chore(deps): bump the dependencies group across 1 directory with 8 updates by dependabot[bot] · Pull Request #185 · MyUnisoft/loki-reverse-proxy

dependabot · 2025-12-15T21:10:12Z

Bumps the dependencies group with 8 updates in the / directory:

Package	From	To
@fastify/http-proxy	`11.3.0`	`11.4.1`
fastify	`5.4.0`	`5.6.2`
pino	`9.7.0`	`10.1.0`
pino-loki	`2.6.0`	`3.0.0`
pino-pretty	`13.0.0`	`13.1.3`
ua-parser-js	`2.0.4`	`2.0.7`
undici	`7.11.0`	`7.16.0`
zod	`3.25.75`	`4.2.0`

Updates @fastify/http-proxy from 11.3.0 to 11.4.1

Release notes

Sourced from @fastify/http-proxy's releases.

v11.4.1

What's Changed

fix: add types and updated docs for 'preRewrite'. by @mn4367 in fastify/fastify-http-proxy#442

New Contributors

@mn4367 made their first contribution in fastify/fastify-http-proxy#442

Full Changelog: fastify/fastify-http-proxy@v11.4.0...v11.4.1

v11.4.0

What's Changed

build(deps-dev): bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in fastify/fastify-http-proxy#424

build(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @dependabot[bot] in fastify/fastify-http-proxy#426

chore: add .npmrc file by @Fdawgs in fastify/fastify-http-proxy#429

build(deps-dev): remove @fastify/pre-commit by @Fdawgs in fastify/fastify-http-proxy#430

ci(ci): add concurrency config by @Fdawgs in fastify/fastify-http-proxy#433

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in fastify/fastify-http-proxy#434

build(deps-dev): bump pino from 9.14.0 to 10.1.0 by @dependabot[bot] in fastify/fastify-http-proxy#435

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in fastify/fastify-http-proxy#432

chore: update deps by @simone-sanfratello in fastify/fastify-http-proxy#436

chore: address security scanner false positives related to CVE-2023-2968 by @joeyorlando in fastify/fastify-http-proxy#437

feat(types): add fromParameters method by @rozzilla in fastify/fastify-http-proxy#440

chore(deps): update and add tests by @rozzilla in fastify/fastify-http-proxy#441

New Contributors

@joeyorlando made their first contribution in fastify/fastify-http-proxy#437

@rozzilla made their first contribution in fastify/fastify-http-proxy#440

Full Changelog: fastify/fastify-http-proxy@v11.3.0...v11.4.0

Commits

d15c916 Bumped v11.4.1
a3796e5 fix: add types and updated docs for 'preRewrite'. (#442)
efcb312 Bumped v11.4.0
5ade2e5 chore(deps): update and add tests (#441)
8ae78d2 feat(types): add fromParameters method (#440)
bbe97fb chore: address security scanner false positives related to CVE-2023-2968 (#...
031f4d4 chore: update deps (#436)
f2e4de6 build(deps-dev): bump tsd from 0.32.0 to 0.33.0 (#432)
6794aa0 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#435)
6268ce3 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#434)
Additional commits viewable in compare view

Updates fastify from 5.4.0 to 5.6.2

Release notes

Sourced from fastify's releases.

v5.6.2

What's Changed

refactor: rename source file names with kebab-case by @jean-michelet in fastify/fastify#6331

ci(ci): check dependabot prs originate from repo by @Fdawgs in fastify/fastify#6330

fix: accept htab ows by @jean-michelet in fastify/fastify#6303

fix: handle non FastifyErrors in custom handler properly, set type of error-parameter for setErrorHandler and errorHandler to unknown, but configurable via generic TError by @Uzlopak in fastify/fastify#6308

build(deps-dev): remove @fastify/pre-commit by @Fdawgs in fastify/fastify#6319

ci: improve citgm workflows by @Uzlopak in fastify/fastify#6334

docs: explain stream error handling by @lundibundi in fastify/fastify#5746

fix: error throwing in reply by @juanlet in fastify/fastify#6299

refactor: delegate options processing to a dedicated function by @jean-michelet in fastify/fastify#6333

ci: remove label of citgm only on pull_request.labeled, add options for workflow_dispatch by @Uzlopak in fastify/fastify#6335

chore: Bump actions/checkout from 4 to 5 by @dependabot[bot] in fastify/fastify#6343

chore: Bump joi from 17.13.3 to 18.0.1 by @dependabot[bot] in fastify/fastify#6347

chore: Bump lycheeverse/lychee-action from 2.4.1 to 2.6.1 by @dependabot[bot] in fastify/fastify#6345

chore: Bump actions/dependency-review-action from 4.7.1 to 4.8.0 by @dependabot[bot] in fastify/fastify#6344

chore: Bump actions/labeler from 5 to 6 by @dependabot[bot] in fastify/fastify#6341

chore: Bump actions/setup-node from 4 to 5 by @dependabot[bot] in fastify/fastify#6342

chore: Bump actions/github-script from 7 to 8 by @dependabot[bot] in fastify/fastify#6340

docs: mention that addHttpMethod override existing methods by @jean-michelet in fastify/fastify#6350

chore: remove reference to simple-get by @ilteoood in fastify/fastify#6353

chore: remove commented tests by @ilteoood in fastify/fastify#6352

fix: respect child logger factory in fastify options by @cysp in fastify/fastify#6349

docs(ecosystem): adding attaryz/fastify-devtools to community plugins by @attaryz in fastify/fastify#6339

docs: remove ambiguity from statement by @udohjeremiah in fastify/fastify#6360

chore: add @fastify/sse as fastify core plugin to documentation and citgm by @manshusainishab in fastify/fastify#6364

docs(guides/fluent-schema): replace last nb usage by @Fdawgs in fastify/fastify#6365

style(ci): remove whitespace from concurrency group by @Fdawgs in fastify/fastify#6366

docs: Fix broken link to TypeBox doc website wrt AJV setup by @melroy89 in fastify/fastify#6367

docs(reference/plugins): mention async plugins by @Fdawgs in fastify/fastify#6357

chore: add max-len ESLint rule with 120 character limit by @emicovi in fastify/fastify#6221

chore: Bump actions/dependency-review-action from 4.8.0 to 4.8.1 by @dependabot[bot] in fastify/fastify#6374

chore: Bump pino from 9.14.0 to 10.1.0 in the dependencies-major group by @dependabot[bot] in fastify/fastify#6378

chore: Bump pnpm/action-setup from 4.1.0 to 4.2.0 by @dependabot[bot] in fastify/fastify#6375

chore: Bump tsd from 0.32.0 to 0.33.0 in the dev-dependencies-typescript group by @dependabot[bot] in fastify/fastify#6346

chore: Bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 by @dependabot[bot] in fastify/fastify#6377

fix: handle web stream payload in HEAD route by @orionmiz in fastify/fastify#6372

chore: Bump actions/setup-node from 5 to 6 by @dependabot[bot] in fastify/fastify#6376

chore: Bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in fastify/fastify#6379

fix: parse ipv6 hostname by @jean-michelet in fastify/fastify#6373

fix: consistent error handling for custom validators in async validation contexts by @emicovi in fastify/fastify#6247

New Contributors

@juanlet made their first contribution in fastify/fastify#6299

@cysp made their first contribution in fastify/fastify#6349

@attaryz made their first contribution in fastify/fastify#6339

@udohjeremiah made their first contribution in fastify/fastify#6360

@manshusainishab made their first contribution in fastify/fastify#6364

@orionmiz made their first contribution in fastify/fastify#6372

... (truncated)

Commits

f15d4ea Bumped v5.6.2
d338dca fix: consistent error handling for custom validators in async validation cont...
e1aee4b fix: parse ipv6 hostname (#6373)
b5958b3 chore: Bump borp from 0.20.2 to 0.21.0 (#6379)
3120cde chore: Bump actions/setup-node from 5 to 6 (#6376)
dd02e42 fix: handle web stream payload in HEAD route (#6372)
810e3d5 chore: Bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 (#6377)
5ebe327 chore: Bump tsd in the dev-dependencies-typescript group (#6346)
106bb6b chore: Bump pnpm/action-setup from 4.1.0 to 4.2.0 (#6375)
55653d6 chore: Bump pino from 9.14.0 to 10.1.0 in the dependencies-major group (#6378)
Additional commits viewable in compare view

Updates pino from 9.7.0 to 10.1.0

Release notes

Sourced from pino's releases.

v10.1.0

What's Changed

test: add regression test for issue #2313 by @mcollina in pinojs/pino#2314

fix!: use safer types for censor function signature (#2307) by @slifty in pinojs/pino#2308

remove unused parsedChindingsSym symbol by @mcollina in pinojs/pino#2315

chore: add .npmignore to exclude unnecessary files by @mcollina in pinojs/pino#2312

chore(lint): migrate from standard to neostandard & upgrade eslint to v9 by @lokeshwar777 in pinojs/pino#2316

build(deps-dev): bump eslint-plugin-n from 15.7.0 to 17.23.1 by @dependabot[bot] in pinojs/pino#2305

Use @pinojs/redact by @mcollina in pinojs/pino#2321

fix: added missing isoTimeNano to nested namespace by @edge33 in pinojs/pino#2325

New Contributors

@slifty made their first contribution in pinojs/pino#2308

@lokeshwar777 made their first contribution in pinojs/pino#2316

Full Changelog: pinojs/pino@v10.0.0...v10.1.0

v10.0.0

The only breaking change is dropping support for Node 18.

What's Changed

feat(types): add LogFnFields by @samchungy in pinojs/pino#2254

Convert tests to node:test by @jsumners in pinojs/pino#2299

removed unused .taprc.yaml by @jsumners in pinojs/pino#2310

Full Changelog: pinojs/pino@v9.13.1...v10.0.0

v9.14.0

What's Changed

feat(types): add LogFnFields by @samchungy in pinojs/pino#2254

[v9.x] Update to pinojs redact by @mcollina in pinojs/pino#2322

Revert setlevel opt in 9.x by @mcollina in pinojs/pino#2323

Full Changelog: pinojs/pino@v9.13.1...v9.14.0

v9.13.1

What's Changed

fix(log): better logfn handling of generics by @rozzilla in pinojs/pino#2309

Full Changelog: pinojs/pino@v9.13.0...v9.13.1

v9.13.0

What's Changed

build(deps): bump actions/checkout from 4.3.0 to 5.0.0 by @dependabot[bot] in pinojs/pino#2301

build(deps): bump actions/github-script from 7 to 8 by @dependabot[bot] in pinojs/pino#2303

build(deps-dev): bump @yao-pkg/pkg from 6.3.0 to 6.7.0 by @dependabot[bot] in pinojs/pino#2306

perf: optimize .child by @ronag in pinojs/pino#2300

... (truncated)

Commits

b248d2f Bumped v10.1.0
105a2c9 fix: added missing isoTimeNano to nested namespace (#2325)
4250665 Use @pinojs/redact (#2321)
8cb5a59 build(deps-dev): bump eslint-plugin-n from 15.7.0 to 17.23.1 (#2305)
b2c1408 chore(lint): migrate from standard to neostandard & upgrade eslint to v9 (#2316)
2b0bd9f chore: add .npmignore to exclude unnecessary files from npm package (#2312)
5e9d4f1 remove unused parsedChindingsSym symbol (#2315)
f220f1e fix!: use safer types for censor function signature (#2307) (#2308)
e12e9c2 test: add regression test for issue #2313 (#2314)
d15cdd6 Bumped v10.0.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pino since your current version.

Updates pino-loki from 2.6.0 to 3.0.0

Release notes

Sourced from pino-loki's releases.

v3.0.0

⚠️ Breaking Changes

Node.js 20+ Required Node.js 18 is no longer supported. The minimum required version is now Node.js 20.

Batching Options Restructured

The batching configuration has been consolidated into a single object:
// Before (v2.x)
pinoLoki({ host: '...', batching: true, interval: 5 })
// After (v3.x)
pinoLoki({ host: '...', batching: { interval: 5, maxBufferSize: 10_000 } })
// Or simply omit for defaults, or set batching: false to disable
Default Buffer Limit

A new maxBufferSize option (default: 10,000) prevents out-of-memory issues when Loki is unavailable. When the buffer is full, oldest logs are dropped (FIFO).

Structured Metadata Enabled by Default

structuredMetaKey now defaults to 'meta'. Logs with a meta property will automatically send it as Loki structured metadata. Use structuredMetaKey: false to disable.

CLI Changes

--batch => --batching

--interval => --batching-interval

--timeout default: 2000ms → 30000ms

Added --batching-max-buffer-size

Removed -pl shorthand (use --propsLabels)

   🚨 Breaking Changes

Add maxBufferSize option + update batching API - by @Julien-R44 (e00e6)

Update dependencies ( drop node 18 ) - by @Julien-R44 (feb04)

Use meta as default structured meta key - by @Julien-R44 (43ebb)

Change timeout default value - by @Julien-R44 (5de97)

Remove deprecated CLI options - by @Julien-R44 (ba7b1)

   🐞 Bug Fixes

Force structured metadata values to string - by @chaintng and @Julien-R44 in Julien-R44/pino-loki#48 (6f69d)

Remove hostname from log object before formatting - by @Julien-R44 (d6d1a)

Avoid duplicate buffer flush on transport shutdown - by @Julien-R44 (db751)

    View changes on GitHub

Commits

c042352 chore: release v3.0.0
528c6a4 style: lint files
ba7b17e chore!: remove deprecated CLI options
5de977e fix!: change timeout default value
43ebb6c feat!: use meta as default structured meta key
db75124 fix: avoid duplicate buffer flush on transport shutdown
feb0408 chore!: update dependencies ( drop node 18 )
d6d1acc fix: remove hostname from log object before formatting
e00e6ca feat!: add maxBufferSize option + update batching API
66ccf05 chore: remove basicAuth options from debug
Additional commits viewable in compare view

Updates pino-pretty from 13.0.0 to 13.1.3

Release notes

Sourced from pino-pretty's releases.

v13.1.3

What's Changed

Add in the README file a snippet to use pino-pretty only for dev by @himito in pinojs/pino-pretty#623

build(deps): bump actions/setup-node from 4 to 6 by @dependabot[bot] in pinojs/pino-pretty#626

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in pinojs/pino-pretty#627

build(deps-dev): bump pino from 9.14.0 to 10.1.0 by @dependabot[bot] in pinojs/pino-pretty#628

build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 by @dependabot[bot] in pinojs/pino-pretty#629

Update format-time.js documentation to match functionality by @g-sanner in pinojs/pino-pretty#632

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in pinojs/pino-pretty#636

build(deps): bump fast-copy from 3.0.2 to 4.0.0 by @dependabot[bot] in pinojs/pino-pretty#637

fix: messageFormat print 0 value by @gutenye in pinojs/pino-pretty#635

New Contributors

@himito made their first contribution in pinojs/pino-pretty#623

@g-sanner made their first contribution in pinojs/pino-pretty#632

@gutenye made their first contribution in pinojs/pino-pretty#635

Full Changelog: pinojs/pino-pretty@v13.1.2...v13.1.3

v13.1.2

What's Changed

build(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @dependabot[bot] in pinojs/pino-pretty#609

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in pinojs/pino-pretty#621

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in pinojs/pino-pretty#622

fix: allow esm import for isColorSupported by @JoeCap08055 in pinojs/pino-pretty#616

Use neostandard and remove pre-commit by @jsumners in pinojs/pino-pretty#624

fix: missing property on objectColorizer by @IronGeek in pinojs/pino-pretty#625

New Contributors

@JoeCap08055 made their first contribution in pinojs/pino-pretty#616

@IronGeek made their first contribution in pinojs/pino-pretty#625

Full Changelog: pinojs/pino-pretty@v13.1.1...v13.1.2

v13.1.1

What's Changed

Revert "chore: upgrade dateformat" by @Uzlopak in pinojs/pino-pretty#607

Full Changelog: pinojs/pino-pretty@v13.1.0...v13.1.1

v13.1.0

What's Changed

Bump @arethetypeswrong/cli from 0.16.4 to 0.17.0 by @dependabot[bot] in pinojs/pino-pretty#543

Bump secure-json-parse from 2.7.0 to 3.0.1 by @dependabot[bot] in pinojs/pino-pretty#547

Bump typescript from 5.6.3 to 5.7.2 by @dependabot[bot] in pinojs/pino-pretty#548

Readme.md: remove the command prompt symbol by @yegorich in pinojs/pino-pretty#545

Add magenta as the color for printed object properties. Fixes suport for --no-colorizeObjects by @mcollina in pinojs/pino-pretty#553

Bump typescript from 5.7.3 to 5.8.2 by @dependabot[bot] in pinojs/pino-pretty#555

perf: use node: prefix to bypass require.cache call for builtins by @Fdawgs in pinojs/pino-pretty#556

... (truncated)

Commits

08425cd v13.1.3
6afb524 fix: messageFormat print 0 value (#635)
70c73ea build(deps): bump fast-copy from 3.0.2 to 4.0.0 (#637)
2cd9794 build(deps): bump actions/checkout from 5 to 6 (#636)
c06e276 Update format-time.js documentation to match functionality (#632)
47ffb45 build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 (#629)
932af85 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#628)
6d48318 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#627)
3b89a0c build(deps): bump actions/setup-node from 4 to 6 (#626)
ab0ccab Add in the README file a snippet to use pino-pretty only for dev (#623)
Additional commits viewable in compare view

Updates ua-parser-js from 2.0.4 to 2.0.7

Release notes

Sourced from ua-parser-js's releases.

v2.0.7

Version 2.0.7

Add support for chaining withClientHints() & withFeatureCheck()

Add new browser: Atlas, Steam

Add new device vendor: Anbernic, Logitech, Valve

Improve device detection: Xiaomi

Improve OS detection: iOS

Split helpers submodule into several new submodules:

bot-detection:

isAIAssistant()

isAICrawler()

isBot()

browser-detection

isChromeFamily()

isElectron()

isFromEU()

isStandalonePWA()

device-detection

getDeviceVendor()

isAppleSilicon()

Update extensions submodule:

Add new fetcher: Nova Act

Add new library: Bun, Dart, Deno, hackney, Node.js, rest-client, undici

v2.0.6

Version 2.0.6

Add new CLI feature: processing batch user-agent data from file and output as JSON

Fix setUA(): trim leading space from user-agent string input

Replace undici dependency with node's internal Headers

Add new browser: Bing, Qwant

Add new device vendor: Hisense, Wiko

Improve browser detection: Mozilla, Pale Moon

Improve CPU detection: 68k

Improve device detection: Apple, BlackBerry, Huawei, Nokia, Xiaomi

Improve OS detection: iOS 26

extensions submodule:

Add new fetcher: Discordbot, KeybaseBot, Slackbot, Slackbot-LinkExpanding, Slack-ImgProxy, Twitterbot

Add new crawler: Qwantbot-news, SurdotlyBot, SwiftBot

v2.0.5

Version 2.0.5

Add new browser: Zalo

Add new CPU arch: alpha

Add new device vendor: Philips

Improve device detection: Pico

Fix parsing error on pages with modified Array prototypes

Improve type declarations:

Replace node-fetch dependency with undici

... (truncated)

Changelog

Sourced from ua-parser-js's changelog.

Version 2.0.7

Add support for chaining withClientHints() & withFeatureCheck()

Add new browser: Atlas, Steam

Add new device vendor: Anbernic, Logitech, Valve

Improve device detection: Xiaomi

Improve OS detection: iOS

Split helpers submodule into several new submodules:

bot-detection:

isAIAssistant()

isAICrawler()

isBot()

browser-detection

isChromeFamily()

isElectron()

isFromEU()

isStandalonePWA()

device-detection

getDeviceVendor()

isAppleSilicon()

Update extensions submodule:

Add new fetcher: Nova Act

Add new library: Bun, Dart, Deno, hackney, Node.js, rest-client, undici

Version 2.0.6

Add new CLI feature: processing batch user-agent data from file and output as JSON

Fix setUA(): trim leading space from user-agent string input

Replace undici dependency with node's internal Headers

Add new browser: Bing, Qwant

Add new device vendor: Hisense, Wiko

Improve browser detection: Mozilla, Pale Moon

Improve CPU detection: 68k

Improve device detection: Apple, BlackBerry, Huawei, Nokia, Xiaomi

Improve OS detection: iOS 26

extensions submodule:

Add new fetcher: Discordbot, KeybaseBot, Slackbot, Slackbot-LinkExpanding, Slack-ImgProxy, Twitterbot

Add new crawler: Qwantbot-news, SurdotlyBot, SwiftBot

Version 2.0.5

Add new browser: Zalo

Add new CPU arch: alpha

Add new device vendor: Philips

Improve device detection: Pico

Fix parsing error on pages with modified Array prototypes

Improve type declarations:

Replace node-fetch dependency with undici

Replace hardcoded string values with enum from enum submodule

enums submodule:

Add Extension enum for extensions submodule

... (truncated)

Commits

7bc177d Bump version 2.0.7
82d5045 Improve device detection: Xiaomi
96e3518 Fix #812 - Add support for chaining withClientHints() & withFeatureCheck()
f1b9a12 Improve OS detection: identify AppleTV's tvOS as iOS
82801a3 Add new browser: Steam
6f35728 Add new device vendor: Valve - https://www.valvesoftware.com
1d8eab0 Move properties inside UAItem class into shared prototype
5a5b321 [extensions] Add new library: Bun, Dart, Deno, hackney, Node.js, rest-client,...
e9f78ce Add new device vendor: Logitech
38301f8 Add new device vendor: Anbernic - https://anbernic.com/
Additional commits viewable in compare view

Updates undici from 7.11.0 to 7.16.0

Release notes

Sourced from undici's releases.

v7.16.0

What's Changed

Drop npm token, use OIDC instead by @mcollina in nodejs/undici#4447

fetch: instantiate readableStream in extractBody with sync methods by @Uzlopak in nodejs/undici#4350

fix: remove async on [kClose] and [kDestroy], only return Promise by @Uzlopak in nodejs/undici#4450

fetch: make consumeBody sync by @Uzlopak in nodejs/undici#4449

perf: make client.connect() sync by @Uzlopak in nodejs/undici#4455

fetch: remove promise in exported fetch by @Uzlopak in nodejs/undici#4452

fix(#4451): implement http2 cookie support by @metcoder95 in nodejs/undici#4453

test: cache store tests should properly be skipped by @Uzlopak in nodejs/undici#4463

test: fix IPv6 skip check for test/client.js by @Uzlopak in nodejs/undici#4466

test: remove skip check for AbortSignal.timeout, as it exists since node18 by @Uzlopak in nodejs/undici#4464

test: investigate macos failing by @Uzlopak in nodejs/undici#4467

test: remove obsolete < node v18 test case for http2 by @Uzlopak in nodejs/undici#4461

perf: avoid intermediate promise on BodyReadable.dump by @Uzlopak in nodejs/undici#4459

test: remove skip check for long-lived-abort-controller test (was flaky 10 months ago) by @Uzlopak in nodejs/undici#4465

test: remove skip checks for existance of global available Blob and File by @Uzlopak in nodejs/undici#4460

perf (fetch): use less promises for ReadableStream by @Uzlopak in nodejs/undici#4457

fix: catch synchronous errors in request callbacks by @mcollina in nodejs/undici#4443

fix: avoid instanceof MockNotMatchedError by @Uzlopak in nodejs/undici#4474

eventsource: remove promise for #reconnect method by @Uzlopak in nodejs/undici#4469

feat: make UndiciErrors reliable to instanceof by @Uzlopak in nodejs/undici#4472

chore: call super() after type checks by @Uzlopak in nodejs/undici#4475

chore: FixedQueue does not need special constructor by @Uzlopak in nodejs/undici#4476

fix: buildAndValidateMockOptions should always get an object passed and always return an object by @Uzlopak in nodejs/undici#4479

fix: remove unused ResponseStatusCodeError by @Uzlopak in nodejs/undici#4473

chore: pool and dispatcherbase dont need constructor, use no array helper functions by @Uzlopak in nodejs/undici#4477

lint: avoid unintented use of globals in code and tests, improve test for installing/overwriting globals by @Uzlopak in nodejs/undici#4478

test: fix macos flakyness by @Uzlopak in nodejs/undici#4468

fix: 'no-referrer-when-downgrade' in determineRequestsReferrer should return referrerURL by @Uzlopak in nodejs/undici#4482

fix: deflake cache-fastimers-fix.js by @Uzlopak in nodejs/undici#4491

fix: improve validation of IP addresses as trustworthy, correct ipv4 check by @Uzlopak in nodejs/undici#4489

test (pool.js): fix flakyness of clientTtl test by @Uzlopak in nodejs/undici#4494

test (eventsource): refactor tests for eventsource, speed them up by @Uzlopak in nodejs/undici#4493

fix: remove useless catch in client-h1.js by @Uzlopak in nodejs/undici#4481

test: skip flaky encoding test on macos and node20 by @Uzlopak in nodejs/undici#4497

fix: implement proper stale-while-revalidate behavior per RFC 5861 by @mcollina in nodejs/undici#4492

test (websocket): speed up test/websocket/issue-2679.js by @Uzlopak in nodejs/undici#4501

webidl: fix existing and add missing buffer source converters by @Renegade334 in nodejs/undici#4503

use real wpt test server by @KhafraDev in nodejs/undici#4486

test: another try to fix flaky macos and node 20 by @Uzlopak in nodejs/undici#4490

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in nodejs/undici#4507

build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.3 by @dependabot[bot] in nodejs/undici#4509

fix writing to websocketstream with SharedArrayBuffer/SharedArrayBuff… by @KhafraDev in nodejs/undici#4504

test: use faketimers for test/client-keep-alive, refactor a little by @Uzlopak in nodejs/undici#4499

build(deps): bump github/codeql-action from 3.29.7 to 3.30.0 by @dependabot[bot] in nodejs/undici#4510

build(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 by @dependabot[bot] in nodejs/undici#4508

fix(h2): adjust :scheme on h2 requests by @metcoder95 in nodejs/undici#4454

chore: use lowercase filenames, remove unused verifyVersion.js by @Uzlopak in nodejs/undici#4514

chore: refactor workflows by @Uzlopak in nodejs/undici#4513

... (truncated)

Commits

7392d6f Bumped v7.16.0 (#4532)
415c66d fix: make error symbols non enumerable (#4531)
f182ff1 Disable SIMD for PPC64 architecture, add UNDICI_NO_WASM_SIMD env to facilitat...
95d835c example: use metcoders https-pem for the example (#4436)
7c42918 fix: shell command built from environment values (#4392)
51651a1 fix:...
Description has been truncated

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

socket-security · 2025-12-15T21:10:39Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
ua-parser-js@2.0.4 ⏵ 2.0.7
pino-pretty@13.0.0 ⏵ 13.1.3	⁺¹
pino-loki@2.6.0 ⏵ 3.0.0			⁺²
pino@9.7.0 ⏵ 10.1.0	⁺¹
fastify@5.4.0 ⏵ 5.6.2	⁺¹
@fastify/http-proxy@11.3.0 ⏵ 11.4.1
zod@3.25.75 ⏵ 4.3.5
undici@7.11.0 ⏵ 7.18.0	⁺¹	⁺¹

View full report

…dates Bumps the dependencies group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@fastify/http-proxy](https://github.com/fastify/fastify-http-proxy) | `11.3.0` | `11.4.1` | | [fastify](https://github.com/fastify/fastify) | `5.4.0` | `5.6.2` | | [pino](https://github.com/pinojs/pino) | `9.7.0` | `10.1.0` | | [pino-loki](https://github.com/Julien-R44/pino-loki) | `2.6.0` | `3.0.0` | | [pino-pretty](https://github.com/pinojs/pino-pretty) | `13.0.0` | `13.1.3` | | [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `2.0.4` | `2.0.7` | | [undici](https://github.com/nodejs/undici) | `7.11.0` | `7.16.0` | | [zod](https://github.com/colinhacks/zod) | `3.25.75` | `4.2.0` | Updates `@fastify/http-proxy` from 11.3.0 to 11.4.1 - [Release notes](https://github.com/fastify/fastify-http-proxy/releases) - [Commits](fastify/fastify-http-proxy@v11.3.0...v11.4.1) Updates `fastify` from 5.4.0 to 5.6.2 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.4.0...v5.6.2) Updates `pino` from 9.7.0 to 10.1.0 - [Release notes](https://github.com/pinojs/pino/releases) - [Commits](pinojs/pino@v9.7.0...v10.1.0) Updates `pino-loki` from 2.6.0 to 3.0.0 - [Release notes](https://github.com/Julien-R44/pino-loki/releases) - [Commits](Julien-R44/pino-loki@v2.6.0...v3.0.0) Updates `pino-pretty` from 13.0.0 to 13.1.3 - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](pinojs/pino-pretty@v13.0.0...v13.1.3) Updates `ua-parser-js` from 2.0.4 to 2.0.7 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md) - [Commits](faisalman/ua-parser-js@2.0.4...2.0.7) Updates `undici` from 7.11.0 to 7.16.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.11.0...v7.16.0) Updates `zod` from 3.25.75 to 4.2.0 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v3.25.75...v4.2.0) --- updated-dependencies: - dependency-name: "@fastify/http-proxy" dependency-version: 11.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: fastify dependency-version: 5.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pino dependency-version: 10.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: pino-loki dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: pino-pretty dependency-version: 13.1.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ua-parser-js dependency-version: 2.0.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: undici dependency-version: 7.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: zod dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-01-19T22:33:22Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 15, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-52b642440a branch from 43db3cd to b3367bf Compare January 5, 2026 21:11

dependabot bot closed this Jan 19, 2026

dependabot bot deleted the dependabot/npm_and_yarn/dependencies-52b642440a branch January 19, 2026 22:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the dependencies group across 1 directory with 8 updates#185

chore(deps): bump the dependencies group across 1 directory with 8 updates#185
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dependencies-52b642440a

dependabot bot commented on behalf of github Dec 15, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Dec 15, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Jan 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Dec 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v11.4.1

What's Changed

New Contributors

v11.4.0

What's Changed

New Contributors

v5.6.2

What's Changed

New Contributors

v10.1.0

What's Changed

New Contributors

v10.0.0

What's Changed

v9.14.0

What's Changed

v9.13.1

What's Changed

v9.13.0

What's Changed

v3.0.0

Batching Options Restructured

Default Buffer Limit

Structured Metadata Enabled by Default

CLI Changes

🚨 Breaking Changes

🐞 Bug Fixes

View changes on GitHub

v13.1.3

What's Changed

New Contributors

v13.1.2

What's Changed

New Contributors

v13.1.1

What's Changed

v13.1.0

What's Changed

v2.0.7

Version 2.0.7

v2.0.6

Version 2.0.6

v2.0.5

Version 2.0.5

Version 2.0.7

Version 2.0.6

Version 2.0.5

v7.16.0

What's Changed

Uh oh!

socket-security bot commented Dec 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Jan 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Dec 15, 2025 •

edited

Loading

socket-security bot commented Dec 15, 2025 •

edited

Loading