chore(deps): bump the dependencies group across 1 directory with 6 updates #166

dependabot · 2025-09-22T21:21:56Z

Bumps the dependencies group with 5 updates in the / directory:

Package	From	To
fastify	`5.4.0`	`5.6.1`
pino	`9.7.0`	`9.11.0`
pino-pretty	`13.0.0`	`13.1.1`
ua-parser-js	`2.0.4`	`2.0.5`
zod	`3.25.75`	`4.1.11`

Updates fastify from 5.4.0 to 5.6.1

Release notes

Sourced from fastify's releases.

v5.6.1

What's Changed

fix: fix typo of deprecation warning FSTDEP022 by @Uzlopak in fastify/fastify#6313

docs(decorators): fix TypeScript inconsistency by @emicovi in fastify/fastify#6224

chore: fix typos by @deining in fastify/fastify#6316

docs(security): add secondary contact/security escalation policy by @UlisesGascon in fastify/fastify#6315

chore(gha): remove benchmark github workflows by @Eomm in fastify/fastify#6322

chore(sponsor): add lambdatest by @Eomm in fastify/fastify#6324

fix: (types) allow FastifySchemaValidationError[] as an error by @gurgunday in fastify/fastify#6326

fix: correct session.close() context in http2 timeout handler by @David-van-der-Sluijs in fastify/fastify#6327

fix: close http2 sessions on close server by @kostyak127 in fastify/fastify#6137

New Contributors

@deining made their first contribution in fastify/fastify#6316

@UlisesGascon made their first contribution in fastify/fastify#6315

@David-van-der-Sluijs made their first contribution in fastify/fastify#6327

@kostyak127 made their first contribution in fastify/fastify#6137

Full Changelog: fastify/fastify@v5.6.0...v5.6.1

v5.6.0

What's Changed

fix: update typescript pino type to pick by @dancastillo in fastify/fastify#6287

feat(types): router option types by @dancastillo in fastify/fastify#6282

fix(types): Fix use of "esModuleInterop: false" by @joshkel in fastify/fastify#6292

docs: fix typo in Reference: TypeScript.md by @hmanzoni in fastify/fastify#6302

docs: clarify router performance note by @Prasad2604 in fastify/fastify#6306

New Contributors

@joshkel made their first contribution in fastify/fastify#6292

@hmanzoni made their first contribution in fastify/fastify#6302

@Prasad2604 made their first contribution in fastify/fastify#6306

Full Changelog: fastify/fastify@v5.5.0...v5.6.0

v5.5.0

What's Changed

docs: fix markdown linting issue by @Uzlopak in fastify/fastify#6175

chore: removed simple-get from mkcalendar tests by @ilteoood in fastify/fastify#6199

chore: removed simple-get from versioned-routes tests by @ilteoood in fastify/fastify#6202

chore: removed simple-get from hooks tests by @ilteoood in fastify/fastify#6210

fix: close pipelining test by @ilteoood in fastify/fastify#6204

chore: removed simple-get from unlock test by @ilteoood in fastify/fastify#6178

chore: removed simple-get from use-semicolon-delimiter tests by @ilteoood in fastify/fastify#6203

chore: removed simple-get from custom-https-server tests by @ilteoood in fastify/fastify#6201

chore: remove simple-get from custom parser 5 by @ilteoood in fastify/fastify#6172

chore: removed simple-get from head tests by @ilteoood in fastify/fastify#6196

chore: removed simple-get from request id tests by @ilteoood in fastify/fastify#6193

chore: remove simple get from custom parser 1 by @ilteoood in fastify/fastify#6167

chore: removed simple-get from custom-parser-0 by @ilteoood in fastify/fastify#6168

... (truncated)

Commits

91414fe Bumped v5.6.1
36498f8 fix: close http2 sessions on close server (#6137)
4e5a363 fix: correct session.close() context in http2 timeout handler (#6327)
80ef70c fix: (types) allow FastifySchemaValidationError[] as an error (#6326)
9a67d3a chore(sponsor): add lambdatest (#6324)
39d2e10 chore(gha): remove benchmark github workflows (#6322)
a4fe041 docs(security): add security escalation policy (#6315)
d1af934 chore: fix typos (#6316)
ebf8730 docs(decorators): fix TypeScript inconsistency (#6224)
39f35f9 fix: fix typo of deprecation warning FSTDEP022 (#6313)
Additional commits viewable in compare view

Updates pino from 9.7.0 to 9.11.0

Release notes

Sourced from pino's releases.

v9.11.0

What's Changed

feat: added timestamp rfc3339 format with nanoseconds by @edge33 in pinojs/pino#2251

fix: gracefully handle missing diagChannel.tracingChannel on Node < 18.19 by @aryamohanan in pinojs/pino#2290

New Contributors

@edge33 made their first contribution in pinojs/pino#2251

@aryamohanan made their first contribution in pinojs/pino#2290

Full Changelog: pinojs/pino@v9.10.0...v9.11.0

v9.10.0

What's Changed

docs: Move pino-logflare out of legacy transports list by @kamilogorek in pinojs/pino#2283

Add support for Pear and Bare runtimes by @yassernasc in pinojs/pino#2278

Add tracing channels by @jsumners-nr in pinojs/pino#2281

Add pino-console to ecoystem page by @mcollina in pinojs/pino#2288

New Contributors

@kamilogorek made their first contribution in pinojs/pino#2283

@yassernasc made their first contribution in pinojs/pino#2278

@jsumners-nr made their first contribution in pinojs/pino#2281

Full Changelog: pinojs/pino@v9.9.5...v9.10.0

v9.9.5

What's Changed

fix: allow object type in %s placeholder by @mcollina in pinojs/pino#2277

Full Changelog: pinojs/pino@v9.9.4...v9.9.5

v9.9.4

What's Changed

fix(logfn): use unknown type by @rozzilla in pinojs/pino#2276

Full Changelog: pinojs/pino@v9.9.3...v9.9.4

v9.9.3

What's Changed

fix(types): compatibility when leveraging parameters by @rozzilla in pinojs/pino#2273

New Contributors

@rozzilla made their first contribution in pinojs/pino#2273

Full Changelog: pinojs/pino@v9.9.2...v9.9.3

v9.9.2

What's Changed

... (truncated)

Commits

cc57d79 Bumped v9.11.0
991a5f9 fix: gracefully handle missing diagChannel.tracingChannel on Node < 18.19 (#2...
feef9ac feat: added timestamp rfc3339 format with nanoseconds (#2251)
f8e4161 Bumped v9.10.0
4c18f29 Add pino-console to ecoystem page (#2288)
72df513 Add tracing channels (#2281)
f95430c Add support for Pear and Bare runtimes (#2278)
55eabba docs: Move pino-logflare out of legacy transports list (#2283)
783f9d9 Bumped v9.9.5
d2f6c64 fix: allow object type in %s placeholder (#2277)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pino since your current version.

Updates pino-pretty from 13.0.0 to 13.1.1

Release notes

Sourced from pino-pretty's releases.

v13.1.1

What's Changed

Revert "chore: upgrade dateformat" by @Uzlopak in pinojs/pino-pretty#607

Full Changelog: pinojs/pino-pretty@v13.1.0...v13.1.1

v13.1.0

What's Changed

Bump @arethetypeswrong/cli from 0.16.4 to 0.17.0 by @dependabot[bot] in pinojs/pino-pretty#543

Bump secure-json-parse from 2.7.0 to 3.0.1 by @dependabot[bot] in pinojs/pino-pretty#547

Bump typescript from 5.6.3 to 5.7.2 by @dependabot[bot] in pinojs/pino-pretty#548

Readme.md: remove the command prompt symbol by @yegorich in pinojs/pino-pretty#545

Add magenta as the color for printed object properties. Fixes suport for --no-colorizeObjects by @mcollina in pinojs/pino-pretty#553

Bump typescript from 5.7.3 to 5.8.2 by @dependabot[bot] in pinojs/pino-pretty#555

perf: use node: prefix to bypass require.cache call for builtins by @Fdawgs in pinojs/pino-pretty#556

perf: add missing 'use strict' directives by @Fdawgs in pinojs/pino-pretty#557

Bump rimraf from 3.0.2 to 6.0.1 by @dependabot[bot] in pinojs/pino-pretty#520

build(dependabot): reduce npm updates to monthly by @Fdawgs in pinojs/pino-pretty#558

Bump secure-json-parse from 3.0.2 to 4.0.0 by @dependabot[bot] in pinojs/pino-pretty#559

Bump tsd from 0.31.2 to 0.32.0 by @dependabot[bot] in pinojs/pino-pretty#562

test: enable borp to move to node test by @Puppo in pinojs/pino-pretty#564

chore: enable node 24 in CI by @Puppo in pinojs/pino-pretty#565

fix: borp file test match by @Puppo in pinojs/pino-pretty#573

test: move colors.test.js to node test by @Puppo in pinojs/pino-pretty#574

Fix: Updated wrong reference for colors object by @rinkeshpurohit in pinojs/pino-pretty#597

test: move prettify-time.test.js to node test by @Puppo in pinojs/pino-pretty#595

test: move index.test.js to node test by @Puppo in pinojs/pino-pretty#583

build(deps-dev): bump borp from 0.19.0 to 0.20.0 by @dependabot[bot] in pinojs/pino-pretty#601

build(deps-dev): bump @arethetypeswrong/cli from 0.17.4 to 0.18.1 by @dependabot[bot] in pinojs/pino-pretty#603

test: move basic.test.js to node test by @Puppo in pinojs/pino-pretty#566

build(deps-dev): bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in pinojs/pino-pretty#604

test: move cli.test.js to node test by @Puppo in pinojs/pino-pretty#568

The finalization registry bug has been fixed by @mcollina in pinojs/pino-pretty#572

test: move cli-rc.test.js to node test by @Puppo in pinojs/pino-pretty#567

test: move crlf.test.js to node test by @Puppo in pinojs/pino-pretty#569

test: move error-objects.test.js to node test by @Puppo in pinojs/pino-pretty#571

test: move build-safe-sonic-boom.test.js to node test by @Puppo in pinojs/pino-pretty#575

test: move create-date.test.js to node test by @Puppo in pinojs/pino-pretty#576

test: move delete-log-property.test.js to node test by @Puppo in pinojs/pino-pretty#577

test: move filter-log.test.js to node test by @Puppo in pinojs/pino-pretty#578

test: move format-time.test.js to node test by @Puppo in pinojs/pino-pretty#579

test: move get-property-value.test.js to node test by @Puppo in pinojs/pino-pretty#580

test: move handle-custom-levels-opts.test.js to node test by @Puppo in pinojs/pino-pretty#582

test: move interpret-conditionals.test.js to node test by @Puppo in pinojs/pino-pretty#584

test: move is-object.test.js to node test by @Puppo in pinojs/pino-pretty#585

test: move is-valid-date.test.js to node test by @Puppo in pinojs/pino-pretty#586

test: move join-lines-with-indentation.test.js to node test by @Puppo in pinojs/pino-pretty#587

test: move noop.test.js to node test by @Puppo in pinojs/pino-pretty#588

test: move prettify-error-log.test.js to node test by @Puppo in pinojs/pino-pretty#589

... (truncated)

Commits

776b062 v13.1.1
ce5dd4e Revert "chore: upgrade dateformat (#598)" (#607)
9e90903 Bumped v13.1.0
c801ddd test: move handle-custom-levels-names-opts.test.js to node test (#581)
e459f79 fix: loosen up customPrettifiers typing constraints (#551)
5b8132c chore: remove coveralls artifact in gh workflow (#599)
658af27 chore: upgrade dateformat (#598)
76952c0 chore: upgrade strip-json-somments (#600)
3aa769e test: move split-property-key.test.js to node test (#596)
ab6af45 test: move prettify-object.test.js to node test (#594)
Additional commits viewable in compare view

Updates ua-parser-js from 2.0.4 to 2.0.5

Release notes

Sourced from ua-parser-js's releases.

v2.0.5

Version 2.0.5

Add new browser: Zalo

Add new CPU arch: alpha

Add new device vendor: Philips

Improve device detection: Pico

Fix parsing error on pages with modified Array prototypes

Improve type declarations:

Replace node-fetch dependency with undici

Replace hardcoded string values with enum from enum submodule

enums submodule:

Add Extension enum for extensions submodule

Type declaration file now automatically generated using build script

Naming adjustments:

Browser => BrowserName

CPU => CPUArch

Device => DeviceType

Vendor => DeviceVendor

Engine => EngineName

OS => OSName

extensions submodule:

Add new crawlers: APIs-Google, Algolia Crawler, Algolia Crawler Renderscript, Baidu-ADS, BLEXBot, botify, Bravebot, Claude-Web, cohere-training-data-crawler, contxbot, Cotoyogi, Coveobot, CriteoBot, DeepSeekBot, DuckDuckGo-Favicons-Bot, Elastic, FirecrawlAgent, Freespoke, Google-CloudVertexBot, HuggingFace-Bot, Kagibot, Kangaroo Bot, marginalia, msnbot, OnCrawl, Replicate-Bot, RunPod-Bot, SBIntuitionsBot, SeekportBot, Siteimprove, Sogou Pic Spider, TikTokSpider, TwinAgent, v0bot, webzio, Webzio-Extended, xAI-Bot, YandexAccessibilityBot, YandexAdditionalBot, YandexAdNet, YandexBot MirrorDetector, YandexBlogs, YandexComBot, YandexFavicons, YandexImageResizer, YandexImages, YandexMarket, YandexMetrika, YandexMedia, YandexMobileBot, YandexMobileScreenShotBot, YandexNews, YandexOntoDB, YandexOntoDBAPI, YandexPartner, YandexRCA, YandexRenderResourcesBot, YandexScreenshotBot, YandexSpravBot, YandexTracker, YandexVertis, YandexVerticals, YandexVideo, YandexVideoParser, YandexWebmaster, YepBot, ZumBot

Add new fetchers: Asana, bitlybot, Blueno, BufferLinkPreviewBot, Chrome-Lighthouse, Gemini-Deep-Research, HubSpot Page Fetcher, kakaotalk-scrap, vercel-favicon-bot, vercel-screenshot-bot, vercelflags, verceltracing, YaDirectFetcher, YandexCalendar, YandexDirect, YandexDirectDyn, YandexForDomain, YandexPagechecker, YandexSearchShop, YandexSitelinks, YandexUserproxy

helpers submodule:

Add some crawler to isAIBot(): Bravebot, cohere-training-data-crawler, FirecrawlAgent, HuggingFace-Bot, Kangaroo Bot, PanguBot, Replicate-Bot, RunPod-Bot, TikTokSpider, Together-Bot, v0bot, xAI-Bot

v2.0.5-pro-enterprise

No release notes provided.

Changelog

Sourced from ua-parser-js's changelog.

Version 2.0.5

Add new browser: Zalo

Add new CPU arch: alpha

Add new device vendor: Philips

Improve device detection: Pico

Fix parsing error on pages with modified Array prototypes

Improve type declarations:

Replace node-fetch dependency with undici

Replace hardcoded string values with enum from enum submodule

enums submodule:

Add Extension enum for extensions submodule

Type declaration file now automatically generated using build script

Naming adjustments:

Browser => BrowserName

CPU => CPUArch

Device => DeviceType

Vendor => DeviceVendor

Engine => EngineName

OS => OSName

extensions submodule:

Add new crawlers: APIs-Google, Algolia Crawler, Algolia Crawler Renderscript, Baidu-ADS, BLEXBot, botify, Bravebot, Claude-Web, cohere-training-data-crawler, contxbot, Cotoyogi, Coveobot, CriteoBot, DeepSeekBot, DuckDuckGo-Favicons-Bot, Elastic, FirecrawlAgent, Freespoke, Google-CloudVertexBot, HuggingFace-Bot, Kagibot, Kangaroo Bot, marginalia, msnbot, OnCrawl, Replicate-Bot, RunPod-Bot, SBIntuitionsBot, SeekportBot, Siteimprove, Sogou Pic Spider, TikTokSpider, TwinAgent, v0bot, webzio, Webzio-Extended, xAI-Bot, YandexAccessibilityBot, YandexAdditionalBot, YandexAdNet, YandexBot MirrorDetector, YandexBlogs, YandexComBot, YandexFavicons, YandexImageResizer, YandexImages, YandexMarket, YandexMetrika, YandexMedia, YandexMobileBot, YandexMobileScreenShotBot, YandexNews, YandexOntoDB, YandexOntoDBAPI, YandexPartner, YandexRCA, YandexRenderResourcesBot, YandexScreenshotBot, YandexSpravBot, YandexTracker, YandexVertis, YandexVerticals, YandexVideo, YandexVideoParser, YandexWebmaster, YepBot, ZumBot

Add new fetchers: Asana, bitlybot, Blueno, BufferLinkPreviewBot, Chrome-Lighthouse, Gemini-Deep-Research, HubSpot Page Fetcher, kakaotalk-scrap, vercel-favicon-bot, vercel-screenshot-bot, vercelflags, verceltracing, YaDirectFetcher, YandexCalendar, YandexDirect, YandexDirectDyn, YandexForDomain, YandexPagechecker, YandexSearchShop, YandexSitelinks, YandexUserproxy

helpers submodule:

Add some crawler to isAIBot(): Bravebot, cohere-training-data-crawler, FirecrawlAgent, HuggingFace-Bot, Kangaroo Bot, PanguBot, Replicate-Bot, RunPod-Bot, TikTokSpider, Together-Bot, v0bot, xAI-Bot

Commits

3ea5721 Bump version 2.0.5
a4342b0 [test] Utilize enum in test cases
31bf36c [enums] enum names should be singular
9bef871 [helpers] Update isAIBot() list using Crawlers enum
b1d9dca [test] Move UA-CH test data into its own file
146f182 [extensions] Improve bot detection for ByteDance, Google, SB Intuitions, Webzio
ce242a3 [extensions][enums] Improve detection for Yandex bots
2078b1e [enums] Clean up enum imports & create build script
7dcbb8d [enums] Enum for CPU architecture should be CPUArch rather than CPUName
f810a6d Fix type mistake
Additional commits viewable in compare view

Updates undici from 7.11.0 to 7.16.0

Release notes

Sourced from undici's releases.

v7.16.0

What's Changed

Drop npm token, use OIDC instead by @mcollina in nodejs/undici#4447

fetch: instantiate readableStream in extractBody with sync methods by @Uzlopak in nodejs/undici#4350

fix: remove async on [kClose] and [kDestroy], only return Promise by @Uzlopak in nodejs/undici#4450

fetch: make consumeBody sync by @Uzlopak in nodejs/undici#4449

perf: make client.connect() sync by @Uzlopak in nodejs/undici#4455

fetch: remove promise in exported fetch by @Uzlopak in nodejs/undici#4452

fix(#4451): implement http2 cookie support by @metcoder95 in nodejs/undici#4453

test: cache store tests should properly be skipped by @Uzlopak in nodejs/undici#4463

test: fix IPv6 skip check for test/client.js by @Uzlopak in nodejs/undici#4466

test: remove skip check for AbortSignal.timeout, as it exists since node18 by @Uzlopak in nodejs/undici#4464

test: investigate macos failing by @Uzlopak in nodejs/undici#4467

test: remove obsolete < node v18 test case for http2 by @Uzlopak in nodejs/undici#4461

perf: avoid intermediate promise on BodyReadable.dump by @Uzlopak in nodejs/undici#4459

test: remove skip check for long-lived-abort-controller test (was flaky 10 months ago) by @Uzlopak in nodejs/undici#4465

test: remove skip checks for existance of global available Blob and File by @Uzlopak in nodejs/undici#4460

perf (fetch): use less promises for ReadableStream by @Uzlopak in nodejs/undici#4457

fix: catch synchronous errors in request callbacks by @mcollina in nodejs/undici#4443

fix: avoid instanceof MockNotMatchedError by @Uzlopak in nodejs/undici#4474

eventsource: remove promise for #reconnect method by @Uzlopak in nodejs/undici#4469

feat: make UndiciErrors reliable to instanceof by @Uzlopak in nodejs/undici#4472

chore: call super() after type checks by @Uzlopak in nodejs/undici#4475

chore: FixedQueue does not need special constructor by @Uzlopak in nodejs/undici#4476

fix: buildAndValidateMockOptions should always get an object passed and always return an object by @Uzlopak in nodejs/undici#4479

fix: remove unused ResponseStatusCodeError by @Uzlopak in nodejs/undici#4473

chore: pool and dispatcherbase dont need constructor, use no array helper functions by @Uzlopak in nodejs/undici#4477

lint: avoid unintented use of globals in code and tests, improve test for installing/overwriting globals by @Uzlopak in nodejs/undici#4478

test: fix macos flakyness by @Uzlopak in nodejs/undici#4468

fix: 'no-referrer-when-downgrade' in determineRequestsReferrer should return referrerURL by @Uzlopak in nodejs/undici#4482

fix: deflake cache-fastimers-fix.js by @Uzlopak in nodejs/undici#4491

fix: improve validation of IP addresses as trustworthy, correct ipv4 check by @Uzlopak in nodejs/undici#4489

test (pool.js): fix flakyness of clientTtl test by @Uzlopak in nodejs/undici#4494

test (eventsource): refactor tests for eventsource, speed them up by @Uzlopak in nodejs/undici#4493

fix: remove useless catch in client-h1.js by @Uzlopak in nodejs/undici#4481

test: skip flaky encoding test on macos and node20 by @Uzlopak in nodejs/undici#4497

fix: implement proper stale-while-revalidate behavior per RFC 5861 by @mcollina in nodejs/undici#4492

test (websocket): speed up test/websocket/issue-2679.js by @Uzlopak in nodejs/undici#4501

webidl: fix existing and add missing buffer source converters by @Renegade334 in nodejs/undici#4503

use real wpt test server by @KhafraDev in nodejs/undici#4486

test: another try to fix flaky macos and node 20 by @Uzlopak in nodejs/undici#4490

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in nodejs/undici#4507

build(deps): bump actions/dependency-review-action from 4.7.1 to 4.7.3 by @dependabot[bot] in nodejs/undici#4509

fix writing to websocketstream with SharedArrayBuffer/SharedArrayBuff… by @KhafraDev in nodejs/undici#4504

test: use faketimers for test/client-keep-alive, refactor a little by @Uzlopak in nodejs/undici#4499

build(deps): bump github/codeql-action from 3.29.7 to 3.30.0 by @dependabot[bot] in nodejs/undici#4510

build(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 by @dependabot[bot] in nodejs/undici#4508

fix(h2): adjust :scheme on h2 requests by @metcoder95 in nodejs/undici#4454

chore: use lowercase filenames, remove unused verifyVersion.js by @Uzlopak in nodejs/undici#4514

chore: refactor workflows by @Uzlopak in nodejs/undici#4513

... (truncated)

Commits

7392d6f Bumped v7.16.0 (#4532)
415c66d fix: make error symbols non enumerable (#4531)
f182ff1 Disable SIMD for PPC64 architecture, add UNDICI_NO_WASM_SIMD env to facilitat...
95d835c example: use metcoders https-pem for the example (#4436)
7c42918 fix: shell command built from environment values (#4392)
51651a1 fix: wpt should use master branch (#4524)
82ea8fc refactor: parseHttpDate (#4421)
909a584 websocket: always emit error event (#4521)
d7bb09e fetch: process content-encoding header only if relevant (#4496)
e652f03 wpt: properly handle write permissions errors in wpt-runner setup (#4518)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for undici since your current version.

Updates zod from 3.25.75 to 4.1.11

Release notes

Sourced from zod's releases.

v4.1.11

Commits:

2bed4b39760d8e4d678203b5c8fcaf24c182fc9f 4.1.11

v4.1.10

Commits:

7ffedd00169d8dc2e7cb7c6d878f29b03e05b3a3 Fix shape caching (#5263)

82cd717a0e7ee4e1737a783c7be278fa93fd8104 v4.1.10

v4.1.9

Commits:

a78716d91da7649a61016b81c27f49fd9e79a81e Update zshy (#5249)

923af801fde9f033cfd7e0e753b421a554fe3be8 Publish zod@4.1.9

v4.1.8

Commits:

36c4ee354d0c1f47b7311e49f6dd4b7a11de04f5 Switch back to weakmap

a1726d53172ba52ecf90999df73778cf416264fd 4.1.8

v4.1.7

Commits:

0cca351c8b152d7c4113ab7c2a44675efb060677 Fix variable name inconsistency in coercion documentation (#5188)

aa78c270f1b43f4665339f4b61e7cb88037b8c84 Add copy/edit buttons

76452d4119d800a722b692755c1168627bc95f0f Update button txt

937f73c90cac90bd3b99b12c792c289b50416510 Fix tsconfig issue in bench

976b43657d4aff6d47c73c1c86125623ea08752d v4.1.6 (#5222)

4309c61304daf40aab2124b5f513abe2b4df8637 Fix cidrv6 validation - cidrv6 should reject invalid strings with multiple slashes (#5196)

ef95a73b6d33299743e5ff4f0645b98c1b0d6f72 feat(locales): Add Lithuanian (lt) locale (#5210)

3803f3f37168212f2178e8b8deceb7bad78ed904 docs: update wrong contents in codeblocks in api.mdx (#5209)

8a47d5c6ba8e4fe2f934a8e55d0cba4d81d821de docs: update coerce example in api.mdx (#5207)

e87db1322f11ff6907e1789da28933d258ab75fd feat(locales): Add Georgian (ka) locale (#5203)

c54b123e399a6ab266504eb1389c724af31d5998 docs: adds @traversable/zod and @traversable/zod-test to v4 ecosystem (#5194)

c27a294f5b792f47b8e9dbb293a8ff8cfb287a3a Fix two tiny grammatical errors in the docs. (#5193)

23a2d6692398e3dd1ad1cdb0491b271a9f989380 docs: fix broken links in async refinements and transforms references (#5190)

845a230bb06bff679b5f00e10153f4dbbd50d2b6 fix(locales): Add type name translations to Spanish locale (#5187)

27f13d62b98cf5c501b828ba8837ff73cd6263d2 Improve regex precision and eliminate duplicates in regexes.ts (#5181)

a8a52b3ba370b761be76953fa3986aa43c4172a4 fix(v4): fix Khmer and Ukrainian locales (#5177)

887e37cd7568219c54f9c2f71bbfe0300ce48376 Update slugs

e1f19482bbed3fbaa563a0d8e09f1a577cc58ac7 fix(v4): ensure array defaults are shallow-cloned (#5173)

9f650385644ae319f806a965b83f79ebd252e497 docs(ecosystem): add DRZL; fix Prisma Zod Generator placement (#5215)

aa6f0f02c2a92a266ff1495a8d2541ae46012fcb More fixes (#5223)

aab33566bdb44a651cc3e27fde729285e4312419 4.1.7

v4.1.5

Commits:

... (truncated)

Commits

2bed4b3 4.1.11
82cd717 v4.1.10
7ffedd0 Fix shape caching (#5263)
923af80 Publish zod@4.1.9
a78716d Update zshy (#5249)
a1726d5 4.1.8
36c4ee3 Switch back to weakmap
aab3356 4.1.7
aa6f0f0 More fixes (#5223)
9f65038 docs(ecosystem): add DRZL; fix Prisma Zod Generator placement (#5215)
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

socket-security · 2025-09-22T21:22:19Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
ua-parser-js@2.0.4 ⏵ 2.0.6	⁺¹		^-3
pino-pretty@13.0.0 ⏵ 13.1.3	⁺¹		⁺⁵
undici@7.11.0 ⏵ 7.16.0		⁺¹
fastify@5.4.0 ⏵ 5.6.2	⁺¹		⁺²
pino@9.7.0 ⏵ 10.1.0	⁺¹
zod@3.25.75 ⏵ 4.1.13			^-1

View full report

…dates Bumps the dependencies group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [fastify](https://github.com/fastify/fastify) | `5.4.0` | `5.6.1` | | [pino](https://github.com/pinojs/pino) | `9.7.0` | `9.11.0` | | [pino-pretty](https://github.com/pinojs/pino-pretty) | `13.0.0` | `13.1.1` | | [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `2.0.4` | `2.0.5` | | [zod](https://github.com/colinhacks/zod) | `3.25.75` | `4.1.11` | Updates `fastify` from 5.4.0 to 5.6.1 - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v5.4.0...v5.6.1) Updates `pino` from 9.7.0 to 9.11.0 - [Release notes](https://github.com/pinojs/pino/releases) - [Commits](pinojs/pino@v9.7.0...v9.11.0) Updates `pino-pretty` from 13.0.0 to 13.1.1 - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](pinojs/pino-pretty@v13.0.0...v13.1.1) Updates `ua-parser-js` from 2.0.4 to 2.0.5 - [Release notes](https://github.com/faisalman/ua-parser-js/releases) - [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md) - [Commits](faisalman/ua-parser-js@2.0.4...2.0.5) Updates `undici` from 7.11.0 to 7.16.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.11.0...v7.16.0) Updates `zod` from 3.25.75 to 4.1.11 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v3.25.75...v4.1.11) --- updated-dependencies: - dependency-name: fastify dependency-version: 5.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pino dependency-version: 9.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: pino-pretty dependency-version: 13.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: ua-parser-js dependency-version: 2.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: undici dependency-version: 7.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: zod dependency-version: 4.1.11 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-12-08T21:08:07Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 22, 2025

dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-9f8df171f6 branch 4 times, most recently from 30f943e to 2415df7 Compare October 6, 2025 21:12

dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-9f8df171f6 branch from 2415df7 to 3c71d0b Compare October 13, 2025 21:11

dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-9f8df171f6 branch from 3c71d0b to f430d40 Compare October 20, 2025 21:15

dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-9f8df171f6 branch 3 times, most recently from 9bba9ea to 17af333 Compare November 3, 2025 21:10

dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-9f8df171f6 branch 2 times, most recently from fc1c767 to 89ff441 Compare November 17, 2025 21:13

dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-9f8df171f6 branch from 89ff441 to 0ec62ef Compare December 2, 2025 00:53

dependabot bot closed this Dec 8, 2025

dependabot bot deleted the dependabot/npm_and_yarn/dependencies-9f8df171f6 branch December 8, 2025 21:08

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the dependencies group across 1 directory with 6 updates #166

chore(deps): bump the dependencies group across 1 directory with 6 updates #166

Uh oh!

dependabot bot commented on behalf of github Sep 22, 2025 •

edited

Loading

Uh oh!

socket-security bot commented Sep 22, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Dec 8, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

chore(deps): bump the dependencies group across 1 directory with 6 updates #166

chore(deps): bump the dependencies group across 1 directory with 6 updates #166

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.6.1

What's Changed

New Contributors

v5.6.0

What's Changed

New Contributors

v5.5.0

What's Changed

v9.11.0

What's Changed

New Contributors

v9.10.0

What's Changed

New Contributors

v9.9.5

What's Changed

v9.9.4

What's Changed

v9.9.3

What's Changed

New Contributors

v9.9.2

What's Changed

v13.1.1

What's Changed

v13.1.0

What's Changed

v2.0.5

Version 2.0.5

v2.0.5-pro-enterprise

Version 2.0.5

v7.16.0

What's Changed

v4.1.11

Commits:

v4.1.10

Commits:

v4.1.9

Commits:

v4.1.8

Commits:

v4.1.7

Commits:

v4.1.5

Commits:

Uh oh!

socket-security bot commented Sep 22, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Dec 8, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Sep 22, 2025 •

edited

Loading

socket-security bot commented Sep 22, 2025 •

edited

Loading