chore(deps): bump the dependencies group across 1 directory with 6 updates #126

dependabot · 2025-12-08T19:05:12Z

Bumps the dependencies group with 6 updates in the / directory:

Package	From	To
@fastify/static	`8.2.0`	`8.3.0`
fastify	`5.3.3`	`5.6.2`
jsonwebtoken	`9.0.2`	`9.0.3`
pino	`9.7.0`	`10.1.0`
pino-pretty	`13.0.0`	`13.1.3`
ws	`8.18.2`	`8.18.3`

Updates @fastify/static from 8.2.0 to 8.3.0

Release notes

Sourced from @fastify/static's releases.

v8.3.0

What's Changed

docs: use cross-platform compatible info emoji by @Fdawgs in fastify/fastify-static#522

docs: fix typo by @9w in fastify/fastify-static#523

chore(license): update date ranges; standardise style by @Fdawgs in fastify/fastify-static#525

chore: remove reference to simple-get by @ilteoood in fastify/fastify-static#528

build(deps-dev): bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in fastify/fastify-static#527

test(types): add missing anchors by @Fdawgs in fastify/fastify-static#529

docs(readme): correct compatibility table by @Fdawgs in fastify/fastify-static#531

refactor: remove usage of deprecated request.routeConfig by @inyourtime in fastify/fastify-static#530

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in fastify/fastify-static#532

chore(.npmrc): ignore scripts by @Fdawgs in fastify/fastify-static#533

build(deps-dev): remove @fastify/pre-commit by @Fdawgs in fastify/fastify-static#534

chore(index): add jsdoc comments for static code analysis by @Fdawgs in fastify/fastify-static#535

chore: Replace substr with slice for URL manipulation by @Uzlopak in fastify/fastify-static#538

refactor: small improvements by @ilteoood in fastify/fastify-static#539

fix: if serve: false and root is not defined, only allow sending files with absolute path by @Uzlopak in fastify/fastify-static#540

ci(ci): add concurrency config by @Fdawgs in fastify/fastify-static#541

New Contributors

@9w made their first contribution in fastify/fastify-static#523

@inyourtime made their first contribution in fastify/fastify-static#530

Full Changelog: fastify/fastify-static@v8.2.0...v8.3.0

Commits

6165053 Bumped v8.3.0
e2e9f95 ci(ci): add concurrency config (#541)
27f2bfe fix: if serve: false and root is not defined, only allow sending files with a...
ac71e33 refactor: small improvements (#539)
97c55fb Replace substr with slice for URL manipulation (#538)
cec0bef chore(index): add jsdoc comments for static code analysis (#535)
8cc6ca2 build(deps-dev): remove @fastify/pre-commit (#534)
141f105 chore(.npmrc): ignore scripts (#533)
b0e7f1c build(deps-dev): bump tsd from 0.32.0 to 0.33.0 (#532)
af1687d refactor: remove usage of deprecated request.routeConfig (#530)
Additional commits viewable in compare view

Updates fastify from 5.3.3 to 5.6.2

Release notes

Sourced from fastify's releases.

v5.6.2

What's Changed

refactor: rename source file names with kebab-case by @jean-michelet in fastify/fastify#6331

ci(ci): check dependabot prs originate from repo by @Fdawgs in fastify/fastify#6330

fix: accept htab ows by @jean-michelet in fastify/fastify#6303

fix: handle non FastifyErrors in custom handler properly, set type of error-parameter for setErrorHandler and errorHandler to unknown, but configurable via generic TError by @Uzlopak in fastify/fastify#6308

build(deps-dev): remove @fastify/pre-commit by @Fdawgs in fastify/fastify#6319

ci: improve citgm workflows by @Uzlopak in fastify/fastify#6334

docs: explain stream error handling by @lundibundi in fastify/fastify#5746

fix: error throwing in reply by @juanlet in fastify/fastify#6299

refactor: delegate options processing to a dedicated function by @jean-michelet in fastify/fastify#6333

ci: remove label of citgm only on pull_request.labeled, add options for workflow_dispatch by @Uzlopak in fastify/fastify#6335

chore: Bump actions/checkout from 4 to 5 by @dependabot[bot] in fastify/fastify#6343

chore: Bump joi from 17.13.3 to 18.0.1 by @dependabot[bot] in fastify/fastify#6347

chore: Bump lycheeverse/lychee-action from 2.4.1 to 2.6.1 by @dependabot[bot] in fastify/fastify#6345

chore: Bump actions/dependency-review-action from 4.7.1 to 4.8.0 by @dependabot[bot] in fastify/fastify#6344

chore: Bump actions/labeler from 5 to 6 by @dependabot[bot] in fastify/fastify#6341

chore: Bump actions/setup-node from 4 to 5 by @dependabot[bot] in fastify/fastify#6342

chore: Bump actions/github-script from 7 to 8 by @dependabot[bot] in fastify/fastify#6340

docs: mention that addHttpMethod override existing methods by @jean-michelet in fastify/fastify#6350

chore: remove reference to simple-get by @ilteoood in fastify/fastify#6353

chore: remove commented tests by @ilteoood in fastify/fastify#6352

fix: respect child logger factory in fastify options by @cysp in fastify/fastify#6349

docs(ecosystem): adding attaryz/fastify-devtools to community plugins by @attaryz in fastify/fastify#6339

docs: remove ambiguity from statement by @udohjeremiah in fastify/fastify#6360

chore: add @fastify/sse as fastify core plugin to documentation and citgm by @manshusainishab in fastify/fastify#6364

docs(guides/fluent-schema): replace last nb usage by @Fdawgs in fastify/fastify#6365

style(ci): remove whitespace from concurrency group by @Fdawgs in fastify/fastify#6366

docs: Fix broken link to TypeBox doc website wrt AJV setup by @melroy89 in fastify/fastify#6367

docs(reference/plugins): mention async plugins by @Fdawgs in fastify/fastify#6357

chore: add max-len ESLint rule with 120 character limit by @emicovi in fastify/fastify#6221

chore: Bump actions/dependency-review-action from 4.8.0 to 4.8.1 by @dependabot[bot] in fastify/fastify#6374

chore: Bump pino from 9.14.0 to 10.1.0 in the dependencies-major group by @dependabot[bot] in fastify/fastify#6378

chore: Bump pnpm/action-setup from 4.1.0 to 4.2.0 by @dependabot[bot] in fastify/fastify#6375

chore: Bump tsd from 0.32.0 to 0.33.0 in the dev-dependencies-typescript group by @dependabot[bot] in fastify/fastify#6346

chore: Bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 by @dependabot[bot] in fastify/fastify#6377

fix: handle web stream payload in HEAD route by @orionmiz in fastify/fastify#6372

chore: Bump actions/setup-node from 5 to 6 by @dependabot[bot] in fastify/fastify#6376

chore: Bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in fastify/fastify#6379

fix: parse ipv6 hostname by @jean-michelet in fastify/fastify#6373

fix: consistent error handling for custom validators in async validation contexts by @emicovi in fastify/fastify#6247

New Contributors

@juanlet made their first contribution in fastify/fastify#6299

@cysp made their first contribution in fastify/fastify#6349

@attaryz made their first contribution in fastify/fastify#6339

@udohjeremiah made their first contribution in fastify/fastify#6360

@manshusainishab made their first contribution in fastify/fastify#6364

@orionmiz made their first contribution in fastify/fastify#6372

... (truncated)

Commits

f15d4ea Bumped v5.6.2
d338dca fix: consistent error handling for custom validators in async validation cont...
e1aee4b fix: parse ipv6 hostname (#6373)
b5958b3 chore: Bump borp from 0.20.2 to 0.21.0 (#6379)
3120cde chore: Bump actions/setup-node from 5 to 6 (#6376)
dd02e42 fix: handle web stream payload in HEAD route (#6372)
810e3d5 chore: Bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 (#6377)
5ebe327 chore: Bump tsd in the dev-dependencies-typescript group (#6346)
106bb6b chore: Bump pnpm/action-setup from 4.1.0 to 4.2.0 (#6375)
55653d6 chore: Bump pino from 9.14.0 to 10.1.0 in the dependencies-major group (#6378)
Additional commits viewable in compare view

Updates jsonwebtoken from 9.0.2 to 9.0.3

Changelog

Sourced from jsonwebtoken's changelog.

9.0.3 - 2025-12-04

updates jws version to 4.0.1.

Commits

ed59e76 chore: bump jws to 4.0.1 (#1007)
See full diff in compare view

Updates pino from 9.7.0 to 10.1.0

Release notes

Sourced from pino's releases.

v10.1.0

What's Changed

test: add regression test for issue #2313 by @mcollina in pinojs/pino#2314

fix!: use safer types for censor function signature (#2307) by @slifty in pinojs/pino#2308

remove unused parsedChindingsSym symbol by @mcollina in pinojs/pino#2315

chore: add .npmignore to exclude unnecessary files by @mcollina in pinojs/pino#2312

chore(lint): migrate from standard to neostandard & upgrade eslint to v9 by @lokeshwar777 in pinojs/pino#2316

build(deps-dev): bump eslint-plugin-n from 15.7.0 to 17.23.1 by @dependabot[bot] in pinojs/pino#2305

Use @pinojs/redact by @mcollina in pinojs/pino#2321

fix: added missing isoTimeNano to nested namespace by @edge33 in pinojs/pino#2325

New Contributors

@slifty made their first contribution in pinojs/pino#2308

@lokeshwar777 made their first contribution in pinojs/pino#2316

Full Changelog: pinojs/pino@v10.0.0...v10.1.0

v10.0.0

The only breaking change is dropping support for Node 18.

What's Changed

feat(types): add LogFnFields by @samchungy in pinojs/pino#2254

Convert tests to node:test by @jsumners in pinojs/pino#2299

removed unused .taprc.yaml by @jsumners in pinojs/pino#2310

Full Changelog: pinojs/pino@v9.13.1...v10.0.0

v9.14.0

What's Changed

feat(types): add LogFnFields by @samchungy in pinojs/pino#2254

[v9.x] Update to pinojs redact by @mcollina in pinojs/pino#2322

Revert setlevel opt in 9.x by @mcollina in pinojs/pino#2323

Full Changelog: pinojs/pino@v9.13.1...v9.14.0

v9.13.1

What's Changed

fix(log): better logfn handling of generics by @rozzilla in pinojs/pino#2309

Full Changelog: pinojs/pino@v9.13.0...v9.13.1

v9.13.0

What's Changed

build(deps): bump actions/checkout from 4.3.0 to 5.0.0 by @dependabot[bot] in pinojs/pino#2301

build(deps): bump actions/github-script from 7 to 8 by @dependabot[bot] in pinojs/pino#2303

build(deps-dev): bump @yao-pkg/pkg from 6.3.0 to 6.7.0 by @dependabot[bot] in pinojs/pino#2306

perf: optimize .child by @ronag in pinojs/pino#2300

... (truncated)

Commits

b248d2f Bumped v10.1.0
105a2c9 fix: added missing isoTimeNano to nested namespace (#2325)
4250665 Use @pinojs/redact (#2321)
8cb5a59 build(deps-dev): bump eslint-plugin-n from 15.7.0 to 17.23.1 (#2305)
b2c1408 chore(lint): migrate from standard to neostandard & upgrade eslint to v9 (#2316)
2b0bd9f chore: add .npmignore to exclude unnecessary files from npm package (#2312)
5e9d4f1 remove unused parsedChindingsSym symbol (#2315)
f220f1e fix!: use safer types for censor function signature (#2307) (#2308)
e12e9c2 test: add regression test for issue #2313 (#2314)
d15cdd6 Bumped v10.0.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pino since your current version.

Updates pino-pretty from 13.0.0 to 13.1.3

Release notes

Sourced from pino-pretty's releases.

v13.1.3

What's Changed

Add in the README file a snippet to use pino-pretty only for dev by @himito in pinojs/pino-pretty#623

build(deps): bump actions/setup-node from 4 to 6 by @dependabot[bot] in pinojs/pino-pretty#626

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in pinojs/pino-pretty#627

build(deps-dev): bump pino from 9.14.0 to 10.1.0 by @dependabot[bot] in pinojs/pino-pretty#628

build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 by @dependabot[bot] in pinojs/pino-pretty#629

Update format-time.js documentation to match functionality by @g-sanner in pinojs/pino-pretty#632

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in pinojs/pino-pretty#636

build(deps): bump fast-copy from 3.0.2 to 4.0.0 by @dependabot[bot] in pinojs/pino-pretty#637

fix: messageFormat print 0 value by @gutenye in pinojs/pino-pretty#635

New Contributors

@himito made their first contribution in pinojs/pino-pretty#623

@g-sanner made their first contribution in pinojs/pino-pretty#632

@gutenye made their first contribution in pinojs/pino-pretty#635

Full Changelog: pinojs/pino-pretty@v13.1.2...v13.1.3

v13.1.2

What's Changed

build(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @dependabot[bot] in pinojs/pino-pretty#609

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in pinojs/pino-pretty#621

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in pinojs/pino-pretty#622

fix: allow esm import for isColorSupported by @JoeCap08055 in pinojs/pino-pretty#616

Use neostandard and remove pre-commit by @jsumners in pinojs/pino-pretty#624

fix: missing property on objectColorizer by @IronGeek in pinojs/pino-pretty#625

New Contributors

@JoeCap08055 made their first contribution in pinojs/pino-pretty#616

@IronGeek made their first contribution in pinojs/pino-pretty#625

Full Changelog: pinojs/pino-pretty@v13.1.1...v13.1.2

v13.1.1

What's Changed

Revert "chore: upgrade dateformat" by @Uzlopak in pinojs/pino-pretty#607

Full Changelog: pinojs/pino-pretty@v13.1.0...v13.1.1

v13.1.0

What's Changed

Bump @arethetypeswrong/cli from 0.16.4 to 0.17.0 by @dependabot[bot] in pinojs/pino-pretty#543

Bump secure-json-parse from 2.7.0 to 3.0.1 by @dependabot[bot] in pinojs/pino-pretty#547

