Bump fastify from 3.14.2 to 3.29.4 in /glitch.me/violet-zenith-nightshade
Closed
Number: #1
Type: Pull Request
State: Closed
Type: Pull Request
State: Closed
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: None
Comments: 1
dependabot[bot]Association: None
Comments: 1
Created:
August 24, 2025 at 07:30 AM UTC
(14 days ago)
(14 days ago)
Updated:
August 24, 2025 at 07:30 AM UTC
(14 days ago)
(14 days ago)
Closed:
August 24, 2025 at 07:30 AM UTC
(14 days ago)
(14 days ago)
Time to Close:
less than a minute
Labels:
dependencies javascript
dependencies javascript
Description:
Bumps fastify from 3.14.2 to 3.29.4.
Release notes
Sourced from fastify's releases.
v3.29.4
⚠️ Security Release ⚠️
- Fix for "Incorrect Content-Type parsing can lead to CSRF attack" and CVE-2022-41919
Full Changelog: https://github.com/fastify/fastify/compare/v3.29.3...v3.29.4
v3.29.3
⚠️
Security Release⚠️This release backport the fixes of https://github.com/fastify/fastify/security/advisories/GHSA-455w-c45v-86rg for the v3.x line. While not being a vulnerability for this line, a backport is still welcome due to the problems highlighted in the report.
Full Changelog: https://github.com/fastify/fastify/compare/v3.29.2...v3.29.3
v3.29.2
What's Changed
- fix: backport reused connection fix by
@salzhraniin fastify/fastify#4217New Contributors
@salzhranimade their first contribution in fastify/fastify#4217Full Changelog: https://github.com/fastify/fastify/compare/v3.29.1...v3.29.2
v3.29.1
What's Changed
- docs: reference new
@fastify/*modules by@Fdawgsin fastify/fastify#3860- Child log level in bindings is deprecated by
@orov-ioin fastify/fastify#3896- Handle aborted requests (#215) by
@TimotejRin fastify/fastify#4103New Contributors
@orov-iomade their first contribution in fastify/fastify#3896@TimotejRmade their first contribution in fastify/fastify#4103Full Changelog: https://github.com/fastify/fastify/compare/v3.29.0...v3.29.1
v3.29.0
What's Changed
- Update fastify-error dependency by
@jsumnersin fastify/fastify#3859Full Changelog: https://github.com/fastify/fastify/compare/v3.28.0...v3.29.0
v3.28.0
What's Changed
- (v3.x) Allow custom Context Config types for hooks'
requestproperties by@sumbadin fastify/fastify#3787- add generic logger to route handler & FastifyRequest by
@MarcoLekoin fastify/fastify#3782- (v3.x) fix: handle invalid url by
@climba03003in fastify/fastify#3806- (v3.x) feat: reply trailers support by
@climba03003in fastify/fastify#3807
... (truncated)
Commits
6053031Bumped v3.29.4cdba37dMerge pull request from GHSA-3fjj-p79j-c9hh5df7665Bumped v3.29.39a55126Merge pull request from GHSA-455w-c45v-86rg596c8c3Bumped v3.29.2c59d923Merge branch '3.x' of github.com:fastify/fastify into 3.x76c38d2fix: backport reused connection fix (#4217)a90a4c5Bumped v3.29.15a79181Bumped v3.29.1743bc28Handle aborted requests (#3651) (#4103)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Pull Request Statistics
Commits:
1
1
Files Changed:
2
2
Additions:
+499
+499
Deletions:
-255
-255
Package Dependencies
Package:
fastify
Ecosystem:
npm
npm
Version Change:
3.14.2 → 3.29.4
Update Type:
Minor
Minor
Path:
/glitch.me/violet-zenith-nightshade
Security Advisories
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
GHSA-3fjj-p79j-c9hh
CVE-2022-41919
MODERATE
### Impact
The attacker can use the incorrect `Content-Type` to bypass the `Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s [essence](https://mimesniff.spec.whatwg.org/#mim...
fastify vulnerable to denial of service via malicious Content-Type
GHSA-455w-c45v-86rg
CVE-2022-39288
HIGH
### Impact
An attacker can send an invalid `Content-Type` header that can cause the application to crash, leading to a possible Denial of Service attack. Only the v4.x line is affected.
(This was ...
Technical Details
| ID: | 5672519 |
| UUID: | 2769644581 |
| Node ID: | PR_kwDOBm4GFc6lFWwl |
| Host: | GitHub |
| Repository: | ffmaer/ffmaer.github.io |
| Mergeable: | Yes |
| Merge State: | Clean |