Skip to content

Bump h3 from 2.0.1-rc.22 to 2.0.1-rc.23#8496

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/h3-2.0.1-rc.23
Open

Bump h3 from 2.0.1-rc.22 to 2.0.1-rc.23#8496
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/h3-2.0.1-rc.23

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown
Contributor

Bumps h3 from 2.0.1-rc.22 to 2.0.1-rc.23.

Release notes

Sourced from h3's releases.

v2.0.1-rc.23

compare changes

🚀 Enhancements

  • proxy: Support client aborts (#1417)
  • ws: Allow optional HTTP handling in defineWebSocketHandler (#1425)
  • Export resolveDotSegments as a public path utility (#1428, #1430)
  • readBody: Support formdata type (#1164)

🩹 Fixes

  • sanitizeStatusCode: Return default for non-numeric input instead of NaN (#1420)
  • auth: Reject Basic credentials with no colon separator (#1393)
  • sse: Ignore pushes after stream close (#1411)
  • proxy: Ignore incoming accept-encoding header (#1423)
  • cache: handleCacheHeaders ignores multi-value If-None-Match header (#1395)
  • serve-static: Compare if-modified-since at whole-second precision (#1394)
  • request: Parse first entry of comma-list x-forwarded-proto header (#1413)
  • serve-static: Check the response (not request) for an existing content-length (#1391)
  • cors: Merge Vary headers when both origin and allow-headers emit vary (#1396)
  • writeEarlyHints: Normalize Link key to prevent hanging with Node.js (#1385)
  • event: Return 400 for malformed percent-encoded request URLs (#1424)
  • mount: Restore pathname on error with try/finally (#1319)
  • serve-static: Decode the resolved id before lookup (#1431)
  • request: Shadow parsed _url in requestWithURL proxy (d21d93c)
  • event: Clone URL for pathname normalization instead of mutating shared _url (a1cf066)
  • adapters: Sync raw node req.url with event.url in fromNodeHandler (#1433)

💅 Refactors

  • validate: Drop always-true if (validate.body) guard in body proxy (#1392)

📖 Documentation

  • proxy: Add note about reading body (7eb018e)
  • Fix decode function name in router param helpers (#1419)
  • session: Note secure cookie limitation over local HTTP (#1409)
  • Document the session name option for multiple sessions (#1405)
  • Add arkstack framework to community section (#1382)
  • ws: Use zero-config crossws server plugin (#1427)

🌊 Types

  • Expose .crossws on defineWebSocketHandler return type (#1435)

✅ Tests

  • Cover zod schema query validation types (#1404)
  • Cover cloned pipeable node responses (#1414)

... (truncated)

Changelog

Sourced from h3's changelog.

v2.0.1-rc.23

compare changes

🚀 Enhancements

  • proxy: Support client aborts (#1417)
  • ws: Allow optional HTTP handling in defineWebSocketHandler (#1425)
  • Export resolveDotSegments as a public path utility (#1428)
  • readBody: Support formdata type (#1164)

🩹 Fixes

  • sanitizeStatusCode: Return default for non-numeric input instead of NaN (#1420)
  • auth: Reject Basic credentials with no colon separator (#1393)
  • sse: Ignore pushes after stream close (#1411)
  • proxy: Ignore incoming accept-encoding header (#1423)
  • cache: HandleCacheHeaders ignores multi-value If-None-Match header (#1395)
  • serve-static: Compare if-modified-since at whole-second precision (#1394)
  • request: Parse first entry of comma-list x-forwarded-proto header (#1413)
  • serve-static: Check the response (not request) for an existing content-length (#1391)
  • cors: Merge Vary headers when both origin and allow-headers emit vary (#1396)
  • writeEarlyHints: Normalize Link key to prevent hanging with Node.js (#1385)
  • event: Return 400 for malformed percent-encoded request URLs (#1424)
  • mount: Restore pathname on error with try/finally (#1319)
  • serve-static: Decode the resolved id before lookup (#1431)
  • request: Shadow parsed _url in requestWithURL proxy (d21d93c)
  • event: Clone URL for pathname normalization instead of mutating shared _url (a1cf066)
  • adapters: Sync raw node req.url with event.url in fromNodeHandler (#1433)

💅 Refactors

  • validate: Drop always-true if (validate.body) guard in body proxy (#1392)
  • Leftover changes from #1428 (#1430, #1428)

📖 Documentation

  • proxy: Add note about reading body (7eb018e)
  • Fix decode function name in router param helpers (#1419)
  • session: Note secure cookie limitation over local HTTP (#1409)
  • Document the session name option for multiple sessions (#1405)
  • Add arkstack framework to community section (#1382)
  • ws: Use zero-config crossws server plugin (#1427)

🌊 Types

  • Expose .crossws on defineWebSocketHandler return type (#1435)

🏡 Chore

... (truncated)

Commits
  • 1371ad8 chore(release): v2.0.1-rc.23
  • 78e7152 chore: update deps
  • e12c0e8 feat(readBody): support formdata type (#1164)
  • 1ff4999 types: expose .crossws on defineWebSocketHandler return type (#1435)
  • 8786f23 fix(adapters): sync raw node req.url with event.url in fromNodeHandler (#1433)
  • a1cf066 fix(event): clone URL for pathname normalization instead of mutating shared _url
  • 8410ec9 test(event): assert req.url reflects normalization per runtime
  • 4a218a8 test(event): cover shared _url normalization semantics
  • d21d93c fix(request): shadow parsed _url in requestWithURL proxy
  • 8a380f1 fix(serve-static): decode the resolved id before lookup (#1431)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [h3](https://github.com/h3js/h3) from 2.0.1-rc.22 to 2.0.1-rc.23.
- [Release notes](https://github.com/h3js/h3/releases)
- [Changelog](https://github.com/h3js/h3/blob/main/CHANGELOG.md)
- [Commits](h3js/h3@v2.0.1-rc.22...v2.0.1-rc.23)

---
updated-dependencies:
- dependency-name: h3
  dependency-version: 2.0.1-rc.23
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants