build(deps): bump hono from 4.12.1 to 4.12.3

[dependabot]

Bumps hono from 4.12.1 to 4.12.3.

Release notes

Sourced from hono's releases.

v4.12.3

What's Changed

• fix(validator): prevent type diff bug in form data parsing by @​EdamAme-x in honojs/hono#4753
• fix(jwt): use Math.floor instead of bitwise OR for safe timestamp by @​EdamAme-x in honojs/hono#4754
• fix(jwt): fix JwtVariables for ContextVariableMap by @​yusukebe in honojs/hono#4764
• fix(types): remove DOM type dependencies from ClientResponse and request method by @​YevheniiKotyrlo in honojs/hono#4768
• fix(types): correct middleware types by @​hmnd in honojs/hono#4774
• fix(jwt): prevent memory leak by avoiding mutation of options object by @​EdamAme-x in honojs/hono#4759

New Contributors

• @​YevheniiKotyrlo made their first contribution in honojs/hono#4768
• @​hmnd made their first contribution in honojs/hono#4774

Full Changelog: honojs/hono@v4.12.2...v4.12.3

v4.12.2

Security fix

Fixed incorrect handling of X-Forwarded-For in the AWS Lambda adapter behind ALB that could allow IP-based access control bypass. The detail: GHSA-xh87-mx6m-69f3

Thanks @​EdamAme-x

What's Changed

• fix(context): revert PR #4707 by @​yusukebe in honojs/hono#4757

Full Changelog: honojs/hono@v4.12.1...v4.12.2

Commits

• 790c57b 4.12.3
• bda46ac fix(jwt): prevent memory leak by avoiding mutation of options object (#4759)
• 0f505f4 fix(types): correct middleware types (#4774)
• eb9c112 fix(types): remove DOM type dependencies from ClientResponse and request meth...
• b1df304 fix(jwt): fix JwtVariables for ContextVariableMap (#4764)
• e4602ad fix(jwt): use Math.floor instead of bitwise OR for safe timestamp (#4754)
• 4bb70fa fix(validator): prevent type diff bug in form data parsing (#4753)
• df97e5f 4.12.2
• 212c64f fix(context): revert PR #4707 (#4757)
• 5cc8f8f ci: apply automated fixes
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Upgrade Hono from 4.12.1 to 4.12.3 to pick up a security fix and multiple bug fixes. Improves JWT handling, form-data validation, and type safety with no app code changes.

• Dependencies
  • Update hono to 4.12.3.
  • Security: fixes X-Forwarded-For handling in the AWS Lambda adapter behind ALB.
  • JWT: prevents a memory leak and uses safe timestamp calculation; fixes ContextVariableMap types.
  • Validator: fixes a form-data type parsing bug.
  • Types: removes DOM type dependencies and corrects middleware types.

^{Written for commit 9b052a9. Summary will update on new commits.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
kuest-auth	Ready	Preview	Feb 27, 2026 5:51pm

[cubic-dev-ai]

No issues found across 1 file