chore(deps): bump fastify from 3.29.5 to 5.8.3 in /dev-packages/e2e-tests/test-applications/node-fastify-3#19984
Conversation
Bumps [fastify](https://github.com/fastify/fastify) from 3.29.5 to 5.8.3. - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v3.29.5...v5.8.3) --- updated-dependencies: - dependency-name: fastify dependency-version: 5.8.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Semver Impact of This PR🟢 Patch (bug fixes) 📋 Changelog PreviewThis is how your changes will appear in the changelog. New Features ✨
Documentation 📚
Internal Changes 🔧
🤖 This preview updates automatically when you update the PR. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| "@sentry/node": "latest || *", | ||
| "@types/node": "^18.19.1", | ||
| "fastify": "3.29.5", | ||
| "fastify": "5.8.3", |
There was a problem hiding this comment.
Fastify v3 test app incorrectly bumped to v5
High Severity
The node-fastify-3 test application exists specifically to verify Sentry SDK compatibility with Fastify v3. Bumping fastify from 3.29.5 to 5.8.3 eliminates all Fastify v3 test coverage and makes this a near-duplicate of the already-existing node-fastify-5 test app (which uses "fastify": "^5.7.0"). A separate node-fastify-4 app also exists for v4. The application code still uses v3-specific patterns (e.g., _request.url instead of _request.routeOptions?.url, and @ts-ignore // Fastify V3 is not typed correctly comments), and calls Sentry.setupFastifyErrorHandler(app) which the v5 app doesn't use. This is a Dependabot auto-bump that doesn't account for the intentional version pinning strategy.
Bumps fastify from 3.29.5 to 5.8.3.
Release notes
Sourced from fastify's releases.
... (truncated)
Commits
a3e77ceBumped v5.8.34e1db5bfix: gate host and protocol getters on proxy trust functiona22217fci(lock-threads): use shared lock-threads workflow (#6592)1851f20docs: update links (#6593)9cc5187types: Allow port to be null in request type definition (#6589)722d83bdocs: replace redirected npm.im http-errors link (#6588)a1413dedocs: fix incorrect code examples in Reply and Request reference (#6582)d7f01b6docs: clarify content-type parser/schema mismatch is outside threat model (#6...a0649e9docs: update syntax markdown, absolute paths and links (#6569)d477915ci(link-checker): fix root-relative links resolution (#6535)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.