chore(deps): bump the dependencies group across 1 directory with 7 updates #183

dependabot · 2025-12-08T21:08:28Z

Bumps the dependencies group with 7 updates in the / directory:

Package	From	To
@fastify/http-proxy	`11.3.0`	`11.4.1`
fastify	`5.4.0`	`5.6.2`
pino	`9.7.0`	`10.1.0`
pino-pretty	`13.0.0`	`13.1.3`
ua-parser-js	`2.0.4`	`2.0.6`
undici	`7.11.0`	`7.16.0`
zod	`3.25.75`	`4.1.13`

Updates @fastify/http-proxy from 11.3.0 to 11.4.1

Release notes

Sourced from @fastify/http-proxy's releases.

v11.4.1

What's Changed

fix: add types and updated docs for 'preRewrite'. by @mn4367 in fastify/fastify-http-proxy#442

New Contributors

@mn4367 made their first contribution in fastify/fastify-http-proxy#442

Full Changelog: fastify/fastify-http-proxy@v11.4.0...v11.4.1

v11.4.0

What's Changed

build(deps-dev): bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in fastify/fastify-http-proxy#424

build(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @dependabot[bot] in fastify/fastify-http-proxy#426

chore: add .npmrc file by @Fdawgs in fastify/fastify-http-proxy#429

build(deps-dev): remove @fastify/pre-commit by @Fdawgs in fastify/fastify-http-proxy#430

ci(ci): add concurrency config by @Fdawgs in fastify/fastify-http-proxy#433

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in fastify/fastify-http-proxy#434

build(deps-dev): bump pino from 9.14.0 to 10.1.0 by @dependabot[bot] in fastify/fastify-http-proxy#435

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in fastify/fastify-http-proxy#432

chore: update deps by @simone-sanfratello in fastify/fastify-http-proxy#436

chore: address security scanner false positives related to CVE-2023-2968 by @joeyorlando in fastify/fastify-http-proxy#437

feat(types): add fromParameters method by @rozzilla in fastify/fastify-http-proxy#440

chore(deps): update and add tests by @rozzilla in fastify/fastify-http-proxy#441

New Contributors

@joeyorlando made their first contribution in fastify/fastify-http-proxy#437

@rozzilla made their first contribution in fastify/fastify-http-proxy#440

Full Changelog: fastify/fastify-http-proxy@v11.3.0...v11.4.0

Commits

d15c916 Bumped v11.4.1
a3796e5 fix: add types and updated docs for 'preRewrite'. (#442)
efcb312 Bumped v11.4.0
5ade2e5 chore(deps): update and add tests (#441)
8ae78d2 feat(types): add fromParameters method (#440)
bbe97fb chore: address security scanner false positives related to CVE-2023-2968 (#...
031f4d4 chore: update deps (#436)
f2e4de6 build(deps-dev): bump tsd from 0.32.0 to 0.33.0 (#432)
6794aa0 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#435)
6268ce3 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#434)
Additional commits viewable in compare view

Updates fastify from 5.4.0 to 5.6.2

Release notes

Sourced from fastify's releases.

v5.6.2

What's Changed

refactor: rename source file names with kebab-case by @jean-michelet in fastify/fastify#6331

ci(ci): check dependabot prs originate from repo by @Fdawgs in fastify/fastify#6330

fix: accept htab ows by @jean-michelet in fastify/fastify#6303

fix: handle non FastifyErrors in custom handler properly, set type of error-parameter for setErrorHandler and errorHandler to unknown, but configurable via generic TError by @Uzlopak in fastify/fastify#6308

build(deps-dev): remove @fastify/pre-commit by @Fdawgs in fastify/fastify#6319

ci: improve citgm workflows by @Uzlopak in fastify/fastify#6334

docs: explain stream error handling by @lundibundi in fastify/fastify#5746

fix: error throwing in reply by @juanlet in fastify/fastify#6299

refactor: delegate options processing to a dedicated function by @jean-michelet in fastify/fastify#6333

ci: remove label of citgm only on pull_request.labeled, add options for workflow_dispatch by @Uzlopak in fastify/fastify#6335

chore: Bump actions/checkout from 4 to 5 by @dependabot[bot] in fastify/fastify#6343

chore: Bump joi from 17.13.3 to 18.0.1 by @dependabot[bot] in fastify/fastify#6347

chore: Bump lycheeverse/lychee-action from 2.4.1 to 2.6.1 by @dependabot[bot] in fastify/fastify#6345

chore: Bump actions/dependency-review-action from 4.7.1 to 4.8.0 by @dependabot[bot] in fastify/fastify#6344

chore: Bump actions/labeler from 5 to 6 by @dependabot[bot] in fastify/fastify#6341

chore: Bump actions/setup-node from 4 to 5 by @dependabot[bot] in fastify/fastify#6342

chore: Bump actions/github-script from 7 to 8 by @dependabot[bot] in fastify/fastify#6340

docs: mention that addHttpMethod override existing methods by @jean-michelet in fastify/fastify#6350

chore: remove reference to simple-get by @ilteoood in fastify/fastify#6353

chore: remove commented tests by @ilteoood in fastify/fastify#6352

fix: respect child logger factory in fastify options by @cysp in fastify/fastify#6349

docs(ecosystem): adding attaryz/fastify-devtools to community plugins by @attaryz in fastify/fastify#6339

docs: remove ambiguity from statement by @udohjeremiah in fastify/fastify#6360

chore: add @fastify/sse as fastify core plugin to documentation and citgm by @manshusainishab in fastify/fastify#6364

docs(guides/fluent-schema): replace last nb usage by @Fdawgs in fastify/fastify#6365

style(ci): remove whitespace from concurrency group by @Fdawgs in fastify/fastify#6366

docs: Fix broken link to TypeBox doc website wrt AJV setup by @melroy89 in fastify/fastify#6367

docs(reference/plugins): mention async plugins by @Fdawgs in fastify/fastify#6357

chore: add max-len ESLint rule with 120 character limit by @emicovi in fastify/fastify#6221

chore: Bump actions/dependency-review-action from 4.8.0 to 4.8.1 by @dependabot[bot] in fastify/fastify#6374

chore: Bump pino from 9.14.0 to 10.1.0 in the dependencies-major group by @dependabot[bot] in fastify/fastify#6378

chore: Bump pnpm/action-setup from 4.1.0 to 4.2.0 by @dependabot[bot] in fastify/fastify#6375

chore: Bump tsd from 0.32.0 to 0.33.0 in the dev-dependencies-typescript group by @dependabot[bot] in fastify/fastify#6346

chore: Bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 by @dependabot[bot] in fastify/fastify#6377

fix: handle web stream payload in HEAD route by @orionmiz in fastify/fastify#6372

chore: Bump actions/setup-node from 5 to 6 by @dependabot[bot] in fastify/fastify#6376

chore: Bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in fastify/fastify#6379

fix: parse ipv6 hostname by @jean-michelet in fastify/fastify#6373

fix: consistent error handling for custom validators in async validation contexts by @emicovi in fastify/fastify#6247

New Contributors

@juanlet made their first contribution in fastify/fastify#6299

@cysp made their first contribution in fastify/fastify#6349

@attaryz made their first contribution in fastify/fastify#6339

@udohjeremiah made their first contribution in fastify/fastify#6360

@manshusainishab made their first contribution in fastify/fastify#6364

@orionmiz made their first contribution in fastify/fastify#6372

... (truncated)

Commits

f15d4ea Bumped v5.6.2
d338dca fix: consistent error handling for custom validators in async validation cont...
e1aee4b fix: parse ipv6 hostname (#6373)
b5958b3 chore: Bump borp from 0.20.2 to 0.21.0 (#6379)
3120cde chore: Bump actions/setup-node from 5 to 6 (#6376)
dd02e42 fix: handle web stream payload in HEAD route (#6372)
810e3d5 chore: Bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 (#6377)
5ebe327 chore: Bump tsd in the dev-dependencies-typescript group (#6346)
106bb6b chore: Bump pnpm/action-setup from 4.1.0 to 4.2.0 (#6375)
55653d6 chore: Bump pino from 9.14.0 to 10.1.0 in the dependencies-major group (#6378)
Additional commits viewable in compare view

Updates pino from 9.7.0 to 10.1.0

Release notes

Sourced from pino's releases.

v10.1.0

What's Changed

test: add regression test for issue #2313 by @mcollina in pinojs/pino#2314

fix!: use safer types for censor function signature (#2307) by @slifty in pinojs/pino#2308

remove unused parsedChindingsSym symbol by @mcollina in pinojs/pino#2315

chore: add .npmignore to exclude unnecessary files by @mcollina in pinojs/pino#2312

chore(lint): migrate from standard to neostandard & upgrade eslint to v9 by @lokeshwar777 in pinojs/pino#2316

build(deps-dev): bump eslint-plugin-n from 15.7.0 to 17.23.1 by @dependabot[bot] in pinojs/pino#2305

Use @pinojs/redact by @mcollina in pinojs/pino#2321

fix: added missing isoTimeNano to nested namespace by @edge33 in pinojs/pino#2325

New Contributors

@slifty made their first contribution in pinojs/pino#2308

@lokeshwar777 made their first contribution in pinojs/pino#2316

Full Changelog: pinojs/pino@v10.0.0...v10.1.0

v10.0.0

The only breaking change is dropping support for Node 18.

What's Changed

feat(types): add LogFnFields by @samchungy in pinojs/pino#2254

Convert tests to node:test by @jsumners in pinojs/pino#2299

removed unused .taprc.yaml by @jsumners in pinojs/pino#2310

Full Changelog: pinojs/pino@v9.13.1...v10.0.0

v9.14.0

What's Changed

feat(types): add LogFnFields by @samchungy in pinojs/pino#2254

[v9.x] Update to pinojs redact by @mcollina in pinojs/pino#2322

Revert setlevel opt in 9.x by @mcollina in pinojs/pino#2323

Full Changelog: pinojs/pino@v9.13.1...v9.14.0

v9.13.1

What's Changed

fix(log): better logfn handling of generics by @rozzilla in pinojs/pino#2309

Full Changelog: pinojs/pino@v9.13.0...v9.13.1

v9.13.0

What's Changed

build(deps): bump actions/checkout from 4.3.0 to 5.0.0 by @dependabot[bot] in pinojs/pino#2301

build(deps): bump actions/github-script from 7 to 8 by @dependabot[bot] in pinojs/pino#2303

build(deps-dev): bump @yao-pkg/pkg from 6.3.0 to 6.7.0 by @dependabot[bot] in pinojs/pino#2306

perf: optimize .child by @ronag in pinojs/pino#2300

... (truncated)

Commits

b248d2f Bumped v10.1.0
105a2c9 fix: added missing isoTimeNano to nested namespace (#2325)
4250665 Use @pinojs/redact (#2321)
8cb5a59 build(deps-dev): bump eslint-plugin-n from 15.7.0 to 17.23.1 (#2305)
b2c1408 chore(lint): migrate from standard to neostandard & upgrade eslint to v9 (#2316)
2b0bd9f chore: add .npmignore to exclude unnecessary files from npm package (#2312)
5e9d4f1 remove unused parsedChindingsSym symbol (#2315)
f220f1e fix!: use safer types for censor function signature (#2307) (#2308)
e12e9c2 test: add regression test for issue #2313 (#2314)
d15cdd6 Bumped v10.0.0
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pino since your current version.

Updates pino-pretty from 13.0.0 to 13.1.3

Release notes

Sourced from pino-pretty's releases.

v13.1.3

What's Changed

Add in the README file a snippet to use pino-pretty only for dev by @himito in pinojs/pino-pretty#623

build(deps): bump actions/setup-node from 4 to 6 by @dependabot[bot] in pinojs/pino-pretty#626

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in pinojs/pino-pretty#627

build(deps-dev): bump pino from 9.14.0 to 10.1.0 by @dependabot[bot] in pinojs/pino-pretty#628

build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 by @dependabot[bot] in pinojs/pino-pretty#629

Update format-time.js documentation to match functionality by @g-sanner in pinojs/pino-pretty#632

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in pinojs/pino-pretty#636

build(deps): bump fast-copy from 3.0.2 to 4.0.0 by @dependabot[bot] in pinojs/pino-pretty#637

fix: messageFormat print 0 value by @gutenye in pinojs/pino-pretty#635

New Contributors

@himito made their first contribution in pinojs/pino-pretty#623

@g-sanner made their first contribution in pinojs/pino-pretty#632

@gutenye made their first contribution in pinojs/pino-pretty#635

Full Changelog: pinojs/pino-pretty@v13.1.2...v13.1.3

v13.1.2

What's Changed

build(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @dependabot[bot] in pinojs/pino-pretty#609

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in pinojs/pino-pretty#621

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in pinojs/pino-pretty#622

fix: allow esm import for isColorSupported by @JoeCap08055 in pinojs/pino-pretty#616

Use neostandard and remove pre-commit by @jsumners in pinojs/pino-pretty#624

fix: missing property on objectColorizer by @IronGeek in pinojs/pino-pretty#625

New Contributors

@JoeCap08055 made their first contribution in pinojs/pino-pretty#616

@IronGeek made their first contribution in pinojs/pino-pretty#625

Full Changelog: pinojs/pino-pretty@v13.1.1...v13.1.2

v13.1.1

What's Changed

Revert "chore: upgrade dateformat" by @Uzlopak in pinojs/pino-pretty#607

Full Changelog: pinojs/pino-pretty@v13.1.0...v13.1.1

v13.1.0

What's Changed

Bump @arethetypeswrong/cli from 0.16.4 to 0.17.0 by @dependabot[bot] in pinojs/pino-pretty#543

Bump secure-json-parse from 2.7.0 to 3.0.1 by @dependabot[bot] in pinojs/pino-pretty#547

Bump typescript from 5.6.3 to 5.7.2 by @dependabot[bot] in pinojs/pino-pretty#548

Readme.md: remove the command prompt symbol by @yegorich in pinojs/pino-pretty#545

Add magenta as the color for printed object properties. Fixes suport for --no-colorizeObjects by @mcollina in pinojs/pino-pretty#553

Bump typescript from 5.7.3 to 5.8.2 by @dependabot[bot] in pinojs/pino-pretty#555

perf: use node: prefix to bypass require.cache call for builtins by @Fdawgs in pinojs/pino-pretty#556

... (truncated)

Commits

08425cd v13.1.3
6afb524 fix: messageFormat print 0 value (#635)
70c73ea build(deps): bump fast-copy from 3.0.2 to 4.0.0 (#637)
2cd9794 build(deps): bump actions/checkout from 5 to 6 (#636)
c06e276 Update format-time.js documentation to match functionality (#632)
47ffb45 build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 (#629)
932af85 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#628)
6d48318 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#627)
3b89a0c build(deps): bump actions/setup-node from 4 to 6 (#626)
ab0ccab Add in the README file a snippet to use pino-pretty only for dev (#623)
Additional commits viewable in compare view

Updates ua-parser-js from 2.0.4 to 2.0.6

Release notes

Sourced from ua-parser-js's releases.

v2.0.6

Version 2.0.6

Add new CLI feature: processing batch user-agent data from file and output as JSON

Fix setUA(): trim leading space from user-agent string input

Replace undici dependency with node's internal Headers

Add new browser: Bing, Qwant

Add new device vendor: Hisense, Wiko

Improve browser detection: Mozilla, Pale Moon

Improve CPU detection: 68k

Improve device detection: Apple, BlackBerry, Huawei, Nokia, Xiaomi

Improve OS detection: iOS 26

extensions submodule:

Add new fetcher: Discordbot, KeybaseBot, Slackbot, Slackbot-LinkExpanding, Slack-ImgProxy, Twitterbot

Add new crawler: Qwantbot-news, SurdotlyBot, SwiftBot

v2.0.5

Version 2.0.5

Add new browser: Zalo

Add new CPU arch: alpha

Add new device vendor: Philips

Improve device detection: Pico

Fix parsing error on pages with modified Array prototypes

Improve type declarations:

Replace node-fetch dependency with undici

Replace hardcoded string values with enum from enum submodule

enums submodule:

Add Extension enum for extensions submodule

Type declaration file now automatically generated using build script

Naming adjustments:

Browser => BrowserName

CPU => CPUArch

Device => DeviceType

Vendor => DeviceVendor

Engine => EngineName

OS => OSName

extensions submodule:

Add new crawlers: APIs-Google, Algolia Crawler, Algolia Crawler Renderscript, Baidu-ADS, BLEXBot, botify, Bravebot, Claude-Web, cohere-training-data-crawler, contxbot, Cotoyogi, Coveobot, CriteoBot, DeepSeekBot, DuckDuckGo-Favicons-Bot, Elastic, FirecrawlAgent, Freespoke, Google-CloudVertexBot, HuggingFace-Bot, Kagibot, Kangaroo Bot, marginalia, msnbot, OnCrawl, Replicate-Bot, RunPod-Bot, SBIntuitionsBot, SeekportBot, Siteimprove, Sogou Pic Spider, TikTokSpider, TwinAgent, v0bot, webzio, Webzio-Extended, xAI-Bot, YandexAccessibilityBot, YandexAdditionalBot, YandexAdNet, YandexBot MirrorDetector, YandexBlogs, YandexComBot, YandexFavicons, YandexImageResizer, YandexImages, YandexMarket, YandexMetrika, YandexMedia, YandexMobileBot, YandexMobileScreenShotBot, YandexNews, YandexOntoDB, YandexOntoDBAPI, YandexPartner, YandexRCA, YandexRenderResourcesBot, YandexScreenshotBot, YandexSpravBot, YandexTracker, YandexVertis, YandexVerticals, YandexVideo, YandexVideoParser, YandexWebmaster, YepBot, ZumBot

Add new fetchers: Asana, bitlybot, Blueno, BufferLinkPreviewBot, Chrome-Lighthouse, Gemini-Deep-Research, HubSpot Page Fetcher, kakaotalk-scrap, vercel-favicon-bot, vercel-screenshot-bot, vercelflags, verceltracing, YaDirectFetcher, YandexCalendar, YandexDirect, YandexDirectDyn, YandexForDomain, YandexPagechecker, YandexSearchShop, YandexSitelinks, YandexUserproxy

helpers submodule:

Add some crawler to isAIBot(): Bravebot, cohere-training-data-crawler, FirecrawlAgent, HuggingFace-Bot, Kangaroo Bot, PanguBot, Replicate-Bot, RunPod-Bot, TikTokSpider, Together-Bot, v0bot, xAI-Bot

Changelog

Sourced from ua-parser-js's changelog.

Version 2.0.6

Add new CLI feature: processing batch user-agent data from file and output as JSON

Fix setUA(): trim leading space from user-agent string input

Replace undici dependency with node's internal Headers

Add new browser: Bing, Qwant

Add new device vendor: Hisense, Wiko

Improve browser detection: Mozilla, Pale Moon

Improve CPU detection: 68k

Improve device detection: Apple, BlackBerry, Huawei, Nokia, Xiaomi

Improve OS detection: iOS 26

extensions submodule:

Add new fetcher: Discordbot, KeybaseBot, Slackbot, Slackbot-LinkExpanding, Slack-ImgProxy, Twitterbot

Add new crawler: Qwantbot-news, SurdotlyBot, SwiftBot

Version 2.0.5

Add new browser: Zalo

Add new CPU arch: alpha

Add new device vendor: Philips

Improve device detection: Pico

Fix parsing error on pages with modified Array prototypes

Improve type declarations:

Replace node-fetch dependency with undici

Replace hardcoded string values with enum from enum submodule

enums submodule:

Add Extension enum for extensions submodule

Type declaration file now automatically generated using build script

Naming adjustments:

Browser => BrowserName

CPU => CPUArch

Device => DeviceType

Vendor => DeviceVendor

Engine => EngineName

OS => OSName

extensions submodule:

Add new crawlers: APIs-Google, Algolia Crawler, Algolia Crawler Renderscript, Baidu-ADS, BLEXBot, botify, Bravebot, Claude-Web, cohere-training-data-crawler, contxbot, Cotoyogi, Coveobot, CriteoBot, DeepSeekBot, DuckDuckGo-Favicons-Bot, Elastic, FirecrawlAgent, Freespoke, Google-CloudVertexBot, HuggingFace-Bot, Kagibot, Kangaroo Bot, marginalia, msnbot, OnCrawl, Replicate-Bot, RunPod-Bot, SBIntuitionsBot, SeekportBot, Siteimprove, Sogou Pic Spider, TikTokSpider, TwinAgent, v0bot, webzio, Webzio-Extended, xAI-Bot, YandexAccessibilityBot, YandexAdditionalBot, YandexAdNet, YandexBot MirrorDetector, YandexBlogs, YandexComBot, YandexFavicons, YandexImageResizer, YandexImages, YandexMarket, YandexMetrika, YandexMedia, YandexMobileBot, YandexMobileScreenShotBot, YandexNews, YandexOntoDB, YandexOntoDBAPI, YandexPartner, YandexRCA, YandexRenderResourcesBot, YandexScreenshotBot, YandexSpravBot, YandexTracker, YandexVertis, YandexVerticals, YandexVideo, YandexVideoParser, YandexWebmaster, YepBot, ZumBot

Add new fetchers: Asana, bitlybot, Blueno, BufferLinkPreviewBot, Chrome-Lighthouse, Gemini-Deep-Research, HubSpot Page Fetcher, kakaotalk-scrap, vercel-favicon-bot, vercel-screenshot-bot, vercelflags, verceltracing, YaDirectFetcher, YandexCalendar, YandexDirect, YandexDirectDyn, YandexForDomain, YandexPagechecker, YandexSearchShop, YandexSitelinks, YandexUserproxy

helpers submodule:

Add some crawler to isAIBot(): Bravebot, cohere-training-data-crawler, FirecrawlAgent, HuggingFace-Bot, Kangaroo Bot, PanguBot, Replicate-Bot, RunPod-Bot, TikTokSpider, Together-Bot, v0bot, xAI-Bot

Commits

061cf0e Bump version 2.0.6
2882014 Add new inApp browser: Bing
3eea064 Add new device vendor: Wiko - https://world.wikomobile.com/
5f1ed83 [chore] Update CLI import & unit test
5349bb5 Improve device detection: BlackBerry, Huawei, Xiaomi
9ba4d2b Add new device vendor: Hisense - https://global.hisense.com/
4c935c0 Improve device detection: Nokia
ae7b5e1 chore: Replace Undici by native Headers (#805)
44165a6 Improve CPU detection: 68k
fc51250 Improve browser detection: Mozilla, Pale Moon
Additional commits viewable in compare view

Updates undici from 7.11.0 to 7.16.0

Release notes

Sourced from undici's releases.

v7.16.0

What's Changed

Drop npm token, use OIDC instead by @mcollina in nodejs/undici#4447

fetch: instantiate readableStream in extractBody with sync methods by @Uzlopak in nodejs/undici#4350

fix: remove async on [kClose] and [kDestroy], only return Promise by @Uzlopak in nodejs/undici#4450

fetch: make consumeBody sync by @Uzlopak in nodejs/undici#4449

perf: make client.connect() sync by @Uzlopak in nodejs/undici#4455

fetch: remove promise in exported fetch by @Uzlopak in nodejs/undici#4452

fix(#4451): implement http2 cookie support by @metcoder95 in nodejs/undici#4453

test: cache store tests should properly be skipped by @Uzlopak in nodejs/undici#4463

test: fix IPv6 skip check for test/client.js by @Uzlopak in nodejs/undici#4466

test: remove skip check for AbortSignal.timeout, as it exists since node18 by @Uzlopak in nodejs/undici#4464

test: investigate macos failing by @Uzlopak in nodejs/undici#4467

test: remove obsolete < node v18 test case for http2 by @Uzlopak in nodejs/undici#4461

perf: avoid intermediate promise on BodyReadable.dump by @Uzlopak in nodejs/undici#4459

test: remove skip check for long-lived-abort-controller test (was flaky 10 months ago) by @Uzlopak in nodejs/undici#4465

test: remove skip checks for existance of global available Blob and File by @Uzlopak in nodejs/undici#4460

perf (fetch): use less promises for ReadableStream by @Uzlopak in nodejs/undici#4457

fix: catch synchronous errors in request callbacks by @mcollina in nodejs/undici#4443

fix: avoid instanceof MockNotMatchedError by @Uzlopak in nodejs/undici#4474

eventsource: remove promise for #reconnect method by @Uzlopak in nodejs/undici#4469

feat: make UndiciErrors reliable to instanceof by @Uzlopak in nodejs/undici#4472

chore: call super() after type checks by @Uzlopak in nodejs/undici#4475

chore: FixedQueue does not need special constructor by @Uzlopak in nodejs/undici#4476

fix: buildAndValidateMockOptions should always get an object passed and always return an object by @Uzlopak in nodejs/undici#4479

fix: remove unused ResponseStatusCodeError by @Uzlopak in nodejs/undici#4473

chore: pool and dispatcherbase dont need constructor, use no array helper functions by @Uzlopak in nodejs/undici#4477

lint: avoid unintented use of globals in code and tests, improve test for installing/overwriting globals by @Uzlopak in nodejs/undici#4478

test: fix macos flakyness by @Uzlopak in nodejs/undici#4468

fix: 'no-referrer-when-downgrade' in determineRequestsReferrer should return referrerURL by @Uzlopak in nodejs/undici#4482

fix: deflake cache-fastimers-fix.js by @Uzlopak in nodejs/undici#4491

fix: improve validation of IP addresses as trustworthy, correct ipv4 check by @Uzlopak in nodejs/undici#4489

test (pool.js): fix flakyness of clientTtl test by @Uzlopak in nodejs/undici#4494

test (eventsource): refactor tests for eventsource, speed them up by @Uzlopak in nodejs/undici#4493

fix: remove useless catch in client-h1.js by @Uzlopak in nodejs/undici#4481

test: skip flaky encoding test on macos and node20 by @Uzlopak in nodejs/undici#4497

fix: implement proper stale-while-revalidate behavior per RFC 5861 by @mcollina in nodejs/undici#4492

test (websocket): speed up test/websocket/issue-2679.js by @Uzlopak in nodejs/undici#4501

webidl: fix existing and add missing buffer source converters by @Renegade334 in nodejs/undici#4503

use real wpt test server by @KhafraDev in nodejs/undici#4486

test: another try to fix flaky macos and node 20 by @Uzlopak in nodejs/undici#4490

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in nodejs/undici#4507

build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.3 by @dependabot[bot] in nodejs/undici#4509

fix writing to websocketstream with SharedArrayBuffer/SharedArrayBuff… by @KhafraDev in nodejs/undici#4504

test: use faketimers for test/client-keep-alive, refactor a little by @Uzlopak in nodejs/undici#4499

build(deps): bump github/codeql-action from 3.29.7 to 3.30.0 by @dependabot[bot] in nodejs/undici#4510

build(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 by @dependabot[bot] in nodejs/undici#4508

fix(h2): adjust :scheme on h2 requests by @metcoder95 in nodejs/undici#4454

chore: use lowercase filenames, remove unused verifyVersion.js by @Uzlopak in nodejs/undici#4514

chore: refactor workflows by @Uzlopak in nodejs/undici#4513

... (truncated)

Commits

7392d6f Bumped v7.16.0 (#4532)
415c66d fix: make error symbols non enumerable (#4531)
f182ff1 Disable SIMD for PPC64 architecture, add UNDICI_NO_WASM_SIMD env to facilitat...
95d835c example: use metcoders https-pem for the example (#4436)
7c42918 fix: shell command built from environment values (#4392)
51651a1 fix: wpt should use master branch (#4524)
82ea8fc refactor: parseHttpDate (#4421)
909a584 websocket: always emit error event (#4521)
d7bb09e fetch: process content-encoding header only if relevant (#4496)
e652f03 wpt: properly handle write permissions errors in wpt-runner setup (#4518)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Updates zod from 3.25.75 to 4.1.13

Release notes

Sourced from zod's releases.

v4.1.13

Commits:

5c2602ceb8be8941c64bbe5ac7d92cc174ae6f7e Update AI widget (#5318)

d3da530deb713c853e79405adddf770e156d50ac reflect the specified regex correctly in error (#5338)

39f8c45b8a29de2330b485862b83cb35849f4238 faster initialization (#5352)

e9e27905cc0f37cb079ea473af8359d5e17a57a1 Clean up comment

8e4739fadbd7de710eb67d34ba7e06a1029a68ab Update inferred z.promise() type

2849df8907b011ab056d67ae8e3d27577ac4ed3e fix(locales): improve Dutch (nl) localization (#5367)

b0d3c9f628b60d358b66acf8f0ef7937fc9e8950 Run tests on windows

6fd61b71b85e4fef4c168a46c3ebcc574f26255f feat unitest (#5358)

a4e4bc80e204577c698cf1369dd63c2b986d35f3 Lock to node 24

8de8bad0fa84194b81efd32474462d7a236a1ee4 Fix windows build

b2c186bbae3a74a12acd385c1ced3ed978235cf8 Use Node LTS

b73b1f61c798efdf497852872b4c19cd4111c1f3 Consolidate isTransforming logic

d85f3ea4da53a1b232017dd4e4a2874eca4d8d76 Fix #5353

1bac0f37b529eb9a0d833a01200f5a898e8e6220 Fix test.yml

86d4dad5bc27b4b35df533c9170a552ad8c6c3bc Fix partial record

5e6c0fd7471636feffe5763c9b7637879da459fe Fix attw on windows

27fc616b8edb93cc27a4d25b37479d6e418bbccf Extend test timeout

8d336c4d15e1917d78b67b890f7182f26633b56f Remove windows runner

5be72e0ef4dceb1387febb7981079ecdeb5e2817 chore(doc): update metadata.tsx (#5331)

cb0272a0ad9962df958...
Description has been truncated

…dates Bumps the dependencies group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@fastify/http-proxy](https://github.com/fastify/fastify-http-proxy) | `11.3.0` | `11.4.1` | | [fastify](https://github.com/fastify/fastify) | `5.4.0` | `5.6.2` | | [pino](https://github.com/pinojs/pino) | `9.7.0` | `10.1.0` | | [pino-pretty](https://github.com/pinojs/pino-pretty) | `13.0.0` | `13.1.3` | | [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `2.0.4` | `2.0.6` | | [undici](https://github.com/nodejs/undici) | `7.11.0` | `7.16.0` | | [zod](https://github.com/colinhacks/zod) | `3.25.75` | `4.1.13` | Updates `@fastify/http-proxy` from 11.3.0 to 11.4.1 - [Release notes](https://github.com/fastify/fastify-http-proxy/releases) - [Commits](fastify/fastify-http-proxy@v11.3.0...v11.4.1) Updates `fastify` from 5.4.0 to 5.6.2 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.4.0...v5.6.2) Updates `pino` from 9.7.0 to 10.1.0 - [Release notes](https://github.com/pinojs/pino/releases) - [Commits](pinojs/pino@v9.7.0...v10.1.0) Updates `pino-pretty` from 13.0.0 to 13.1.3 - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](pinojs/pino-pretty@v13.0.0...v13.1.3) Updates `ua-parser-js` from 2.0.4 to 2.0.6 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md) - [Commits](faisalman/ua-parser-js@2.0.4...2.0.6) Updates `undici` from 7.11.0 to 7.16.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.11.0...v7.16.0) Updates `zod` from 3.25.75 to 4.1.13 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v3.25.75...v4.1.13) --- updated-dependencies: - dependency-name: "@fastify/http-proxy" dependency-version: 11.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: fastify dependency-version: 5.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pino dependency-version: 10.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: pino-pretty dependency-version: 13.1.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ua-parser-js dependency-version: 2.0.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: undici dependency-version: 7.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: zod dependency-version: 4.1.13 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2025-12-08T21:09:47Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
ua-parser-js@2.0.4 ⏵ 2.0.6	⁺¹		^-3
undici@7.11.0 ⏵ 7.16.0		⁺¹
pino-pretty@13.0.0 ⏵ 13.1.3	⁺¹
pino@9.7.0 ⏵ 10.1.0	⁺¹
fastify@5.4.0 ⏵ 5.6.2	⁺¹		⁺²
@fastify/http-proxy@11.3.0 ⏵ 11.4.1			⁺⁷
zod@3.25.75 ⏵ 4.1.13

View full report

dependabot · 2025-12-15T21:09:50Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 8, 2025

dependabot bot closed this Dec 15, 2025

dependabot bot deleted the dependabot/npm_and_yarn/dependencies-4d6bd3468c branch December 15, 2025 21:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the dependencies group across 1 directory with 7 updates #183

chore(deps): bump the dependencies group across 1 directory with 7 updates #183

Uh oh!

dependabot bot commented on behalf of github Dec 8, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Dec 8, 2025

Uh oh!

dependabot bot commented on behalf of github Dec 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): bump the dependencies group across 1 directory with 7 updates #183

chore(deps): bump the dependencies group across 1 directory with 7 updates #183

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v11.4.1

What's Changed

New Contributors

v11.4.0

What's Changed

New Contributors

v5.6.2

What's Changed

New Contributors

v10.1.0

What's Changed

New Contributors

v10.0.0

What's Changed

v9.14.0

What's Changed

v9.13.1

What's Changed

v9.13.0

What's Changed

v13.1.3

What's Changed

New Contributors

v13.1.2

What's Changed

New Contributors

v13.1.1

What's Changed

v13.1.0

What's Changed

v2.0.6

Version 2.0.6

v2.0.5

Version 2.0.5

Version 2.0.6

Version 2.0.5

v7.16.0

What's Changed

v4.1.13

Commits:

Uh oh!

socket-security bot commented Dec 8, 2025

Uh oh!

dependabot bot commented on behalf of github Dec 15, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Dec 8, 2025 •

edited

Loading