Search intelligence
11 results · 1 vendors in scope · 1 active filter
In view
11
Filtered
High signal
1
Critical + high
Vendors
45
Tracked total
Latest
Apr 24
Hono
What's Changed fix(jwt): support single-line PEM keys by @hiendv in #4889 New Contributors @hiendv made their first contribution in #4889 Full Changelog: v4.12.14...v4.12.15
Why it matters
Hono updated github releases semantics for framework and backend. Review the official entry during the next release review.
Who should care
Security fixes This release includes fixes for the following security issues: Improper handling of JSX attribute names in hono/jsx SSR Affects: hono/jsx. Fixes missing validation of JSX attribute names during server-side rendering, which c…
What's Changed fix(types): infer response type from last handler in app.on 9-/10-handler overloads by @T4ko0522 in #4865 feat(trailing-slash): add skip option by @yusukebe in #4862 feat(cache): add onCacheNotAvailable option by @yusukebe i…
Security fixes This release includes fixes for the following security issues: Middleware bypass via repeated slashes in serveStatic Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (//) coul…
What's Changed feat(css): add classNameSlug option to createCssContext by @flow-pie in #4834 New Contributors @flow-pie made their first contribution in #4834 Full Changelog: v4.12.10...v4.12.11
What's Changed test(router): fix Simple capturing group test by @yusukebe in #4838 docs: fix impaired -> inspired typo in benchmark READMEs by @Abhi3975 in #4843 fix(jsx/dom): apply select value after children are rendered by @usualoma in…
What's Changed fix(request): remove parseBody from bodyCache to prevent TypeError by @yusukebe in #4807 feat(client): add PickResponseByStatusCode type by @yusukebe in #4791 fix(ssg): pass SSG_CONTEXT to forGetInfoURLRequest by @yuintei in…
What's Changed fix(utils/mime): Normalize input extension to lowercase before MIME check by @TheEssem in #4800 fix(bearer-auth): escape regex metacharacters in bearer auth prefix option by @otoneko1102 in #4750 New Contributors @TheEssem m…
Security hardening Ignore __proto__ path segments in parseBody({ dot: true }) to prevent potential prototype pollution when merged with unsafe patterns. Full Changelog: v4.12.6...v4.12.7
What's Changed fix(accept): replace regex split to mitigate ReDoS by @EdamAme-x in #4758 fix(jsx): align link hoisting and dedupe with React 19 by @usualoma in #4792 chore(builld): tsconfig project references by @BarryThePenguin in #4797 c…
What's Changed fix(request): return string | undefined from param() when path type is any by @andrewdamelio in #4723 fix(jwt): validate token format in decode and decodeHeader functions by @otoneko1102 in #4752 fix(jsx): Fix "Invalid state…
