[Snyk] Upgrade hono from 4.6.12 to 4.7.7

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade hono from 4.6.12 to 4.7.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 16 versions ahead of your current version.

• The recommended version was released 22 days ago.

Release notes

Package name: hono

• 4.7.7 - 2025-04-15
  

  What's Changed

  • fix(trailing-slash): handle HEAD request in trailing slash middleware by @ sushichan044 in #4049
  • fix(proxy): accept a Request object as proxyInit by @ usualoma in #4067
  • test(deno): wait for stream to start before aborting request by @ yusukebe in #4068
  • ci: Add Bundle Analysis by @ katia-sentry in #4072
  • chore: Revert "ci: Add Bundle Analysis (#4072)" by @ yusukebe in #4076
  • fix(context): don't throw the error with c.header() when it's finalized by @ yusukebe in #4078

  New Contributors

  • @ katia-sentry made their first contribution in #4072

  Full Changelog: v4.7.6...v4.7.7

• 4.7.6 - 2025-04-08
  

  What's Changed

  • fix(compress): avoid compressing if transfer-encoding is set by @ usualoma in #4027
  • chore(lint): patch warnings by @ EdamAme-x in #4034
  • chore(april-fool): change hono is cool to hono is hot by @ EdamAme-x in #4035
  • fix(client): Support browsers without Array.prototype.at by @ isnifer in #4057

  New Contributors

  • @ isnifer made their first contribution in #4057

  Full Changelog: v4.7.5...v4.7.6

• 4.7.5 - 2025-03-20
  

  What's Changed

  • docs(MIGRATION): Fix typo by @ movahhedi in #3999
  • fix(bun): export BunWebSocketData and BunWebSocketHandler by @ yusukebe in #4002
  • types(compose): follow up #3932 by @ EdamAme-x in #3934
  • fix(adapter/aws-lambda): APIGWProxyResult should contain either of headers or multiValueHeaders, not both by @ exoego in #3883

  New Contributors

  • @ movahhedi made their first contribution in #3999

  Full Changelog: v4.7.4...v4.7.5

• 4.7.4 - 2025-03-05
  

  What's Changed

  • fix(types): fix unhandled types for Deno 2.2 by @ yusukebe in #3977

  Full Changelog: v4.7.3...v4.7.4

• 4.7.3 - 2025-03-05
  

  What's Changed

  • refactor: support TypeScript 5.7 for Deno 2.2 by @ yusukebe in #3939
  • refactor(pattern-router): reduce bundle size and fix comments by @ EdamAme-x in #3936
  • fix(bun): export BunWebSocketHandler by @ yusukebe in #3964
  • fix(hono-base): prevent options object mutation by @ yusukebe in #3975
  • perf(utils/url): Short circuit the regex in checkOptionalParameter by @ csainty in #3974

  New Contributors

  • @ csainty made their first contribution in #3974

  Full Changelog: v4.7.2...v4.7.3

• 4.7.2 - 2025-02-18
  

  What's Changed

  • fix(proxy): fix header overwrite by @ usualoma in #3922
  • fix(proxy): include original request signal in proxy request by @ BarryThePenguin in #3925
  • fix(helper/proxy): missing proxy response status by @ BarryThePenguin in #3927
  • fix(proxy): remove spread operator from Request and Response classes by @ BarryThePenguin in #3928
  • refactor(compose): remove unnecessary complexity and improve testing by @ EdamAme-x in #3932

  Full Changelog: v4.7.1...v4.7.2

• 4.7.1 - 2025-02-13
  

  What's Changed

  • refactor(helper/streaming): remove unused variables by @ EdamAme-x in #3904
  • fix(combine): halt middleware evaluation if error in next() by @ usualoma in #3905
  • fix(utils/url): calculate ends with slash on every iteration by @ luxass in #3910
  • perf(utils/url): shorten mergePath and optimize for normal use cases. by @ usualoma in #3911
  • fix(adapter/aws-lambda): remove unneeded import and compatibility for LLRT by @ EdamAme-x in #3915
  • fix(etag): change where to check for crypto by @ EdamAme-x in #3916

  New Contributors

  • @ luxass made their first contribution in #3910

  Full Changelog: v4.7.0...v4.7.1

• 4.7.0 - 2025-02-07
  

  Release Notes

  Hono v4.7.0 is now available!

