chore(deps): update all non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@rslib/core (source)	^0.21.4 → ^0.21.5
@rslint/core	^0.5.2 → ^0.5.3
@rspack/core (source)	2.0.3 → 2.0.4
@rstest/core (source)	0.9.10 → 0.10.2
@types/node (source)	^24.12.3 → ^24.12.4
hono (source)	^4.12.18 → ^4.12.22
koa (source)	^3.2.0 → ^3.2.1
pnpm (source)	11.1.2 → 11.2.2

---

Release Notes

web-infra-dev/rslib (@​rslib/core)

v0.21.5

Compare Source

What's Changed

New Features 🎉

• feat(create-rslib): add opt-in react-compiler tool and templates for react by @​elecmonkey in #​1635

Bug Fixes 🐞

• fix(core): set iife chunk output defaults by @​Timeless0911 in #​1642

Other Changes

• chore(deps): update fast-uri to 3.1.2 by @​Timeless0911 in #​1636
• chore(deps): update all non-major dependencies by @​renovate[bot] in #​1638
• chore(deps): update rstackjs/rstack-ecosystem-ci digest to 4949c44 by @​renovate[bot] in #​1637
• chore: tighten pnpm workspace install settings by @​chenjiahan in #​1640
• chore: add release notes skill by @​chenjiahan in #​1643
• chore: update renovate security config by @​Timeless0911 in #​1645
• chore(deps): update all non-major dependencies by @​renovate[bot] in #​1644
• release: v0.21.5 by @​Timeless0911 in #​1646

New Contributors

• @​elecmonkey made their first contribution in #​1635

Full Changelog: web-infra-dev/rslib@v0.21.4...v0.21.5

web-infra-dev/rslint (@​rslint/core)

v0.5.3

Compare Source

What's Changed

New Features 🎉

• feat: port rule react/no-unsafe by @​fansenze in #​862
• feat: port rule react/jsx-no-literals by @​fansenze in #​861
• feat: port rule react/jsx-max-depth by @​fansenze in #​863
• feat: port rule react/jsx-closing-bracket-location by @​fansenze in #​866
• feat: port rule react/jsx-indent by @​fansenze in #​867
• feat: port rule react/forbid-foreign-prop-types by @​fansenze in #​865
• feat: port rule react/display-name by @​fansenze in #​868
• feat: port rule react/destructuring-assignment by @​fansenze in #​869
• feat: port rule react/jsx-indent-props by @​fansenze in #​871
• feat: port rule react/require-optimization by @​fansenze in #​872
• feat: port rule jsx-a11y/alt-text by @​fansenze in #​874
• feat: port rule jsx-a11y/aria-unsupported-elements by @​fansenze in #​880
• feat: port rule jsx-a11y/anchor-has-content by @​fansenze in #​881
• feat: port rule jsx-a11y/autocomplete-valid by @​fansenze in #​882
• feat: port rule jsx-a11y/img-redundant-alt by @​fansenze in #​885
• feat: port rule jsx-a11y/anchor-is-valid by @​fansenze in #​884
• feat: port rule jsx-a11y/no-access-key by @​fansenze in #​886
• feat: port rule jsx-a11y/heading-has-content by @​fansenze in #​887
• feat: port rule jsx-a11y/html-has-lang by @​fansenze in #​889
• feat: port rule jsx-a11y/no-distracting-elements by @​fansenze in #​890
• feat: port rule jsx-a11y/no-autofocus by @​fansenze in #​891
• feat: port rule jsx-a11y/media-has-caption by @​fansenze in #​892
• feat: port rule jsx-a11y/iframe-has-title by @​fansenze in #​893
• feat: port rule jsx-a11y/no-noninteractive-tabindex by @​fansenze in #​894
• feat: port jsx-a11y rule for the th element attribute by @​fansenze in #​899
• feat: port rule jsx-a11y/no-redundant-roles by @​fansenze in #​900
• feat: port rule jsx-a11y/tabindex-no-positive by @​fansenze in #​902
• feat: add jsx-a11y recommended preset by @​fansenze in #​903
• feat: port rule jsx-a11y/aria-activedescendant-has-tabindex by @​fansenze in #​907
• feat: port rule jsx-a11y/aria-props by @​fansenze in #​906
• feat: port rule jsx-a11y/click-events-have-key-events by @​fansenze in #​909
• feat(eslint-plugin-jest): add prefer-to-be rule by @​eryue0220 in #​870
• feat(eslint-plugin-jest): add no-identical-title rule by @​eryue0220 in #​875
• feat: port rule jsx-a11y/aria-proptypes by @​fansenze in #​912
• feat: port rule jsx-a11y/interactive-supports-focus by @​fansenze in #​914
• feat: port rule jsx-a11y/control-has-associated-label by @​fansenze in #​915
• feat: port rule jsx-a11y/mouse-events-have-key-events by @​fansenze in #​918
• feat: port rule jsx-a11y/aria-role by @​fansenze in #​917
• feat: port rule jsx-a11y/label-has-associated-control by @​fansenze in #​919
• feat: port rule jsx-a11y/no-noninteractive-element-interactions by @​fansenze in #​920
• feat: port rule jsx-a11y/no-static-element-interactions by @​fansenze in #​921
• feat: port rule jsx-a11y/role-has-required-aria-props by @​fansenze in #​923
• feat: port rule jsx-a11y/no-interactive-element-to-noninteractive-role by @​fansenze in #​927
• feat: add typescript base preset by @​fansenze in #​925
• feat: port rule jsx-a11y/no-noninteractive-element-to-interactive-role by @​fansenze in #​928
• feat: port rule jsx-a11y/role-supports-aria-props by @​fansenze in #​929
• feat: align jsx-a11y preset with eslint-plugin-jsx-a11y@6.10.x recommended by @​fansenze in #​930
• feat: add --type-check-only flag to run only type checking by @​fansenze in #​905
• feat(eslint-plugin-jest): add no-commented-out-tests rule by @​eryue0220 in #​931