Bump typescript from 5.6.3 to 5.7.2 by @dependabot[bot] in pinojs/pino-pretty#548

Readme.md: remove the command prompt symbol by @yegorich in pinojs/pino-pretty#545

Add magenta as the color for printed object properties. Fixes suport for --no-colorizeObjects by @mcollina in pinojs/pino-pretty#553

Bump typescript from 5.7.3 to 5.8.2 by @dependabot[bot] in pinojs/pino-pretty#555

perf: use node: prefix to bypass require.cache call for builtins by @Fdawgs in pinojs/pino-pretty#556

... (truncated)

Commits

08425cd v13.1.3
6afb524 fix: messageFormat print 0 value (#635)
70c73ea build(deps): bump fast-copy from 3.0.2 to 4.0.0 (#637)
2cd9794 build(deps): bump actions/checkout from 5 to 6 (#636)
c06e276 Update format-time.js documentation to match functionality (#632)
47ffb45 build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 (#629)
932af85 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#628)
6d48318 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#627)
3b89a0c build(deps): bump actions/setup-node from 4 to 6 (#626)
ab0ccab Add in the README file a snippet to use pino-pretty only for dev (#623)
Additional commits viewable in compare view

Updates ws from 8.18.2 to 8.18.3

Release notes

Sourced from ws's releases.

8.18.3

Bug fixes

Fixed a spec violation where the Sec-WebSocket-Version header was not added to the HTTP response if the client requested version was either invalid or unacceptable (#2291).

Commits

dabbdec [dist] 8.18.3
33f5dba [fix] Respond with the supported protocol versions (#2291)
22a5a17 [ci] Test on node 24
e67eb7a [ci] Do not test on node 23
fa670f2 [ci] Run the lint step on node 22
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…dates Bumps the dependencies group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@fastify/static](https://github.com/fastify/fastify-static) | `8.2.0` | `8.3.0` | | [fastify](https://github.com/fastify/fastify) | `5.3.3` | `5.6.2` | | [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) | `9.0.2` | `9.0.3` | | [pino](https://github.com/pinojs/pino) | `9.7.0` | `10.1.0` | | [pino-pretty](https://github.com/pinojs/pino-pretty) | `13.0.0` | `13.1.3` | | [ws](https://github.com/websockets/ws) | `8.18.2` | `8.18.3` | Updates `@fastify/static` from 8.2.0 to 8.3.0 - [Release notes](https://github.com/fastify/fastify-static/releases) - [Commits](fastify/fastify-static@v8.2.0...v8.3.0) Updates `fastify` from 5.3.3 to 5.6.2 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.3.3...v5.6.2) Updates `jsonwebtoken` from 9.0.2 to 9.0.3 - [Changelog](https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md) - [Commits](auth0/node-jsonwebtoken@v9.0.2...v9.0.3) Updates `pino` from 9.7.0 to 10.1.0 - [Release notes](https://github.com/pinojs/pino/releases) - [Commits](pinojs/pino@v9.7.0...v10.1.0) Updates `pino-pretty` from 13.0.0 to 13.1.3 - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](pinojs/pino-pretty@v13.0.0...v13.1.3) Updates `ws` from 8.18.2 to 8.18.3 - [Release notes](https://github.com/websockets/ws/releases) - [Commits](websockets/ws@8.18.2...8.18.3) --- updated-dependencies: - dependency-name: "@fastify/static" dependency-version: 8.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: fastify dependency-version: 5.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: jsonwebtoken dependency-version: 9.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: pino dependency-version: 10.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: pino-pretty dependency-version: 13.1.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ws dependency-version: 8.18.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 8, 2025

fraxken approved these changes Dec 27, 2025

View reviewed changes

fraxken merged commit b8657e4 into master Dec 27, 2025
2 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/dependencies-26e9de83ee branch December 27, 2025 19:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the dependencies group across 1 directory with 6 updates #126

chore(deps): bump the dependencies group across 1 directory with 6 updates #126

Uh oh!

dependabot bot commented on behalf of github Dec 8, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): bump the dependencies group across 1 directory with 6 updates #126

chore(deps): bump the dependencies group across 1 directory with 6 updates #126

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v8.3.0

What's Changed

New Contributors

v5.6.2

What's Changed

New Contributors

9.0.3 - 2025-12-04

v10.1.0

What's Changed

New Contributors

v10.0.0

What's Changed

v9.14.0

What's Changed

v9.13.1

What's Changed

v9.13.0

What's Changed

v13.1.3

What's Changed

New Contributors

v13.1.2

What's Changed

New Contributors

v13.1.1

What's Changed

v13.1.0

What's Changed

8.18.3

Bug fixes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Dec 8, 2025 •

edited

Loading