-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency fastify to ~3.29.4 [security] #56
Open
renovate-bot
wants to merge
1
commit into
googleapis:main
Choose a base branch
from
renovate-bot:renovate/npm-fastify-vulnerability
base: main
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
fix(deps): update dependency fastify to ~3.29.4 [security] #56
renovate-bot
wants to merge
1
commit into
googleapis:main
from
renovate-bot:renovate/npm-fastify-vulnerability
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
trusted-contributions-gcf
bot
added
the
kokoro:force-run
Add this label to force Kokoro to re-run the tests.
label
Aug 3, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
August 9, 2023 13:46
0a2f0cf
to
384f976
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Aug 9, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
August 9, 2023 18:13
384f976
to
f18abac
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Aug 9, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
August 22, 2023 18:52
f18abac
to
dee15f7
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Aug 22, 2023
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Aug 22, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
August 22, 2023 23:26
dee15f7
to
406dfaf
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Aug 27, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
2 times, most recently
from
August 27, 2023 14:51
2cde8da
to
db09b0e
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Aug 27, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
September 19, 2023 15:12
db09b0e
to
a7075cf
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Sep 19, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
September 19, 2023 18:33
a7075cf
to
4fc3fd3
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Sep 19, 2023
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Oct 1, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
2 times, most recently
from
October 1, 2023 09:31
a889830
to
372af5d
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Oct 1, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
October 9, 2023 10:16
372af5d
to
11a58ad
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Oct 9, 2023
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Oct 9, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
2 times, most recently
from
October 15, 2023 09:22
09e7547
to
14c5f87
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Oct 15, 2023
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
October 15, 2023 17:39
14c5f87
to
01f4862
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Apr 1, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 14, 2024 09:40
dfe6aab
to
d900b36
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Apr 14, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 14, 2024 13:44
d900b36
to
12b6078
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Apr 14, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 21, 2024 08:47
12b6078
to
e704215
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Apr 21, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 21, 2024 09:11
e704215
to
7d6eda5
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Apr 21, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 25, 2024 07:18
7d6eda5
to
068118f
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Apr 25, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 25, 2024 09:40
068118f
to
df09b0d
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Apr 25, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
May 1, 2024 10:05
df09b0d
to
1d14e14
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
May 1, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
May 1, 2024 13:42
1d14e14
to
d001b92
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
May 1, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
May 9, 2024 08:39
d001b92
to
0f4c87f
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
May 9, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
May 9, 2024 10:19
0f4c87f
to
664924c
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
May 9, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
May 15, 2024 17:26
664924c
to
e39107d
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
May 15, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
May 15, 2024 23:47
e39107d
to
4e16d40
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
May 15, 2024
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.4 [security]
fix(deps): update dependency fastify to ~3.29.0 [security]
Jun 4, 2024
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 4, 2024 14:20
4e16d40
to
94f6886
Compare
renovate-bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 4, 2024 16:46
94f6886
to
5fcecbf
Compare
renovate-bot
changed the title
fix(deps): update dependency fastify to ~3.29.0 [security]
fix(deps): update dependency fastify to ~3.29.4 [security]
Jun 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
~3.16.1
->~3.29.4
GitHub Vulnerability Alerts
CVE-2022-41919
Impact
The attacker can use the incorrect
Content-Type
to bypass thePre-Flight
checking offetch
.fetch()
requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only acceptsapplication/json
content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack.Patches
For
4.x
users, please update to at least4.10.2
For
3.x
users, please update to at least3.29.4
Workarounds
Implement Cross-Site Request Forgery protection using
@fastify/csrf
.References
Check out the HackerOne report: https://hackerone.com/reports/1763832.
For more information
Fastify security policy
Release Notes
fastify/fastify (fastify)
v3.29.4
Compare Source
and CVE-2022-41919
Full Changelog: fastify/fastify@v3.29.3...v3.29.4
v3.29.3
Compare Source
Security ReleaseThis release backport the fixes of GHSA-455w-c45v-86rg for the v3.x line.
