build(deps): bump the fastify group across 1 directory with 2 updates by dependabot[bot] · Pull Request #431 · flex-development/sneusers

dependabot · 2026-04-03T20:44:25Z

Bumps the fastify group with 2 updates in the / directory: @fastify/static and fastify.

Updates @fastify/static from 8.1.1 to 9.1.3

Release notes

Sourced from @fastify/static's releases.

v9.1.3

What's Changed

fix: support wildcard prefixes with route params by @mcollina in fastify/fastify-static#576

Full Changelog: fastify/fastify-static@v9.1.2...v9.1.3

v9.1.2

What's Changed

fix: resolve wildcard paths in encapsulated contexts by @mcollina in fastify/fastify-static#574

Full Changelog: fastify/fastify-static@v9.1.1...v9.1.2

v9.1.1

⚠️ Security Release

This fixes CVE CVE-2026-6410 GHSA-pr96-94w5-mx2h. This fixes CVE CVE-2026-6414 GHSA-x428-ghpx-8j92.

What's Changed

ci: add lock-threads workflow by @Fdawgs in fastify/fastify-static#570

Full Changelog: fastify/fastify-static@v9.1.0...v9.1.1

v9.1.0

What's Changed

build(deps-dev): bump @types/node from 24.10.4 to 25.0.3 by @dependabot[bot] in fastify/fastify-static#552

test: move ignoreTrailingSlash under routerOptions by @lraveri in fastify/fastify-static#553

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in fastify/fastify-static#543

chore: bump pino and borp dependencies, delete stale.yml by @Tony133 in fastify/fastify-static#557

chore: update syntax typescript by @Tony133 in fastify/fastify-static#558

chore(license): standardise license notice by @Fdawgs in fastify/fastify-static#560

fix: sendFile ignoring option overrides in some cases by @bakugo in fastify/fastify-static#559

chore: upgrade c8 to v11.0.0 and improvements test by @Tony133 in fastify/fastify-static#564

build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @dependabot[bot] in fastify/fastify-static#566

New Contributors

@lraveri made their first contribution in fastify/fastify-static#553

@Tony133 made their first contribution in fastify/fastify-static#557

@bakugo made their first contribution in fastify/fastify-static#559

Full Changelog: fastify/fastify-static@v9.0.0...v9.1.0

v9.0.0

What's Changed

build(deps): bump content-disposition from 0.5.4 to 1.0.1 by @dependabot[bot] in fastify/fastify-static#547

Update glob@13 by @mcollina in fastify/fastify-static#550

... (truncated)

Commits

880c1a6 Bumped v9.1.3
7f92da5 fix: support wildcard prefixes with route params (#576)
b0a66d5 Bumped v9.1.2
32af863 fix: resolve wildcard paths in encapsulated contexts (#574)
48b136f Bumped v9.1.1
cc7b7f7 Merge commit from fork
9921faa Merge commit from fork
4183d2d ci: add lock-threads workflow (#570)
a3a8cd6 Bumped v9.1.0
8423c80 build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#566)
Additional commits viewable in compare view

Updates fastify from 5.3.2 to 5.8.5

Release notes

Sourced from fastify's releases.

v5.8.5

⚠️ Security Release

This fixes CVE CVE-2026-33806 GHSA-247c-9743-5963.

What's Changed

chore: Fix port parsing by @jsumners in fastify/fastify#6603

chore: upgrade to typescript v6.0.2 by @Tony133 in fastify/fastify#6605

fix: restore trustProxy function for number and string types, add null check for socketAddr by @mcollina in fastify/fastify#6613

ci: reduce cron scheduled workflows from daily/weekly to monthly by @Fdawgs in fastify/fastify#6623

chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @dependabot[bot] in fastify/fastify#6629

chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by @dependabot[bot] in fastify/fastify#6632

chore: Bump borp from 0.21.0 to 1.0.0 by @dependabot[bot] in fastify/fastify#6633

chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @dependabot[bot] in fastify/fastify#6630

docs(ecosystem): add @pompelmi/fastify-plugin by @SonoTommy in fastify/fastify#6610

New Contributors

@SonoTommy made their first contribution in fastify/fastify#6610

Full Changelog: fastify/fastify@v5.8.4...v5.8.5

v5.8.4

Full Changelog: fastify/fastify@v5.8.3...v5.8.4

v5.8.3

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

docs(readme): add @Tony133 to plugin team by @Tony133 in fastify/fastify#6565

Updated Plugins-Guide.md; Changed "fastify" to "instance" during plugin registration to showcase that it's added as a child by @kyrylchenko in fastify/fastify#6566

test: use fastify.test in test case by @climba03003 in fastify/fastify#6568

docs: use fastify.example in documentation by @climba03003 in fastify/fastify#6567

docs: add common performance degradation guidance by @maxpetrusenko in fastify/fastify#6520

docs(server): fix camelCase anchor links in TOC by @Deepvamja in fastify/fastify#6530

ci(link-checker): fix root-relative links resolution by @barba-rossa in fastify/fastify#6535

docs: update syntax markdown, absolute paths and links by @Tony133 in fastify/fastify#6569

docs: clarify content-type parser/schema mismatch is outside threat model by @mcollina in fastify/fastify#6537

docs: fix incorrect code examples in Reply and Request reference by @mahmoodhamdi in fastify/fastify#6582

docs: replace redirected npm.im http-errors link by @mcollina in fastify/fastify#6588

types: Allow port to be null in request type definition by @TristanBarlow in fastify/fastify#6589

docs: update links by @Tony133 in fastify/fastify#6593

ci(lock-threads): use shared lock-threads workflow by @Fdawgs in fastify/fastify#6592

New Contributors

@kyrylchenko made their first contribution in fastify/fastify#6566

@maxpetrusenko made their first contribution in fastify/fastify#6520

@Deepvamja made their first contribution in fastify/fastify#6530

@barba-rossa made their first contribution in fastify/fastify#6535

... (truncated)

Commits

3983cce Bumped v5.8.5
3ce3ae6 Merge commit from fork
b06a196 docs(ecosystem): add @pompelmi/fastify-plugin (#6610)
909c5d5 chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#6630)
4db21a3 chore: Bump borp from 0.21.0 to 1.0.0 (#6633)
0f4e544 chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (#6632)
33a2fcd chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (#6629)
fd35d82 ci: reduce cron schedules from daily/weekly to monthly (#6623)
8dee9be fix: restore trustProxy function for number and string types, add null check ...
d457aed chore: upgrade to typescript v6.0.2 (#6605)
Additional commits viewable in compare view

Bumps the fastify group with 2 updates in the / directory: [@fastify/static](https://github.com/fastify/fastify-static) and [fastify](https://github.com/fastify/fastify). Updates `@fastify/static` from 8.1.1 to 9.1.3 - [Release notes](https://github.com/fastify/fastify-static/releases) - [Commits](fastify/fastify-static@v8.1.1...v9.1.3) Updates `fastify` from 5.3.2 to 5.8.5 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.3.2...v5.8.5) --- updated-dependencies: - dependency-name: "@fastify/static" dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: fastify - dependency-name: fastify dependency-version: 5.8.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: fastify ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added scope:dependencies dependency updates type:build changes to the build system or external dependencies labels Apr 3, 2026

github-project-automation Bot added this to @flex-development/sneusers Apr 3, 2026

github-project-automation Bot moved this to 🆕 New in @flex-development/sneusers Apr 3, 2026

flex-development Bot enabled auto-merge (squash) April 3, 2026 20:44

dependabot Bot force-pushed the dependabot/bun/fastify-4d5290aecd branch 3 times, most recently from ecd267e to 049a711 Compare April 16, 2026 23:14

dependabot Bot changed the title ~~build(deps): bump the fastify group with 2 updates~~ build(deps): bump the fastify group across 1 directory with 2 updates May 5, 2026

dependabot Bot force-pushed the dependabot/bun/fastify-4d5290aecd branch 2 times, most recently from 4ba2374 to 2a2864d Compare May 5, 2026 00:35

dependabot Bot force-pushed the dependabot/bun/fastify-4d5290aecd branch from 2a2864d to e702532 Compare May 13, 2026 20:45

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the fastify group across 1 directory with 2 updates#431

build(deps): bump the fastify group across 1 directory with 2 updates#431
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/fastify-4d5290aecd

dependabot Bot commented on behalf of github Apr 3, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 3, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v9.1.3

What's Changed

v9.1.2

What's Changed

v9.1.1

⚠️ Security Release

What's Changed

v9.1.0

What's Changed

New Contributors

v9.0.0

What's Changed

v5.8.5

⚠️ Security Release

What's Changed

New Contributors

v5.8.4

v5.8.3

⚠️ Security Release

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 3, 2026 •

edited

Loading