faas-js-runtime
faas-js-runtime copied to clipboard
Published
20 hours ago •
nodeshift
nodeshift
[Snyk] Upgrade fastify from 4.21.0 to 5.4.0
Snyk has created this PR to upgrade fastify from 4.21.0 to 5.4.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.
-
The recommended version is 35 versions ahead of your current version.
-
The recommended version was released a month ago.
Issues fixed by the recommended upgrade:
| Issue | Score | Exploit Maturity | |
|---|---|---|---|
 |
Improper Validation of Specified Type of Input SNYK-JS-FASTIFY-9788069 |
315 | No Known Exploit |
 |
Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060 |
315 | No Known Exploit |
|
Regular Expression Denial of Service (ReDoS) SNYK-JS-FINDMYWAY-8055229 |
315 | No Known Exploit |
Release notes
Package name: fastify
-
5.4.0 - 2025-06-12
What's Changed
- test: mv routes-* from tap by @ jean-michelet in #6092
- test: mv skip-reply-send from tap by @ jean-michelet in #6094
- test: mv plugins from tap by @ jean-michelet in #6088
- fix(ci): ignore alternative runtime result by @ Eomm in #6125
- test: mv schema-* from tap by @ jean-michelet in #6093
- test: mv hooks-async from tap by @ jean-michelet in #6084
- fix(types): add missing version to request.routeOptions by @ inyourtime in #6126
- docs: remove fastify-sentry plugin by @ dnlup in #6131
- docs: add community plugins disclaimer by @ jean-michelet in #6132
- docs: use cross-platform compatible info emoji by @ Fdawgs in #6134
- perf: nits in reply.js by @ Cangit in #6136
- docs: join core team by @ jean-michelet in #6142
- docs: fix typo in hash.digest function by @ piotr-cz in #6145
- test: mv hooks from tap by @ jean-michelet in #6087
- test: improve issue 4959 unit test by @ Uzlopak in #6147
- chore: Bump markdownlint-cli2 from 0.17.2 to 0.18.1 by @ dependabot in #6150
- chore: remove dependencie tap and others updated by @ Tony133 in #6148
- fix: hook async flaky by @ ilteoood in #6155
- chore: Bump lycheeverse/lychee-action from 2.4.0 to 2.4.1 by @ dependabot in #6151
- chore: removing simple-get from allow-unsafe-regex by @ ilteoood in #6154
- chore: remove simple get on 404s test file by @ ilteoood in #6153
- chore: remove simple-get in handle-request.test.js by @ ilteoood in #6159
- chore: remove simple-get from url-rewriting by @ ilteoood in #6163
- chore: remove simple-get in report.test.js by @ ilteoood in #6157
- chore: remove simple-get from custom parser async by @ ilteoood in #6164
- chore: removed simple-get from mkcol tests by @ ilteoood in #6194
- chore: removed simple-get from proto-poisoning test by @ ilteoood in #6185
- ci: Added Node.js v24 by @ mcollina in #6113
- chore: removed simple-get from nullable validation test by @ ilteoood in #6191
- feat: configure errorhandler override by @ jean-michelet in #6104
- chore: remove simple-get from search test by @ ilteoood in #6158
- chore: remove simple get from secure with fallback test by @ ilteoood in #6162
- chore: removed simple-get from als test by @ ilteoood in #6187
- chore: remove simple-get from listen 4 by @ ilteoood in #6173
- fix: do not freeze request.routeOptions by @ mcollina in #6141
- chore: removed simple-get from sync-delay-request tests by @ ilteoood in #6212
- chore: removed simple-get from output-validation tests by @ ilteoood in #6213
- chore: removed simple-get from async-delay-request tests by @ ilteoood in #6211
- chore: removed simple-get from body-limit tests by @ ilteoood in #6209
- chore: removed simple-get from trust-proxy tests by @ ilteoood in #6205
- chore: removed simple-get from proppatch tests by @ ilteoood in #6200
- chore(ci): cleanup citgm.yml by @ Eomm in #6195
- chore: removed simple-get from https tests by @ ilteoood in #6197
- chore: removed simple-get from lock test by @ ilteoood in #6186
Full Changelog: v5.3.3...v5.4.0
-
5.3.3 - 2025-05-13
What's Changed
- docs: update Vercel section by @ leerob in #6046
- docs(ecosystem): add fastify-papr plugin by @ inaiat in #6051
- test: migrated helper and input validation to node test runner by @ ilteoood in #6074
- style: add "no comma-dangle" rule to eslint config and remove trailing commas by @ cecia234 in #6069
- test: migrate stream tests to node test runner by @ ilteoood in #6065
- test: logger response by @ ilteoood in #6055
- test: migrate schema feature to node test runner by @ ilteoood in #6066
- fix: Added more cases for JSON schema validation by @ mcollina in #6067
- test: migrated inject.test.js from tap to node:test by @ Tony133 in #6068
- test: migrated plugin 1 to node test runner by @ ilteoood in #6075
- ci: fix branch pattern by @ Eomm in #6090
- docs: added Jeasx to Ecosystem.md by @ jablonski in #6082
- test: mv promises from tap by @ jean-michelet in #6085
- refactor: node:http2 is always available by @ Cangit in #6073
- fix: update borp to 0.20.0. by @ lholmquist in #6091
- chore: Bump fluent-json-schema from 5.0.0 to 6.0.0 by @ dependabot in #6101
- chore: Bump tsd from 0.31.2 to 0.32.0 in the dev-dependencies-typescript group by @ dependabot in #6100
- test: migrated decorator.test.js from tap to node:test by @ Tony133 in #5957
- test: stabilize pipelining shutdown test with controlled close timing by @ jean-michelet in #6099
- test: migrated output-validation.test.js from tap to node:test by @ Tony133 in #6076
- test: remove tap from hooks-on ready file by @ IcaroSilvaFK in #6080
- test: mv hooks.on-listen from tap by @ jean-michelet in #6086
- ci: ignore scripts by @ Fdawgs in #6108
- docs: add a warning about
setErrorHandleroverriding a previously defined error handler on an encapsulated context by @ jean-michelet in #6097 - docs(ecosystem): remove
fastify-diagnostics-channelby @ inyourtime in #6117 - fix: internal function _addHook failure should be turned into the rejection app.ready is waiting for by @ jean-michelet in #6105
- test: replace removed request properties and update docs by @ inyourtime in #6111
- test: mv reply from tap by @ jean-michelet in #6089
- test: updated promises.test.js re-added the plan() method by @ Tony133 in #6057
- ci: add support to test release candidates by @ RafaelGSS in #6103
New Contributors
- @ leerob made their first contribution in #6046
- @ inaiat made their first contribution in #6051
- @ cecia234 made their first contribution in #6069
- @ jablonski made their first contribution in #6082
- @ lholmquist made their first contribution in #6091
- @ IcaroSilvaFK made their first contribution in #6080
Full Changelog: v5.3.2...v5.3.3
-
5.3.2 - 2025-04-18
⚠️ Security Release⚠️ Unfortunately, v5.3.1 did not include a complete fix for "Invalid content-type parsing could lead to validation bypass" and CVE-2025-32442. This is a follow-up patch to cover an edge case.
What's Changed
- docs: fix archived concurrently link to point to active repo by @ TimTeylor in #6063
- fix: treat space as a delimiter in content-type parsing by @ mcollina in #6064
New Contributors
- @ TimTeylor made their first contribution in #6063
Full Changelog: v5.3.1...v5.3.2
-
5.3.1 - 2025-04-18
⚠️ Security Release⚠️ What's Changed
- test: migrate logger options to node test runner by @ ilteoood in #6059
- test: migrate logger logging to node test runner by @ ilteoood in #6060
- test: convert custom parser 1 to node test runner by @ ilteoood in #6053
- test: custom querystring parser by @ ilteoood in #6054
- test: migrate stream 4 to node test runner by @ ilteoood in #6062
- test: migrate request logger to node test runner by @ ilteoood in #6058
- test: migrate custom parser 0 to node test runner by @ ilteoood in #6052
- test: migrate logger instantiation to node test runner by @ ilteoood in #6061
New Contributors
- @ ilteoood made their first contribution in #6059
Full Changelog
:tada: Snyk checks have passed. No issues have been found so far.
:white_check_mark: security/snyk check is complete. No issues have been found. (View Details)