Skip to content

fix(deps): bump fastify from 5.6.2 to 5.8.4#66

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/fastify-5.8.4
Closed

fix(deps): bump fastify from 5.6.2 to 5.8.4#66
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/fastify-5.8.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 14, 2026

Bumps fastify from 5.6.2 to 5.8.4.

Release notes

Sourced from fastify's releases.

v5.8.4

Full Changelog: fastify/fastify@v5.8.3...v5.8.4

v5.8.3

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

New Contributors

Full Changelog: fastify/fastify@v5.8.2...v5.8.3

v5.8.2

What's Changed

New Contributors

... (truncated)

Commits
  • af92d0d Bumped v5.8.4
  • a3e77ce Bumped v5.8.3
  • 4e1db5b fix: gate host and protocol getters on proxy trust function
  • a22217f ci(lock-threads): use shared lock-threads workflow (#6592)
  • 1851f20 docs: update links (#6593)
  • 9cc5187 types: Allow port to be null in request type definition (#6589)
  • 722d83b docs: replace redirected npm.im http-errors link (#6588)
  • a1413de docs: fix incorrect code examples in Reply and Request reference (#6582)
  • d7f01b6 docs: clarify content-type parser/schema mismatch is outside threat model (#6...
  • a0649e9 docs: update syntax markdown, absolute paths and links (#6569)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
fix(deps): bump fastify from 5.6.2 to 5.8.4
a13a327 
Bumps [fastify](https://github.com/fastify/fastify) from 5.6.2 to 5.8.4.
- [Release notes](https://github.com/fastify/fastify/releases)
- [Commits](fastify/fastify@v5.6.2...v5.8.4)

---
updated-dependencies:
- dependency-name: fastify
  dependency-version: 5.8.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the 📦 Dependencies Pull requests that update a dependency file label Apr 14, 2026
@dependabot dependabot Bot requested a review from Proskynete as a code owner April 14, 2026 07:07
@dependabot dependabot Bot added the 📦 Dependencies Pull requests that update a dependency file label Apr 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 14, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA a13a327.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/fastify 5.8.4 🟢 8.5
Details
CheckScoreReason
Code-Review🟢 8Found 22/26 approved changesets -- score normalized to 8
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1030 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices🟢 5badge detected: Passing
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing🟢 10project is fuzzed
SAST🟢 4SAST tool is not run on all commits -- score normalized to 4

Scanned Files

  • package-lock.json

@github-actions github-actions Bot added the 🤩 size/xs Extra small PR (0-10 lines) label Apr 14, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 14, 2026

🐳 Docker Image Size Comparison

Branch Size
Base (main) 396MB
PR (dependabot/npm_and_yarn/fastify-5.8.4) 397MB

💡 Tip: Keep image size small using multi-stage builds and .dockerignore

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 23, 2026

Superseded by #77.

@dependabot dependabot Bot closed this Apr 23, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/fastify-5.8.4 branch April 23, 2026 07:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Proskynete Proskynete Awaiting requested review from Proskynete Proskynete is a code owner

Assignees

No one assigned

Labels

📦 Dependencies Pull requests that update a dependency file 🤩 size/xs Extra small PR (0-10 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants