chore(deps): bump hono from 4.11.7 to 4.11.10 in /server

[dependabot]

Bumps hono from 4.11.7 to 4.11.10.

Release notes

Sourced from hono's releases.

v4.11.10

What's Changed

• fix: fixed to be more properly timing safe (Merge commit from fork 91def7ca)

Full Changelog: honojs/hono@v4.11.9...v4.11.10

v4.11.9

What's Changed

• fix(url): ignore fragment identifiers in getPath() by @​sano-suguru in honojs/hono#4627
• fix: determine if rendered or not by node.vC[0] instead of referring to node.pP by @​usualoma in honojs/hono#4663

Full Changelog: honojs/hono@v4.11.8...v4.11.9

v4.11.8

What's Changed

• fix(jsx): preserve context when using await before html helper by @​kaigritun in honojs/hono#4662
• fix(bearer-auth): make auth-scheme case-insensitive by @​bytaesu in honojs/hono#4659

New Contributors

• @​kaigritun made their first contribution in honojs/hono#4662

Full Changelog: honojs/hono@v4.11.7...v4.11.8

Commits

• a40d210 4.11.10
• 91def7c Merge commit from fork
• 8b17935 test(types): add regression tests for #4388 (routes before .use() with explic...
• 4a03f4f doc(jwt): mark options.secret as required in JSDoc (#4718)
• 7300551 chore(ci): bump typescript-go to the latest (#4716)
• 4b29780 chore: update Zod import examples to use namespace imports (#4715)
• 69ad885 4.11.9
• 3d536ff fix: determine if rendered or not by node.vC[0] instead of referring to `no...
• 0c1d4c7 fix(url): ignore fragment identifiers in getPath() (#4627)
• 5ca5c3e 4.11.8
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Upgrade server to Hono 4.11.10 to pick up a timing‑safe fix and several minor bug fixes in URL handling, bearer auth, and JSX rendering. Improves security and reliability with no breaking changes.

• Dependencies
  • Bump hono from 4.11.7 to 4.11.10.
  • Notable fixes: timing‑safe comparisons, ignore URL fragments in getPath(), case‑insensitive bearer auth, JSX render checks and context preservation.

^{Written for commit 343c590. Summary will update on new commits.}

Greptile Summary

This PR updates the hono dependency from version 4.11.7 to 4.11.10 in the server package.

Key Changes

Bug fixes

• Fixed timing-safe comparison for improved security (v4.11.10)
• Fixed URL fragment identifier handling in getPath() (v4.11.9)
• Fixed JSX rendering determination logic using node.vC[0] instead of node.pP (v4.11.9)
• Fixed JSX context preservation when using await before html helper (v4.11.8)
• Fixed bearer auth scheme to be case-insensitive (v4.11.8)

This is a standard patch-level dependency update with bug fixes and security improvements. The changes are backward-compatible and include important security enhancements related to timing-safe comparisons.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk - standard patch-level dependency update
• This is an automated dependency update from Dependabot that bumps Hono from 4.11.7 to 4.11.10, a patch-level update with bug fixes and security improvements. The changes include timing-safe comparison fixes (security improvement), JSX rendering improvements, bearer auth case-insensitivity fixes, and URL fragment handling fixes. All changes are backward-compatible with no breaking changes.
• No files require special attention

Important Files Changed

Filename	Overview
server/package.json	Updated hono from 4.11.7 to 4.11.10 - includes timing-safe comparison fix, JSX rendering improvements, and bearer auth case-insensitivity fix

_{Last reviewed commit: 15d1aed}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
autumn-vite	Ready	Preview, Comment	Feb 22, 2026 4:24pm

[cubic-dev-ai]

No issues found across 1 file

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.