Skip to content

chore(deps): bump the dependencies group across 1 directory with 8 updates #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): bump the dependencies group across 1 directory with 8 updates #185

dependabot wants to merge 1 commit into from
+123 −355

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 15, 2025
edited
Loading

Bumps the dependencies group with 8 updates in the / directory:

Package From To
@fastify/http-proxy 11.3.0 11.4.1
fastify 5.4.0 5.6.2
pino 9.7.0 10.1.0
pino-loki 2.6.0 3.0.0
pino-pretty 13.0.0 13.1.3
ua-parser-js 2.0.4 2.0.7
undici 7.11.0 7.16.0
zod 3.25.75 4.2.0

Updates @fastify/http-proxy from 11.3.0 to 11.4.1

Release notes

Sourced from @​fastify/http-proxy's releases.

v11.4.1

What's Changed

New Contributors

Full Changelog: fastify/fastify-http-proxy@v11.4.0...v11.4.1

v11.4.0

What's Changed

New Contributors

Full Changelog: fastify/fastify-http-proxy@v11.3.0...v11.4.0

Commits
  • d15c916 Bumped v11.4.1
  • a3796e5 fix: add types and updated docs for 'preRewrite'. (#442)
  • efcb312 Bumped v11.4.0
  • 5ade2e5 chore(deps): update and add tests (#441)
  • 8ae78d2 feat(types): add fromParameters method (#440)
  • bbe97fb chore: address security scanner false positives related to CVE-2023-2968 (#...
  • 031f4d4 chore: update deps (#436)
  • f2e4de6 build(deps-dev): bump tsd from 0.32.0 to 0.33.0 (#432)
  • 6794aa0 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#435)
  • 6268ce3 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#434)
  • Additional commits viewable in compare view

Updates fastify from 5.4.0 to 5.6.2

Release notes

Sourced from fastify's releases.

v5.6.2

What's Changed

New Contributors

... (truncated)

Commits
  • f15d4ea Bumped v5.6.2
  • d338dca fix: consistent error handling for custom validators in async validation cont...
  • e1aee4b fix: parse ipv6 hostname (#6373)
  • b5958b3 chore: Bump borp from 0.20.2 to 0.21.0 (#6379)
  • 3120cde chore: Bump actions/setup-node from 5 to 6 (#6376)
  • dd02e42 fix: handle web stream payload in HEAD route (#6372)
  • 810e3d5 chore: Bump lycheeverse/lychee-action from 2.6.1 to 2.7.0 (#6377)
  • 5ebe327 chore: Bump tsd in the dev-dependencies-typescript group (#6346)
  • 106bb6b chore: Bump pnpm/action-setup from 4.1.0 to 4.2.0 (#6375)
  • 55653d6 chore: Bump pino from 9.14.0 to 10.1.0 in the dependencies-major group (#6378)
  • Additional commits viewable in compare view

Updates pino from 9.7.0 to 10.1.0

Release notes

Sourced from pino's releases.

v10.1.0

What's Changed

New Contributors

Full Changelog: pinojs/pino@v10.0.0...v10.1.0

v10.0.0

The only breaking change is dropping support for Node 18.

What's Changed

Full Changelog: pinojs/pino@v9.13.1...v10.0.0

v9.14.0

What's Changed

Full Changelog: pinojs/pino@v9.13.1...v9.14.0

v9.13.1

What's Changed

Full Changelog: pinojs/pino@v9.13.0...v9.13.1

v9.13.0

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for pino since your current version.


Updates pino-loki from 2.6.0 to 3.0.0

Release notes

Sourced from pino-loki's releases.

v3.0.0

⚠️ Breaking Changes

Node.js 20+ Required Node.js 18 is no longer supported. The minimum required version is now Node.js 20.

Batching Options Restructured

The batching configuration has been consolidated into a single object:

// Before (v2.x)
pinoLoki({ host: '...', batching: true, interval: 5 })
// After (v3.x)
pinoLoki({ host: '...', batching: { interval: 5, maxBufferSize: 10_000 } })
// Or simply omit for defaults, or set batching: false to disable

Default Buffer Limit

A new maxBufferSize option (default: 10,000) prevents out-of-memory issues when Loki is unavailable. When the buffer is full, oldest logs are dropped (FIFO).

Structured Metadata Enabled by Default

structuredMetaKey now defaults to 'meta'. Logs with a meta property will automatically send it as Loki structured metadata. Use structuredMetaKey: false to disable.

CLI Changes

  • --batch => --batching
  • --interval => --batching-interval
  • --timeout default: 2000ms → 30000ms
  • Added --batching-max-buffer-size
  • Removed -pl shorthand (use --propsLabels)

   🚨 Breaking Changes

   🐞 Bug Fixes

    View changes on GitHub
Commits
  • c042352 chore: release v3.0.0
  • 528c6a4 style: lint files
  • ba7b17e chore!: remove deprecated CLI options
  • 5de977e fix!: change timeout default value
  • 43ebb6c feat!: use meta as default structured meta key
  • db75124 fix: avoid duplicate buffer flush on transport shutdown
  • feb0408 chore!: update dependencies ( drop node 18 )
  • d6d1acc fix: remove hostname from log object before formatting
  • e00e6ca feat!: add maxBufferSize option + update batching API
  • 66ccf05 chore: remove basicAuth options from debug
  • Additional commits viewable in compare view

Updates pino-pretty from 13.0.0 to 13.1.3

Release notes

Sourced from pino-pretty's releases.

v13.1.3

What's Changed

New Contributors

Full Changelog: pinojs/pino-pretty@v13.1.2...v13.1.3

v13.1.2

What's Changed

New Contributors

Full Changelog: pinojs/pino-pretty@v13.1.1...v13.1.2

v13.1.1

What's Changed

Full Changelog: pinojs/pino-pretty@v13.1.0...v13.1.1

v13.1.0

What's Changed

... (truncated)

Commits
  • 08425cd v13.1.3
  • 6afb524 fix: messageFormat print 0 value (#635)
  • 70c73ea build(deps): bump fast-copy from 3.0.2 to 4.0.0 (#637)
  • 2cd9794 build(deps): bump actions/checkout from 5 to 6 (#636)
  • c06e276 Update format-time.js documentation to match functionality (#632)
  • 47ffb45 build(deps): bump pino-abstract-transport from 2.0.0 to 3.0.0 (#629)
  • 932af85 build(deps-dev): bump pino from 9.14.0 to 10.1.0 (#628)
  • 6d48318 build(deps-dev): bump borp from 0.20.2 to 0.21.0 (#627)
  • 3b89a0c build(deps): bump actions/setup-node from 4 to 6 (#626)
  • ab0ccab Add in the README file a snippet to use pino-pretty only for dev (#623)
  • Additional commits viewable in compare view

Updates ua-parser-js from 2.0.4 to 2.0.7

Release notes

Sourced from ua-parser-js's releases.

v2.0.7

Version 2.0.7

  • Add support for chaining withClientHints() & withFeatureCheck()
  • Add new browser: Atlas, Steam
  • Add new device vendor: Anbernic, Logitech, Valve
  • Improve device detection: Xiaomi
  • Improve OS detection: iOS
  • Split helpers submodule into several new submodules:
    • bot-detection:
      • isAIAssistant()
      • isAICrawler()
      • isBot()
    • browser-detection
      • isChromeFamily()
      • isElectron()
      • isFromEU()
      • isStandalonePWA()
    • device-detection
      • getDeviceVendor()
      • isAppleSilicon()
  • Update extensions submodule:
    • Add new fetcher: Nova Act
    • Add new library: Bun, Dart, Deno, hackney, Node.js, rest-client, undici

v2.0.6

Version 2.0.6

  • Add new CLI feature: processing batch user-agent data from file and output as JSON
  • Fix setUA(): trim leading space from user-agent string input
  • Replace undici dependency with node's internal Headers
  • Add new browser: Bing, Qwant
  • Add new device vendor: Hisense, Wiko
  • Improve browser detection: Mozilla, Pale Moon
  • Improve CPU detection: 68k
  • Improve device detection: Apple, BlackBerry, Huawei, Nokia, Xiaomi
  • Improve OS detection: iOS 26
  • extensions submodule:
    • Add new fetcher: Discordbot, KeybaseBot, Slackbot, Slackbot-LinkExpanding, Slack-ImgProxy, Twitterbot
    • Add new crawler: Qwantbot-news, SurdotlyBot, SwiftBot

v2.0.5

Version 2.0.5

  • Add new browser: Zalo
  • Add new CPU arch: alpha
  • Add new device vendor: Philips
  • Improve device detection: Pico
  • Fix parsing error on pages with modified Array prototypes
  • Improve type declarations:
    • Replace node-fetch dependency with undici

... (truncated)

Changelog

Sourced from ua-parser-js's changelog.

Version 2.0.7

  • Add support for chaining withClientHints() & withFeatureCheck()
  • Add new browser: Atlas, Steam
  • Add new device vendor: Anbernic, Logitech, Valve
  • Improve device detection: Xiaomi
  • Improve OS detection: iOS
  • Split helpers submodule into several new submodules:
    • bot-detection:
      • isAIAssistant()
      • isAICrawler()
      • isBot()
    • browser-detection
      • isChromeFamily()
      • isElectron()
      • isFromEU()
      • isStandalonePWA()
    • device-detection
      • getDeviceVendor()
      • isAppleSilicon()
  • Update extensions submodule:
    • Add new fetcher: Nova Act
    • Add new library: Bun, Dart, Deno, hackney, Node.js, rest-client, undici

Version 2.0.6

  • Add new CLI feature: processing batch user-agent data from file and output as JSON
  • Fix setUA(): trim leading space from user-agent string input
  • Replace undici dependency with node's internal Headers
  • Add new browser: Bing, Qwant
  • Add new device vendor: Hisense, Wiko
  • Improve browser detection: Mozilla, Pale Moon
  • Improve CPU detection: 68k
  • Improve device detection: Apple, BlackBerry, Huawei, Nokia, Xiaomi
  • Improve OS detection: iOS 26
  • extensions submodule:
    • Add new fetcher: Discordbot, KeybaseBot, Slackbot, Slackbot-LinkExpanding, Slack-ImgProxy, Twitterbot
    • Add new crawler: Qwantbot-news, SurdotlyBot, SwiftBot

Version 2.0.5

  • Add new browser: Zalo
  • Add new CPU arch: alpha
  • Add new device vendor: Philips
  • Improve device detection: Pico
  • Fix parsing error on pages with modified Array prototypes
  • Improve type declarations:
    • Replace node-fetch dependency with undici
    • Replace hardcoded string values with enum from enum submodule
  • enums submodule:
    • Add Extension enum for extensions submodule

... (truncated)

Commits

Updates undici from 7.11.0 to 7.16.0

Release notes

Sourced from undici's releases.

v7.16.0

What's Changed

... (truncated)

Commits
  • 7392d6f Bumped v7.16.0 (#4532)
  • 415c66d fix: make error symbols non enumerable (#4531)
  • f182ff1 Disable SIMD for PPC64 architecture, add UNDICI_NO_WASM_SIMD env to facilitat...
  • 95d835c example: use metcoders https-pem for the example (#4436)
  • 7c42918 fix: shell command built from environment values (#4392)
  • 51651a1 fix:...

    Description has been truncated

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Dec 15, 2025
@socket-security
Copy link

socket-security bot commented Dec 15, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedua-parser-js@​2.0.4 ⏵ 2.0.71001001008870
Updatedpino-pretty@​13.0.0 ⏵ 13.1.399 +110010087100
Updatedpino-loki@​2.6.0 ⏵ 3.0.09910010088 +2100
Updatedpino@​9.7.0 ⏵ 10.1.099 +110010090100
Updatedfastify@​5.4.0 ⏵ 5.6.299 +110010091100
Updated@​fastify/​http-proxy@​11.3.0 ⏵ 11.4.110010010095100
Updatedzod@​3.25.75 ⏵ 4.3.510010010096100
Updatedundici@​7.11.0 ⏵ 7.18.097 +1100100 +197100

View full report

@dependabot
chore(deps): bump the dependencies group across 1 directory with 8 up…
b3367bf 
…dates

Bumps the dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@fastify/http-proxy](https://github.com/fastify/fastify-http-proxy) | `11.3.0` | `11.4.1` |
| [fastify](https://github.com/fastify/fastify) | `5.4.0` | `5.6.2` |
| [pino](https://github.com/pinojs/pino) | `9.7.0` | `10.1.0` |
| [pino-loki](https://github.com/Julien-R44/pino-loki) | `2.6.0` | `3.0.0` |
| [pino-pretty](https://github.com/pinojs/pino-pretty) | `13.0.0` | `13.1.3` |
| [ua-parser-js](https://github.com/faisalman/ua-parser-js) | `2.0.4` | `2.0.7` |
| [undici](https://github.com/nodejs/undici) | `7.11.0` | `7.16.0` |
| [zod](https://github.com/colinhacks/zod) | `3.25.75` | `4.2.0` |



Updates `@fastify/http-proxy` from 11.3.0 to 11.4.1
- [Release notes](https://github.com/fastify/fastify-http-proxy/releases)
- [Commits](fastify/fastify-http-proxy@v11.3.0...v11.4.1)

Updates `fastify` from 5.4.0 to 5.6.2
- [Release notes](https://github.com/fastify/fastify/releases)
- [Commits](fastify/fastify@v5.4.0...v5.6.2)

Updates `pino` from 9.7.0 to 10.1.0
- [Release notes](https://github.com/pinojs/pino/releases)
- [Commits](pinojs/pino@v9.7.0...v10.1.0)

Updates `pino-loki` from 2.6.0 to 3.0.0
- [Release notes](https://github.com/Julien-R44/pino-loki/releases)
- [Commits](Julien-R44/pino-loki@v2.6.0...v3.0.0)

Updates `pino-pretty` from 13.0.0 to 13.1.3
- [Release notes](https://github.com/pinojs/pino-pretty/releases)
- [Commits](pinojs/pino-pretty@v13.0.0...v13.1.3)

Updates `ua-parser-js` from 2.0.4 to 2.0.7
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md)
- [Commits](faisalman/ua-parser-js@2.0.4...2.0.7)

Updates `undici` from 7.11.0 to 7.16.0
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.11.0...v7.16.0)

Updates `zod` from 3.25.75 to 4.2.0
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.75...v4.2.0)

---
updated-dependencies:
- dependency-name: "@fastify/http-proxy"
  dependency-version: 11.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: fastify
  dependency-version: 5.6.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: pino
  dependency-version: 10.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: pino-loki
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: pino-pretty
  dependency-version: 13.1.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: ua-parser-js
  dependency-version: 2.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: undici
  dependency-version: 7.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: zod
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-52b642440a branch from 43db3cd to b3367bf Compare January 5, 2026 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant