Skip to content

Bump elysia from 1.3.4 to 1.4.22#2

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/elysia-1.4.22
Closed

Bump elysia from 1.3.4 to 1.4.22#2
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/elysia-1.4.22

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 14, 2026

Copy link
Copy Markdown

Bumps elysia from 1.3.4 to 1.4.22.

Release notes

Sourced from elysia's releases.

1.4.22

What's Changed

Improvement:

  • #1655 decode single values in ArrayQuery by @​zoriya
  • use imperative check for replaceURLPath instead of allocating new URL
  • reduce ts-ignore/ts-expect-error on promise map handler

Bug fix:

  • #1671 mount produces incorrect URL path when Elysia instance has prefix option
  • elysiajs/elysia#1617, #1623 AOT compilation removes beforeHandle when using arrow function expression by @​tt-a1i
  • #1667 skip body parsing on mount with dynamic mode
  • #1662 custom thenable fallback in mapCompactResponse causing runtime crash with undefined variable by @​raunak-rpm
  • #1661, #1663 fix SSE double-wrapping bug when returning pre-formatted Response by @​raunak-rpm in
  • ValueError with summary missing types
  • Elysia not using Bun.routes by default

New Contributors

Full Changelog: elysiajs/elysia@1.4.21...1.4.22

1.4.21

What's Changed

Improvement:

Bug fix:

  • call Sucrose GC unref when possible (browser fallback)
  • add allowUnsafeValidationDetails to Standard Validator

New Contributors

Full Changelog: elysiajs/elysia@1.4.20...1.4.21

1.4.20

What's Changed

Improvement:

  • add ModelValidator.schema for accessing raw schema
  • #1636 add subscriptions to Elysia.ws context
  • #1638 unref Sucrose gc by @​akim-bow

Bug fix:

  • #1649 add null check for object properties (t.Record) by @​aymaneallaoui
  • #1646 use constant-time comparison for signed cookie verification by @​JNX03
  • #1639 compose: ReferenceError: "_r_r is not defined" when onError returns plain object & mapResponse exists
  • #1631 update Exact Mirror to 0.2.6

... (truncated)

Changelog

Sourced from elysia's changelog.

1.4.22 - 14 Jan 2026

Improvement:

  • use imperative check for replaceURLPath instead of allocating new URL
  • reduce ts-ignore/ts-expect-error on promise map handler
  • #1655 decode single values in ArrayQuery

Bug fix:

  • #1671 mount produces incorrect URL path when Elysia instance has prefix option
  • elysiajs/elysia#1617, #1623 AOT compilation removes beforeHandle when using arrow function expression
  • #1667 skip body parsing on mount with dynamic mode
  • #1662 custom thenable fallback in mapCompactResponse causing runtime crash with undefined variable
  • #1661, #1663 fix SSE double-wrapping bug when returning pre-formatted Response
  • ValueError with summary missing types
  • Elysia not using Bun.routes by default

1.4.21 - 4 Jan 2026

Improvement:

  • #1654 encode t.Date() to iso string
  • #1624 apply macros before merging hooks in group method

Bug fix:

  • call Sucrose GC unref when possible (browser fallback)
  • add allowUnsafeValidationDetails to Standard Validator

1.4.20 - 3 Jan 2026

Improvement:

  • add ModelValidator.schema for accessing raw schema
  • #1636 add subscriptions to Elysia.ws context
  • #1638 unref Sucrose gc

Bug fix:

  • #1649 add null check for object properties (t.Record)
  • #1646 use constant-time comparison for signed cookie verification
  • #1639 compose: ReferenceError: "_r_r is not defined" when onError returns plain object & mapResponse exists
  • #1631 update Exact Mirror to 0.2.6
  • #1630 enforce fetch to return MaybePromise

Bug fix:

  • Elysia.models broke when referencing non typebox model

1.4.19 - 13 Dec 2025

Security:

  • reject invalid cookie signature when using cookie rotation

Improvement

  • #1609 calling afterResponse with aot: false
  • #1607, #1606, #1139 data coercion on nested form data
  • #1604 save lazy compilation of Elysia.fetch for up to 45x performance improvement
  • #1588, #1587 add seen weakset during mergeDeep

... (truncated)

Commits
  • f027642 📘 doc: document changelog
  • 935efe2 Merge pull request #1657 from elysiajs/next
  • 131a452 📘 doc: 1.4.22
  • 4478914 🧹 chore: clean up code review feedback
  • 8c42013 Merge pull request #1655 from zoriya/patch-2
  • bc882d4 📘 doc: document changelog
  • 7f8f55c Merge branch 'main' into next
  • 4c28294 Merge pull request #1662 from raunak-rpm/feature/my-contribution
  • bb45335 📘 doc: document changelog
  • d097155 Merge branch 'main' into next
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for elysia since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [elysia](https://github.com/elysiajs/elysia) from 1.3.4 to 1.4.22.
- [Release notes](https://github.com/elysiajs/elysia/releases)
- [Changelog](https://github.com/elysiajs/elysia/blob/main/CHANGELOG.md)
- [Commits](elysiajs/elysia@1.3.4...1.4.22)

---
updated-dependencies:
- dependency-name: elysia
  dependency-version: 1.4.22
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 14, 2026
@dependabot @github

dependabot Bot commented on behalf of github Mar 10, 2026

Copy link
Copy Markdown
Author

Superseded by #19.

@dependabot dependabot Bot closed this Mar 10, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/elysia-1.4.22 branch March 10, 2026 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants