chore(deps): bump elysia from 1.4.21 to 1.4.28

[dependabot]

Bumps elysia from 1.4.21 to 1.4.28.

Release notes

Sourced from elysia's releases.

1.4.28

What's new

Feature:

• #1803 stream response with pull based backpressure
• #1802 handle range header for file/blob response
• #1722, #1741 direct ReadableStream perf blow-up

Bug fix:

• #1805 dynamic imports inside .guard not registering routes
• #1771 breaks Bun HTML imports
• #1797 await mapped error response promise
• #1794 merge app cookie config into route cookie validator config
• #1796 check custom parser by full name
• #1795 write transformed cookie value to cookie entry directly
• #1793 use cookie schema for cookie noValidate check
• #1792 throw ValidationError instead of boolean in response encode path
• detect HTML bundle when inline response is Promise

Change:

• #1613 export ElysiaTypeCustomErrors
• remove Bun specific built
• export AnySchema, UnwrapSchema, ModelsToTypes from root
• conditional set headers of String and Object when no set.headers is set

New Contributors

• @​MegaManSec made their first contribution in elysiajs/elysia#1797
• @​ap0nia made their first contribution in elysiajs/elysia#1613

Full Changelog: elysiajs/elysia@1.4.27...1.4.28

1.4.27

What's changed

Bug fix:

• getSchemaValidator: handle TypeBox as sub type
• handle cookie prototype pollution when parsing cookie

Improvement:

• conditional async on getSchemaValidator when schema is Standard Schema
• use Response.json on Bun
• export AnySchema, UnwrapSchema, ModelsToTypes from root

Full Changelog: elysiajs/elysia@1.4.26...1.4.27

1.4.26

What's changed

Bug fix:

• #1755 deduplicate local handler from global event

... (truncated)

Changelog

Sourced from elysia's changelog.

1.4.28 - 17 Mar 2025

Feature:

• #1803 stream response with pull based backpressure
• #1802 handle range header for file/blob response
• #1722, #1741 direct ReadableStream perf blow-up

Bug fix:

• #1805 dynamic imports inside .guard not registering routes
• #1771 breaks Bun HTML imports
• #1797 await mapped error response promise
• #1794 merge app cookie config into route cookie validator config
• #1796 check custom parser by full name
• #1795 write transformed cookie value to cookie entry directly
• #1793 use cookie schema for cookie noValidate check
• #1792 throw ValidationError instead of boolean in response encode path
• detect HTML bundle when inline response is Promise

Change:

• #1613 export ElysiaTypeCustomErrors
• remove Bun specific built
• export AnySchema, UnwrapSchema, ModelsToTypes from root
• conditional set headers of String and Object when no set.headers is set

1.4.27 - 1 Mar 2026

Bug fix:

• getSchemaValidator: handle TypeBox as sub type
• handle cookie prototype pollution when parsing cookie

Improvement:

• conditional async on getSchemaValidator when schema is Standard Schema
• use Response.json on Bun

1.4.26 - 25 Feb 2026

Bug fix:

• #1755 deduplicate local handler from global event
• #1752 system router with trailing path doesn't match with non-trailing
• url format redos
• #1747 parsing request from mount hang

1.4.25 - 12 Feb 2026

Feature:

• export ElysiaStatus

Bug fix:

• macro with conflict literal value per status
• recursive macro with conflict value per status

1.4.24 - 11 Feb 2026

Feature:

• graceful unsigned cookie transition

... (truncated)

Commits

• 56310be 📘 doc: document changelog
• 708f8c6 📘 doc: document changelog
• 7acc183 Merge pull request #1613 from ap0nia/feat/extend-errors
• c00b9e3 Merge branch 'main' of https://github.com/elysiajs/elysia
• ccbd9e4 📘 fix: #1772 resolve merge conflict
• 01340b7 Merge pull request #1792 from MegaManSec/j1
• 0956af9 Merge pull request #1793 from MegaManSec/j2
• b48ade6 📘 doc: update changelog
• b329314 Merge branch 'main' of https://github.com/elysiajs/elysia
• 32b531a 📘 doc: update changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

PR Compliance Checks

Thank you for your Pull Request! We have run several checks on this pull request in order to make sure it's suitable for merging into this project. The results are listed in the following section.

Issue Reference

In order to be considered for merging, the pull request description must refer to a specific issue number. This is described in our Contributing Guide. We are closing this pull request for now but you can update the pull request description and reopen the pull request.
The check is looking for a phrase similar to: "Fixes #XYZ" or "Resolves #XYZ" where XYZ is the issue number that this PR is meant to address.