Skip to content

chore(hono): Update dependency hono to ^4.12.18#8574

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/hono-dev-minor
Open

chore(hono): Update dependency hono to ^4.12.18#8574
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/hono-dev-minor

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 17, 2026

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
hono (source) ^4.12.15^4.12.18 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

honojs/hono (hono)

v4.12.18

Compare Source

v4.12.17

Compare Source

v4.12.16

Compare Source

Security fixes

This release includes fixes for the following security issues:

Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Affects: hono/jsx. Fixes missing validation of JSX tag names when using jsx() or createElement(), which could allow HTML injection if untrusted input is used as the tag name. GHSA-69xw-7hcm-h432

bodyLimit() can be bypassed for chunked / unknown-length requests

Affects: Body Limit Middleware. Fixes late enforcement for request bodies without a reliable Content-Length (e.g. chunked requests), where oversized requests could reach handlers and return successful responses before being rejected. GHSA-9vqf-7f2p-gf9v

Configuration

📅 Schedule: (in timezone GMT)

  • Branch creation
    • "before 7am on the first day of the week"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label May 17, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 17, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
clerk-js-sandbox Skipped Skipped May 17, 2026 5:41am

Request Review

@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented May 17, 2026

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml

<--- Last few GCs --->

[915:0x447b9000]   144446 ms: Scavenge (interleaved) 1486.0 (1500.5) -> 1486.0 (1511.2) MB, pooled: 0 MB, 81.00 / 0.00 ms  (average mu = 0.497, current mu = 0.452) allocation failure; 
[915:0x447b9000]   147241 ms: Mark-Compact (reduce) 1494.8 (1513.2) -> 1492.4 (1503.9) MB, pooled: 0 MB, 76.83 / 0.00 ms  (+ 2025.4 ms in 126 steps since start of marking, biggest step 34.0 ms, walltime since start of marking 2351 ms) (average mu = 0.428,
FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----

 1: 0x73f8c4 node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/opt/containerbase/tools/node/24.15.0/bin/node]
 2: 0xc06f90  [/opt/containerbase/tools/node/24.15.0/bin/node]
 3: 0xc0707f  [/opt/containerbase/tools/node/24.15.0/bin/node]
 4: 0xeaa885  [/opt/containerbase/tools/node/24.15.0/bin/node]
 5: 0xebc1ec  [/opt/containerbase/tools/node/24.15.0/bin/node]
 6: 0xec011d  [/opt/containerbase/tools/node/24.15.0/bin/node]
 7: 0x9b0214  [/opt/containerbase/tools/node/24.15.0/bin/node]
 8: 0x9b291c node::PerIsolatePlatformData::FlushForegroundTasksInternal() [/opt/containerbase/tools/node/24.15.0/bin/node]
 9: 0x19972b3  [/opt/containerbase/tools/node/24.15.0/bin/node]
10: 0x19add5a  [/opt/containerbase/tools/node/24.15.0/bin/node]
11: 0x1997f77 uv_run [/opt/containerbase/tools/node/24.15.0/bin/node]
12: 0x7e7735 node::SpinEventLoopInternal(node::Environment*) [/opt/containerbase/tools/node/24.15.0/bin/node]
13: 0x9678da node::NodeMainInstance::Run() [/opt/containerbase/tools/node/24.15.0/bin/node]
14: 0x8a7c05 node::Start(int, char**) [/opt/containerbase/tools/node/24.15.0/bin/node]
15: 0x7f95f4f491ca  [/lib/x86_64-linux-gnu/libc.so.6]
16: 0x7f95f4f4928b __libc_start_main [/lib/x86_64-linux-gnu/libc.so.6]
17: 0x7d011e _start [/opt/containerbase/tools/node/24.15.0/bin/node]
/usr/local/bin/node: line 18:   915 Aborted                 /opt/containerbase/tools/node/24.15.0/bin/node "$@"

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented May 17, 2026

⚠️ No Changeset found

Latest commit: b0d2577

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants