chore(deps): bump the dependencies group across 1 directory with 8 updates by dependabot[bot] · Pull Request #189 · MyUnisoft/loki-reverse-proxy

dependabot · 2026-01-26T22:56:06Z

Bumps the dependencies group with 8 updates in the / directory:

Package	From	To
@fastify/http-proxy	`11.3.0`	`11.4.1`
fastify	`5.4.0`	`5.7.2`
pino	`9.7.0`	`10.3.0`
pino-loki	`2.6.0`	`3.0.0`
pino-pretty	`13.0.0`	`13.1.3`
ua-parser-js	`2.0.4`	`2.0.8`
undici	`7.18.2`	`7.19.1`
zod	`3.25.75`	`4.3.6`

Updates @fastify/http-proxy from 11.3.0 to 11.4.1

Release notes

Sourced from @fastify/http-proxy's releases.

v11.4.1

What's Changed

fix: add types and updated docs for 'preRewrite'. by @mn4367 in fastify/fastify-http-proxy#442

New Contributors

@mn4367 made their first contribution in fastify/fastify-http-proxy#442

Full Changelog: fastify/fastify-http-proxy@v11.4.0...v11.4.1

v11.4.0

What's Changed

build(deps-dev): bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in fastify/fastify-http-proxy#424

build(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @dependabot[bot] in fastify/fastify-http-proxy#426

chore: add .npmrc file by @Fdawgs in fastify/fastify-http-proxy#429

build(deps-dev): remove @fastify/pre-commit by @Fdawgs in fastify/fastify-http-proxy#430

ci(ci): add concurrency config by @Fdawgs in fastify/fastify-http-proxy#433

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in fastify/fastify-http-proxy#434

build(deps-dev): bump pino from 9.14.0 to 10.1.0 by @dependabot[bot] in fastify/fastify-http-proxy#435

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in fastify/fastify-http-proxy#432

chore: update deps by @simone-sanfratello in fastify/fastify-http-proxy#436

chore: address security scanner false positives related to CVE-2023-2968 by @joeyorlando in fastify/fastify-http-proxy#437

feat(types): add fromParameters method by @rozzilla in fastify/fastify-http-proxy#440

chore(deps): update and add tests by @rozzilla in fastify/fastify-http-proxy#441

New Contributors

@joeyorlando made their first contribution in fastify/fastify-http-proxy#437

@rozzilla made their first contribution in fastify/fastify-http-proxy#440

Full Changelog: fastify/fastify-http-proxy@v11.3.0...v11.4.0

Commits

d15c916 Bumped v11.4.1
a3796e5 fix: add types and updated docs for 'preRewrite'. (#442)
efcb312 Bumped v11.4.0
5ade2e5 chore(deps): update and add tests (#441)
8ae78d2 feat(types): add fromParameters method (#440)
bbe97fb chore: address security scanner false positives related to CVE-2023-2968 (#...
031f4d4 chore: update deps (#436)
f2e4de6 build(deps-dev): bump tsd from 0.32.0 to 0.33.0 (#432)
6794aa0 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#435)
6268ce3 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#434)
Additional commits viewable in compare view

Updates fastify from 5.4.0 to 5.7.2

Release notes

Sourced from fastify's releases.

v5.7.2

⚠️ Notice ⚠️

Parsing of the content-type header has been improved to a strict parser in PR #6414. This means only header values in the form described in RFC 9110 are accepted.

What's Changed

chore: npm ignore AI related files by @climba03003 in fastify/fastify#6447

chore: update sponsor url by @Eomm in fastify/fastify#6450

docs: add fastify-http-exceptions to Ecosystem.md by @bhouston in fastify/fastify#6442

docs: fix invalid shorten form schema example by @climba03003 in fastify/fastify#6448

docs: Simplify and tighten decorators example by @smith558 in fastify/fastify#6451

docs: Fix incorrect variable use by @smith558 in fastify/fastify#6455

chore: update sponsor link by @Eomm in fastify/fastify#6460

fix: Fix MIT Licence file to conform to standard by @smith558 in fastify/fastify#6464

docs: move querystringParser option under routerOptions by @inyourtime in fastify/fastify#6463

chore: Updated content-type header parsing by @jsumners in fastify/fastify#6414

New Contributors

@bhouston made their first contribution in fastify/fastify#6442

Full Changelog: fastify/fastify@v5.7.1...v5.7.2

v5.7.1

What's Changed

chore: Bump actions/checkout from 5 to 6 by @dependabot[bot] in fastify/fastify#6434

chore: updated version in the fastify.js by @Tony133 in fastify/fastify#6446

Full Changelog: fastify/fastify@v5.7.0...v5.7.1

v5.7.0

What's Changed

docs: Improved firebase serverless guide about process remaining stuck by @alexandercerutti in fastify/fastify#6380

docs: update migration guide with date-time breaking change by @craftsman01 in fastify/fastify#6110

chore: remove test file by @Eomm in fastify/fastify#6384

feat: speed up loading with custom compiler by @Eomm in fastify/fastify#6383

docs: replace all instances of twitter.com with x.com by @cseas in fastify/fastify#6355

docs: correct logger option in example by @inyourtime in fastify/fastify#6391

docs: fix links by @Shriti507 in fastify/fastify#6394

chore: skip unnecessary object creation by @Eomm in fastify/fastify#6400

docs: Update JSON Schema link in documentation by @jon23d in fastify/fastify#6402

docs(ecosystem): add fastify-ses-mailer by @KaranHotwani in fastify/fastify#6395

docs: add security note about validation errors in response by @mcollina in fastify/fastify#6407

docs: add security threat model by @mcollina in fastify/fastify#6406

chore: update onboarding and offboarding instructions by @Eomm in fastify/fastify#6403

fix: set status code before publishing diagnostics error channel by @tt-a1i in fastify/fastify#6412

fix: use JSON.stringify in onBadUrl for proper escaping by @mcollina in fastify/fastify#6420

chore: fix type test by @mrazauskas in fastify/fastify#6418

docs: improve Validation-and-Serialization.md by @twentytwo777 in fastify/fastify#6423

test: skip IPv6 test if its support is not present by @LiviaMedeiros in fastify/fastify#6428

... (truncated)

Commits

e1e4fe7 v5.7.2
32d7b6a chore: Updated content-type header parsing (#6414)
f4a6ac1 docs: move querystringParser example under routerOptions (#6463)
2af83d6 fix: Fix MIT Licence file to conform to standard (#6464)
5c14e05 chore: update sponsor link (#6460)
d79fa75 docs(fix): incorrect variable use (#6455)
a676d7f Simplify and tighten decorators example (#6451)
358a4e9 docs: fix invalid shorten form schema example (#6448)
8319dfe docs: add fastify-http-exceptions to Ecosystem.md (#6442)
8b2d68d chore: update sponsor url (#6450)
Additional commits viewable in compare view

Updates pino from 9.7.0 to 10.3.0

Release notes

Sourced from pino's releases.

v10.3.0

What's Changed

feat: improve the return type of multistream().clone() by @mrazauskas in pinojs/pino#2377

feat: set worker thread name for transport identification by @mcollina in pinojs/pino#2380

Full Changelog: pinojs/pino@v10.2.1...v10.3.0

v10.2.1

What's Changed

fix: prevent ERR_WORKER_INVALID_EXEC_ARGV with monitoring tools by @mcollina in pinojs/pino#2379

Full Changelog: pinojs/pino@v10.2.0...v10.2.1

v10.2.0

What's Changed

chore: lint TypeScript files by @mrazauskas in pinojs/pino#2363

fix: prevent memory leak when using transport with --import preload by @mcollina in pinojs/pino#2374

New Contributors

@mrazauskas made their first contribution in pinojs/pino#2363

Full Changelog: pinojs/pino@v10.1.1...v10.2.0

v10.1.1

What's Changed

fix(types): Correct conditional type handling for generic log function arguments by @samchungy in pinojs/pino#2329

perf: use JSON.stringify in fast path for node v25+ by @ronag in pinojs/pino#2330

build(deps): bump actions/setup-node from 4 to 6 by @dependabot[bot] in pinojs/pino#2336

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in pinojs/pino#2337

build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 by @dependabot[bot] in pinojs/pino#2338

docs: update CONTRIBUTING.md to reference 'main' instead of 'master' by @NoobFullStack in pinojs/pino#2334

feat(browser): add reportCaller to surface user callsite by @dev-KingMaster in pinojs/pino#2340

docs: update transports.md by @marklai1998 in pinojs/pino#2224

docs: add Node.js 22+ native TypeScript type stripping support by @mcollina in pinojs/pino#2347

feat(types): use ThreadStream type from thread-stream by @CHC383 in pinojs/pino#2320

build(deps): bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in pinojs/pino#2354

build(deps): update thread-stream to v4 by @mcollina in pinojs/pino#2356

fix: harden transport loading against prototype pollution by @omdxp in pinojs/pino#2358

docs: add threat model to SECURITY.md by @mcollina in pinojs/pino#2360

build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in pinojs/pino#2365

build(deps-dev): bump @types/node from 24.10.4 to 25.0.3 by @dependabot[bot] in pinojs/pino#2367

fix: allow passing string, number, null for %o placeholder by @rChaoz in pinojs/pino#2372

New Contributors

@NoobFullStack made their first contribution in pinojs/pino#2334

@dev-KingMaster made their first contribution in pinojs/pino#2340

@marklai1998 made their first contribution in pinojs/pino#2224

@CHC383 made their first contribution in pinojs/pino#2320

... (truncated)

Commits

d6adf03 Bumped v10.3.0
06d55b1 feat: set worker thread name for transport identification (#2380)
a728702 fix: fix multistream().clone() return type (#2377)
31966a3 Bumped v10.2.1
417ef57 fix: prevent ERR_WORKER_INVALID_EXEC_ARGV with monitoring tools (#2379)
1833a6d Bumped v10.2.0
47619e6 Add claude files to .gitignore
658effe fix: prevent memory leak when using transport with --import preload (#2374)
79a6087 chore: lint the .ts files (#2363)
3390470 Bumped v10.1.1
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pino since your current version.

Updates pino-loki from 2.6.0 to 3.0.0

Release notes

Sourced from pino-loki's releases.

v3.0.0

⚠️ Breaking Changes

Node.js 20+ Required Node.js 18 is no longer supported. The minimum required version is now Node.js 20.

Batching Options Restructured

The batching configuration has been consolidated into a single object:
// Before (v2.x)
pinoLoki({ host: '...', batching: true, interval: 5 })
// After (v3.x)
pinoLoki({ host: '...', batching: { interval: 5, maxBufferSize: 10_000 } })
// Or simply omit for defaults, or set batching: false to disable
Default Buffer Limit

A new maxBufferSize option (default: 10,000) prevents out-of-memory issues when Loki is unavailable. When the buffer is full, oldest logs are dropped (FIFO).

Structured Metadata Enabled by Default

structuredMetaKey now defaults to 'meta'. Logs with a meta property will automatically send it as Loki structured metadata. Use structuredMetaKey: false to disable.

CLI Changes

--batch => --batching

--interval => --batching-interval

--timeout default: 2000ms → 30000ms

Added --batching-max-buffer-size

Removed -pl shorthand (use --propsLabels)

   🚨 Breaking Changes

Add maxBufferSize option + update batching API - by @Julien-R44 (e00e6)

Update dependencies ( drop node 18 ) - by @Julien-R44 (feb04)

Use meta as default structured meta key - by @Julien-R44 (43ebb)

Change timeout default value - by @Julien-R44 (5de97)

Remove deprecated CLI options - by @Julien-R44 (ba7b1)

   🐞 Bug Fixes

Force structured metadata values to string - by @chaintng and @Julien-R44 in Julien-R44/pino-loki#48 (6f69d)

Remove hostname from log object before formatting - by @Julien-R44 (d6d1a)

Avoid duplicate buffer flush on transport shutdown - by @Julien-R44 (db751)

    View changes on GitHub

Commits

c042352 chore: release v3.0.0
528c6a4 style: lint files
ba7b17e chore!: remove deprecated CLI options
5de977e fix!: change timeout default value
43ebb6c feat!: use meta as default structured meta key
db75124 fix: avoid duplicate buffer flush on transport shutdown
feb0408 chore!: update dependencies ( drop node 18 )
d6d1acc fix: remove hostname from log object before formatting
e00e6ca feat!: add maxBufferSize option + update batching API
66ccf05 chore: remove basicAuth options from debug
Additional commits viewable in compare view

Updates pino-pretty from 13.0.0 to 13.1.3

Release notes

Sourced from pino-pretty's releases.

v13.1.3

What's Changed

Add in the README file a snippet to use pino-pretty only for dev by @himito in pinojs/pino-pretty#623

build(deps): bump actions/setup-node from 4 to 6 by @dependabot[bot] in pinojs/pino-pretty#626

build(deps-dev): bump borp from 0.20.2 to 0.21.0 by @dependabot[bot] in pinojs/pino-pretty#627

build(deps-dev): bump pino from 9.14.0 to 10.1.0 by @dependabot[bot] in pinojs/pino-pretty#628

build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 by @dependabot[bot] in pinojs/pino-pretty#629

Update format-time.js documentation to match functionality by @g-sanner in pinojs/pino-pretty#632

build(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in pinojs/pino-pretty#636

build(deps): bump fast-copy from 3.0.2 to 4.0.0 by @dependabot[bot] in pinojs/pino-pretty#637

fix: messageFormat print 0 value by @gutenye in pinojs/pino-pretty#635

New Contributors

@himito made their first contribution in pinojs/pino-pretty#623

@g-sanner made their first contribution in pinojs/pino-pretty#632

@gutenye made their first contribution in pinojs/pino-pretty#635

Full Changelog: pinojs/pino-pretty@v13.1.2...v13.1.3

v13.1.2

What's Changed

build(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @dependabot[bot] in pinojs/pino-pretty#609

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in pinojs/pino-pretty#621

build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in pinojs/pino-pretty#622

fix: allow esm import for isColorSupported by @JoeCap08055 in pinojs/pino-pretty#616

Use neostandard and remove pre-commit by @jsumners in pinojs/pino-pretty#624

fix: missing property on objectColorizer by @IronGeek in pinojs/pino-pretty#625

New Contributors

@JoeCap08055 made their first contribution in pinojs/pino-pretty#616

@IronGeek made their first contribution in pinojs/pino-pretty#625

Full Changelog: pinojs/pino-pretty@v13.1.1...v13.1.2

v13.1.1

What's Changed

Revert "chore: upgrade dateformat" by @Uzlopak in pinojs/pino-pretty#607

Full Changelog: pinojs/pino-pretty@v13.1.0...v13.1.1

v13.1.0

What's Changed

Bump @arethetypeswrong/cli from 0.16.4 to 0.17.0 by @dependabot[bot] in pinojs/pino-pretty#543

Bump secure-json-parse from 2.7.0 to 3.0.1 by @dependabot[bot] in pinojs/pino-pretty#547

Bump typescript from 5.6.3 to 5.7.2 by @dependabot[bot] in pinojs/pino-pretty#548

Readme.md: remove the command prompt symbol by @yegorich in pinojs/pino-pretty#545

Add magenta as the color for printed object properties. Fixes suport for --no-colorizeObjects by @mcollina in pinojs/pino-pretty#553

Bump typescript from 5.7.3 to 5.8.2 by @dependabot[bot] in pinojs/pino-pretty#555

perf: use node: prefix to bypass require.cache call for builtins by @Fdawgs in pinojs/pino-pretty#556

... (truncated)

Commits

08425cd v13.1.3
6afb524 fix: messageFormat print 0 value (#635)
70c73ea build(deps): bump fast-copy from 3.0.2 to 4.0.0 (#637)
2cd9794 build(deps): bump actions/checkout from 5 to 6 (#636)
c06e276 Update format-time.js documentation to match functionality (#632)
47ffb45 build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 (#629)
932af85 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#628)
6d48318 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#627)
3b89a0c build(deps): bump actions/setup-node from 4 to 6 (#626)
ab0ccab Add in the README file a snippet to use pino-pretty only for dev (#623)
Additional commits viewable in compare view

Updates ua-parser-js from 2.0.4 to 2.0.8

Release notes

Sourced from ua-parser-js's releases.

v2.0.8

Version 2.0.8

Resolve syntax error related to import renaming in ESM build

Add new browser: HiBrowser, Opera Neon

Add new engine: Dillo

Improve browser detection: Brave, TikTok

Improve device detection: OnePlus

Improve OS detection: Firefox OS

extensions submodule:

Add new CLI: PowerShell

Add new email: Alpine, Android, AquaMail, Balsa, Barca, Canary, Claws Mail, eM Client, Eudora, FairEmail, Geary, Gnus, Horde::IMP, Lotus-Notes, IncrediMail, K-9 Mail, Mailbird, MailMate, Mailspring, Mutt, Newton, Nine, NylasMail, Outlook-Express, Pegasus Mail, PocoMail, Postbox, ProtonMail Bridge, Quala, R2Mail2, Rainloop, Roundcube Webmail, SamsungEmail, Spicebird, SquirrelMail, Sylpheed, The Bat!, Trojita, Turnpike, tutanota-desktop, Wanderlust, Windows-Live-Mail

Add new library: http.rb, Jetty, ocaml-cohttp

helpers submodule:

Add new method: getOutlookEdition() to map Outlook versions to their marketing editions

What's Changed

Improve existing browser detection for Tiktok by @giantyo26 in faisalman/ua-parser-js#817

feat(email): expand email client detection & add Outlook edition helper by @cougrimes in faisalman/ua-parser-js#819

chore: update pattern to ONLY include top-level js files in dist by @hyperz111 in faisalman/ua-parser-js#820

New Contributors

@giantyo26 made their first contribution in faisalman/ua-parser-js#817

@cougrimes made their first contribution in faisalman/ua-parser-js#819

@hyperz111 made their first contribution in faisalman/ua-parser-js#820

Full Changelog: faisalman/ua-parser-js@2.0.7...2.0.8

v2.0.7

Version 2.0.7

Add support for chaining withClientHints() & withFeatureCheck()

Add new browser: Atlas, Steam

Add new device vendor: Anbernic, Logitech, Valve

Improve device detection: Xiaomi

Improve OS detection: iOS

Split helpers submodule into several new submodules:

bot-detection:

isAIAssistant()

isAICrawler()

isBot()

browser-detection

isChromeFamily()

isElectron()

isFromEU()

isStandalonePWA()

device-detection

getDeviceVendor()

isAppleSilicon()

Update extensions submodule:

... (truncated)

Changelog

Sourced from ua-parser-js's changelog.

Version 2.0.8

Resolve syntax error related to import renaming in ESM build

Add new browser: HiBrowser, Opera Neon

Add new engine: Dillo

Improve browser detection: Brave, TikTok

Improve device detection: OnePlus

Improve OS detection: Firefox OS

extensions submodule:

Add new CLI: PowerShell

Add new email: Alpine, Android, AquaMail, Balsa, Barca, Canary, Claws Mail, eM Client, Eudora, FairEmail, Geary, Gnus, Horde::IMP, Lotus-Notes, IncrediMail, K-9 Mail, Mailbird, MailMate, Mailspring, Mutt, Newton, Nine, NylasMail, Outlook-Express, Pegasus Mail, PocoMail, Postbox, ProtonMail Bridge, Quala, R2Mail2, Rainloop, Roundcube Webmail, SamsungEmail, Spicebird, SquirrelMail, Sylpheed, The Bat!, Trojita, Turnpike, tutanota-desktop, Wanderlust, Windows-Live-Mail

Add new library: http.rb, Jetty, ocaml-cohttp

helpers submodule:

Add new method: getOutlookEdition() to map Outlook versions to their marketing editions

Version 2.0.7

Add support for chaining withClientHints() & withFeatureCheck()

Add new browser: Atlas, Steam

Add new device vendor: Anbernic, Logitech, Valve

Improve device detection: Xiaomi

Improve OS detection: iOS

Split helpers submodule into several new submodules:

bot-detection:

isAIAssistant()

isAICrawler()

isBot()

browser-detection

isChromeFamily()

isElectron()

isFromEU()

isStandalonePWA()

device-detection

getDeviceVendor()

isAppleSilicon()

Update extensions submodule:

Add new fetcher: Nova Act

Add new library: Bun, Dart, Deno, hackney, Node.js, rest-client, undici

Version 2.0.6

Add new CLI feature: processing batch user-agent data from file and output as JSON

Fix setUA(): trim leading space from user-agent string input

Replace undici dependency with node's internal Headers

Add new browser: Bing, Qwant

Add new device vendor: Hisense, Wiko

Improve browser detection: Mozilla, Pale Moon

Improve CPU detection: 68k

Improve device detection: Apple, BlackBerry, Huawei, Nokia, Xiaomi

Improve OS detection: iOS 26

extensions submodule:

... (truncated)

Commits

7abb90b Bump version 2.0.8
f1eed9e chore: update pattern to ONLY include top-level js files in dist (#820)
66f3858 [extensions] Add new library: http.rb, Jetty, ocaml-cohttp
0273bf6 Improve browser detection: Brave
21186ae Add new browser: HiBrowser
de2ef64 Fix #815 - Improve device detection: OnePlus device misidentified as LG tablet
cf4cba5 Add new browser: Opera Neon - https://www.operaneon.com/
7fcf3f0 [extensions] Add new CLI: Windows' PowerShell
68f8684 Improve OS detection: Firefox OS
611221b Add new engine: Dillo - https://dillo-browser.org/
Additional commits viewable in compare view

Updates undici from 7.18.2 to 7.19.1

Release notes

Sourced from undici's releases.

v7.19.1

What's Changed

fix: use commit hash when generating release (#4757) by @fenichelar in nodejs/undici#4759

fix fetch 401 loop by @KhafraDev in nodejs/undici#4761

New Contributors

@fenichelar made their first contribution in nodejs/undici#4759

Full Changelog: nodejs/undici@v7.19.0...v7.19.1

v7.19.0

What's Changed

fix: Handle FormData body type correctly in RetryAgent retried requests by @eliotschu in nodejs/undici#4692

feat(client): expose HTTP/2 flow-control options by @pabloelisseo in nodejs/undici#4706

Implement origin normalization in MockAgent for case-insensitivity and URL handling by @SksOp in nodejs/undici#4731

fix websocket basic auth by @KhafraDev in nodejs/undici#4747

fix(cache): regenerate stream from source when cache.match is called after GC by @mcollina in nodejs/undici#4713

chore: use testcontext for test:cache by @Uzlopak in nodejs/undici#4571

chore: use testcontext for subresource integrity tests by @Uzlopak in nodejs/undici#4575

feat(cache): add origins option for whitelist filtering by @mcollina in nodejs/undici#4739

ci: test shared-builtin only on Node.js 24 and 25 by @mcollina in nodejs/undici#4746

fix websocketstream open error by @KhafraDev in nodejs/undici#4748

New Contributors

@eliotschu made their first contribution in nodejs/undici#4692

@pabloelisseo made their first contribution in nodejs/undici#4706

@SksOp made their first contribution in nodejs/undici#4731

Full Changelog: nodejs/undici@v7.18.2...v7.19.0

Commits

e2aeb52 Bumped v7.19.1 (#4760)
4920fc4 fix fetch 401 loop (#4761)
c2307d0 Use commit hash when generating release (fixes #4757) (#4759)
761fce9 fix websocketstream open error (#4748)
9ec9160 Bumped v7.19.0 (#4751)
491f760 ci: test shared-builtin only on Node.js 24 and 25 (#4746)
cc2ec56 feat(cache): add origins option for whitelist filtering (#4739)
8fd6c43 chore: use testcontest for subresource integrity tests (#4575)
2346cd2 chore: use testcontext for test:cache (#4571)
847419f fix(cache): regenerate stream from source when cache.match is called after GC...
Additional commits viewable in compare view

Updates zod from 3.25.75 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors

f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)

251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call

edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)

85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)

cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)

dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)

762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling

ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)

e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking

0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests

e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)

089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs

decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint

9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema

66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType

b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)

f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)

0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

... (truncated)

Commits

ca3c862 v4.3.6
762e911 Generalize numeric key handling
dfbbf1c Avoid re-exported star modules (#5656)
cbf77bb Avoid non null assertion (#5638)
85db85e fix: typo in codec.test.ts file (#5628)
edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
251d716 Clean up workflow_call
f4b7bae Update pullfrog.yml (#5634)
9977fb0 Add brand.dev to sponsors
0cdc0b8 4.3.5
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
`@dependa...

Description has been truncated

socket-security · 2026-01-26T22:56:29Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
ua-parser-js@2.0.4 ⏵ 2.0.8	⁺¹
pino-pretty@13.0.0 ⏵ 13.1.3	⁺¹
pino-loki@2.6.0 ⏵ 3.0.0			⁺⁵
@fastify/http-proxy@11.3.0 ⏵ 11.4.1
zod@3.25.75 ⏵ 4.3.6	⁺²
undici@7.18.2 ⏵ 7.20.0		⁺¹
fastify@5.7.3 ⏵ 5.7.4			⁺¹

View full report

…dates Bumps the dependencies group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@fastify/http-proxy](https://github.com/fastify/fastify-http-proxy) | `11.3.0` | `11.4.1` | | [fastify](https://github.com/fastify/fastify) | `5.4.0` | `5.7.2` | | [pino](https://github.com/pinojs/pino) | `9.7.0` | `10.3.0` | | [pino-loki](https://github.com/Julien-R44/pino-loki) | `2.6.0` | `3.0.0` | | [pino-pretty](https://github.com/pinojs/pino-pretty) | `13.0.0` | `13.1.3` | | [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `2.0.4` | `2.0.8` | | [undici](https://github.com/nodejs/undici) | `7.18.2` | `7.19.1` | | [zod](https://github.com/colinhacks/zod) | `3.25.75` | `4.3.6` | Updates `@fastify/http-proxy` from 11.3.0 to 11.4.1 - [Release notes](https://github.com/fastify/fastify-http-proxy/releases) - [Commits](fastify/fastify-http-proxy@v11.3.0...v11.4.1) Updates `fastify` from 5.4.0 to 5.7.2 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.4.0...v5.7.2) Updates `pino` from 9.7.0 to 10.3.0 - [Release notes](https://github.com/pinojs/pino/releases) - [Commits](pinojs/pino@v9.7.0...v10.3.0) Updates `pino-loki` from 2.6.0 to 3.0.0 - [Release notes](https://github.com/Julien-R44/pino-loki/releases) - [Commits](Julien-R44/pino-loki@v2.6.0...v3.0.0) Updates `pino-pretty` from 13.0.0 to 13.1.3 - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](pinojs/pino-pretty@v13.0.0...v13.1.3) Updates `ua-parser-js` from 2.0.4 to 2.0.8 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md) - [Commits](faisalman/ua-parser-js@2.0.4...2.0.8) Updates `undici` from 7.18.2 to 7.19.1 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.18.2...v7.19.1) Updates `zod` from 3.25.75 to 4.3.6 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v3.25.75...v4.3.6) --- updated-dependencies: - dependency-name: "@fastify/http-proxy" dependency-version: 11.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: fastify dependency-version: 5.7.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pino dependency-version: 10.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: pino-loki dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: pino-pretty dependency-version: 13.1.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ua-parser-js dependency-version: 2.0.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: undici dependency-version: 7.19.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: zod dependency-version: 4.3.6 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 26, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-5a32b88d8a branch from ffe2a9e to 30571f3 Compare February 3, 2026 00:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the dependencies group across 1 directory with 8 updates#189

chore(deps): bump the dependencies group across 1 directory with 8 updates#189
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dependencies-5a32b88d8a

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading

Uh oh!

socket-security bot commented Jan 26, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v11.4.1

What's Changed

New Contributors

v11.4.0

What's Changed

New Contributors

v5.7.2

⚠️ Notice ⚠️

What's Changed

New Contributors

v5.7.1

What's Changed

v5.7.0

What's Changed

v10.3.0

What's Changed

v10.2.1

What's Changed

v10.2.0

What's Changed

New Contributors

v10.1.1

What's Changed

New Contributors

v3.0.0

Batching Options Restructured

Default Buffer Limit

Structured Metadata Enabled by Default

CLI Changes

🚨 Breaking Changes

🐞 Bug Fixes

View changes on GitHub

v13.1.3

What's Changed

New Contributors

v13.1.2

What's Changed

New Contributors

v13.1.1

What's Changed

v13.1.0

What's Changed

v2.0.8

Version 2.0.8

What's Changed

New Contributors

v2.0.7

Version 2.0.7

Version 2.0.8

Version 2.0.7

Version 2.0.6

v7.19.1

What's Changed

New Contributors

v7.19.0

What's Changed

New Contributors

v4.3.6

Commits:

v4.3.5

Commits:

v4.3.4

Commits:

v4.3.3

Commits:

v4.3.2

Commits:

v4.3.1

Commits:

v4.3.0

Uh oh!

socket-security bot commented Jan 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

dependabot bot commented on behalf of github Jan 26, 2026 •

edited

Loading

socket-security bot commented Jan 26, 2026 •

edited

Loading