While not being a vulnerability for this line, a backport is still welcome due to the problems highlighted in the report.
Full Changelog: fastify/fastify@v3.29.2...v3.29.3
v3.29.2
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.29.1...v3.29.2
v3.29.1
Compare Source
What's Changed
@fastify/*
modules by @Fdawgs in https://github.com/fastify/fastify/pull/3860New Contributors
Full Changelog: fastify/fastify@v3.29.0...v3.29.1
v3.29.0
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.28.0...v3.29.0
v3.28.0
Compare Source
What's Changed
request
properties by @sumbad in https://github.com/fastify/fastify/pull/3787Full Changelog: fastify/fastify@v3.27.4...v3.28.0
v3.27.4
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.27.3...v3.27.4
v3.27.3
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.27.2...v3.27.3
v3.27.2
Compare Source
What's Changed
standard
linting by @Divlo in https://github.com/fastify/fastify/pull/3682test:ci
instead oftest
by @Divlo in https://github.com/fastify/fastify/pull/3692New Contributors
Full Changelog: fastify/fastify@v3.27.1...v3.27.2
v3.27.1
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.27.0...v3.27.1
v3.27.0
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.26.0...v3.27.0
v3.26.0
Compare Source
What's Changed
fastify.decorate
arrow functions with function expressions by @onosendi in https://github.com/fastify/fastify/pull/3577custom-parser.test.js
flaky test by @darkgl0w in https://github.com/fastify/fastify/pull/3627this
isFastifyInstance
by @darkgl0w in https://github.com/fastify/fastify/pull/3622New Contributors
Full Changelog: fastify/fastify@v3.25.3...v3.26.0
v3.25.3
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.25.2...v3.25.3
v3.25.2
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.25.1...v3.25.2
v3.25.1
Compare Source
What's Changed
fastify-split-validator
to Ecosystem by @MetCoder95 in https://github.com/fastify/fastify/pull/3535/docs/index.md
by @nooreldeensalah in https://github.com/fastify/fastify/pull/3557New Contributors
Full Changelog: fastify/fastify@v3.25.0...v3.25.1
v3.25.0
Compare Source
What's Changed
middie
to core section by @Fdawgs in https://github.com/fastify/fastify/pull/3501New Contributors
Full Changelog: fastify/fastify@v3.24.1...v3.25.0
v3.24.1
Compare Source
What's Changed
set-cookie
section by @Fdawgs in https://github.com/fastify/fastify/pull/3477serializerCompiler
by @mm1995tk in https://github.com/fastify/fastify/pull/3490New Contributors
Full Changelog: fastify/fastify@v3.24.0...v3.24.1
v3.24.0
Compare Source
What's Changed
request.body
content and usage by @Fdawgs in https://github.com/fastify/fastify/pull/3436New Contributors
Full Changelog: fastify/fastify@v3.23.1...v3.24.0
v3.23.1
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.23.0...v3.23.1
v3.23.0
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.22.1...v3.23.0
v3.22.1
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.22.0...v3.22.1
v3.22.0
Compare Source
What's Changed
fastify-supabase
to fastify ecosystem by @darkgl0w in https://github.com/fastify/fastify/pull/3348New Contributors
Full Changelog: fastify/fastify@v3.21.6...v3.22.0
v3.21.6
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.21.5...v3.21.6
v3.21.5
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.21.4...v3.21.5
v3.21.4
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.21.3...v3.21.4
v3.21.3
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.21.2...v3.21.3
v3.21.2
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.21.1...v3.21.2
v3.21.1
Compare Source
What's Changed
FastifyInstance#setErrorHandler
supports async handlers by @AnnikaCodes in https://github.com/fastify/fastify/pull/3309New Contributors
Full Changelog: fastify/fastify@v3.21.0...v3.21.1
v3.21.0
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.20.2...v3.21.0
v3.20.2
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.20.1...v3.20.2
v3.20.1
Compare Source
What's Changed
serializerOpts
to server option interface by @ddadaal in https://github.com/fastify/fastify/pull/3231New Contributors
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.