chore(deps): update dependency fastify to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
fastify (source)	^3.29.5 -> ^5.0.0

---

Release Notes

fastify/fastify (fastify)

v5.6.2

Compare Source

v5.6.1

Compare Source

What's Changed

• fix: fix typo of deprecation warning FSTDEP022 by @​Uzlopak in #​6313
• docs(decorators): fix TypeScript inconsistency by @​emicovi in #​6224
• chore: fix typos by @​deining in #​6316
• docs(security): add secondary contact/security escalation policy by @​UlisesGascon in #​6315
• chore(gha): remove benchmark github workflows by @​Eomm in #​6322
• chore(sponsor): add lambdatest by @​Eomm in #​6324
• fix: (types) allow FastifySchemaValidationError[] as an error by @​gurgunday in #​6326
• fix: correct session.close() context in http2 timeout handler by @​David-van-der-Sluijs in #​6327
• fix: close http2 sessions on close server by @​kostyak127 in #​6137

New Contributors

• @​deining made their first contribution in #​6316
• @​UlisesGascon made their first contribution in #​6315
• @​David-van-der-Sluijs made their first contribution in #​6327
• @​kostyak127 made their first contribution in #​6137

Full Changelog: fastify/fastify@v5.6.0...v5.6.1

v5.6.0

Compare Source

What's Changed

• fix: update typescript pino type to pick by @​dancastillo in #​6287
• feat(types): router option types by @​dancastillo in #​6282
• fix(types): Fix use of "esModuleInterop: false" by @​joshkel in #​6292
• docs: fix typo in Reference: TypeScript.md by @​hmanzoni in #​6302
• docs: clarify router performance note by @​Prasad2604 in #​6306

New Contributors

• @​joshkel made their first contribution in #​6292
• @​hmanzoni made their first contribution in #​6302
• @​Prasad2604 made their first contribution in #​6306

