[Snyk] Upgrade fastify from 4.13.0 to 4.28.1

[gjovs]

Snyk has created this PR to upgrade fastify from 4.13.0 to 4.28.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 33 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2024-06-29.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-FINDMYWAY-8055229	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: fastify

• 4.28.1 - 2024-06-29
  

  What's Changed

  • [Backport 4.x] fix: server.listen listener is not cleanup properly by @ github-actions in #5523
  • [Backport 4.x] test: fix test finished earlier than expected by @ github-actions in #5541
  • fix(v4): update .npmignore by @ Eomm in #5538

  Full Changelog: v4.28.0...v4.28.1

• 4.28.0 - 2024-06-14
  

  What's Changed

  • test: fix closing - pipelining by @ climba03003 in #5486
  • refactor(backport v4.x): change reply.redirect() signature (#5483) by @ gurgunday in #5484
  • refactor(backport v4.x): hasRoute method comparison with case insensitive by @ SMNBLMRR in #5513
  • fix: (backport) Type inferrence with auxilliary hook handlers by @ aadito123 in #5518

  Full Changelog: v4.27.0...v4.28.0

• 4.27.0 - 2024-05-07
  Read more
• 4.26.2 - 2024-03-03
  

  What's Changed

  • fix: typo in module exports by @ lirantal in #5316
  • docs(ts): Fix links by @ rozzilla in #5308
  • fix: cb is not a function at fallbackErrorHandler by @ Uzlopak in #5317
  • feat: add a Firebase Functions step by step guide by @ lirantal in #5318
  • types: fix test failure by @ gurgunday in #5330
  • perf: use FifoMap to check contentType by @ gurgunday in #5331
  • docs(ecosystem): adds fastify-override to plugins list by @ matthyk in #5336
  • types: Export preClose hook types by @ matthyk in #5335
  • fix: database migration doc missing db connection code by @ nuhman in #5339
  • chore: Bump pnpm/action-setup from 2 to 3 by @ dependabot in #5341
  • chore: Bump xt0rted/markdownlint-problem-matcher from 2.0.0 to 3.0.0 by @ dependabot in #5342

  New Contributors

  • @ nuhman made their first contribution in #5339

  Full Changelog: v4.26.1...v4.26.2

• 4.26.1 - 2024-02-12
  

  What's Changed

  • docs(ecosystem): adds fastify-hana to the community plugins list by @ yoav0gal in #5289
  • docs: fix misattributed property parent in deprecation warning: request.elapsedTime by @ mscottnelson in #5299
  • chore: Bump lycheeverse/lychee-action from 1.8.0 to 1.9.3 by @ dependabot in #5300
  • chore: Bump actions/dependency-review-action from 3 to 4 by @ dependabot in #5301
  • chore(.gitignore): add .tap/ dir by @ Fdawgs in #5303
  • fix: amend error codes for latest avvio v8.3.0 by @ mcollina in #5309
  • fix(types): Request route options url add undefined by @ rozzilla in #5307
  • chore: add docs for tracing warnings by @ jsumners in #5310

  New Contributors

  • @ mscottnelson made their first contribution in #5299

  Full Changelog: v4.26.0...v4.26.1

• 4.26.0 - 2024-01-29
  Read more
• 4.25.2 - 2023-12-24
  

  What's Changed

  • fix: npm run test:watch by @ domdomegg in #5221
  • fix: always consume stream payloads when responding to 204 with no body by @ mcollina in #5231
  • docs: update setErrorHandler to explain not found behaviour by @ domdomegg in #5218

  New Contributors

  • @ domdomegg made their first contribution in #5221

  Full Changelog: v4.25.1...v4.25.2

• 4.25.1 - 2023-12-15
  

  What's Changed

  • fix: route constraints by @ climba03003 in #5207
  • fix: Better plugin name detection for FSTWRN002 by @ mcollina in #5209
  • chore: at-large project by @ Eomm in #5211

  Full Changelog: v4.25.0...v4.25.1

• 4.25.0 - 2023-12-13
• 4.24.3 - 2023-10-19
• 4.24.2 - 2023-10-15
• 4.24.1 - 2023-10-13
• 4.24.0 - 2023-10-11
• 4.23.2 - 2023-09-14
• 4.23.1 - 2023-09-13
• 4.23.0 - 2023-09-11
• 4.22.2 - 2023-09-01
• 4.22.1 - 2023-08-31
• 4.22.0 - 2023-08-27
• 4.21.0 - 2023-07-27
• 4.20.0 - 2023-07-17
• 4.19.2 - 2023-07-03
• 4.19.1 - 2023-07-02
• 4.19.0 - 2023-06-30
• 4.18.0 - 2023-06-09
• 4.17.0 - 2023-04-27
• 4.16.3 - 2023-04-26
• 4.16.2 - 2023-04-26
• 4.16.1 - 2023-04-26
• 4.16.0 - 2023-04-25
• 4.15.0 - 2023-03-20
• 4.14.1 - 2023-03-06
• 4.14.0 - 2023-03-03
• 4.13.0 - 2023-02-09

from fastify GitHub release notes

Commit messages

Package name: fastify

• ee0ae68 fix: update .npmignore (#5538)
• ca1987c test: fix test finished earlier than expected (#5540) (#5541)
• ff88853 fix: server.listen listener is not cleanup properly (#5522) (#5523)
• 4212551 Bumped v4.28.0
• db01168 auxilliary hook handler type fix + test fix (#5518)
• 1d7b955 refactor(backport v4.x): hasRoute method comparison with case insensitive (#5513)
• 369858d [Backport 4.x] refactor: change `reply.redirect()` signature (#5483) (#5484)
• d2d6d9a test: fix closing - pipelining (#5486)
• fe25981 Bumped v4.27.0
• 445e41a types: request route schema might be undefined (#5394)
• b8cbd33 feat: handle synchronous errors in errorHandler (#5445)
• bf64e47 feat: add mkcalendar and report methods (#5439)
• 6dbe833 update readme (#5442)
• f2835db feat: disable request logging (#5435)
• 8d66924 docs(guides/abort): suggest explicit use of the `aborted` property (#5438)
• bf5d447 docs: update indentation on snippet code (#5418)
• 345c85e chore: Bump lycheeverse/lychee-action from 1.9.3 to 1.10.0 (#5436)
• d643885 exclude node 14 and 16 on macos (#5433)
• 31f391d chore: Bump pino from 8.21.0 to 9.0.0 in the dependencies-major group (#5431)
• 20e3e35 `reply.getSerializationFunction` can return `undefined` (#5384)
• fea36e3 chore(ecosystem): Add Fastify asyncforge plugin (#5429)
• f9f0c9f chore: add new sponsor (#5424)
• 6258d8a docs: improve onError docs by specifying what the error handler is (#5358)
• 69dcea1 feat: adds webdav methods that require body & content type parsing (#5411)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs