-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(dependency maintenance): update dependency fastify to v3.29.4 [security] #823
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-fastify-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
2 times, most recently
from
February 26, 2024 10:47
38fe7dc
to
d713d7e
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
February 26, 2024 10:54
d713d7e
to
a950088
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
March 28, 2024 06:18
a950088
to
d93e13a
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
March 28, 2024 06:27
d93e13a
to
fa85f79
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 4, 2024 13:34
fa85f79
to
75487a2
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 4, 2024 13:41
75487a2
to
a5b2145
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 5, 2024 07:51
a5b2145
to
f1c8756
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 5, 2024 07:58
f1c8756
to
d60a535
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 8, 2024 07:00
d60a535
to
b8b3c44
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 8, 2024 07:06
b8b3c44
to
6377717
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 10, 2024 07:31
6377717
to
5fa9a53
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 10, 2024 07:39
5fa9a53
to
f33000b
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 10, 2024 09:23
f33000b
to
af5a6f3
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 10, 2024 09:34
af5a6f3
to
7540d4c
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 10, 2024 10:38
7540d4c
to
988a261
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
April 10, 2024 11:08
988a261
to
2220d65
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
May 21, 2024 06:26
2220d65
to
59f4f78
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
May 21, 2024 06:33
59f4f78
to
4f2165e
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 3, 2024 08:57
4f2165e
to
7ec4bff
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 3, 2024 09:03
7ec4bff
to
b4514d5
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 3, 2024 11:12
b4514d5
to
9143cfb
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 3, 2024 11:22
9143cfb
to
3c4c121
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 3, 2024 11:50
3c4c121
to
b24a5fe
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 3, 2024 15:07
b24a5fe
to
6c1818d
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 4, 2024 11:50
6c1818d
to
e19fdd8
Compare
renovate
bot
force-pushed
the
renovate/npm-fastify-vulnerability
branch
from
June 4, 2024 11:58
e19fdd8
to
09e937a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.24.1
->3.29.4
GitHub Vulnerability Alerts
CVE-2022-41919
Impact
The attacker can use the incorrect
Content-Type
to bypass thePre-Flight
checking offetch
.fetch()
requests with Content-Type’s essence as "application/x-www-form-urlencoded", "multipart/form-data", or "text/plain", could potentially be used to invoke routes that only acceptsapplication/json
content type, thus bypassing any CORS protection, and therefore they could lead to a Cross-Site Request Forgery attack.Patches
For
4.x
users, please update to at least4.10.2
For
3.x
users, please update to at least3.29.4
Workarounds
Implement Cross-Site Request Forgery protection using
@fastify/csrf
.References
Check out the HackerOne report: https://hackerone.com/reports/1763832.
For more information
Fastify security policy
Release Notes
fastify/fastify (fastify)
v3.29.4
Compare Source
and CVE-2022-41919
Full Changelog: fastify/fastify@v3.29.3...v3.29.4
v3.29.3
Compare Source
Security ReleaseThis release backport the fixes of GHSA-455w-c45v-86rg for the v3.x line.
While not being a vulnerability for this line, a backport is still welcome due to the problems highlighted in the report.
Full Changelog: fastify/fastify@v3.29.2...v3.29.3
v3.29.2
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.29.1...v3.29.2
v3.29.1
Compare Source
What's Changed
@fastify/*
modules by @Fdawgs in https://github.com/fastify/fastify/pull/3860New Contributors
Full Changelog: fastify/fastify@v3.29.0...v3.29.1
v3.29.0
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.28.0...v3.29.0
v3.28.0
Compare Source
What's Changed
request
properties by @sumbad in https://github.com/fastify/fastify/pull/3787Full Changelog: fastify/fastify@v3.27.4...v3.28.0
v3.27.4
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.27.3...v3.27.4
v3.27.3
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.27.2...v3.27.3
v3.27.2
Compare Source
What's Changed
standard
linting by @Divlo in https://github.com/fastify/fastify/pull/3682test:ci
instead oftest
by @Divlo in https://github.com/fastify/fastify/pull/3692New Contributors
Full Changelog: fastify/fastify@v3.27.1...v3.27.2
v3.27.1
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.27.0...v3.27.1
v3.27.0
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.26.0...v3.27.0
v3.26.0
Compare Source
What's Changed
fastify.decorate
arrow functions with function expressions by @onosendi in https://github.com/fastify/fastify/pull/3577custom-parser.test.js
flaky test by @darkgl0w in https://github.com/fastify/fastify/pull/3627this
isFastifyInstance
by @darkgl0w in https://github.com/fastify/fastify/pull/3622New Contributors
Full Changelog: fastify/fastify@v3.25.3...v3.26.0
v3.25.3
Compare Source
What's Changed
Full Changelog: fastify/fastify@v3.25.2...v3.25.3
v3.25.2
Compare Source
What's Changed
New Contributors
Full Changelog: fastify/fastify@v3.25.1...v3.25.2
v3.25.1
Compare Source
What's Changed
fastify-split-validator
to Ecosystem by @MetCoder95 in https://github.com/fastify/fastify/pull/3535/docs/index.md
by @nooreldeensalah in https://github.com/fastify/fastify/pull/3557New Contributors
Full Changelog: fastify/fastify@v3.25.0...v3.25.1
v3.25.0
Compare Source
What's Changed
middie
to core section by @Fdawgs in https://github.com/fastify/fastify/pull/3501New Contributors
Full Changelog: fastify/fastify@v3.24.1...v3.25.0
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.