v4.5.7

What's Changed

• fix(jsx/dom): Fixed a bug that caused Script elements to turn into Style elements. by @usualoma in #3294
• perf(jsx/dom): improve performance by @usualoma in #3288
• feat(jsx): improve a-tag types with well known values by @ssssota in #3287
• fix(validator): Fixed a bug in hono/validator where URL Encoded Data could not be validated if the Content-Type included charset. by @uttk in #3297
• feat(jsx): improve target and formtarget attribute types by @ssssota in #3299
• docs(README): change Twitter to X by @nakasyou in #3301
• fix(client): replace optional params to url correctly by @yusukebe in #3304
• feat(jsx): improve input attribute types based on react by @ssssota in #3302

New Contributors

• @uttk made their first contribution in #3297

Full Changelog: v4.5.6...v4.5.7

v4.5.6

What's Changed

• fix(jsx): handle async component error explicitly and throw the error in the response by @usualoma in #3274
• fix(validator): support multipart headers without a separating space by @Ernxst in #3286
• fix(validator): Allow form data will mutliple values appended by @nicksrandall in #3273
• feat(jsx): improve meta-tag types with well known values by @ssssota in #3276

New Contributors

• @Ernxst made their first contribution in #3286
• @ssssota made their first contribution in #3276

Full Changelog: v4.5.5...v4.5.6

v4.5.5

What's Changed

• fix(jsx): allow null, undefined, and boolean to be returned from function component by @usualoma in #3241
• feat(context): Add types for c.header by @nakasyou in #3221
• fix(jsx): fix draggable type to accept boolean by @yasuaki640 in #3253
• feat(context): add Context-Type types to c.header by @nakasyou in #3255
• fix(serve-static): supports directory contains . and not end / by @yusukebe in #3256

Full Changelog: v4.5.4...v4.5.5

v4.5.4

What's Changed

• fix(jsx): corrects the type of 'draggable' attribute in intrinsic-elements.ts by @yasuaki640 in #3224
• feat(jsx): allow to merge CSSProperties declaration by @jonasnobile in #3228
• feat(client): Add WebSocket Provider Integration Tests and Enhance WebSocket Initialization by @naporin0624 in #3213
• fix(types): param in ValidationTargets supports optional param by @yusukebe in #3229

New Contributors

• @jonasnobile made their first contribution in #3228

Full Changelog: v4.5.3...v4.5.4

v4.5.3

What's Changed

• fix(validator): Add double quotation marks to multipart checker regex by @CPlusPatch in #3195
• fix(validator): support application/json with a charset as JSON by @yusukebe in #3199
• fix(jsx): fix handling of SVG elements in JSX. by @usualoma in #3204
• fix(jsx/dom): fix performance issue with adding many new node listings by @usualoma in #3205
• fix(service-worker): refer to self.fetch correctly by @yusukebe in #3200

New Contributors

• @CPlusPatch made their first contribution in #3195

Full Changelog: v4.5.2...v4.5.3

v4.5.2

What's Changed

• fix(helper/adapter): don't check navigator is undefined by @yusukebe in #3171
• fix(types): handle readonly array correctly by @m-shaka in #3172
• Revert "fix(helper/adapter): don't check navigator is undefined by @yusukebe in #3173
• fix(type): degradation of generic type handling by @m-shaka in #3138
• fix:(csrf) fix typo of csrf middleware by @yasuaki640 in #3178
• feat(secure-headers): remove "X-Powered-By" should be an option by @EdamAme-x in #3177

Full Changelog: v4.5.1...v4.5.2

v4.5.1

What's Changed

• chore: remove rimraf and use bun shell by @nakasyou in #3146
• chore: moving the setup file of vitest by @EdamAme-x in #3157
• fix(middleware/jwt): Changed the jwt-secret type to SignatureKey by @JulesVerner in #3167
• feat(bearer-auth): Allow empty bearer-auth middleware prefixes by @prevostc in #3161
• chore(factory): remove @experimental from createApp by @yusukebe in #3164
• fix(client): support array values for query in ws by @yusukebe in #3169
• fix(validator): ignore content-type mismatches by @yusukebe in #3165

New Contributors

• @JulesVerner made their first contribution in #3167
• @prevostc made their first contribution in #3161

Full Changelog: v4.5.0...v4.5.1

v4.5.0

Hono v4.5.0 is now available!

We have added three new built-in middleware. Now Hono is bringing 20 built-in middleware!

1. Basic Authentication
2. Bearer Authentication
3. Body Limit
4. Cache
5. Combine
6. Compress
7. CORS
8. CSRF Protection
9. ETag
10. IP Restriction
11. JSX Renderer
12. JWT
13. Logger
14. Method Override
15. Pretty JSON
16. Request ID
17. Secure Headers
18. Timeout
19. Timing
20. Trailing Slash

Amazing! These truly make Hono batteries-included framework.

Let's go through the new features in this release.

IP Restrict Middleware

Introducing IP Restrict Middleware. This middleware limits access to resources based on the IP address of the user.

import { Hono } from 'hono'
import { getConnInfo } from 'hono/bun'
import { ipRestriction } from 'hono/ip-restriction'

const app = new Hono()

app.use(
  '*',
  ipRestriction(getConnInfo, {
    denyList: [],
    allowList: ['127.0.0.1', '::1']
  })
)

Thanks @nakasyou!

Combine Middleware

Introducing Combine Middleware. This middleware combines multiple middleware functions into a single middleware, allowing you to create complex access controls by combining it with middleware like IP Restriction.

import { Hono } from 'hono'
import { bearerAuth } from 'hono/bearer-auth'
import { getConnInfo } from 'hono/cloudflare-workers'
import { every, some } from 'hono/combine'
import { ipRestriction } from 'hono/ip-restriction'
import { rateLimit } from '@/my-rate-limit'

const app = new Hono()

app.use(
  '*',
  some(
    every(ipRestriction(getConnInfo, { allowList: ['192.168.0.2'] }), bearerAuth({ token })),
    // If both conditions are met, rateLimit will not execute.
    rateLimit()
  )
)

app.get('/', (c) => c.text('Hello Hono!'))

Thanks @usualoma!

Request ID Middleware

Introducing Request ID Middleware. This middleware generates a unique ID for each request, which you can use in your handlers.

import { Hono } from 'hono'
import { requestId } from 'hono/request-id'

const app = new Hono()

app.use('*', requestId())

app.get('/', (c) => {
  return c.text(`Your request id is ${c.get('requestId')}`)
})

Thanks @ryuapp!

Service Worker Adapter

A Service Worker adapter has been added, making it easier to run Hono applications as Service Workers.

For example, the following code works perfectly in a browser!

import { Hono } from 'hono'
import { handle } from 'hono/service-worker'

const app = new Hono().basePath('/sw')
app.get('/', (c) => c.text('Hello World'))

self.addEventListener('fetch', handle(app))

Thanks @nakasyou!

Cloudflare Pages Middleware

The Cloudflare Pages adapter now includes a handleMiddleware function, allowing many Hono middleware to run as Cloudflare Pages middleware.

For example, to apply basic authentication, you can use the built-in middleware as shown below.

// functions/_middleware.ts
import { handleMiddleware } from 'hono/cloudflare-pages'
import { basicAuth } from 'hono/basic-auth'

export const onRequest = handleMiddleware(
  basicAuth({
    username: 'hono',
    password: 'acoolproject'
  })
)

Thanks @BarryThePenguin!

React 19 Compatibility

Hono JSX now supports React 19 compatible APIs.

For example, the following hooks have been added:

• useFormStatus()
• useActionState()
• useOptimistic()

Additionally, rendering metadata within the <head /> tag is now supported. You can include elements like <title>, <meta>, and <link> within your components.

import { Hono } from 'hono'
import { jsxRenderer } from 'hono/jsx-renderer'

const app = new Hono()

app.use(
  jsxRenderer(({ children }) => {
    return (
      <html>
        <head></head>
        <body>{children}</body>
      </html>
    )
  })
)

app.get('/top-page', (c) => {
  return c.render(
    <article>
      <title>Top Page!</title>
      <link rel="canonical" href="https://hono.dev/top-page" />
      <h1>Top Page</h1>
      <p>Hono is a great framework!</p>
    </article>
  )
})

The above will render the following HTML:

<!DOCTYPE html>
<html>
  <head>
    <title>Top Page!</title>
    <link rel="canonical" href="https://hono.dev/top-page" />
  </head>
  <body>
    <article>
      <h1>Top Page</h1>
      <p>Hono is a great framework!</p>
    </article>
  </body>
</html>

See all changes in this PR: #2960

Thanks @usualoma!