Bug Fixes 🐞

• fix: register jsx-a11y in plugin name and website registry by @​fansenze in #​904
• fix: move Windows Go build to self-hosted runner to avoid disk-full by @​fansenze in #​922

Refactor 🔨

• refactor: split reactutil.go into per-topic files by @​fansenze in #​878

Documentation 📖

• docs(website): enable llms generation and ssg by @​elecmonkey in #​876
• docs(website): remove usage of experimentalExcludeRoutePaths API by @​elecmonkey in #​879
• docs: align anchor-has-content rule heading casing by @​fansenze in #​888
• docs: switch port-rule docs to rslint.config.mjs by @​fansenze in #​911
• docs: unify rule doc headers by @​elecmonkey in #​932

Other Changes

• chore(deps): update react monorepo by @​renovate[bot] in #​811
• chore(deps): update module golang.org/x/tools to v0.44.0 by @​renovate[bot] in #​732
• chore(deps): update module github.com/dlclark/regexp2 to v1.12.0 by @​renovate[bot] in #​730
• chore(deps): update dependency @​rstack-dev/doc-ui to v1.13.3 by @​renovate[bot] in #​810
• chore(deps): update module golang.org/x/text to v0.36.0 by @​renovate[bot] in #​731
• chore(deps): update dependency @​microsoft/api-extractor to v7.58.7 by @​renovate[bot] in #​596
• chore: sync typescript-go submodule to dcc16d9 by @​fansenze in #​873
• chore: sync typescript-go submodule to 092b34f by @​fansenze in #​901
• chore(deps): update module golang.org/x/tools to v0.45.0 by @​renovate[bot] in #​898
• chore(deps): update dependency tailwind-merge to ^3.6.0 by @​renovate[bot] in #​896
• chore(deps): update module golang.org/x/text to v0.37.0 by @​renovate[bot] in #​897
• test: skip VSCode 1.106.3 run in extension tests by @​fansenze in #​908
• chore(deps): upgrade rspress to 2.0.11 by @​Copilot in #​883
• chore: sync typescript-go submodule to adb2ab4 by @​fansenze in #​910
• chore: migrate rule test configs from rslint.json to rslint.config.mjs by @​fansenze in #​913
• chore: harden dependency update policy by @​chenjiahan in #​926

New Contributors

• @​elecmonkey made their first contribution in #​876

Full Changelog: web-infra-dev/rslint@v0.5.2...v0.5.3

web-infra-dev/rspack (@​rspack/core)

v2.0.4

Compare Source

Highlights 💡

• Inline const with module declarations (#​14032): Previously, Rspack only inlined constant exports from leaf modules in the module graph. Now constant exports from any module can be inlined, even when that module also imports or re-exports other modules. In rare circular-reference cases this can make a TDZ error disappear, but we do not expect real projects to rely on TDZ errors, so Rspack prioritizes the optimization.

  // constants.js
  import './setup';
  
  export const ENABLE_EXPERIMENT = false;
  
  // entry.js
  import { ENABLE_EXPERIMENT } from './constants';
  
  if (ENABLE_EXPERIMENT) {
    runExperiment();
  }
  
  // Before: constants.js is not a leaf module, so the branch could keep
  // reading the imported binding.
  if (ENABLE_EXPERIMENT) {
    runExperiment();
  }
  
  // Now: the constant can still be inlined, so dead branches are easier
  // to remove.
  if (false) {
    runExperiment();
  }

• Tree shake namespace default reexport (#​13980): Previously, the import * as a from './a'; export default a; pattern did not tree-shake a through the default export. Now Rspack further analyzes the default-exported namespace object and can remove unused exports from the original namespace module.

  // a.js
  export function used() {}
  export function unused() {}
  
  // bridge.js
  import * as a from './a';
  export default a;
  
  // app.js
  import a from './bridge';
  
  a.used();
  
  // Before: both used and unused could be kept in the bundle.
  // Now: unused can be tree-shaken.

• CSS global module type (#​13988): css/global is useful when most selectors in a stylesheet should stay global, but you still want CSS Modules features for selected local selectors. This makes it easier to migrate existing global CSS gradually without turning every class name into a local scoped name.

  export default {
    module: {
      rules: [{ test: /\.global\.css$/i, type: 'css/global' }],
    },
  };

  /* style.global.css */
  .button {
    color: red;
  }
  
  :local(.title) {
    font-weight: 600;
  }

  .button stays global, while .title is renamed as a local class.

• CSS Modules local ident options (#​14009): CSS Modules now support local ident hash options such as hash function, digest, digest length, and salt. These options make generated class names more configurable and better aligned with webpack-compatible CSS Modules setups.

  export default {
    module: {
      rules: [{ test: /\.module\.css$/i, type: 'css/module' }],
      generator: {
        'css/module': {
          localIdentName: '[name]__[local]__[hash]',
          localIdentHashFunction: 'xxhash64',
          localIdentHashDigest: 'hex',
          localIdentHashDigestLength: 8,
          localIdentHashSalt: 'my-salt',
        },
      },
    },
  };

What's Changed

New Features 🎉

• feat(css): add support for css/global module type by @​intellild in #​13988
• feat: tree shake namespace default reexport by @​JSerFeng in #​13980
• feat: inline const with module declarations by @​ahabhgk in #​14032
• feat(css): support CSS module local ident options by @​intellild in #​14009
• feat: circular modules info plugin by @​ahabhgk in #​14031

Performance 🚀

• perf: cache reserved name atom set by @​LingyuCoder in #​14014
• perf: optimize flag dependency usage by @​LingyuCoder in #​14052
• perf(cli): remove process title startup overhead by @​chenjiahan in #​14061
• perf(deps): unify duplicate Rust dependencies to reduce binary size by @​intellild in #​14012
• perf: improve split chunks cache group filtering by @​LingyuCoder in #​14067
• perf: optimize mangle exports plugin by @​LingyuCoder in #​14048
• perf(cli): lazy load json stream helpers by @​chenjiahan in #​14079
• perf: optimize named id assignment by @​LingyuCoder in #​14075

Bug Fixes 🐞

• fix(rsc): skip client entry mismatch without injections by @​SyMind in #​14018
• fix(cli): write logger trace output to file by default by @​hardfist in #​14022
• fix(ci): repair broken rustup shim chain on macos-latest by @​stormslowly in #​14040
• fix(stats): preserve sub-millisecond precision in logger time entries by @​stormslowly in #​14049
• fix: import.meta.filename/dirname escape on windows by @​ahabhgk in #​14050
• fix(rsc): group client chunks by server-entry ownership by @​SyMind in #​13880
• fix(rslib): emit type-only isolated dts dependencies by @​Timeless0911 in #​14037
• fix(copy-plugin): support JS input file system for glob copies by @​intellild in #​14023
• fix: keep buildHttp imports bundled for node target by @​SyMind in #​14086

Document 📖

• docs: update config option types by @​chenjiahan in #​14060
• docs: update runtime plugin hooks by @​chenjiahan in #​14069
• docs(plugin-api): document module factory hooks by @​chenjiahan in #​14070
• docs(cli): update cli option descriptions by @​chenjiahan in #​14071
• docs(website): update core team profile by @​chenjiahan in #​14093

Other Changes

• security(ci): remove PR title lint workflow by @​chenjiahan in #​14016
• chore: add local rust benchmark script by @​hardfist in #​14007
• chore(ci): replace archived actions-rs/cargo with bare cargo invocations by @​stormslowly in #​14017
• chore: release version 2.0.3 by @​LingyuCoder in #​14015
• chore: add draft release notes skill by @​chenjiahan in #​14028
• chore(build): fix empty napi-binding.d.ts on subsequent builds by @​stormslowly in #​14027
• chore: bump rslint to 0.5.3 by @​fansenze in #​14034
• chore(deps): update swc crates by @​hardfist in #​14036
• chore(skill): add rspack performance optimization skill by @​LingyuCoder in #​14047
• chore: upgrade swc from 64 to 66 by @​hardfist in #​14059
• chore(deps): update dependency @​codspeed/vitest-plugin to ^5.4.0 by @​renovate[bot] in #​14057
• chore(deps): update patch npm dependencies by @​renovate[bot] in #​14055
• chore(deps): update dependency @​playwright/test to v1.60.0 by @​renovate[bot] in #​14058
• chore: bump patch of swc_core and swc_typescript by @​CPunisher in #​14066
• test: add named ids codspeed benchmarks by @​LingyuCoder in #​14074
• chore(security): replace issues helper action by @​chenjiahan in #​14084
• chore(deps): bump rstack ecosystem ci action by @​chenjiahan in #​14092

Full Changelog: web-infra-dev/rspack@v2.0.3...v2.0.4

web-infra-dev/rstest (@​rstest/core)

v0.10.2

Compare Source

Highlights

Auto-restore mocks with using (#​1293)

Mock instances now implement Symbol.dispose, so spies are automatically restored when a using block exits — no more manual mockRestore() in afterEach.

import { test, rstest } from '@​rstest/core';

test('reads config', () => {
  using readSpy = rstest.spyOn(fs, 'readFileSync');
  // ...
}); // readSpy is restored here

What's Changed

New Features 🎉

• feat(core): support using for mock restore by @​9aoy in #​1293
• feat: implement V8 coverage provider by @​colinaaa in #​1117
• feat(core): trace coverage pipeline by @​9aoy in #​1297
• feat(core): make --reporters the canonical CLI flag by @​fi3ework in #​1299

Performance 🚀

• perf(coverage-istanbul): optimize sourcemap URL scanning by @​9aoy in #​1296
• perf(coverage-v8): skip unnecessary coverage conversion by @​9aoy in #​1298

Bug Fixes 🐞

• fix(core): normalize mixed nested CLI options by @​9aoy in #​1290
• fix(core): disable memory gate for threads pool by @​fi3ework in #​1307
• fix(core): serialize reporter output on CI by @​9aoy in #​1304
• fix(core): surface fatal-error stack on worker IPC drop by @​fi3ework in #​1306
• fix(core): flush before final summary output by @​9aoy in #​1309
• fix(core): handle stream write callbacks in status renderer by @​9aoy in #​1312

Document 📖

• docs: fix Vitest migration table formatting by @​9aoy in #​1295

Other Changes

• ci: tolerate Playwright browser cache failures by @​9aoy in #​1305
• chore: include coverage-v8 in bump group by @​9aoy in #​1308
• chore: simplify bump config and align coverage-v8 version by @​fi3ework in #​1313
• release: 0.10.2 by @​fi3ework in #​1311

New Contributors

• @​colinaaa made their first contribution in #​1117

Full Changelog: web-infra-dev/rstest@v0.10.1...v0.10.2

v0.10.1

Compare Source

What's Changed

New Features 🎉

• feat(core): add lifecycle debug logs by @​9aoy in #​1280
• feat(core): add detectAsyncLeaks option by @​9aoy in #​1262

Performance 🚀

• perf(cli): remove process title startup overhead by @​chenjiahan in #​1268

Bug Fixes 🐞

• fix(core): only merge performance.buildCache when user opts in by @​pkasarda in #​1276
• fix(types): export missing public types by @​9aoy in #​1277
• fix(core): restore slot semantics for RSTEST_WORKER_ID by @​fi3ework in #​1279
• fix(core): prevent pool.close() hang on forks pool by @​fi3ework in #​1285

Refactor 🔨

• refactor(core): use "Set up Rstest browser mode" as init header by @​fi3ework in #​1281

Document 📖

• docs: clarify React browser testing setup by @​9aoy in #​1269
• docs: update agent migrate skill by @​9aoy in #​1270
• docs: scaffold release blog with create-release-blog skill by @​fi3ework in #​1259
• docs: fix init command documentation by @​travzhang in #​894
• docs(core): clarify buildCache comment by @​9aoy in #​1278
• docs(blog): add author list to blog pages by @​elecmonkey in #​1282

Other Changes

• chore(deps): update pnpm/action-setup action to v6 by @​renovate[bot] in #​1272
• test(e2e): loosen github-actions Duration regex to avoid Windows flakes by @​fi3ework in #​1266
• chore(deps): update all non-major dependencies by @​renovate[bot] in #​1271
• chore(deps): update dependency svelte to v5.55.7 [security] by @​renovate[bot] in #​1260
• chore(deps): bump rstackjs/rstack-ecosystem-ci action to ca8d345 by @​fi3ework in #​1283
• release: 0.10.1 by @​9aoy in #​1286

New Contributors

• @​pkasarda made their first contribution in #​1276
• @​elecmonkey made their first contribution in #​1282

Full Changelog: web-infra-dev/rstest@v0.10.0...v0.10.1

v0.10.0

Compare Source

What's Changed

New Features 🎉

• feat(pool): replace tinypool with self-owned worker pool by @​fi3ework in #​1171
• feat: support run related tests by @​9aoy in #​1172
• feat(core): support build cache by @​9aoy in #​1196
• feat: support silent logs by @​9aoy in #​1224
• feat(core): resolve dynamic imports against source module origin by @​fi3ework in #​1210
• feat(core): add --trace flag to dump Perfetto-compatible profile by @​fi3ework in #​1226
• feat(core): add threads pool implementation by @​fi3ework in #​1235
• feat(core): add memory-aware worker spawn gate by @​fi3ework in #​1246
• feat(core): support run changed tests by @​9aoy in #​1243
• feat(core): auto install missing runtime dependencies by @​9aoy in #​1252
• feat(core): add force rerun triggers by @​9aoy in #​1257
• feat(core): support changed coverage by @​9aoy in #​1263

Bug Fixes 🐞

• fix(pool): restore stderr truncation and settle wait lost in #​1171 by @​fi3ework in #​1216
• fix: handle toNotFake option in useFakeTimers properly by @​felixmosh in #​1219
• fix(core): guard interop has trap against primitive default export by @​fi3ework in #​1234
• fix(adapter-rslib): use mergeRslibConfig instead of mergeRsbuildConfig by @​9aoy in #​1238
• fix(browser-react): drop React 17 from peer deps by @​fi3ework in #​1240
• fix(core): split taskContext to remove node:async_hooks from browser bundle by @​fi3ework in #​1244
• fix(core): include coverage config in build cache digest by @​9aoy in #​1245
• fix(core): improve related changed hints by @​9aoy in #​1264

Document 📖

• docs: use Rspress Prompt component and upgrade to the latest version by @​SoonIter in #​1213
• docs(api): add environment variables reference page by @​fi3ework in #​1220
• docs: add silent version metadata by @​9aoy in #​1236
• docs(profiling): add profiler choice section by @​fi3ework in #​1237

Other Changes

• chore(deps): update rsbuild to v2 (major) by @​renovate[bot] in #​1223
• chore(deps): update all non-major dependencies by @​renovate[bot] in #​1222
• chore(core): silence pool unit test stderr noise on CI by @​fi3ework in #​1225
• chore: replace Biome with Prettier by @​9aoy in #​1227
• chore(deps): update actions/github-script action to v9 by @​renovate[bot] in #​1230
• chore(deps): pin rstackjs/rstack-ecosystem-ci action to 4949c44 by @​renovate[bot] in #​1228
• chore(deps): update dependency lefthook to v2 by @​renovate[bot] in #​1231
• chore(deps): update actions/setup-node digest to 48b55a0 by @​renovate[bot] in #​1229
• build: enable tsgo in CI by @​chenjiahan in #​1232
• chore(deps): update @​rspack/core to 2.0.1 by @​chenjiahan in #​1233
• chore(deps): update pnpm workspace settings by @​chenjiahan in #​1241
• test(e2e): assert no framework warnings in browser-mode CLI output by @​fi3ework in #​1242
• test(e2e): isolate build/ rstest spawns to per-fixture cwd by @​fi3ework in #​1247
• chore: add release notes skill by @​chenjiahan in #​1249
• chore(deps): update rspack and rsbuild by @​9aoy in #​1250
• ci: split PR baseline and cron supplemental e2e coverage by @​fi3ework in #​1248
• chore: enable Renovate security preset by @​chenjiahan in #​1253
• chore(deps): update all non-major dependencies by @​renovate[bot] in #​1251
• chore: align package versions by @​9aoy in #​1254
• chore: enforce publint and arethetypeswrong on every package build by @​fi3ework in #​1256
• chore: replace local pr skill with rstackjs/agent-skills pr-creator by @​fi3ework in #​1255
• release: 0.10.0 by @​fi3ework in #​1265

New Contributors

• @​SoonIter made their first contribution in #​1213
• @​felixmosh made their first contribution in #​1219

Full Changelog: web-infra-dev/rstest@v0.9.10...v0.10.0

honojs/hono (hono)

v4.12.22

Compare Source

What's Changed

• chore: update vitest to v4 and cleanups by @​BlankParticle in #​4952
• fix(mime): specify charset parameter per MIME type instead of mechanical detection by @​renatograsso10 in #​4912
• fix(compress): respect Accept-Encoding when encoding option is set by @​LeSingh1 in #​4951
• fix(deno): echo negotiated WebSocket subprotocol in upgrade response by @​ATOM00blue in #​4955
• feat: add msgpack as a compressible content type by @​na-trium-144 in #​4957

New Contributors

• @​renatograsso10 made their first contribution in #​4912
• @​LeSingh1 made their first contribution in #​4951
• @​ATOM00blue made their first contribution in #​4955
• @​na-trium-144 made their first contribution in #​4957

Full Changelog: honojs/hono@v4.12.21...v4.12.22

v4.12.21

Compare Source

Security fixes

This release includes fixes for the following security issues:

app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Affects: app.mount(). Fixes prefix stripping using the raw URL pathname instead of the decoded path, where percent-encoded characters in the mount prefix or path could cause the prefix to be removed at the wrong position, resulting in the sub-application receiving an incorrect path. GHSA-2gcr-mfcq-wcc3

IP Restriction bypasses static deny rules for non-canonical IPv6

Affects: hono/ip-restriction. Fixes IP address comparison using string equality, where non-canonical IPv6 representations of a denied address — such as compressed forms or hex-notation IPv4-mapped addresses — could bypass static deny rules. GHSA-xrhx-7g5j-rcj5

Cookie helper does not sanitize sameSite and priority, allowing Set-Cookie injection

Affects: hono/cookie. Fixes missing validation of sameSite and priority options against injection characters (;, \r, \n), where user-controlled input passed to either option could inject additional attributes into the Set-Cookie response header. GHSA-3hrh-pfw6-9m5x

JWT middleware accepts any Authorization scheme, not only Bearer

Affects: hono/jwt, hono/jwk. Fixes missing scheme validation in the Authorization header, where any two-part header value was accepted regardless of the scheme name, allowing non-Bearer schemes to pass JWT authentication. GHSA-f577-qrjj-4474

---

Users who use app.mount(), hono/ip-restriction, hono/cookie, or hono/jwt/hono/jwk are encouraged to upgrade to this version.

v4.12.20

Compare Source

What's Changed

• fix(route): preserve the base path of the mounted route() app by @​usualoma in #​4942
• fix(jsx): widen jsx and jsxFn children to Child[] by @​ashunar0 in #​4947

New Contributors

• @​ashunar0 made their first contribution in #​4947

Full Changelog: honojs/hono@v4.12.19...v4.12.20

v4.12.19

Compare Source

What's Changed

• ci: pin GitHub Actions to SHAs by @​yusukebe in #​4932
• fix(serveStatic): make options parameter optional in all adapters by @​mixelburg in #​4934
• fix(cookie): return the first cookie when there are multiple cookies with the same name by @​usualoma in #​4922
• feat(bearer-auth): make bearerAuth generic for typed context in verifyT

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Asia/Shanghai)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.