  This release introduces one helper and two middleware.

  • Proxy Helper
  • Language Middleware
  • JWK Auth Middleware

  Plus, Standard Schema Validator has been born.

  Let's look at each of these.

  Proxy Helper

  We sometimes use the Hono application as a reverse proxy. In that case, it accesses the backend using fetch. However, it sends an unintended headers.

  app.all('/proxy/:path', (c) => {
    // Send unintended header values to the origin server
    return fetch(`http://${originServer}/${c.req.param('path')}`)
  })

  For example, fetch may send Accept-Encoding, causing the origin server to return a compressed response. Some runtimes automatically decode it, leading to a Content-Length mismatch and potential client-side errors.

  Also, you should probably remove some of the headers sent from the origin server, such as Transfer-Encoding.

  Proxy Helper will send requests to the origin and handle responses properly. The above headers problem is solved simply by writing as follows.

  import { Hono } from 'hono'
  import { proxy } from 'hono/proxy'

  app.get('/proxy/:path', (c) => {
  return proxy(http://<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">originServer</span><span class="pl-kos">}</span></span>/<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">c</span><span class="pl-kos">.</span><span class="pl-c1">req</span><span class="pl-kos">.</span><span class="pl-en">param</span><span class="pl-kos">(</span><span class="pl-s">'path'</span><span class="pl-kos">)</span><span class="pl-kos">}</span></span>)
  })

  You can also use it in more complex ways.

  app.get('/proxy/:path', async (c) => {
    const res = await proxy(
      `http://${originServer}/${c.req.param('path')}`,
      {
        headers: {
          ...c.req.header(),
          'X-Forwarded-For': '127.0.0.1',
          'X-Forwarded-Host': c.req.header('host'),
          Authorization: undefined,
        },
      }
    )
    res.headers.delete('Set-Cookie')
    return res
  })

  Thanks @ usualoma!

  Language Middleware

  Language Middleware provides 18n functions to Hono applications. By using the languageDetector function, you can get the language that your application should support.

  import { Hono } from 'hono'
  import { languageDetector } from 'hono/language'

  const app = new Hono()

  app.use(
  languageDetector({
  supportedLanguages: ['en', 'ar', 'ja'], // Must include fallback
  fallbackLanguage: 'en', // Required
  })
  )

  app.get('/', (c) => {
  const lang = c.get('language')
  return c.text(Hello! Your language is <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">lang</span><span class="pl-kos">}</span></span>)
  })

  You can get the target language in various ways, not just by using Accept-Language.

  • Query parameters
  • Cookies
  • Accept-Language header
  • URL path

  Thanks @ lord007tn!

  JWK Auth Middleware

  Finally, middleware that supports JWK (JSON Web Key) has landed. Using JWK Auth Middleware, you can authenticate by verifying JWK tokens. It can access keys fetched from the specified URL.

  import { Hono } from 'hono'
  import { jwk } from 'hono/jwk'

  app.use(
  '/auth/*',
  jwk({
  jwks_uri: https://<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">backendServer</span><span class="pl-kos">}</span></span>/.well-known/jwks.json,
  })
  )

  app.get('/auth/page', (c) => {
  return c.text('You are authorized')
  })

  Thanks @ Beyondo!

  Standard Schema Validator

  Standard Schema provides a common interface for TypeScript validator libraries. Standard Schema Validator is a validator that uses it. This means that Standard Schema Validator can handle several validators, such as Zod, Valibot, and ArkType, with the same interface.

  The code below really works!

  import { Hono } from 'hono'
  import { sValidator } from '@ hono/standard-validator'
  import { type } from 'arktype'
  import * as v from 'valibot'
  import { z } from 'zod'

  const aSchema = type({
  agent: 'string',
  })

  const vSchema = v.object({
  slag: v.string(),
  })

  const zSchema = z.object({
  name: z.string(),
  })

  const app = new Hono()

  app.get(
  '/:slag',
  sValidator('header', aSchema),
  sValidator('param', vSchema),
  sValidator('query', zSchema),
  (c) => {
  const headerValue = c.req.valid('header')
  const paramValue = c.req.valid('param')
  const queryValue = c.req.valid('query')
  return c.json({ headerValue, paramValue, queryValue })
  }
  )

  const res = await app.request('/foo?name=foo', {
  headers: {
  agent: 'foo',
  },
  })

  console.log(await res.json())

  Thanks @ muningis!

  New features

  • feat(helper/proxy): introduce proxy helper #3589
  • feat(logger): include query params #3702
  • feat: add language detector middleware and helpers #3787
  • feat(hono/context): add buffer returns #3813
  • feat(hono/jwk): JWK Auth Middleware #3826
  • feat(etag): allow for custom hashing methods to be used to etag #3832
  • feat(router): support greedy matches with subsequent static components #3888

  All changes

  • docs(CONTRIBUTING): remove text about yarn by @ EdamAme-x in #3878
  • refactor(request): toLowerCase() is unnecessary for req.header() by @ yusukebe in #3880
  • fix(helper/adapter): correct env type by @ yusukebe in #3885
  • chore(test): update to vitest 3 by @ yasuaki640 in #3861
  • fix(router/trie-router): fix label with trailing wildcard pattern by @ usualoma in #3892
  • feat(helper/proxy): introduce proxy helper by @ usualoma in #3589
  • feat(logger): include query params by @ ryuapp in #3702
  • feat(factory): Allow HonoOptions with factory by @ miyaji255 in #3786
  • feat: add language detector middleware and helpers by @ lord007tn in #3787
  • feat(hono/context): add buffer returns by @ askorupskyy in #3813
  • feat(hono/jwk): JWK Auth Middleware by @ Beyondo in #3826
  • feat(etag): allow for custom hashing methods to be used to etag by @ EdamAme-x in #3832
  • feat(router): support greedy matches with subsequent static components. by @ usualoma in #3888
  • fix(client): correct inferring empty object fromc.json({}) by @ yusukebe in #3873
  • Next by @ yusukebe in #3896
  • chore(runtime-tests): add deno.lock by @ yusukebe in #3897

  New Contributors

  • @ lord007tn made their first contribution in #3787

  Full Changelog: v4.6.20...v4.7.0

• 4.6.20 - 2025-01-31
  

  What's Changed

  • refactor(helper/streaming): Avoid attaching AbortSignal on newer versions of Bun by @ Jarred-Sumner in #3859
  • chore: Use new text-based bun lockfile by @ ryoppippi in #3846
  • chore: bump np by @ yusukebe in Summary by Sourcery

    Upgrade Hono dependency from version 4.6.12 to 4.7.7

    New Features:

    • Introduced proxy helper
    • Added language detector middleware
    • Added JWK Auth Middleware
    • Added buffer returns in context
    • Supported greedy matches with subsequent static components

    Enhancements:

    • Improved logger to include query params
    • Allowed custom hashing methods for etag
    • Allowed HonoOptions with factory

[sourcery-ai]

Reviewer's Guide

This pull request upgrades the hono dependency from 4.6.12 to 4.7.7 by updating its version in apps/main/package.json. This change integrates 16 versions worth of new features, bug fixes, and performance improvements from the Hono library.

File-Level Changes

Change	Details	Files
Incorporation of major features from Hono v4.7.0.	New middleware: Proxy Helper, Language, and JWK Auth. New Standard Schema Validator for flexible data validation. Enhancements to logger (query params), context (buffer returns), and ETag generation (custom hashing).	apps/main/package.json
Integration of bug fixes, performance optimizations, and compatibility updates from Hono v4.7.1 - v4.7.7.	Fixes for proxy functionality, trailing slash handling, compression logic, and context operations. Improved compatibility for various clients, Bun runtime, Deno, and newer TypeScript versions. Performance enhancements in URL utility functions.	apps/main/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.