Full Changelog: fastify/fastify@v5.5.0...v5.6.0

v5.5.0

Compare Source

What's Changed

• docs: fix markdown linting issue by @​Uzlopak in #​6175
• chore: removed simple-get from mkcalendar tests by @​ilteoood in #​6199
• chore: removed simple-get from versioned-routes tests by @​ilteoood in #​6202
• chore: removed simple-get from hooks tests by @​ilteoood in #​6210
• fix: close pipelining test by @​ilteoood in #​6204
• chore: removed simple-get from unlock test by @​ilteoood in #​6178
• chore: removed simple-get from use-semicolon-delimiter tests by @​ilteoood in #​6203
• chore: removed simple-get from custom-https-server tests by @​ilteoood in #​6201
• chore: remove simple-get from custom parser 5 by @​ilteoood in #​6172
• chore: removed simple-get from head tests by @​ilteoood in #​6196
• chore: removed simple-get from request id tests by @​ilteoood in #​6193
• chore: remove simple get from custom parser 1 by @​ilteoood in #​6167
• chore: removed simple-get from custom-parser-0 by @​ilteoood in #​6168
• chore: remove simple-get from custom parser 2 by @​ilteoood in #​6169
• chore: remove simple-get from custom parser 4 by @​ilteoood in #​6171
• chore: removed simple-get from promises test by @​ilteoood in #​6183
• chore: removed simple-get from move test by @​ilteoood in #​6179
• chore: remove simple-get from custom querystring parser by @​ilteoood in #​6166
• chore: remove simple-get from propfind by @​ilteoood in #​6174
• chore: removed simple-get from case insensitive test by @​ilteoood in #​6188
• chore: remove simple get from async-await tests by @​ilteoood in #​6165
• chore: removed simple-get from header overflow test by @​ilteoood in #​6190
• chore: removed simple-get from check test by @​ilteoood in #​6176
• chore: removed simple-get from async hooks test by @​ilteoood in #​6189
• feat(types): export more schema related types by @​marcalexiei in #​6207
• chore: removed simple-get from copy tests by @​ilteoood in #​6198
• chore: removed simple-get from request-error test by @​ilteoood in #​6184
• chore: removed simple-get from decorator tests by @​ilteoood in #​6192
• ci: pin third-party actions to commit-hash by @​Fdawgs in #​6218
• fix: close fastify instance by @​ilteoood in #​6177
• chore(license): replace date range by @​Fdawgs in #​6219
• chore: removed simple-get from plugin-1 test by @​ilteoood in #​6180
• chore: removed simple-get from plugin-2 test by @​ilteoood in #​6181
• chore: removed simple-get from plugin-3 test by @​ilteoood in #​6182
• chore: remove simple get from reply test by @​ilteoood in #​6160
• feat(types): add missing error types by @​davidwood in #​6217
• docs: setErrorHandler description by @​AlvesJorge in #​6227
• docs: fix onError hook execution order documentation by @​emicovi in #​6225
• fix: handle abort signal in fastify.listen by @​climba03003 in #​6235
• feat: prepare to use Promise.withResolvers by @​climba03003 in #​6232
• docs: updated SECURITY.md by @​Eomm in #​6233
• fix(docs): fix markdown to exclude leading parenthesis by @​IanWoodard in #​6238
• ci: fix thollander/actions-comment-pull-request commit-hash by @​Fdawgs in #​6244
• docs(routes): add payload to preParsing signature by @​callmehiphop in #​6240
• docs(ecosystem): add fastify-route-preset plugin by @​inyourtime in #​6220
• chore: remove simple get from async request, get and register... by @​ilteoood in #​6246
• docs: improve custom validator documentation for async hooks by @​emicovi in #​6228
• chore: remove simple get from route shorthand by @​ilteoood in #​6245
• chore: Bump @​stylistic/eslint-plugin from 4.4.1 to 5.1.0 in the dev-dependencies-eslint group by @​dependabot[bot] in #​6242
• chore: Bump @​types/node from 22.15.34 to 24.0.8 in the dev-dependencies-typescript group by @​dependabot[bot] in #​6243
• chore(tests): remove simple get by @​ilteoood in #​6249
• chore: finally remove simple get by @​ilteoood in #​6251
• chore: remove undici from schema-validation.test.js by @​Uzlopak in #​6252
• test: fix flakyness of close-pipelining-test, upgrade undici to v7 by @​Uzlopak in #​6256
• fix: account for EPIPE fetch errors in tests by @​gurgunday in #​6255
• docs: correct parameter name in frameworkErrors handler by @​inyourtime in #​6257
• docs: fix server page headings level by @​golopot in #​6258
• fix: add FST_ERR_CTP_INVALID_JSON_BODY by @​Uzlopak in #​5925
• feat: optimize content type parser by using AsyncResource.bind() by @​gurgunday in #​6262
• fix: remove unnecessary body length check in contentTypeParser by @​gurgunday in #​6266
• docs(ecosystem): add fastify-multilingual by @​gbrugger in #​6268
• chore: fix docs Request.md by @​ts0307 in #​6270
• chore: Bump typescript from 5.8.3 to 5.9.2 in the dev-dependencies-typescript group by @​dependabot[bot] in #​6273
• chore: Bump cross-env from 7.0.3 to 10.0.0 by @​dependabot[bot] in #​6274
• feat(types): enforce reply status code types with type providers by @​samchungy in #​6250
• feat: move router options to own key by @​dancastillo in #​5985
• docs: refine CONTRIBUTING.md for better readability by @​Dipali127 in #​6277
• chore: refactor reply.send and prioritize kReplyIsError by @​gurgunday in #​6267
• docs(ecosystem): add fastify-permissions plugin by @​pckrishnadas88 in #​6265
• docs: Add Hey API to ecosystem by @​mrlubos in #​6280
• fix: OPTIONS Content-Type handling by @​gurgunday in #​6263

New Contributors

• @​marcalexiei made their first contribution in #​6207
• @​davidwood made their first contribution in #​6217
• @​AlvesJorge made their first contribution in #​6227
• @​emicovi made their first contribution in #​6225
• @​IanWoodard made their first contribution in #​6238
• @​callmehiphop made their first contribution in #​6240
• @​golopot made their first contribution in #​6258
• @​gbrugger made their first contribution in #​6268
• @​ts0307 made their first contribution in #​6270
• @​Dipali127 made their first contribution in #​6277
• @​pckrishnadas88 made their first contribution in #​6265
• @​mrlubos made their first contribution in #​6280

Full Changelog: fastify/fastify@v5.4.0...v5.5.0

v5.4.0

Compare Source

What's Changed

• test: mv routes-* from tap by @​jean-michelet in #​6092
• test: mv skip-reply-send from tap by @​jean-michelet in #​6094
• test: mv plugins from tap by @​jean-michelet in #​6088
• fix(ci): ignore alternative runtime result by @​Eomm in #​6125
• test: mv schema-* from tap by @​jean-michelet in #​6093
• test: mv hooks-async from tap by @​jean-michelet in #​6084
• fix(types): add missing version to request.routeOptions by @​inyourtime in #​6126
• docs: remove fastify-sentry plugin by @​dnlup in #​6131
• docs: add community plugins disclaimer by @​jean-michelet in #​6132
• docs: use cross-platform compatible info emoji by @​Fdawgs in #​6134
• perf: nits in reply.js by @​Cangit in #​6136
• docs: join core team by @​jean-michelet in #​6142
• docs: fix typo in hash.digest function by @​piotr-cz in #​6145
• test: mv hooks from tap by @​jean-michelet in #​6087
• test: improve issue 4959 unit test by @​Uzlopak in #​6147
• chore: Bump markdownlint-cli2 from 0.17.2 to 0.18.1 by @​dependabot in #​6150
• chore: remove dependencie tap and others updated by @​Tony133 in #​6148
• fix: hook async flaky by @​ilteoood in #​6155
• chore: Bump lycheeverse/lychee-action from 2.4.0 to 2.4.1 by @​dependabot in #​6151
• chore: removing simple-get from allow-unsafe-regex by @​ilteoood in #​6154
• chore: remove simple get on 404s test file by @​ilteoood in #​6153
• chore: remove simple-get in handle-request.test.js by @​ilteoood in #​6159
• chore: remove simple-get from url-rewriting by @​ilteoood in #​6163
• chore: remove simple-get in report.test.js by @​ilteoood in #​6157
• chore: remove simple-get from custom parser async by @​ilteoood in #​6164
• chore: removed simple-get from mkcol tests by @​ilteoood in #​6194
• chore: removed simple-get from proto-poisoning test by @​ilteoood in #​6185
• ci: Added Node.js v24 by @​mcollina in #​6113
• chore: removed simple-get from nullable validation test by @​ilteoood in #​6191
• feat: configure errorhandler override by @​jean-michelet in #​6104
• chore: remove simple-get from search test by @​ilteoood in #​6158
• chore: remove simple get from secure with fallback test by @​ilteoood in #​6162
• chore: removed simple-get from als test by @​ilteoood in #​6187
• chore: remove simple-get from listen 4 by @​ilteoood in #​6173
• fix: do not freeze request.routeOptions by @​mcollina in #​6141
• chore: removed simple-get from sync-delay-request tests by @​ilteoood in #​6212
• chore: removed simple-get from output-validation tests by @​ilteoood in #​6213
• chore: removed simple-get from async-delay-request tests by @​ilteoood in #​6211
• chore: removed simple-get from body-limit tests by @​ilteoood in #​6209
• chore: removed simple-get from trust-proxy tests by @​ilteoood in #​6205
• chore: removed simple-get from proppatch tests by @​ilteoood in #​6200
• chore(ci): cleanup citgm.yml by @​Eomm in #​6195
• chore: removed simple-get from https tests by @​ilteoood in #​6197
• chore: removed simple-get from lock test by @​ilteoood in #​6186

Full Changelog: fastify/fastify@v5.3.3...v5.4.0

v5.3.3

Compare Source

What's Changed

• docs: update Vercel section by @​leerob in #​6046
• docs(ecosystem): add fastify-papr plugin by @​inaiat in #​6051
• test: migrated helper and input validation to node test runner by @​ilteoood in #​6074
• style: add "no comma-dangle" rule to eslint config and remove trailing commas by @​cecia234 in #​6069
• test: migrate stream tests to node test runner by @​ilteoood in #​6065
• test: logger response by @​ilteoood in #​6055
• test: migrate schema feature to node test runner by @​ilteoood in #​6066
• fix: Added more cases for JSON schema validation by @​mcollina in #​6067
• test: migrated inject.test.js from tap to node:test by @​Tony133 in #​6068
• test: migrated plugin 1 to node test runner by @​ilteoood in #​6075
• ci: fix branch pattern by @​Eomm in #​6090
• docs: added Jeasx to Ecosystem.md by @​jablonski in #​6082
• test: mv promises from tap by @​jean-michelet in #​6085
• refactor: node:http2 is always available by @​Cangit in #​6073
• fix: update borp to 0.20.0. by @​lholmquist in #​6091
• chore: Bump fluent-json-schema from 5.0.0 to 6.0.0 by @​dependabot in #​6101
• chore: Bump tsd from 0.31.2 to 0.32.0 in the dev-dependencies-typescript group by @​dependabot in #​6100
• test: migrated decorator.test.js from tap to node:test by @​Tony133 in #​5957
• test: stabilize pipelining shutdown test with controlled close timing by @​jean-michelet in #​6099
• test: migrated output-validation.test.js from tap to node:test by @​Tony133 in #​6076
• test: remove tap from hooks-on ready file by @​IcaroSilvaFK in #​6080
• test: mv hooks.on-listen from tap by @​jean-michelet in #​6086
• ci: ignore scripts by @​Fdawgs in #​6108
• docs: add a warning about setErrorHandler overriding a previously defined error handler on an encapsulated context by @​jean-michelet in #​6097
• docs(ecosystem): remove fastify-diagnostics-channel by @​inyourtime in #​6117
• fix: internal function _addHook failure should be turned into the rejection app.ready is waiting for by @​jean-michelet in #​6105
• test: replace removed request properties and update docs by @​inyourtime in #​6111
• test: mv reply from tap by @​jean-michelet in #​6089
• test: updated promises.test.js re-added the plan() method by @​Tony133 in #​6057
• ci: add support to test release candidates by @​RafaelGSS in #​6103

New Contributors

• @​leerob made their first contribution in #​6046
• @​inaiat made their first contribution in #​6051
• @​cecia234 made their first contribution in #​6069
• @​jablonski made their first contribution in #​6082
• @​lholmquist made their first contribution in #​6091
• @​IcaroSilvaFK made their first contribution in #​6080

Full Changelog: fastify/fastify@v5.3.2...v5.3.3

v5.3.2

Compare Source

⚠️ Security Release ⚠️

Unfortunately, v5.3.1 did not include a complete fix for "Invalid content-type parsing could lead to validation bypass" and CVE-2025-32442. This is a follow-up patch to cover an edge case.

What's Changed

• docs: fix archived concurrently link to point to active repo by @​TimTeylor in #​6063
• fix: treat space as a delimiter in content-type parsing by @​mcollina in #​6064

New Contributors

• @​TimTeylor made their first contribution in #​6063

Full Changelog: fastify/fastify@v5.3.1...v5.3.2

v5.3.1

Compare Source

⚠️ Security Release ⚠️

• Fix for "Invalid content-type parsing could lead to validation bypass" and CVE-2025-32442

What's Changed

• test: migrate logger options to node test runner by @​ilteoood in #​6059
• test: migrate logger logging to node test runner by @​ilteoood in #​6060
• test: convert custom parser 1 to node test runner by @​ilteoood in #​6053
• test: custom querystring parser by @​ilteoood in #​6054
• test: migrate stream 4 to node test runner by @​ilteoood in #​6062
• test: migrate request logger to node test runner by @​ilteoood in #​6058
• test: migrate custom parser 0 to node test runner by @​ilteoood in #​6052
• test: migrate logger instantiation to node test runner by @​ilteoood in #​6061

New Contributors

• @​ilteoood made their first contribution in #​6059

Full Changelog: fastify/fastify@v5.3.0...v5.3.1

v5.3.0

Compare Source

What's Changed

• fix: wrong reply return type by @​dangkyokhoang in #​6026
• feat: allow to access decorators by @​jean-michelet in #​5768
• ci: continue-on-error on alternative runtime by @​Eomm in #​6031
• fix: clear [kState].readyPromise for garbage collection by @​LiviaMedeiros in #​6030
• ci: set workflow permissions to read-only by default by @​Fdawgs in #​6035
• chore: Bump the dependencies-major group with 2 updates by @​dependabot in #​6036
• chore: Bump lycheeverse/lychee-action from 2.3.0 to 2.4.0 by @​dependabot in #​6037
• chore: remove sponsort by @​Eomm in #​6040
• test: fix skip in upgrade test by @​LiviaMedeiros in #​6044
• chore: migrate custom-parser.4.test.js to node:test by @​Matthew-Mallimo in #​6042
• docs: add fastify-lm to Ecosystem.md by @​galiprandi in #​6032
• test: skip IPv6 tests if its support is not present by @​LiviaMedeiros in #​6048

New Contributors

• @​dangkyokhoang made their first contribution in #​6026
• @​Matthew-Mallimo made their first contribution in #​6042
• @​galiprandi made their first contribution in #​6032

Full Changelog: fastify/fastify@v5.2.2...v5.3.0

v5.2.2

Compare Source

What's Changed

• build: use static path instead of __filename by @​climba03003 in #​5922
• fix(linting): fix linting error in error-handler.js by @​Uzlopak in #​5926
• chore: Bump the dev-dependencies group across 1 directory with 6 updates by @​dependabot in #​5930
• fix: don't check for payload type in default json parser by @​gurgunday in #​5933
• docs: Include req.hostname change in upgrade guide by @​tmcw in #​5935
• build(dependabot): regroup dev dependencies by @​Fdawgs in #​5931
• chore: Bump borp from 0.18.0 to 0.19.0 by @​dependabot in #​5936
• chore: don't return the done function by @​gurgunday in #​5937
• ci(workflows): unpin node 22 version by @​Fdawgs in #​5941
• perf: don't use optional chaining for typeof .then checks by @​gurgunday in #​5942
• docs: the no floating promise guide is not needed anymore by @​mcollina in #​5946
• docs: grammar and spelling fixes by @​Fdawgs in #​5944
• perf(lib/pluginutils): cache rc version regex by @​Fdawgs in #​5940
• build(dependabot): reduce npm updates to monthly by @​Fdawgs in #​5939
• docs(guides): grammar and spelling fixes by @​Fdawgs in #​5947
• test: migrated genReqId.test.js from tap to node:test by @​Tony133 in #​5943
• chore: Bump lycheeverse/lychee-action from 2.1.0 to 2.2.0 by @​dependabot in #​5948
• docs(reference/contenttypeparser): make more concise by @​Fdawgs in #​5950
• docs(getting-started): clarify fastify-cli is separate by @​Fdawgs in #​5949
• docs(validation-and-serialization): fix typo by @​matthyk in #​5952
• test: migrated route-shorthand.test.js from tap to node:test by @​Tony133 in #​5923
• test: migrated register.test.js from tap to node:test by @​Tony133 in #​5918
• Update broken link to N|Solid by @​xuhdev in #​5954
• docs(reference): even more conciseness by @​Fdawgs in #​5951
• test: migrate from tap to node test for close & custom-parser-async by @​coluzziandrea in #​5915
• docs(reference/type-providers): conciseness improvements by @​Fdawgs in #​5962
• docs(reference/errors): conciseness improvements by @​Fdawgs in #​5963
• docs(reference/logging): conciseness improvements by @​Fdawgs in #​5958
• docs(reference/request): conciseness improvements by @​Fdawgs in #​5965
• docs(ecosystem): add @fastify/otel to core list by @​Fdawgs in #​5967
• docs(reference/validation): conciseness improvements by @​Fdawgs in #​5964
• docs(reference/plugins): conciseness improvements by @​Fdawgs in #​5956
• docs(reference/decorators): conciseness improvements by @​Fdawgs in #​5966
• chore(sponsor): Add Lokalise sponsorship reference by @​kibertoad in #​5968
• test: migrated listen.2.test.js from tap to node:test by @​Tony133 in #​5960
• docs(ecosystem): add fastify-enforce-routes-pattern by @​Jerome1337 in #​5961
• chore(sponsor): add Jspreadsheet by @​Eomm in #​5971
• docs(reference/routes): conciseness improvements by @​Fdawgs in #​5969
• fix(types): missing supportedMethods by @​johaven in #​5970
• chore: Bump the dev-dependencies-eslint group with 2 updates by @​dependabot in #​5975
• ci: remove master branch support by @​Fdawgs in #​5974
• docs(reference): mimic github notes and warning style by @​Fdawgs in #​5973
• docs: Drop platformatic cloud reference in serverless.md by @​mcollina in #​5982
• docs: add a Genezio step by step guide by @​cristim67 in #​5980
• docs(lts): fix anchor tag format by @​kadoshita in #​5986
• docs: Update documentation for listening to 0.0.0.0 by @​jonasongg in #​5988
• docs(serverless): cut down genezio example by @​Fdawgs in #​5990
• docs: add link to official demo by @​jean-michelet in #​5994
• chore(license): update licensing year by @​Tony133 in #​5992
• docs: wrong query string parser information by @​smith558 in #​5993
• docs: typo in v5 migration docs by @​salmanm in #​5995
• docs: update example to use correct parser by @​smith558 in #​5996
• test: migrated request-error.test.js from tap to node:test by @​Tony133 in #​5987
• chore: Bump the dev-dependencies-eslint group with 2 updates by @​dependabot in #​5999
• chore: Bump lycheeverse/lychee-action from 2.2.0 to 2.3.0 by @​dependabot in #​6001
• docs: fix docorators example by @​logan272 in #​5997
• chore: fix docs by @​Eomm in #​6007
• test: migrated stream.5.test.js from tap to node:test by @​Tony133 in #​5955
• build(test/bundler/esbuild): bump esbuild by @​Fdawgs in #​6010
• test: migrated throw.test.js from tap to node:test by @​Tony133 in #​6002
• docs(guides/ecosystem): update broken link to scalar by @​inyourtime in #​6015
• feat: add listen async callback warning by @​Eomm in #​6011
• docs(readme): fix broken ci badges by @​Fdawgs in #​6016
• docs: remove --node-arg prefix by @​piotr-cz in #​6018
• test: migrated listen.1.test.js from tap to node:test by @​Tony133 in #​6014
• chore: Bump typescript from 5.7.3 to 5.8.2 in the dev-dependencies-typescript group by @​dependabot in #​6000
• test: migrated upgrade.test.js from tap to node:test and update inde… by @​Tony133 in #​5917
• test: fix flaky by @​Eomm in #​6021
• test: migrated listen.3.test.js from tap to node:test by @​Tony133 in #​6022
• test: migrated listen.4.test.js from tap to node:test by @​Tony133 in #​6024
• fix: double hook execution by @​Eomm in #​6013
• test(content-type-parser): replace tiny-lru proxy with toad-cache by @​Fdawgs in #​6025

New Contributors

• @​xuhdev made their first contribution in #​5954
• @​coluzziandrea made their first contribution in #​5915
• @​Jerome1337 made their first contribution in #​5961
• @​cristim67 made their first contribution in #​5980
• @​jonasongg made their first contribution in #​5988
• @​smith558 made their first contribution in #​5993
• @​logan272 made their first contribution in #​5997
• @​piotr-cz made their first contribution in #​6018

Full Changelog: fastify/fastify@v5.2.1...v5.2.2

v5.2.1

Compare Source

What's Changed

• chore: org members reorder by @​Eomm in #​5898
• docs(request): clarify request host functionality by

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	fastify@​3.29.5 ⏵ 5.6.2	+1			+5

View full report

[socket-security]

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Block		Trivial package: npm real-require has 10 lines of code Location: Package overview From: pnpm-lock.yaml → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What are trivial packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Removing this package as a dependency and implementing its logic will reduce supply chain risk. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Publisher changed: npm @fastify/error is now published by eomm instead of gurgunday New Author: eomm Previous Author: gurgunday From: pnpm-lock.yaml → npm/[email protected] → npm/@fastify/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@fastify/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Publisher changed: npm @fastify/forwarded is now published by eomm instead of jsumners New Author: eomm Previous Author: jsumners From: pnpm-lock.yaml → npm/[email protected] → npm/@fastify/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@fastify/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Publisher changed: npm @fastify/merge-json-schemas is now published by fdawgs instead of matteo.collina New Author: fdawgs Previous Author: matteo.collina From: pnpm-lock.yaml → npm/[email protected] → npm/@fastify/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@fastify/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Publisher changed: npm @fastify/proxy-addr is now published by eomm instead of matteo.collina New Author: eomm Previous Author: matteo.collina From: pnpm-lock.yaml → npm/[email protected] → npm/@fastify/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@fastify/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Publisher changed: npm process-warning is now published by fdawgs instead of matteo.collina New Author: fdawgs Previous Author: matteo.collina From: pnpm-lock.yaml → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Publisher changed: npm real-require is now published by matteo.collina instead of shogun_panda New Author: matteo.collina Previous Author: shogun_panda From: pnpm-lock.yaml → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Publisher changed: npm secure-json-parse is now published by eomm instead of fdawgs New Author: eomm Previous Author: fdawgs From: pnpm-lock.yaml → npm/[email protected] → npm/[email protected] ℹ Read more on: This package | This alert | What is new author? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Scrutinize new collaborator additions to packages because they now have the ability to publish code into your dependency tree. Packages should avoid frequent or unnecessary additions or changes to publishing rights. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report