chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates #29

Open

dependabot[bot] wants to merge 1 commit from dependabot/npm_and_yarn/npm_and_yarn-1a23c68654 into main

pull from: dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

merge into: florian:main

florian:main

florian:renovate/changesets-cli-2.x-lockfile

florian:renovate/changesets-changelog-github-0.x

florian:renovate/vitest-monorepo

florian:renovate/react-monorepo

florian:renovate/vite-8.x-lockfile

florian:renovate/typescript-6.x-lockfile

florian:renovate/prettier-3.x-lockfile

florian:renovate/fastify-5.x-lockfile

florian:renovate/vitejs-plugin-react-6.x-lockfile

florian:renovate/11ty-eleventy-3.x-lockfile

florian:dependabot/npm_and_yarn/main/workspace-dependencies-117cb0005c

florian:dependabot/github_actions/main/github-actions-b802261d8c

florian:fix/stream-cors-cors-header

florian:fix/release-publish-step

florian:release/version-packages-manual

florian:changeset-release/main

florian:feat/one-command-installer

florian:docs/conventional-commits-guidance

florian:feat/release-readiness-cut

florian:feat/landing-pages-site

florian:fix/webhook-trigger-run-flow

florian:chore/dependabot-config

florian:florianbeisel-patch-1-1

florian:florianbeisel-patch-1

florian:feature/task-dag-verifier-rework

florian:feature/dag-width-project-teams-skill-recut

florian:codex/fix-ci-pipeline

florian:feature/webhook-triggered-runs

florian:rescue/projects-run

Conversation 0 Commits 1 Files changed 3 +103 -94

dependabot[bot] commented 2026-05-07 03:22:40 +02:00 (Migrated from github.com)

Copy link

Bumps the npm_and_yarn group with 3 updates in the / directory: vite, @fastify/static and fastify.

Updates vite from 8.0.3 to 8.0.5

Release notes

Sourced from vite's releases.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.5 (2026-04-06)

Bug Fixes

• apply server.fs check to env transport (#22159) (f02d9fd)
• avoid path traversal with optimize deps sourcemap handler (#22161) (79f002f)
• check server.fs after stripping query as well (#22160) (a9a3df2)
• disallow referencing files outside the package from sourcemap (#22158) (f05f501)

8.0.4 (2026-04-06)

Features

• allow esbuild 0.28 as peer deps (#22155) (b0da973)
• hmr: truncate list of files on hmr update (#21535) (d00e806)
• optimizer: log when dependency scanning or bundling takes over 1s (#21797) (f61a1ab)

Bug Fixes

• hasBothRollupOptionsAndRolldownOptions should return false for proxy case (#22043) (99897d2)
• add types for vite/modulepreload-polyfill (#22126) (17330d2)
• deps: update all non-major dependencies (#22073) (6daa10f)
• deps: update all non-major dependencies (#22143) (22b0166)
• resolve: resolve tsconfig paths starting with # (#22038) (3460fc5)
• ssr: use browser platform for webworker SSR builds (fix #21969) (#21963) (364c227)

Documentation

• add environment.fetchModule documentation (#22035) (54229e7)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#21989) (0ded627)

Code Refactoring

• upgrade to typescript 6 (#22110) (cc41398)

Commits

• 1a12d4c release: v8.0.5
• 79f002f fix: avoid path traversal with optimize deps sourcemap handler (#22161)
• a9a3df2 fix: check server.fs after stripping query as well (#22160)
• f02d9fd fix: apply server.fs check to env transport (#22159)
• f05f501 fix: disallow referencing files outside the package from sourcemap (#22158)
• 7339bdc release: v8.0.4
• 54229e7 docs: add environment.fetchModule documentation (#22035)
• b0da973 feat: allow esbuild 0.28 as peer deps (#22155)
• 22b0166 fix(deps): update all non-major dependencies (#22143)
• 17330d2 fix: add types for vite/modulepreload-polyfill (#22126)
• Additional commits viewable in compare view

Updates @fastify/static from 9.0.0 to 9.1.1

Release notes

Sourced from @​fastify/static's releases.

v9.1.1

⚠️ Security Release

This fixes CVE CVE-2026-6410 https://github.com/fastify/fastify-static/security/advisories/GHSA-pr96-94w5-mx2h. This fixes CVE CVE-2026-6414 https://github.com/fastify/fastify-static/security/advisories/GHSA-x428-ghpx-8j92.

What's Changed

• ci: add lock-threads workflow by @​Fdawgs in fastify/fastify-static#570

Full Changelog: https://github.com/fastify/fastify-static/compare/v9.1.0...v9.1.1

v9.1.0

What's Changed

• build(deps-dev): bump @​types/node from 24.10.4 to 25.0.3 by @​dependabot[bot] in fastify/fastify-static#552
• test: move ignoreTrailingSlash under routerOptions by @​lraveri in fastify/fastify-static#553
• build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @​dependabot[bot] in fastify/fastify-static#543
• chore: bump pino and borp dependencies, delete stale.yml by @​Tony133 in fastify/fastify-static#557
• chore: update syntax typescript by @​Tony133 in fastify/fastify-static#558
• chore(license): standardise license notice by @​Fdawgs in fastify/fastify-static#560
• fix: sendFile ignoring option overrides in some cases by @​bakugo in fastify/fastify-static#559
• chore: upgrade c8 to v11.0.0 and improvements test by @​Tony133 in fastify/fastify-static#564
• build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @​dependabot[bot] in fastify/fastify-static#566

New Contributors

• @​lraveri made their first contribution in fastify/fastify-static#553
• @​Tony133 made their first contribution in fastify/fastify-static#557
• @​bakugo made their first contribution in fastify/fastify-static#559

Full Changelog: https://github.com/fastify/fastify-static/compare/v9.0.0...v9.1.0

Commits

• 48b136f Bumped v9.1.1
• cc7b7f7 Merge commit from fork
• 9921faa Merge commit from fork
• 4183d2d ci: add lock-threads workflow (#570)
• a3a8cd6 Bumped v9.1.0
• 8423c80 build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#566)
• 475dce1 chore: upgrade c8 to v11.0.0 and improvements test (#564)
• 3ff0f39 fix: sendFile ignoring option overrides in some cases (#559)
• 663baa7 chore(license): standardise license notice (#560)
• 51bb66e chore: update syntax typescript (#558)
• Additional commits viewable in compare view

Updates fastify from 5.8.4 to 5.8.5

Release notes

Sourced from fastify's releases.

v5.8.5

⚠️ Security Release

This fixes CVE CVE-2026-33806 https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963.

What's Changed

• chore: Fix port parsing by @​jsumners in fastify/fastify#6603
• chore: upgrade to typescript v6.0.2 by @​Tony133 in fastify/fastify#6605
• fix: restore trustProxy function for number and string types, add null check for socketAddr by @​mcollina in fastify/fastify#6613
• ci: reduce cron scheduled workflows from daily/weekly to monthly by @​Fdawgs in fastify/fastify#6623
• chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @​dependabot[bot] in fastify/fastify#6629
• chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by @​dependabot[bot] in fastify/fastify#6632
• chore: Bump borp from 0.21.0 to 1.0.0 by @​dependabot[bot] in fastify/fastify#6633
• chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @​dependabot[bot] in fastify/fastify#6630
• docs(ecosystem): add @​pompelmi/fastify-plugin by @​SonoTommy in fastify/fastify#6610

New Contributors

• @​SonoTommy made their first contribution in fastify/fastify#6610

Full Changelog: https://github.com/fastify/fastify/compare/v5.8.4...v5.8.5

Commits

• 3983cce Bumped v5.8.5
• 3ce3ae6 Merge commit from fork
• b06a196 docs(ecosystem): add @​pompelmi/fastify-plugin (#6610)
• 909c5d5 chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#6630)
• 4db21a3 chore: Bump borp from 0.21.0 to 1.0.0 (#6633)
• 0f4e544 chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (#6632)
• 33a2fcd chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (#6629)
• fd35d82 ci: reduce cron schedules from daily/weekly to monthly (#6623)
• 8dee9be fix: restore trustProxy function for number and string types, add null check ...
• d457aed chore: upgrade to typescript v6.0.2 (#6605)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 3 updates in the / directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [@fastify/static](https://github.com/fastify/fastify-static) and [fastify](https://github.com/fastify/fastify). Updates `vite` from 8.0.3 to 8.0.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v8.0.5</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.5/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.4</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.4/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.4...v8.0.5">8.0.5</a> (2026-04-06)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li>apply server.fs check to env transport (<a href="https://redirect.github.com/vitejs/vite/issues/22159">#22159</a>) (<a href="https://github.com/vitejs/vite/commit/f02d9fde0b195afe3ea2944414186962fbbe41e0">f02d9fd</a>)</li> <li>avoid path traversal with optimize deps sourcemap handler (<a href="https://redirect.github.com/vitejs/vite/issues/22161">#22161</a>) (<a href="https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694">79f002f</a>)</li> <li>check <code>server.fs</code> after stripping query as well (<a href="https://redirect.github.com/vitejs/vite/issues/22160">#22160</a>) (<a href="https://github.com/vitejs/vite/commit/a9a3df299378d9cbc5f069e3536a369f8188c8ff">a9a3df2</a>)</li> <li>disallow referencing files outside the package from sourcemap (<a href="https://redirect.github.com/vitejs/vite/issues/22158">#22158</a>) (<a href="https://github.com/vitejs/vite/commit/f05f50173461789e0f1323fe06b51f18ca41c132">f05f501</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.3...v8.0.4">8.0.4</a> (2026-04-06)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>allow esbuild 0.28 as peer deps (<a href="https://redirect.github.com/vitejs/vite/issues/22155">#22155</a>) (<a href="https://github.com/vitejs/vite/commit/b0da97372f5dba73e78035d1cc7680466ff6cf7f">b0da973</a>)</li> <li><strong>hmr:</strong> truncate list of files on hmr update (<a href="https://redirect.github.com/vitejs/vite/issues/21535">#21535</a>) (<a href="https://github.com/vitejs/vite/commit/d00e806d7be15ebbfe7875e9244963d80ee8b142">d00e806</a>)</li> <li><strong>optimizer:</strong> log when dependency scanning or bundling takes over 1s (<a href="https://redirect.github.com/vitejs/vite/issues/21797">#21797</a>) (<a href="https://github.com/vitejs/vite/commit/f61a1ab33b05dc6f6a7eda6e8bc9c4c5b9aab133">f61a1ab</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><code>hasBothRollupOptionsAndRolldownOptions</code> should return <code>false</code> for proxy case (<a href="https://redirect.github.com/vitejs/vite/issues/22043">#22043</a>) (<a href="https://github.com/vitejs/vite/commit/99897d27b44dd73307fa03e2f11f0baa1a1dc939">99897d2</a>)</li> <li>add types for <code>vite/modulepreload-polyfill</code> (<a href="https://redirect.github.com/vitejs/vite/issues/22126">#22126</a>) (<a href="https://github.com/vitejs/vite/commit/17330d2b9e132460f194d6d4b547cfee7e25c788">17330d2</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22073">#22073</a>) (<a href="https://github.com/vitejs/vite/commit/6daa10ff1e8d15a90f49d8dd909ff208da85d6d8">6daa10f</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22143">#22143</a>) (<a href="https://github.com/vitejs/vite/commit/22b016612703320db45c64a2fe44472051ef5ec5">22b0166</a>)</li> <li><strong>resolve:</strong> resolve tsconfig paths starting with <code>#</code> (<a href="https://redirect.github.com/vitejs/vite/issues/22038">#22038</a>) (<a href="https://github.com/vitejs/vite/commit/3460fc55aa89aef4103d2c05ac2e446032511a6d">3460fc5</a>)</li> <li><strong>ssr:</strong> use browser platform for webworker SSR builds (fix <a href="https://redirect.github.com/vitejs/vite/issues/21969">#21969</a>) (<a href="https://redirect.github.com/vitejs/vite/issues/21963">#21963</a>) (<a href="https://github.com/vitejs/vite/commit/364c2273a121dad4d93ec3b9ec87ffbe0d6e860b">364c227</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>add <code>environment.fetchModule</code> documentation (<a href="https://redirect.github.com/vitejs/vite/issues/22035">#22035</a>) (<a href="https://github.com/vitejs/vite/commit/54229e78631ebf10d1db767b51ea85f3cf06718a">54229e7</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li><strong>deps:</strong> update rolldown-related dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/21989">#21989</a>) (<a href="https://github.com/vitejs/vite/commit/0ded6274579e8bda6b22a7ba93b15d15b4c28b78">0ded627</a>)</li> </ul> <h3>Code Refactoring</h3> <ul> <li>upgrade to typescript 6 (<a href="https://redirect.github.com/vitejs/vite/issues/22110">#22110</a>) (<a href="https://github.com/vitejs/vite/commit/cc41398c2cf0bb5061cf0ca5dc3b408ae7e41191">cc41398</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/1a12d4ca4c62eedaeaf734d722b27ab17b5b1dd0"><code>1a12d4c</code></a> release: v8.0.5</li> <li><a href="https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694"><code>79f002f</code></a> fix: avoid path traversal with optimize deps sourcemap handler (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161">#22161</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/a9a3df299378d9cbc5f069e3536a369f8188c8ff"><code>a9a3df2</code></a> fix: check <code>server.fs</code> after stripping query as well (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22160">#22160</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/f02d9fde0b195afe3ea2944414186962fbbe41e0"><code>f02d9fd</code></a> fix: apply server.fs check to env transport (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159">#22159</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/f05f50173461789e0f1323fe06b51f18ca41c132"><code>f05f501</code></a> fix: disallow referencing files outside the package from sourcemap (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22158">#22158</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/7339bdc915c297e16e6530f6ebcbb2509cb57f24"><code>7339bdc</code></a> release: v8.0.4</li> <li><a href="https://github.com/vitejs/vite/commit/54229e78631ebf10d1db767b51ea85f3cf06718a"><code>54229e7</code></a> docs: add <code>environment.fetchModule</code> documentation (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22035">#22035</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/b0da97372f5dba73e78035d1cc7680466ff6cf7f"><code>b0da973</code></a> feat: allow esbuild 0.28 as peer deps (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22155">#22155</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/22b016612703320db45c64a2fe44472051ef5ec5"><code>22b0166</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22143">#22143</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/17330d2b9e132460f194d6d4b547cfee7e25c788"><code>17330d2</code></a> fix: add types for <code>vite/modulepreload-polyfill</code> (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22126">#22126</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v8.0.5/packages/vite">compare view</a></li> </ul> </details> <br /> Updates `@fastify/static` from 9.0.0 to 9.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastify/fastify-static/releases">@​fastify/static's releases</a>.</em></p> <blockquote> <h2>v9.1.1</h2> <h2>⚠️ Security Release</h2> <p>This fixes CVE CVE-2026-6410 <a href="https://github.com/fastify/fastify-static/security/advisories/GHSA-pr96-94w5-mx2h">https://github.com/fastify/fastify-static/security/advisories/GHSA-pr96-94w5-mx2h</a>. This fixes CVE CVE-2026-6414 <a href="https://github.com/fastify/fastify-static/security/advisories/GHSA-x428-ghpx-8j92">https://github.com/fastify/fastify-static/security/advisories/GHSA-x428-ghpx-8j92</a>.</p> <h2>What's Changed</h2> <ul> <li>ci: add lock-threads workflow by <a href="https://github.com/Fdawgs"><code>@​Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fastify-static/pull/570">fastify/fastify-static#570</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fastify/fastify-static/compare/v9.1.0...v9.1.1">https://github.com/fastify/fastify-static/compare/v9.1.0...v9.1.1</a></p> <h2>v9.1.0</h2> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump <code>@​types/node</code> from 24.10.4 to 25.0.3 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fastify-static/pull/552">fastify/fastify-static#552</a></li> <li>test: move ignoreTrailingSlash under routerOptions by <a href="https://github.com/lraveri"><code>@​lraveri</code></a> in <a href="https://redirect.github.com/fastify/fastify-static/pull/553">fastify/fastify-static#553</a></li> <li>build(deps-dev): bump borp from 0.20.2 to 0.21.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fastify-static/pull/543">fastify/fastify-static#543</a></li> <li>chore: bump pino and borp dependencies, delete stale.yml by <a href="https://github.com/Tony133"><code>@​Tony133</code></a> in <a href="https://redirect.github.com/fastify/fastify-static/pull/557">fastify/fastify-static#557</a></li> <li>chore: update syntax typescript by <a href="https://github.com/Tony133"><code>@​Tony133</code></a> in <a href="https://redirect.github.com/fastify/fastify-static/pull/558">fastify/fastify-static#558</a></li> <li>chore(license): standardise license notice by <a href="https://github.com/Fdawgs"><code>@​Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fastify-static/pull/560">fastify/fastify-static#560</a></li> <li>fix: sendFile ignoring option overrides in some cases by <a href="https://github.com/bakugo"><code>@​bakugo</code></a> in <a href="https://redirect.github.com/fastify/fastify-static/pull/559">fastify/fastify-static#559</a></li> <li>chore: upgrade c8 to v11.0.0 and improvements test by <a href="https://github.com/Tony133"><code>@​Tony133</code></a> in <a href="https://redirect.github.com/fastify/fastify-static/pull/564">fastify/fastify-static#564</a></li> <li>build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fastify-static/pull/566">fastify/fastify-static#566</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/lraveri"><code>@​lraveri</code></a> made their first contribution in <a href="https://redirect.github.com/fastify/fastify-static/pull/553">fastify/fastify-static#553</a></li> <li><a href="https://github.com/Tony133"><code>@​Tony133</code></a> made their first contribution in <a href="https://redirect.github.com/fastify/fastify-static/pull/557">fastify/fastify-static#557</a></li> <li><a href="https://github.com/bakugo"><code>@​bakugo</code></a> made their first contribution in <a href="https://redirect.github.com/fastify/fastify-static/pull/559">fastify/fastify-static#559</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fastify/fastify-static/compare/v9.0.0...v9.1.0">https://github.com/fastify/fastify-static/compare/v9.0.0...v9.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastify/fastify-static/commit/48b136f5d8da0efea328f49f6202ab3edabf608b"><code>48b136f</code></a> Bumped v9.1.1</li> <li><a href="https://github.com/fastify/fastify-static/commit/cc7b7f7e00a5f028599ba17392b831afd0c651aa"><code>cc7b7f7</code></a> Merge commit from fork</li> <li><a href="https://github.com/fastify/fastify-static/commit/9921faa7ffe4931f4bbd2d1a8b6d90e720081856"><code>9921faa</code></a> Merge commit from fork</li> <li><a href="https://github.com/fastify/fastify-static/commit/4183d2d8dd52b11c27f7adc22abb8d2531ad4a02"><code>4183d2d</code></a> ci: add lock-threads workflow (<a href="https://redirect.github.com/fastify/fastify-static/issues/570">#570</a>)</li> <li><a href="https://github.com/fastify/fastify-static/commit/a3a8cd6c7a5b0937d7ad939564991c284f09754a"><code>a3a8cd6</code></a> Bumped v9.1.0</li> <li><a href="https://github.com/fastify/fastify-static/commit/8423c80016917b40a3e42c38fd55070a89d1b9b8"><code>8423c80</code></a> build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (<a href="https://redirect.github.com/fastify/fastify-static/issues/566">#566</a>)</li> <li><a href="https://github.com/fastify/fastify-static/commit/475dce148995ac754a8cb344bad63c8cbd6517d2"><code>475dce1</code></a> chore: upgrade c8 to v11.0.0 and improvements test (<a href="https://redirect.github.com/fastify/fastify-static/issues/564">#564</a>)</li> <li><a href="https://github.com/fastify/fastify-static/commit/3ff0f39b94da96f42a88ed57c554abc8381806c3"><code>3ff0f39</code></a> fix: sendFile ignoring option overrides in some cases (<a href="https://redirect.github.com/fastify/fastify-static/issues/559">#559</a>)</li> <li><a href="https://github.com/fastify/fastify-static/commit/663baa7da61ff69115995baf59efba6396d814a8"><code>663baa7</code></a> chore(license): standardise license notice (<a href="https://redirect.github.com/fastify/fastify-static/issues/560">#560</a>)</li> <li><a href="https://github.com/fastify/fastify-static/commit/51bb66e88667850ff5e8f4e9a27ebbf8c5b7bbad"><code>51bb66e</code></a> chore: update syntax typescript (<a href="https://redirect.github.com/fastify/fastify-static/issues/558">#558</a>)</li> <li>Additional commits viewable in <a href="https://github.com/fastify/fastify-static/compare/v9.0.0...v9.1.1">compare view</a></li> </ul> </details> <br /> Updates `fastify` from 5.8.4 to 5.8.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastify/fastify/releases">fastify's releases</a>.</em></p> <blockquote> <h2>v5.8.5</h2> <h2>⚠️ Security Release</h2> <p>This fixes CVE CVE-2026-33806 <a href="https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963">https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963</a>.</p> <h2>What's Changed</h2> <ul> <li>chore: Fix port parsing by <a href="https://github.com/jsumners"><code>@​jsumners</code></a> in <a href="https://redirect.github.com/fastify/fastify/pull/6603">fastify/fastify#6603</a></li> <li>chore: upgrade to typescript v6.0.2 by <a href="https://github.com/Tony133"><code>@​Tony133</code></a> in <a href="https://redirect.github.com/fastify/fastify/pull/6605">fastify/fastify#6605</a></li> <li>fix: restore trustProxy function for number and string types, add null check for socketAddr by <a href="https://github.com/mcollina"><code>@​mcollina</code></a> in <a href="https://redirect.github.com/fastify/fastify/pull/6613">fastify/fastify#6613</a></li> <li>ci: reduce cron scheduled workflows from daily/weekly to monthly by <a href="https://github.com/Fdawgs"><code>@​Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fastify/pull/6623">fastify/fastify#6623</a></li> <li>chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fastify/pull/6629">fastify/fastify#6629</a></li> <li>chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fastify/pull/6632">fastify/fastify#6632</a></li> <li>chore: Bump borp from 0.21.0 to 1.0.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fastify/pull/6633">fastify/fastify#6633</a></li> <li>chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by <a href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fastify/pull/6630">fastify/fastify#6630</a></li> <li>docs(ecosystem): add <code>@​pompelmi/fastify-plugin</code> by <a href="https://github.com/SonoTommy"><code>@​SonoTommy</code></a> in <a href="https://redirect.github.com/fastify/fastify/pull/6610">fastify/fastify#6610</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/SonoTommy"><code>@​SonoTommy</code></a> made their first contribution in <a href="https://redirect.github.com/fastify/fastify/pull/6610">fastify/fastify#6610</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fastify/fastify/compare/v5.8.4...v5.8.5">https://github.com/fastify/fastify/compare/v5.8.4...v5.8.5</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastify/fastify/commit/3983cce8124714242099e8756a7a9a80a0ba0aea"><code>3983cce</code></a> Bumped v5.8.5</li> <li><a href="https://github.com/fastify/fastify/commit/3ce3ae6752dbed672759856081af9cb1e2733105"><code>3ce3ae6</code></a> Merge commit from fork</li> <li><a href="https://github.com/fastify/fastify/commit/b06a196b694c0c7aed53976cd77456f1ad7d4c9f"><code>b06a196</code></a> docs(ecosystem): add <code>@​pompelmi/fastify-plugin</code> (<a href="https://redirect.github.com/fastify/fastify/issues/6610">#6610</a>)</li> <li><a href="https://github.com/fastify/fastify/commit/909c5d5329536b0acc004da7649b3da8af9273b2"><code>909c5d5</code></a> chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (<a href="https://redirect.github.com/fastify/fastify/issues/6630">#6630</a>)</li> <li><a href="https://github.com/fastify/fastify/commit/4db21a36ddb588acaebf5a4472ccb3b0d5fc9db0"><code>4db21a3</code></a> chore: Bump borp from 0.21.0 to 1.0.0 (<a href="https://redirect.github.com/fastify/fastify/issues/6633">#6633</a>)</li> <li><a href="https://github.com/fastify/fastify/commit/0f4e544c8acd7c42df347936e613a73cecc4f3fe"><code>0f4e544</code></a> chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (<a href="https://redirect.github.com/fastify/fastify/issues/6632">#6632</a>)</li> <li><a href="https://github.com/fastify/fastify/commit/33a2fcd39de584713495bf4b3bd864137746f224"><code>33a2fcd</code></a> chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (<a href="https://redirect.github.com/fastify/fastify/issues/6629">#6629</a>)</li> <li><a href="https://github.com/fastify/fastify/commit/fd35d829a8cd496a3c1170c0c1c021130e3ca0e8"><code>fd35d82</code></a> ci: reduce cron schedules from daily/weekly to monthly (<a href="https://redirect.github.com/fastify/fastify/issues/6623">#6623</a>)</li> <li><a href="https://github.com/fastify/fastify/commit/8dee9be05ebf683cd212aeff1d294f6ea1ec405c"><code>8dee9be</code></a> fix: restore trustProxy function for number and string types, add null check ...</li> <li><a href="https://github.com/fastify/fastify/commit/d457aeda8611777389c7e4713a288eb7ddb9a389"><code>d457aed</code></a> chore: upgrade to typescript v6.0.2 (<a href="https://redirect.github.com/fastify/fastify/issues/6605">#6605</a>)</li> <li>Additional commits viewable in <a href="https://github.com/fastify/fastify/compare/v5.8.4...v5.8.5">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/florianbeisel/codex-swarm/network/alerts). </details>

This pull request can be merged automatically.

This branch is out-of-date with the base branch

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin dependabot/npm_and_yarn/npm_and_yarn-1a23c68654:dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

git switch dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

git switch dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

git rebase main

git switch main

git merge --ff-only dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

git switch dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

git rebase main

git switch main

git merge --no-ff dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

git switch main

git merge --squash dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

git switch main

git merge --ff-only dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

git switch main

git merge dependabot/npm_and_yarn/npm_and_yarn-1a23c68654

git push origin main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something isn't working

  

codex

  

dependencies

Pull requests that update a dependency file

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

github_actions

Pull requests that update GitHub Actions code

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

javascript

Pull requests that update javascript code

  

question

Further information is requested

  

wontfix

This will not be worked on

No labels

bug

codex

dependencies

documentation

duplicate

enhancement

github_actions

good first issue

help wanted

invalid

javascript

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

florian/codex-swarm!29

No description provided.