.6.17

Compare Source

What's Changed

• fix(helper/factory): Reduce the code size of createMiddleware by @​miyaji255 in https://github.com/honojs/hono/pull/3824
• fix(compress): don't compress server-sent events by @​dmitri-gb in https://github.com/honojs/hono/pull/3833
• perf(build): Use WebWorker when removing private fields by @​miyaji255 in https://github.com/honojs/hono/pull/3821
• chore: deleted mistake comments by @​EdamAme-x in https://github.com/honojs/hono/pull/3835

New Contributors

• @​miyaji255 made their first contribution in https://github.com/honojs/hono/pull/3824
• @​dmitri-gb made their first contribution in https://github.com/honojs/hono/pull/3833

Full Changelog: honojs/hono@v4.6.16...v4.6.17

v4.6.16

Compare Source

What's Changed

• fix(jsx/dom): should not return memoized result when context is changed by @​usualoma in https://github.com/honojs/hono/pull/3792
• fix(context): single body overrides other returns by @​askorupskyy in https://github.com/honojs/hono/pull/3800
• fix(types): correct app.on(method,path[],middleware,handler) type by @​yusukebe in https://github.com/honojs/hono/pull/3802

Full Changelog: honojs/hono@v4.6.15...v4.6.16

v4.6.15

Compare Source

c.json() etc. throwing type error when the status is contentless code, e.g., 204

From this release, when c.json(), c.text(), or c.html() returns content, specifying a contentless status code such as 204 will now throw a type error.

At first glance, this seems like a breaking change but not. It is not possible to return a contentless response with c.json() or c.text(). So, in that case, please use c.body().

app.get('/', (c) => {
  return c.body(null, 204)
})

What's Changed

• fix(jsr): exclude unused markdown files by @​ryuapp in https://github.com/honojs/hono/pull/3767
• feat(hono/context): contentful status code typing by @​askorupskyy in https://github.com/honojs/hono/pull/3763
• refactor(context): remove lint errors by @​yusukebe in https://github.com/honojs/hono/pull/3769
• feat(context): ResponseInit accepts generics StatusCode for status by @​yusukebe in https://github.com/honojs/hono/pull/3770
• feat(utils/cookie): Ability to set a priority to cookies in setCookie options by @​Beyondo in https://github.com/honojs/hono/pull/3762
• fix(hono-base): don't use Symbol for COMPOSED_HANDLER by @​yusukebe in https://github.com/honojs/hono/pull/3773

New Contributors

• @​askorupskyy made their first contribution in https://github.com/honojs/hono/pull/3763
• @​Beyondo made their first contribution in https://github.com/honojs/hono/pull/3762

Full Changelog: honojs/hono@v4.6.14...v4.6.15

v4.6.14

Compare Source

What's Changed

• perf(pattern-router): improve performance when create null object by @​EdamAme-x in https://github.com/honojs/hono/pull/3730
• perf(trie-router): avoid calling spread operator for Object.create(null) by @​usualoma in https://github.com/honojs/hono/pull/3735
• fix: Remove charset parameter from MIME type of application/json by @​SaekiTominaga in https://github.com/honojs/hono/pull/3743
• fix(streaming) Prevent console.error(undefined) when pipe is aborted by @​aantthony in https://github.com/honojs/hono/pull/3747

New Contributors

• @​SaekiTominaga made their first contribution in https://github.com/honojs/hono/pull/3743
• @​aantthony made their first contribution in https://github.com/honojs/hono/pull/3747

Full Changelog: honojs/hono@v4.6.13...v4.6.14

v4.6.13

Compare Source

What's Changed

• refactor: use Array.prototype.at() to look at the end by @​ryuapp in https://github.com/honojs/hono/pull/3703
• fix(aws-lambda): Fix query string handling for v1 by @​Holi0317 in https://github.com/honojs/hono/pull/3717
• chore: Add Cloudflare Static Assets reference to serveStatic deprecation notice by @​ambergristle in https://github.com/honojs/hono/pull/3705
• fix(middleware/cors): explicitly return No Content for the statusText when handling an OPTIONS request by @​shawncarr in https://github.com/honojs/hono/pull/3719
• fix(utils/ipaddr): support IPv6-mapped IPv4 address by @​usualoma in https://github.com/honojs/hono/pull/3727

New Contributors

• @​Holi0317 made their first contribution in https://github.com/honojs/hono/pull/3717
• @​ambergristle made their first contribution in https://github.com/honojs/hono/pull/3705
• @​shawncarr made their first contribution in https://github.com/honojs/hono/pull/3719

Full Changelog: honojs/hono@v4.6.12...v4.6.13

v4.6.12

Compare Source

What's Changed

• ci(perf-measures): support KB by @​EdamAme-x in https://github.com/honojs/hono/pull/3696
• perf(router): sort handlers by score only when necessary by @​EdamAme-x in https://github.com/honojs/hono/pull/3697
• feat(css): add CSP nonce to hono/css related style and script tags by @​meck93 in [https://github.com/honojs/hono/

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.