Releases: fastify/fastify-reply-from
Releases · fastify/fastify-reply-from
Release list
v12.6.3
What's Changed
- build(deps-dev): Bump @fastify/multipart from 9.4.0 to 10.0.0 by @dependabot[bot] in #468
- chore: remove
@types/tapby @mrazauskas in #471 - refactor(types): migrate from tsd to tstyche by @Tony133 in #470
- chore: update depedabot setting by @climba03003 in #473
- chore: Bump fastify-plugin from 5.1.0 to 6.0.0 in the dependencies group by @dependabot[bot] in #475
- docs: fix broken links by @Fdawgs in #477
- chore: Bump @types/node from 25.9.4 to 26.0.0 in the dev-dependencies-typescript group by @dependabot[bot] in #479
- fix: close downstream connection for incomplete HTTP/1 requests by @mcollina in #481
New Contributors
- @mrazauskas made their first contribution in #471
Full Changelog: v12.6.2...v12.6.3
v12.6.2
⚠️ Security Release
This fixes CVE CVE-2026-33805 GHSA-gwhp-pf74-vj37.
What's Changed
- fix: correct path traversal check to allow '...' in URL path segments by @q0rban in #461
- build(deps): Bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @dependabot[bot] in #462
- build(deps-dev): Bump neostandard from 0.12.2 to 0.13.0 by @dependabot[bot] in #463
- build(deps-dev): Bump proxy from 2.2.0 to 4.0.0 by @dependabot[bot] in #464
- ci: add lock-threads workflow by @Fdawgs in #466
New Contributors
Full Changelog: v12.6.1...v12.6.2
v12.6.1
What's Changed
- build(deps-dev): Bump @sinonjs/fake-timers from 14.0.0 to 15.0.0 by @dependabot[bot] in #440
- build(deps-dev): Bump @types/node from 24.10.4 to 25.0.3 by @dependabot[bot] in #447
- fix: strip headers listed in Connection header per RFC 7230 Section 6.1 by @mcollina in #450
- feat: preserve undici agent by default by @mcollina in #452
- chore: removed unused files by @Tony133 in #453
- chore(license): standardise license notice by @Fdawgs in #454
- style: remove trailing whitespace by @Fdawgs in #455
- build(deps-dev): Bump c8 from 10.1.3 to 11.0.0 by @dependabot[bot] in #456
- fix: avoid trailing
?when queryString option resolves to empty string by @fooddilsn in #459
New Contributors
- @fooddilsn made their first contribution in #459
Full Changelog: v12.5.0...v12.6.1
v12.5.0
⚠️ Security Release ⚠️
By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from.
Read more at GHSA-2q7r-29rg-6m5h. This is catalogued as CVE-2025-66415.
What's Changed
Full Changelog: v12.4.0...v12.5.0
v12.4.0
What's Changed
- build(deps-dev): Bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in #435
- docs: fix README line breaks by @mitrvlr in #434
- Add support for multipart proxying with custom parser by @mcollina in #436
- chore(.npmrc): ignore scripts by @Fdawgs in #437
- build(deps-dev): remove @fastify/pre-commit by @Fdawgs in #439
- ci(ci): add concurrency config by @Fdawgs in #442
- do not strip TE headers if trailing by @gunters63 in #443
New Contributors
Full Changelog: v12.3.1...v12.4.0
v12.3.1
What's Changed
- Improve typing and usage of
getDefaultDelayby @Antiavanti in #432 - test: migrated utils-filter-pseudo-headers.test.js from tap to node:test by @Tony133 in #427
- Use isHttp2 check to detect we are canceling an HTTP2 request by @mcollina in #433
New Contributors
- @Antiavanti made their first contribution in #432
- @Tony133 made their first contribution in #427
Full Changelog: v12.3.0...v12.3.1
v12.3.0
v12.2.0
What's Changed
- ci: set permissions at workflow level by @Fdawgs in #415
- ci: restore job level permissions by @Fdawgs in #416
- build(deps): Bump fast-content-type-parse from 2.0.1 to 3.0.0 by @dependabot[bot] in #417
- tests: remove simple get and got by @ilteoood in #410
- build(deps-dev): Bump tsd from 0.31.2 to 0.32.0 by @dependabot[bot] in #420
- test: remove tap by @ilteoood in #418
- chore(license): update date ranges; standardise style by @Fdawgs in #422
- Feat/ balancedPool add by @gulbaki in #421
- types: improve onResponse hook typing by @t-tajiri in #423
- bug fix for #424 with test by @gunters63 in #426
- build(deps-dev): Bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in #425
New Contributors
- @ilteoood made their first contribution in #410
- @gulbaki made their first contribution in #421
- @t-tajiri made their first contribution in #423
Full Changelog: v12.1.0...v12.2.0
v12.1.0
v12.0.2
What's Changed
- build(dependabot): reduce npm updates to monthly by @Fdawgs in #403
- build(deps-dev): Bump nock from 13.5.6 to 14.0.0 by @dependabot in #407
- chore: rename master to main by @Fdawgs in #406
- types: Allow to pass any requestable undici instance by @g12i in #405
New Contributors
Full Changelog: v12.0.1...v12.0.2