Update dependency @hono/node-server to v2.0.10 #119

Open
renovate-bot wants to merge 1 commit from renovate/hono-node-server-2.x into main
Collaborator

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@hono/node-server 2.0.82.0.10 age adoption passing confidence

Release Notes

honojs/node-server (@​hono/node-server)

v2.0.10

Compare Source

Security fixes

This release includes a fix for the following security issue:

Unauthenticated memory-leak DoS via aborted WebSocket handshake

Affects: upgradeWebSocket. A WebSocket upgrade request with a missing or malformed Sec-WebSocket-Key header leaked the request's IncomingMessage and left a promise pending, even though no connection was established. Since the route is reachable pre-handshake without authentication, an attacker could flood it to gradually exhaust memory. GHSA-9mqv-5hh9-4cgg


Users of upgradeWebSocket are encouraged to upgrade to this version.

v2.0.9

Compare Source

What's Changed

  • fix(websocket): polyfill missing ErrorEvent global by @​otnc in #​371
  • fix(serve-static): correct Range header parsing edge cases by @​otnc in #​372
  • fix: recover complete request bodies after client disconnect by @​usualoma in #​375

New Contributors

Full Changelog: https://github.com/honojs/node-server/compare/v2.0.8...v2.0.9


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Adoption](https://docs.renovatebot.com/merge-confidence/) | [Passing](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | [@hono/node-server](https://github.com/honojs/node-server) | [`2.0.8` → `2.0.10`](https://renovatebot.com/diffs/npm/@hono%2fnode-server/2.0.8/2.0.10) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@hono%2fnode-server/2.0.10?slim=true) | ![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@hono%2fnode-server/2.0.10?slim=true) | ![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@hono%2fnode-server/2.0.8/2.0.10?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@hono%2fnode-server/2.0.8/2.0.10?slim=true) | --- ### Release Notes <details> <summary>honojs/node-server (@&#8203;hono/node-server)</summary> ### [`v2.0.10`](https://github.com/honojs/node-server/releases/tag/v2.0.10) [Compare Source](https://github.com/honojs/node-server/compare/v2.0.9...v2.0.10) #### Security fixes This release includes a fix for the following security issue: ##### Unauthenticated memory-leak DoS via aborted WebSocket handshake Affects: `upgradeWebSocket`. A WebSocket upgrade request with a missing or malformed `Sec-WebSocket-Key` header leaked the request's `IncomingMessage` and left a promise pending, even though no connection was established. Since the route is reachable pre-handshake without authentication, an attacker could flood it to gradually exhaust memory. [GHSA-9mqv-5hh9-4cgg](https://github.com/honojs/node-server/security/advisories/GHSA-9mqv-5hh9-4cgg) *** Users of `upgradeWebSocket` are encouraged to upgrade to this version. ### [`v2.0.9`](https://github.com/honojs/node-server/releases/tag/v2.0.9) [Compare Source](https://github.com/honojs/node-server/compare/v2.0.8...v2.0.9) #### What's Changed - fix(websocket): polyfill missing ErrorEvent global by [@&#8203;otnc](https://github.com/otnc) in [#&#8203;371](https://github.com/honojs/node-server/pull/371) - fix(serve-static): correct Range header parsing edge cases by [@&#8203;otnc](https://github.com/otnc) in [#&#8203;372](https://github.com/honojs/node-server/pull/372) - fix: recover complete request bodies after client disconnect by [@&#8203;usualoma](https://github.com/usualoma) in [#&#8203;375](https://github.com/honojs/node-server/pull/375) #### New Contributors - [@&#8203;otnc](https://github.com/otnc) made their first contribution in [#&#8203;371](https://github.com/honojs/node-server/pull/371) **Full Changelog**: <https://github.com/honojs/node-server/compare/v2.0.8...v2.0.9> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNTIuNCIsInVwZGF0ZWRJblZlciI6IjQzLjI1Mi40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJiYWNrZW5kIiwicmVub3ZhdGUiXX0=-->
renovate-bot force-pushed renovate/hono-node-server-2.x from 3ebf4ceead to 133a9f05e4 2026-07-16 06:00:39 +01:00 Compare
renovate-bot changed title from Update dependency @hono/node-server to v2.0.9 to Update dependency @hono/node-server to v2.0.10 2026-07-16 06:00:40 +01:00
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/hono-node-server-2.x:renovate/hono-node-server-2.x
git switch renovate/hono-node-server-2.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff renovate/hono-node-server-2.x
git switch renovate/hono-node-server-2.x
git rebase main
git switch main
git merge --ff-only renovate/hono-node-server-2.x
git switch renovate/hono-node-server-2.x
git rebase main
git switch main
git merge --no-ff renovate/hono-node-server-2.x
git switch main
git merge --squash renovate/hono-node-server-2.x
git switch main
git merge --ff-only renovate/hono-node-server-2.x
git switch main
git merge renovate/hono-node-server-2.x
git push origin main
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
MobiusReactor/TicTacToeV2!119
No description provided.