v4.5.11

What's Changed

• fix(jsx): race condition in ErrorBoundary with event loop by @usualoma in #3343
• perf(jsx): skip the special behavior when the element is in the head. by @usualoma in #3352
• refactor(utils/body): shorten the code by @yusukebe in #3353
• docs: Twitter to X by @yusukebe in #3354
• chore: fix typo in JSDoc by @taga3s in #3364
• refactor(utils/basic-auth): Moved Internal function to utils by @sugar-cat7 in #3359

New Contributors

• @taga3s made their first contribution in #3364
• @sugar-cat7 made their first contribution in #3359

Full Changelog: v4.5.10...v4.5.11

v4.5.10

What's Changed

• feat(compress): improve compress middleware by @nitedani in #3317
• feat(jsx): add popover api attributes by @ssssota in #3323
• feat(jsx): improve form attribute types by @ssssota in #3330
• chore(test): migrate to vitest v2 by @yasuaki640 in #3326
• chore(test): replace deprecated vitest type by @yasuaki640 in #3338
• fix(logger): removing spaces from logger by @marceloverdijk in #3334

New Contributors

• @nitedani made their first contribution in #3317
• @marceloverdijk made their first contribution in #3334

Full Changelog: v4.5.9...v4.5.10

v4.5.9

What's Changed

• test(types): broken test in future versions of typescript by @m-shaka in #3310
• fix(utils/color): Deno does not require permission for NO_COLOR by @ryuapp in #3306
• feat(jsx): improve type (MIME) attribute types by @ssssota in #3305
• feat(pretty-json): support custom query by @nakasyou in #3300

Full Changelog: v4.5.8...v4.5.9

v4.5.8

Security Fix for CSRF Protection Middleware

Before this release, in versions 4.5.7 and below, the CSRF Protection Middleware did not treat requests including Content-Types with uppercase letters (e.g., Application/x-www-form-urlencoded) as potential attacks, allowing them to pass.

This could cause unexpected behavior, leading to a vulnerability. If you are using the CSRF Protection Middleware, please upgrade to version 4.5.8 or higher immediately.

For more details, see the report here: GHSA-rpfr-3m35-5vx5

v4.5.7

What's Changed

• fix(jsx/dom): Fixed a bug that caused Script elements to turn into Style elements. by @usualoma in #3294
• perf(jsx/dom): improve performance by @usualoma in #3288
• feat(jsx): improve a-tag types with well known values by @ssssota in #3287
• fix(validator): Fixed a bug in hono/validator where URL Encoded Data could not be validated if the Content-Type included charset. by @uttk in #3297
• feat(jsx): improve target and formtarget attribute types by @ssssota in #3299
• docs(README): change Twitter to X by @nakasyou in #3301
• fix(client): replace optional params to url correctly by @yusukebe in #3304
• feat(jsx): improve input attribute types based on react by @ssssota in #3302

New Contributors

• @uttk made their first contribution in #3297

Full Changelog: v4.5.6...v4.5.7

v4.5.6

What's Changed

• fix(jsx): handle async component error explicitly and throw the error in the response by @usualoma in #3274
• fix(validator): support multipart headers without a separating space by @Ernxst in #3286
• fix(validator): Allow form data will mutliple values appended by @nicksrandall in #3273
• feat(jsx): improve meta-tag types with well known values by @ssssota in #3276

New Contributors

• @Ernxst made their first contribution in #3286
• @ssssota made their first contribution in #3276

Full Changelog: v4.5.5...v4.5.6

v4.5.5

What's Changed

• fix(jsx): allow null, undefined, and boolean to be returned from function component by @usualoma in #3241
• feat(context): Add types for c.header by @nakasyou in #3221
• fix(jsx): fix draggable type to accept boolean by @yasuaki640 in #3253
• feat(context): add Context-Type types to c.header by @nakasyou in #3255
• fix(serve-static): supports directory contains . and not end / by @yusukebe in #3256

Full Changelog: v4.5.4...v4.5.5

v4.5.4

What's Changed

• fix(jsx): corrects the type of 'draggable' attribute in intrinsic-elements.ts by @yasuaki640 in #3224
• feat(jsx): allow to merge CSSProperties declaration by @jonasnobile in #3228
• feat(client): Add WebSocket Provider Integration Tests and Enhance WebSocket Initialization by @naporin0624 in #3213
• fix(types): param in ValidationTargets supports optional param by @yusukebe in #3229

New Contributors

• @jonasnobile made their first contribution in #3228

Full Changelog: v4.5.3...v4.5.4

v4.5.3

What's Changed

• fix(validator): Add double quotation marks to multipart checker regex by @CPlusPatch in #3195
• fix(validator): support application/json with a charset as JSON by @yusukebe in #3199
• fix(jsx): fix handling of SVG elements in JSX. by @usualoma in #3204
• fix(jsx/dom): fix performance issue with adding many new node listings by @usualoma in #3205
• fix(service-worker): refer to self.fetch correctly by @yusukebe in #3200

New Contributors

• @CPlusPatch made their first contribution in #3195

Full Changelog: v4.5.2...v4.5.3

v4.5.2

What's Changed

• fix(helper/adapter): don't check navigator is undefined by @yusukebe in #3171
• fix(types): handle readonly array correctly by @m-shaka in #3172
• Revert "fix(helper/adapter): don't check navigator is undefined by @yusukebe in #3173
• fix(type): degradation of generic type handling by @m-shaka in #3138
• fix:(csrf) fix typo of csrf middleware by @yasuaki640 in #3178
• feat(secure-headers): remove "X-Powered-By" should be an option by @EdamAme-x in #3177

Full Changelog: v4.5.1...v4.5.2