fix(deps): update dependency fastify to v2.15.1 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
fastify (source)	2.2.0 -> 2.15.1

GitHub Vulnerability Alerts

CVE-2020-8192

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.

---

Release Notes

fastify/fastify (fastify)

v2.15.1

Compare Source

Breaking Change

For security reasons we changed the default in the ajvconfiguration.
Unfortunately allErrors: true is a DoS attack vector for certain
schemas. So this changed to allErrors: false.

See: ajv-validator/ajv@334071a
Ref: https://hackerone.com/reports/903521

📚 PR:

• Add PATCH to body validation (#​2351)

v2.15.0

Compare Source

📚 PR:

• Bind error handler to instance (v2) (#​2305)
• Fix custom JSON support (#​2309)
• On ready backport (#​2296)

v2.14.1

Compare Source

• Tweak haproxy config for issue #​2036 (#​2270) (#​2271)
• Fix: call preHandler on reply.callNotFound (#​2256) (#​2264)
• doc: doc example to use ajv-errors (#​2254)
• Log clientError as trace to avoid dev confusion (#​2241) (#​2242)

v2.14.0

Compare Source

📚 PR:

• Support builder-style injection (#​2209)
• fix #​2214 (#​2218)
• http2: fix HEAD requests hanging (#​2233) (#​2239)

v2.13.1

Compare Source

📚 PR:

• Ignore pino@6.
• ignore fast-json-stringify in dependabot
• Fix link to Fastify Create (#​2146)
• test for issue #​2148 where typedefs for query params object were wrong (#​2149)
• Replace greenkeeper with dependabot (#​2162)
• add fastify-method-override to ecosystem (#​2165)
• Update Logging.md (#​2171)
• Add to fastify-qrcode into Ecosystem (#​2170)
• docs: errors in async hook (#​2176)
• docs: use direct references in the "Schema Resolver" example (#​2155)
• fix: typo in routes doc (#​2182)
• Add google cloud trace API plugin (#​2185)
• Fixes crash when using a non-standard error code (#​2184)
• Fix package-manager CI (#​2189)
• Fix for Link in docs/Middleware (#​2192)

v2.13.0

Compare Source

📚 PR:

• Update deps
• update GH checkout action (#​2122)
• fix add schema conflict (#​2077)
• Use light-my-request types instead of duplicating typings. fixes #​2098 (#​2124)
• feat(#​1930): added option to overrind onBadUrl callback (#​2106)
• quicker quick start (#​2125)
• docs: Clarify thrown values must be Errors (#​2126)
• Update decorators documentation (#​2127)
• fix: throw error if decorator is called after start (#​2128)
• Update ci.yml (#​2133)
• Remove Gitter links (#​2132)
• fix test ready-start order (#​2136)
• chore(package): update @​typescript-eslint/parser to version 2.24.0 (#​2138)

v2.12.1

Compare Source

📚 PR:

• Added fastify-esso plugin (#​2084)
• add comma to queryStringJsonSchema (#​2085)
• Throws error if an invalid status code is sent (#​2082)
• chore: greenkeeper ignore semver (#​2095)
• Fix inaccurate type of setErrorHandler (#​2092)
• Fixed typo res.res to reply.res (#​2099)
• docs: use computed key when assigning property to request (#​2100)
• types: add type of this to the not found handler (#​2102)
• docs: fix header and body generic types (#​2103)
• fix: multiple route same schema (#​2108)
• http2: fix req.hostname not set (#​2113)
• Added fastify-axios plugin (#​2118)
• docs: Clarify reply.redirect status code docs (#​2121)

v2.12.0

Compare Source

📚 PR:

• fix: skip serialization for json string (#​1937)
• Added fastify-casl to Community Plugins (#​1977)
• feature: added validation context to validation result (#​1915)
• ESM support (#​1984)
• fix: adjust hooks body null (#​1991)
• Added mcollina's plugin "fastify-secure-session" (#​1999)
• Add fastify-typeorm-plugin to community plugins (#​1998)
• Remove Azure Pipelines (#​1985)
• Update validation docs (#​1994)
• Drop Windows-latest and Node 6 from CI as its failing. (#​2002)
• doc: fix esm-support anchor (#​2001)
• Docs(Fluent-Schema.md): fix fluent schema repo link (#​2007)
• fix - docs - hooks - error handling (#​2000)
• add fastify-explorer to ecosystem (#​2003)
• Add a recommendations doc (#​1997)
• Fix TOC typo in recommendations (#​2009)
• docs(Typescript): typo (#​2016)
• docs: fix onResponse parameter (#​2020)
• Update template bug.md (#​2025)
• fix replace way enum (#​2026)
• docs: update inject features (#​2029)
• Update Copyright Year to 2020 (#​2031)
• add generic to typescript Reply.send payload (#​2032)
• Shorten longest line (docs) (#​2035)
• docs: OpenJS CoC (#​2033)
• Workaround for using one schema for multiple routes (#​2044)
• docs: inject chainable methods (#​1917) (#​2043)
• http2: handle graceful close (#​2050)
• chore(package): update fluent-schema to version 0.10.0 (#​2057)
• chore(package): update yup to version 0.28.1 (#​2059)
• Update README.md (#​2064)
• Added fastify-response-validation to ecosystem (#​2063)
• fix: use opts of onRoute hook (#​2060)
• Fixed documentation typo (#​2067)
• Add missing TS definition for ServerOptions.genReqId function arg (#​2076)
• fix: throw hooks promise rejection (#​2070) (#​2074)
• Add docs to stop processing hooks with async (#​2079)

v2.11.0

Compare Source

📚 PR:

• Test: After can access to decorations registered into plugin (#​1891)
• chore(package): update h2url to version 0.2.0 (#​1902)
• Add type definition for genReqId option (#​1899)
• add missing fluent schema link (#​1903)
• Updates fastify-multer repository (#​1904)
• Add Node v13 to CI (#​1912)
• adds fastify-https-redirect to ecosystem (#​1911)
• Added support for onConstructorPoisoning (#​1910)
• Add log serializer (#​1901)
• Added fastify-qs plugin (#​1906)
• Handle invalid url components (#​1888)
• Update Actions to use latest versions of all OS's (#​1907)
• less coverage messages (#​1918)
• chore(package): update form-data to version 3.0.0 (#​1923)
• Update documentation to fix anchors for Hooks (#​1928)
• Added missing types for Server Options (#​1922)
• Fix/1932 Add version field to the route options (#​1933)
• Update abstract-logging to v2 (#​1941)
• Update Routes.md (#​1942)
• Add fastify-errors-properties plugin to Ecosystem (#​1944)
• Add fastify-auth0-verify to Ecosystem. (#​1947)
• chore(package): update fluent-schema to version 0.8.0 (#​1950)
• Added note about OpenJS Foundation (#​1948)
• Update onRoute documentation for plugin authors. (#​1956)
• docs: fix example onRoute with preSerialization (#​1959)
• feature: Ajv custom options (#​1946)
• fix: add middleware type for multiple paths (#​1957)
• fature: register's opts onRegister hook (#​1958)
• feature: Add support for onSend on routes. (#​1961)
• Typescript types plugin example docs update (#​1963)
• chore(package): update fluent-schema to version 0.9.0 (#​1964)
• minor docs update for https typings (#​1945)

v2.10.0

Compare Source

Features:

• Added Reply.statusCode - #​1892

Fixes:

• fix schema resolver for plain id - #​1882

Documentation:

• doc fix: add .headers to reply docs - #​1890

v2.9.0

Compare Source

📚 PR:

• Improving Getting Started documentation (#​1837)
• feat - Implement pluginName (#​1836)
• feature: add onResponse hook in route declaration (#​1838)
• Fix eslint "no-misused-promises" error in hooks (#​1843)
• Update Validation-and-Serialization.md (#​1846)
• docs(Reply): fix Errors (#​1848)
• First batch of documentation fixes (#​1850)
• add FastifyReply#removeHeader method to fastify.d.ts (#​1849)
• randomize file name in test (#​1856)
• Move Nathan Woltman to Past Collaborators (#​1857)
• add github workflow for CI and website, (#​1853)
• possible fixes (#​1861)
• fix (#​1862)
• Fix/pkg manager ci (#​1863)
• install yarn and pnpm in the host env (#​1865)
• Rules to contributing to plugins (#​1842)
• Make reply a thenable (#​1869)
• docs(Plugins): removed prefix from list with fastify-plugin (#​1819)
• Add SerayaEryn to team list (#​1867)
• Don't change resolved schema (#​1872)
• Fix Plugin type in fastify.d.ts (#​1841)
• fix(package): update tiny-lru to version 7.0.0 (#​1874)
• feature: schema resolver (#​1858)
• Fix warning for onError hook (#​1876)
• Update Server.md (#​1878)

v2.8.0

Compare Source

📚 PR:

• docs(Serverless): add missing punctuation marks (#​1783)
• Add toStrinTag to errors (#​1785)
• [ts] Add handler to RouteShorthandOptions (#​1788)
• typo: typescript-server.ts (#​1791)
• Add request property to reply documentation (#​1792)
• Use .isFluentSchema instead of symbol to check for fluent-schema (#​1794)
• fix inverted if in serverless example (#​1797)
• Ensure that header properties are not duplicated in schema (#​1806)
• docs(Hooks): Add each Hook to a title (#​1801)
• Docs(typescript) and other typos (#​1811)
• docs(Hooks): (#​1810)
• Update standard (#​1816)
• add plugin for autogenerate crud route in Ecosystem (#​1813)
• chore(package): update @​typescript-eslint/parser to version 2.0.0 (#​1799)
• Improve default 404 route (#​1826)
• Schema build error (#​1808)
• Update Ecosystem.md (#​1827)
• fix: premature close test (#​1833)
• Added Zeit Now docs (#​1824)
• greenkeeper ignore @​typescript-eslint/eslint-plugin (#​1835)

v2.7.1

Compare Source

Fixes:

• Ensure we are not running the handler if reply.sent is true - #​1778
• better typing for headers object - #​1775

Documentation:

• Added Google Cloud Run docs - #​1770
• docs: simplify serverless usage - #​1748

v2.7.0

Compare Source

Features:

• Added return503OnClosing option - #​1723

Fixes:

• Fix bug regarding Joi schemas (issue #​1767) - #​1768

Documentation:

• docs(Plugins): Fix typo - #​1764
• Change the next to done inside documentation - #​1756
• security policy - #​1738
• docs(Ecosystem): Add fastify-no-additional-properties community plugin - #​1762
• docs(Hooks): Add payload inside example to prevent bugs - #​1739
• docs(Hooks): Fix typo - #​1759
• change code examples in Reply documentation - #​1751
• Update Routes.md - #​1743
• Update Server.md - #​1718
• docs: fix typos for logging - #​1701
• docs(Ecosystem): Add cls-rtracer community plugin - #​1731
• docs: move Trivikram to past collaborators - #​1727
• docs(Ecosystem): Add plugin community fastify-reverse-routes - #​1728
• docs(Ecosystem): Removed fastify-nuxt community package - #​1725
• docs(Ecosystem): Add plugin community fastify-amqp - #​1724

v2.6.0

Compare Source

Features:

• feature: custom serializator - #​1706
• allow nullable option for use cases like #​1709 - #​1711
• Improve support for Fluent Schema - #​1719

Documentation:

• Clarify that user-provided data relates to the schemas - #​1722

v2.5.0

Compare Source

Features:

• Add ability to get response time on reply - #​1697
• Alias schema.query to schema.querystring (#​1690) - #​1694

Fixes:

• Added case sensitive option to definition file - #​1691
• fix: use reply instead of original res - #​1704
• Removes double call to afterRouteAdded when ignoreTrailingSlash === true - #​1675
• Fix http2SecureServer test - #​1681
• Adds defaults to TS generics definitions - #​1669

Documentation:

• docs: fix typos for logging - #​1701
• Add RBAC plugin - #​1692
• Update docs to fix req.body inside logger req - #​1695

v2.4.1

Compare Source

• Add .git folder to NPM ignore - #​1663

v2.4.0

Compare Source

Features

• Use secure-json-parse instead of bourne (#​1619)
• Add option to disable request start and end logging (#​1629)

Fixes

• Add typings for disableRequestLogging option (#​1633)
• Catches onRoute hooks errors (#​1651)
• Emit warning synchronously (#​1657)
• Hooks: throw on incorrect async function (#​1608)
• fix(types): fix register options (#​1644)

Documentation

• add: more example on how use the $ref keyword (#​1613)
• Minor host binding documentation rewrite: (#​1616)
• Add fastify-feature-flags plugin to Ecosystem (#​1614)
• docs: fix a broken anchor tag in Logging page (#​1622)
• improve docs of fastify.close() (#​1632)
• Added fastify-decorators to Ecosystem.md (#​1645)
• offboarding steps (#​1646)
• Add fastify-objectionjs plugin to the Ecosystem (#​1638)
• add example repo link (#​1648)
• Make some spelling and grammar corrections to TS.md (#​1640)
• docs(reply): clarify settings headers (#​1642)
• Docs: add links for Ajv i18n and custom errors (#​1588)
• Updated docs to reflect internal reorg (#​1575)

Internals

• chore(travis) add 12 (#​1611)
• add node v12 to ci (#​1610)
• Updated azure pipelines configuration (#​1639)
• chore(package): update dns-prefetch-control to version 0.2.0 (#​1641)
• add tap into greenkeeper ignore list (#​1643)
• Fix typo in azure-pipelines.yml (#​1649)
• chore(package): update flatstr to version 1.0.12 (#​1653)
• chore(package): update send to version 0.17.0 (#​1627)
• internal: moved route code (#​1625)

v2.3.0

Compare Source

Features:

• Add onRequest route hook - #​1594

Fixes:

• Resolve issue 1584 - #​1589
• fix/mutated-schemas at startup - #​1572

Documentation:

• Warning notice for new Function - #​1605
• Added plugin fastify-normalize-request-reply - #​1600
• Docs: Update Server#logger to discuss custom logger option - #​1577
• first serverless documentation for AWS Lambda - #​1564
• Fix typo in Hooks.md - #​1590
• fix/schema-typo - #​1585
• TOC added to Reply.md - #​1582
• Update Routes.md - #​1579
• Update Ecosystem.md - #​1570
• doc add fastify-schema-constraint to ecosystem - #​1573
• Fix ignoreTrailingSlash example - #​1574

Internals:

• Faster startup time - #​1597
• use a cache for Ajv compiled schemas - #​1606

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.