@hono/react-compat

Plus, with the new @hono/react-compat, you can alias the react or react-dom used in your project to hono/jsx without any configuration.

npm install react@npm:@hono/react-compat react-dom@npm:@hono/react-compat

Passing interface as Bindings/Variables

You can now pass interface to Bindings or Variables. This allows you to use the type definitions generated by the wrangler types command directly.

interface Env {
  MY_KV_NAMESPACE: KVNamespace
  MY_VAR: string
  MY_DB: D1Database
}

Previously, only type definitions using type could be passed to Bindings. Now, interfaces like the Env example above can be used with generics.

const app = new Hono<{
  Bindings: Env
}>()

Thanks @ottomated!

Other features

• JWT - use Signed Cookie in JWT Middleware #2989
• Vercel - add getConnInfo for Vercel Adapter #3085
• Lambda@Edge - add getConnInfo helper for Lambda@Edge #3099

All Updates

• feat(jsx/dom): export createRoot and hydrateRoot from jsx/dom/client as default by @usualoma in #2929
• feat(jsx/server): introduce jsx/dom/server module for compatibility with react-dom/server by @usualoma in #2930
• feat(jsx/dom): Improve compatibility React (useCallback, React.StrictMode) by @usualoma in #2944
• feat(jwt): Use Signed Cookie in JWT Middleware by @newarifrh in #2989
• React 19 compat by @yusukebe in #3048
• feat(adaptor): Remove unknown from AddressType by @yasuaki640 in #2958
• test(adapter/bun): fixed conninfo.test.ts by @yusukebe in #3059
• feat(jsx/dom): skip calculate children if props are the same by @usualoma in #3049
• feat(cloudflare-pages): Add Cloudflare Pages middleware handler by @BarryThePenguin in #3028
• fix(cloudflare-pages): Expose Cloudflare Pages type parameters by @BarryThePenguin in #3065
• fix(helper/conninfo): add undefined for AddressType by @yusukebe in #3112
• feat(middleware): Introduce IP Restriction Middleware by @nakasyou in #2813
• fix(ip-restriction): return the named function by @yusukebe in #3113
• feat(vercel): add getConnInfo for vercel adapter by @promer94 in #3085
• fix(vercel): remove deprecated address type by @ryuapp in #3115
• feat(lambda-edge): add getConnInfo helper for Lambda@Edge by @yasuaki640 in #3099
• feat: Introduce Service Worker Adapter by @nakasyou in #3062
• feat(middleware): introduce Request ID middleware by @ryuapp in #3082
• feat(middleware/combine): Introduce combine middleware by @usualoma in #2941
• feat(types): allow passing interfaces as Bindings / Variables by @ottomated in #3136
• chore: update comments in codes by @yusukebe in #3145
• fix(types): use ContextVariableMap in Context<any> by @yusukebe in #3134
• feat(jsx): add global attributes to interface definition by @yasuaki640 in #3142
• fix(types): remove slow types by @yusukebe in #3147
• Next by @yusukebe in #3144

New Contributors

• @newarifrh made their first contribution in #2989
• @BarryThePenguin made their first contribution in #3028
• @promer94 made their first contribution in #3085
• @ottomated made their first contribution in #3136

Full Changelog: v4.4.13...v4.5.0

v4.4.13

What's Changed

• chore: update benchmark by @yusukebe in #3102
• chore: replace tsx with Bun by @nakasyou in #3103
• refactor(http-status): remove unnecessary line of types and use common types by @EdamAme-x in #3110
• fix(jsx): redefine scope attribute as enum type by @yasuaki640 in #3118
• fix(types): allow string[] | File[] for RPC form value by @yusukebe in #3117
• fix(validator-types): type Alignment with Web Standards by @EdamAme-x in #3120
• fix(types): app.use(path, mw) return correct schema type by @yusukebe in #3128

Full Changelog: v4.4.12...v4.4.13

v4.4.12

What's Changed

• fix(aws-lambda): set cookies with comma is bugged by @NamesMT in #3084
• fix(types): infer path when chaining after use by @yusukebe in #3087
• chore: update outdated links in JSDoc by @ryuapp in #3089
• fix(jsx): changes behavior when download attribute is set to a boolean value. by @oon00b in #3094
• chore: add the triage label by @mvares in #3092
• feat(types): improve JSONParsed by @m-shaka in #3074
• fix(helper/streaming): remove slow types by @yusukebe in #3100
• chore(utils/jwt): add @module docs by @yusukebe in #3101

New Contributors

• @oon00b made their first contribution in #3094

Full Changelog: v4.4.11...v4.4.12