Skip to content

chore(deps): bump the dependencies group across 1 directory with 7 updates #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the dependencies group across 1 directory with 7 updates #188

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 19, 2026

Bumps the dependencies group with 7 updates in the / directory:

Package From To
@fastify/http-proxy 11.3.0 11.4.1
fastify 5.4.0 5.7.1
pino 9.7.0 10.2.1
pino-loki 2.6.0 3.0.0
pino-pretty 13.0.0 13.1.3
ua-parser-js 2.0.4 2.0.8
zod 3.25.75 4.3.5

Updates @fastify/http-proxy from 11.3.0 to 11.4.1

Release notes

Sourced from @​fastify/http-proxy's releases.

v11.4.1

What's Changed

New Contributors

Full Changelog: fastify/fastify-http-proxy@v11.4.0...v11.4.1

v11.4.0

What's Changed

New Contributors

Full Changelog: fastify/fastify-http-proxy@v11.3.0...v11.4.0

Commits
  • d15c916 Bumped v11.4.1
  • a3796e5 fix: add types and updated docs for 'preRewrite'. (#442)
  • efcb312 Bumped v11.4.0
  • 5ade2e5 chore(deps): update and add tests (#441)
  • 8ae78d2 feat(types): add fromParameters method (#440)
  • bbe97fb chore: address security scanner false positives related to CVE-2023-2968 (#...
  • 031f4d4 chore: update deps (#436)
  • f2e4de6 build(deps-dev): bump tsd from 0.32.0 to 0.33.0 (#432)
  • 6794aa0 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#435)
  • 6268ce3 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#434)
  • Additional commits viewable in compare view

Updates fastify from 5.4.0 to 5.7.1

Release notes

Sourced from fastify's releases.

v5.7.1

What's Changed

Full Changelog: fastify/fastify@v5.7.0...v5.7.1

v5.7.0

What's Changed

New Contributors

... (truncated)

Commits

Updates pino from 9.7.0 to 10.2.1

Release notes

Sourced from pino's releases.

v10.2.1

What's Changed

Full Changelog: pinojs/pino@v10.2.0...v10.2.1

v10.2.0

What's Changed

New Contributors

Full Changelog: pinojs/pino@v10.1.1...v10.2.0

v10.1.1

What's Changed

New Contributors

Full Changelog: pinojs/pino@v10.1.0...v10.1.1

v10.1.0

What's Changed

... (truncated)

Commits
  • 31966a3 Bumped v10.2.1
  • 417ef57 fix: prevent ERR_WORKER_INVALID_EXEC_ARGV with monitoring tools (#2379)
  • 1833a6d Bumped v10.2.0
  • 47619e6 Add claude files to .gitignore
  • 658effe fix: prevent memory leak when using transport with --import preload (#2374)
  • 79a6087 chore: lint the .ts files (#2363)
  • 3390470 Bumped v10.1.1
  • 791adbe fix: allow passing string, number, null for %o placeholder (#2372)
  • 851a43f build(deps-dev): bump @​types/node from 24.10.4 to 25.0.3 (#2367)
  • 0c78849 build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#2365)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pino since your current version.


Updates pino-loki from 2.6.0 to 3.0.0

Release notes

Sourced from pino-loki's releases.

v3.0.0

⚠️ Breaking Changes

Node.js 20+ Required Node.js 18 is no longer supported. The minimum required version is now Node.js 20.

Batching Options Restructured

The batching configuration has been consolidated into a single object:

// Before (v2.x)
pinoLoki({ host: '...', batching: true, interval: 5 })
// After (v3.x)
pinoLoki({ host: '...', batching: { interval: 5, maxBufferSize: 10_000 } })
// Or simply omit for defaults, or set batching: false to disable

Default Buffer Limit

A new maxBufferSize option (default: 10,000) prevents out-of-memory issues when Loki is unavailable. When the buffer is full, oldest logs are dropped (FIFO).

Structured Metadata Enabled by Default

structuredMetaKey now defaults to 'meta'. Logs with a meta property will automatically send it as Loki structured metadata. Use structuredMetaKey: false to disable.

CLI Changes

  • --batch => --batching
  • --interval => --batching-interval
  • --timeout default: 2000ms → 30000ms
  • Added --batching-max-buffer-size
  • Removed -pl shorthand (use --propsLabels)

   🚨 Breaking Changes

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • c042352 chore: release v3.0.0
  • 528c6a4 style: lint files
  • ba7b17e chore!: remove deprecated CLI options
  • 5de977e fix!: change timeout default value
  • 43ebb6c feat!: use meta as default structured meta key
  • db75124 fix: avoid duplicate buffer flush on transport shutdown
  • feb0408 chore!: update dependencies ( drop node 18 )
  • d6d1acc fix: remove hostname from log object before formatting
  • e00e6ca feat!: add maxBufferSize option + update batching API
  • 66ccf05 chore: remove basicAuth options from debug
  • Additional commits viewable in compare view

Updates pino-pretty from 13.0.0 to 13.1.3

Release notes

Sourced from pino-pretty's releases.

v13.1.3

What's Changed

New Contributors

Full Changelog: pinojs/pino-pretty@v13.1.2...v13.1.3

v13.1.2

What's Changed

New Contributors

Full Changelog: pinojs/pino-pretty@v13.1.1...v13.1.2

v13.1.1

What's Changed

Full Changelog: pinojs/pino-pretty@v13.1.0...v13.1.1

v13.1.0

What's Changed

... (truncated)

Commits
  • 08425cd v13.1.3
  • 6afb524 fix: messageFormat print 0 value (#635)
  • 70c73ea build(deps): bump fast-copy from 3.0.2 to 4.0.0 (#637)
  • 2cd9794 build(deps): bump actions/checkout from 5 to 6 (#636)
  • c06e276 Update format-time.js documentation to match functionality (#632)
  • 47ffb45 build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 (#629)
  • 932af85 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#628)
  • 6d48318 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#627)
  • 3b89a0c build(deps): bump actions/setup-node from 4 to 6 (#626)
  • ab0ccab Add in the README file a snippet to use pino-pretty only for dev (#623)
  • Additional commits viewable in compare view

Updates ua-parser-js from 2.0.4 to 2.0.8

Release notes

Sourced from ua-parser-js's releases.

v2.0.8

Version 2.0.8

  • Resolve syntax error related to import renaming in ESM build
  • Add new browser: HiBrowser, Opera Neon
  • Add new engine: Dillo
  • Improve browser detection: Brave, TikTok
  • Improve device detection: OnePlus
  • Improve OS detection: Firefox OS
  • extensions submodule:
    • Add new CLI: PowerShell
    • Add new email: Alpine, Android, AquaMail, Balsa, Barca, Canary, Claws Mail, eM Client, Eudora, FairEmail, Geary, Gnus, Horde::IMP, Lotus-Notes, IncrediMail, K-9 Mail, Mailbird, MailMate, Mailspring, Mutt, Newton, Nine, NylasMail, Outlook-Express, Pegasus Mail, PocoMail, Postbox, ProtonMail Bridge, Quala, R2Mail2, Rainloop, Roundcube Webmail, SamsungEmail, Spicebird, SquirrelMail, Sylpheed, The Bat!, Trojita, Turnpike, tutanota-desktop, Wanderlust, Windows-Live-Mail
    • Add new library: http.rb, Jetty, ocaml-cohttp
  • helpers submodule:
    • Add new method: getOutlookEdition() to map Outlook versions to their marketing editions

What's Changed

New Contributors

Full Changelog: faisalman/ua-parser-js@2.0.7...2.0.8

v2.0.7

Version 2.0.7

  • Add support for chaining withClientHints() & withFeatureCheck()
  • Add new browser: Atlas, Steam
  • Add new device vendor: Anbernic, Logitech, Valve
  • Improve device detection: Xiaomi
  • Improve OS detection: iOS
  • Split helpers submodule into several new submodules:
    • bot-detection:
      • isAIAssistant()
      • isAICrawler()
      • isBot()
    • browser-detection
      • isChromeFamily()
      • isElectron()
      • isFromEU()
      • isStandalonePWA()
    • device-detection
      • getDeviceVendor()
      • isAppleSilicon()
  • Update extensions submodule:

... (truncated)

Changelog

Sourced from ua-parser-js's changelog.

Version 2.0.8

  • Resolve syntax error related to import renaming in ESM build
  • Add new browser: HiBrowser, Opera Neon
  • Add new engine: Dillo
  • Improve browser detection: Brave, TikTok
  • Improve device detection: OnePlus
  • Improve OS detection: Firefox OS
  • extensions submodule:
    • Add new CLI: PowerShell
    • Add new email: Alpine, Android, AquaMail, Balsa, Barca, Canary, Claws Mail, eM Client, Eudora, FairEmail, Geary, Gnus, Horde::IMP, Lotus-Notes, IncrediMail, K-9 Mail, Mailbird, MailMate, Mailspring, Mutt, Newton, Nine, NylasMail, Outlook-Express, Pegasus Mail, PocoMail, Postbox, ProtonMail Bridge, Quala, R2Mail2, Rainloop, Roundcube Webmail, SamsungEmail, Spicebird, SquirrelMail, Sylpheed, The Bat!, Trojita, Turnpike, tutanota-desktop, Wanderlust, Windows-Live-Mail
    • Add new library: http.rb, Jetty, ocaml-cohttp
  • helpers submodule:
    • Add new method: getOutlookEdition() to map Outlook versions to their marketing editions

Version 2.0.7

  • Add support for chaining withClientHints() & withFeatureCheck()
  • Add new browser: Atlas, Steam
  • Add new device vendor: Anbernic, Logitech, Valve
  • Improve device detection: Xiaomi
  • Improve OS detection: iOS
  • Split helpers submodule into several new submodules:
    • bot-detection:
      • isAIAssistant()
      • isAICrawler()
      • isBot()
    • browser-detection
      • isChromeFamily()
      • isElectron()
      • isFromEU()
      • isStandalonePWA()
    • device-detection
      • getDeviceVendor()
      • isAppleSilicon()
  • Update extensions submodule:
    • Add new fetcher: Nova Act
    • Add new library: Bun, Dart, Deno, hackney, Node.js, rest-client, undici

Version 2.0.6

  • Add new CLI feature: processing batch user-agent data from file and output as JSON
  • Fix setUA(): trim leading space from user-agent string input
  • Replace undici dependency with node's internal Headers
  • Add new browser: Bing, Qwant
  • Add new device vendor: Hisense, Wiko
  • Improve browser detection: Mozilla, Pale Moon
  • Improve CPU detection: 68k
  • Improve device detection: Apple, BlackBerry, Huawei, Nokia, Xiaomi
  • Improve OS detection: iOS 26
  • extensions submodule:

... (truncated)

Commits

Updates zod from 3.25.75 to 4.3.5

Release notes

Sourced from zod's releases.

v4.3.5

Commits:

  • 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
  • e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
  • 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

  • 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
  • e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
  • 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
  • decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
  • 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
  • 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
  • b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

  • f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

  • bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)
  • f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)
  • 0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

  • 0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

z.fromJSONSchema()

Convert JSON Schema to Zod (#5534, #5586)

You can now convert JSON Schema definitions directly into Zod schemas. This function supports JSON Schema "draft-2020-12", "draft-7", "draft-4", and OpenAPI 3.0.

import * as z from "zod";
const schema = z.fromJSONSchema({
type: "object",
properties: {
</tr></table>

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the dependencies group across 1 directory with 7 up…
daadfcd 
…dates

Bumps the dependencies group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@fastify/http-proxy](https://github.com/fastify/fastify-http-proxy) | `11.3.0` | `11.4.1` |
| [fastify](https://github.com/fastify/fastify) | `5.4.0` | `5.7.1` |
| [pino](https://github.com/pinojs/pino) | `9.7.0` | `10.2.1` |
| [pino-loki](https://github.com/Julien-R44/pino-loki) | `2.6.0` | `3.0.0` |
| [pino-pretty](https://github.com/pinojs/pino-pretty) | `13.0.0` | `13.1.3` |
| [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `2.0.4` | `2.0.8` |
| [zod](https://github.com/colinhacks/zod) | `3.25.75` | `4.3.5` |



Updates `@fastify/http-proxy` from 11.3.0 to 11.4.1
- [Release notes](https://github.com/fastify/fastify-http-proxy/releases)
- [Commits](fastify/fastify-http-proxy@v11.3.0...v11.4.1)

Updates `fastify` from 5.4.0 to 5.7.1
- [Release notes](https://github.com/fastify/fastify/releases)
- [Commits](fastify/fastify@v5.4.0...v5.7.1)

Updates `pino` from 9.7.0 to 10.2.1
- [Release notes](https://github.com/pinojs/pino/releases)
- [Commits](pinojs/pino@v9.7.0...v10.2.1)

Updates `pino-loki` from 2.6.0 to 3.0.0
- [Release notes](https://github.com/Julien-R44/pino-loki/releases)
- [Commits](Julien-R44/pino-loki@v2.6.0...v3.0.0)

Updates `pino-pretty` from 13.0.0 to 13.1.3
- [Release notes](https://github.com/pinojs/pino-pretty/releases)
- [Commits](pinojs/pino-pretty@v13.0.0...v13.1.3)

Updates `ua-parser-js` from 2.0.4 to 2.0.8
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md)
- [Commits](faisalman/ua-parser-js@2.0.4...2.0.8)

Updates `zod` from 3.25.75 to 4.3.5
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.75...v4.3.5)

---
updated-dependencies:
- dependency-name: "@fastify/http-proxy"
  dependency-version: 11.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: fastify
  dependency-version: 5.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: pino
  dependency-version: 10.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: pino-loki
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: pino-pretty
  dependency-version: 13.1.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: ua-parser-js
  dependency-version: 2.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: zod
  dependency-version: 4.3.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 19, 2026
@socket-security
Copy link

socket-security bot commented Jan 19, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedua-parser-js@​2.0.4 ⏵ 2.0.8100 +11001009170
Updatedpino-pretty@​13.0.0 ⏵ 13.1.399 +110010087100
Updatedpino-loki@​2.6.0 ⏵ 3.0.09910010088 +5100
Updated@​fastify/​http-proxy@​11.3.0 ⏵ 11.4.110010010095100
Updatedzod@​3.25.75 ⏵ 4.3.510010010095100
Updatedfastify@​5.4.0 ⏵ 5.7.199 +110010096100
Updatedpino@​9.7.0 ⏵ 10.2.199 +110010097 +1100

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant