New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs(security): add prose explaining OpenSSF CII Best Practices badge results #5111
Conversation
|
||
### Silver | ||
We meet 87% of the “silver” criteria. The gaps are as follows: | ||
- we do not have a DCO or a CLA process for contributions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this it?
Lines 136 to 158 in fc6bf5c
<a id="developers-certificate-of-origin"></a> | |
## Developer's Certificate of Origin 1.1 | |
By making a contribution to this project, I certify that: | |
* (a) The contribution was created in whole or in part by me and I have the | |
right to submit it under the open source license indicated in the file; or | |
* (b) The contribution is based upon previous work that, to the best of my | |
knowledge, is covered under an appropriate open source license and I have the | |
right under that license to submit that work with modifications, whether | |
created in whole or in part by me, under the same open source license (unless | |
I am permitted to submit under a different license), as indicated in the file; | |
or | |
* (c) The contribution was provided directly to me by some other person who | |
certified (a), (b) or (c) and I have not modified it. | |
* (d) I understand and agree that this project and the contribution are public | |
and that a record of the contribution (including all personal information I | |
submit with it, including my sign-off) is maintained indefinitely and may be | |
redistributed consistent with this project or the open source license(s) | |
involved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, good point. I’m not sure if this counts or not, since there’s nothing automated enforcing a signoff or a CLA signing, but it might!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(waiting for an answer from OpenJS legal)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I heard back; unfortunately this doesn't count, as it needs to be per-commit or per-PR.
Thus the claim in this PR is sadly correct, and this should be good to merge.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per commit or per PR? That's rather nuts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree, which is why I haven't implemented this kind of check in any projects - since it puts undue burden on the contributor.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically, it is signed per PR (that no one reads) https://github.com/fastify/.github/blob/a0da6855b30a6918d6fbb0c80af3204a1c619a22/.github/PULL_REQUEST_TEMPLATE.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there CI or consistent human enforcement that that box is checked? If so, it would count, if not, I suspect not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then for now I think this PR is mergeable as-is.
It'd be great to merge it soon, so I can close a number of OpenJS issues around it :-)
thank you! |
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [fastify](https://www.fastify.dev/) ([source](https://togithub.com/fastify/fastify)) | [`4.24.3` -> `4.25.0`](https://renovatebot.com/diffs/npm/fastify/4.24.3/4.25.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/fastify/4.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/fastify/4.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/fastify/4.24.3/4.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/fastify/4.24.3/4.25.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>fastify/fastify (fastify)</summary> ### [`v4.25.0`](https://togithub.com/fastify/fastify/releases/tag/v4.25.0) [Compare Source](https://togithub.com/fastify/fastify/compare/v4.24.3...v4.25.0) #### What's Changed - feat: Improve RouteShorthandOptions\['constraints'] type by [@​Fcmam5](https://togithub.com/Fcmam5) in [fastify/fastify#5097 - fix: add [@​eomm](https://togithub.com/eomm) and [@​jsumners](https://togithub.com/jsumners) as lead maintainers by [@​mcollina](https://togithub.com/mcollina) in [fastify/fastify#5115 - fix: reply.send supports Uint8Array payload by [@​SgtPooki](https://togithub.com/SgtPooki) in [fastify/fastify#5124 - refactor: migrate deprecation warnings to actual deprecation warnings by [@​jsumners](https://togithub.com/jsumners) in [fastify/fastify#5126 - docs: added documentation about warnings by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide) in [fastify/fastify#5108 - test(logger): restrict temp file permissions by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5128 - refactor(lib/hooks): replace `typeof` undefined check by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5127 - chore: replace mention of fastify `.io` domain with `.dev` by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5129 - docs(security): add prose explaining OpenSSF CII Best Practices badge results by [@​ljharb](https://togithub.com/ljharb) in [fastify/fastify#5111 - chore: Bump actions/setup-node from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [fastify/fastify#5134 - fix(types): add handler property to routeOptions by [@​MikeJeffers](https://togithub.com/MikeJeffers) in [fastify/fastify#5136 - docs(readme): fix ci badge path by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5138 - docs: Fix small typo in Typescript docs by [@​john-ko](https://togithub.com/john-ko) in [fastify/fastify#5145 - feat(plugins): mixing async and callback style now returns a warning by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide) in [fastify/fastify#5139 - docs: mention about multipart support by [@​fawazahmed0](https://togithub.com/fawazahmed0) in [fastify/fastify#5144 - docs: add [@​fastify/vite](https://togithub.com/fastify/vite) to core plugins list by [@​galvez](https://togithub.com/galvez) in [fastify/fastify#5153 - docs: add [@​scalar/fastify-api-reference](https://togithub.com/scalar/fastify-api-reference) to community plugins list by [@​hanspagel](https://togithub.com/hanspagel) in [fastify/fastify#5154 - docs: Remove routeOptions reference in Reply.md by [@​shadahmad7](https://togithub.com/shadahmad7) in [fastify/fastify#5156 - docs(ecosystem): add fastify-uws by [@​tinchoz49](https://togithub.com/tinchoz49) in [fastify/fastify#5160 - docs: removed unmaintained fastify-nodemailer from ecosystem by [@​giovanni-bertoncelli](https://togithub.com/giovanni-bertoncelli) in [fastify/fastify#5161 - docs: clarify handling of streams and buffers by [@​brettwillis](https://togithub.com/brettwillis) in [fastify/fastify#5166 - docs([#​5142](https://togithub.com/fastify/fastify/issues/5142)): aligned errors and warnings documentation by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide) in [fastify/fastify#5162 - docs(reference/hooks): add information about prehandler by [@​RjManhas](https://togithub.com/RjManhas) in [fastify/fastify#5163 - fix: type FastifyInstance\['route'] and RouteShorthandMethod by [@​MunifTanjim](https://togithub.com/MunifTanjim) in [fastify/fastify#5155 - docs (reference): Fix small typo in Request by [@​bngarren](https://togithub.com/bngarren) in [fastify/fastify#5186 - chore: gitpodify by [@​ghostdevv](https://togithub.com/ghostdevv) in [fastify/fastify#5168 - docs(ecosystem): Add Apitally by [@​itssimon](https://togithub.com/itssimon) in [fastify/fastify#5175 - fix: Update reply.context deprecation warning by [@​avaly](https://togithub.com/avaly) in [fastify/fastify#5179 - docs(ecosystem): adds @​blastorg/fastify/aws-dynamodb-cache to community plugins list by [@​fredrikj31](https://togithub.com/fredrikj31) in [fastify/fastify#5158 - docs: update preHandler hook example by [@​tarunrajput](https://togithub.com/tarunrajput) in [fastify/fastify#5189 - types: added http header types to reply by [@​skwee357](https://togithub.com/skwee357) in [fastify/fastify#5046 - test: add tests for TOC of errors.md by [@​Uzlopak](https://togithub.com/Uzlopak) in [fastify/fastify#5194 - ci: pin node 18 to 18.18.2 by [@​Uzlopak](https://togithub.com/Uzlopak) in [fastify/fastify#5197 - docs(ecosystem): add http-wizard by [@​flodlc](https://togithub.com/flodlc) in [fastify/fastify#5132 - chore: Bump actions/github-script from 6 to 7 by [@​dependabot](https://togithub.com/dependabot) in [fastify/fastify#5183 - ci: fix broken ci by skipping tests if node v > 18.19.0 by [@​Uzlopak](https://togithub.com/Uzlopak) in [fastify/fastify#5195 - fix: allow async hooks in `RouteShorthandOptions` without breaking `request` and `reply` types by [@​bienzaaron](https://togithub.com/bienzaaron) in [fastify/fastify#5147 - fix([#​5180](https://togithub.com/fastify/fastify/issues/5180)): close secondary bindings after primary is closed by [@​metcoder95](https://togithub.com/metcoder95) in [fastify/fastify#5201 - chore: update process-warning by [@​Eomm](https://togithub.com/Eomm) in [fastify/fastify#5206 - types: nullish error types in callback function's parameter for `after` and `ready` method by [@​nokazn](https://togithub.com/nokazn) in [fastify/fastify#5191 - fix([#​5049](https://togithub.com/fastify/fastify/issues/5049)): Remove duplicated calls to onReady by [@​metcoder95](https://togithub.com/metcoder95) in [fastify/fastify#5051 - chore: remove unused type assertion by [@​UndefinedBehaviour](https://togithub.com/UndefinedBehaviour) in [fastify/fastify#5184 #### New Contributors - [@​Fcmam5](https://togithub.com/Fcmam5) made their first contribution in [fastify/fastify#5097 - [@​SgtPooki](https://togithub.com/SgtPooki) made their first contribution in [fastify/fastify#5124 - [@​MikeJeffers](https://togithub.com/MikeJeffers) made their first contribution in [fastify/fastify#5136 - [@​john-ko](https://togithub.com/john-ko) made their first contribution in [fastify/fastify#5145 - [@​fawazahmed0](https://togithub.com/fawazahmed0) made their first contribution in [fastify/fastify#5144 - [@​hanspagel](https://togithub.com/hanspagel) made their first contribution in [fastify/fastify#5154 - [@​shadahmad7](https://togithub.com/shadahmad7) made their first contribution in [fastify/fastify#5156 - [@​giovanni-bertoncelli](https://togithub.com/giovanni-bertoncelli) made their first contribution in [fastify/fastify#5161 - [@​RjManhas](https://togithub.com/RjManhas) made their first contribution in [fastify/fastify#5163 - [@​MunifTanjim](https://togithub.com/MunifTanjim) made their first contribution in [fastify/fastify#5155 - [@​bngarren](https://togithub.com/bngarren) made their first contribution in [fastify/fastify#5186 - [@​ghostdevv](https://togithub.com/ghostdevv) made their first contribution in [fastify/fastify#5168 - [@​itssimon](https://togithub.com/itssimon) made their first contribution in [fastify/fastify#5175 - [@​avaly](https://togithub.com/avaly) made their first contribution in [fastify/fastify#5179 - [@​fredrikj31](https://togithub.com/fredrikj31) made their first contribution in [fastify/fastify#5158 - [@​tarunrajput](https://togithub.com/tarunrajput) made their first contribution in [fastify/fastify#5189 - [@​skwee357](https://togithub.com/skwee357) made their first contribution in [fastify/fastify#5046 - [@​flodlc](https://togithub.com/flodlc) made their first contribution in [fastify/fastify#5132 - [@​nokazn](https://togithub.com/nokazn) made their first contribution in [fastify/fastify#5191 - [@​UndefinedBehaviour](https://togithub.com/UndefinedBehaviour) made their first contribution in [fastify/fastify#5184 **Full Changelog**: fastify/fastify@v4.24.3...v4.25.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/tomacheese/telcheck). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [fastify](https://www.fastify.dev/) ([source](https://togithub.com/fastify/fastify)) | [`4.24.3` -> `4.25.2`](https://renovatebot.com/diffs/npm/fastify/4.24.3/4.25.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/fastify/4.25.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/fastify/4.25.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/fastify/4.24.3/4.25.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/fastify/4.24.3/4.25.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>fastify/fastify (fastify)</summary> ### [`v4.25.2`](https://togithub.com/fastify/fastify/releases/tag/v4.25.2) [Compare Source](https://togithub.com/fastify/fastify/compare/v4.25.1...v4.25.2) #### What's Changed - fix: `npm run test:watch` by [@​domdomegg](https://togithub.com/domdomegg) in [fastify/fastify#5221 - fix: always consume stream payloads when responding to 204 with no body by [@​mcollina](https://togithub.com/mcollina) in [fastify/fastify#5231 - docs: update setErrorHandler to explain not found behaviour by [@​domdomegg](https://togithub.com/domdomegg) in [fastify/fastify#5218 #### New Contributors - [@​domdomegg](https://togithub.com/domdomegg) made their first contribution in [fastify/fastify#5221 **Full Changelog**: fastify/fastify@v4.25.1...v4.25.2 ### [`v4.25.1`](https://togithub.com/fastify/fastify/releases/tag/v4.25.1) [Compare Source](https://togithub.com/fastify/fastify/compare/v4.25.0...v4.25.1) #### What's Changed - fix: route constraints by [@​climba03003](https://togithub.com/climba03003) in [fastify/fastify#5207 - fix: Better plugin name detection for FSTWRN002 by [@​mcollina](https://togithub.com/mcollina) in [fastify/fastify#5209 - chore: at-large project by [@​Eomm](https://togithub.com/Eomm) in [fastify/fastify#5211 **Full Changelog**: fastify/fastify@v4.25.0...v4.25.1 ### [`v4.25.0`](https://togithub.com/fastify/fastify/releases/tag/v4.25.0) [Compare Source](https://togithub.com/fastify/fastify/compare/v4.24.3...v4.25.0) #### What's Changed - feat: Improve RouteShorthandOptions\['constraints'] type by [@​Fcmam5](https://togithub.com/Fcmam5) in [fastify/fastify#5097 - fix: add [@​eomm](https://togithub.com/eomm) and [@​jsumners](https://togithub.com/jsumners) as lead maintainers by [@​mcollina](https://togithub.com/mcollina) in [fastify/fastify#5115 - fix: reply.send supports Uint8Array payload by [@​SgtPooki](https://togithub.com/SgtPooki) in [fastify/fastify#5124 - refactor: migrate deprecation warnings to actual deprecation warnings by [@​jsumners](https://togithub.com/jsumners) in [fastify/fastify#5126 - docs: added documentation about warnings by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide) in [fastify/fastify#5108 - test(logger): restrict temp file permissions by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5128 - refactor(lib/hooks): replace `typeof` undefined check by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5127 - chore: replace mention of fastify `.io` domain with `.dev` by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5129 - docs(security): add prose explaining OpenSSF CII Best Practices badge results by [@​ljharb](https://togithub.com/ljharb) in [fastify/fastify#5111 - chore: Bump actions/setup-node from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [fastify/fastify#5134 - fix(types): add handler property to routeOptions by [@​MikeJeffers](https://togithub.com/MikeJeffers) in [fastify/fastify#5136 - docs(readme): fix ci badge path by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5138 - docs: Fix small typo in Typescript docs by [@​john-ko](https://togithub.com/john-ko) in [fastify/fastify#5145 - feat(plugins): mixing async and callback style now returns a warning by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide) in [fastify/fastify#5139 - docs: mention about multipart support by [@​fawazahmed0](https://togithub.com/fawazahmed0) in [fastify/fastify#5144 - docs: add [@​fastify/vite](https://togithub.com/fastify/vite) to core plugins list by [@​galvez](https://togithub.com/galvez) in [fastify/fastify#5153 - docs: add [@​scalar/fastify-api-reference](https://togithub.com/scalar/fastify-api-reference) to community plugins list by [@​hanspagel](https://togithub.com/hanspagel) in [fastify/fastify#5154 - docs: Remove routeOptions reference in Reply.md by [@​shadahmad7](https://togithub.com/shadahmad7) in [fastify/fastify#5156 - docs(ecosystem): add fastify-uws by [@​tinchoz49](https://togithub.com/tinchoz49) in [fastify/fastify#5160 - docs: removed unmaintained fastify-nodemailer from ecosystem by [@​giovanni-bertoncelli](https://togithub.com/giovanni-bertoncelli) in [fastify/fastify#5161 - docs: clarify handling of streams and buffers by [@​brettwillis](https://togithub.com/brettwillis) in [fastify/fastify#5166 - docs([#​5142](https://togithub.com/fastify/fastify/issues/5142)): aligned errors and warnings documentation by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide) in [fastify/fastify#5162 - docs(reference/hooks): add information about prehandler by [@​RjManhas](https://togithub.com/RjManhas) in [fastify/fastify#5163 - fix: type FastifyInstance\['route'] and RouteShorthandMethod by [@​MunifTanjim](https://togithub.com/MunifTanjim) in [fastify/fastify#5155 - docs (reference): Fix small typo in Request by [@​bngarren](https://togithub.com/bngarren) in [fastify/fastify#5186 - chore: gitpodify by [@​ghostdevv](https://togithub.com/ghostdevv) in [fastify/fastify#5168 - docs(ecosystem): Add Apitally by [@​itssimon](https://togithub.com/itssimon) in [fastify/fastify#5175 - fix: Update reply.context deprecation warning by [@​avaly](https://togithub.com/avaly) in [fastify/fastify#5179 - docs(ecosystem): adds @​blastorg/fastify/aws-dynamodb-cache to community plugins list by [@​fredrikj31](https://togithub.com/fredrikj31) in [fastify/fastify#5158 - docs: update preHandler hook example by [@​tarunrajput](https://togithub.com/tarunrajput) in [fastify/fastify#5189 - types: added http header types to reply by [@​skwee357](https://togithub.com/skwee357) in [fastify/fastify#5046 - test: add tests for TOC of errors.md by [@​Uzlopak](https://togithub.com/Uzlopak) in [fastify/fastify#5194 - ci: pin node 18 to 18.18.2 by [@​Uzlopak](https://togithub.com/Uzlopak) in [fastify/fastify#5197 - docs(ecosystem): add http-wizard by [@​flodlc](https://togithub.com/flodlc) in [fastify/fastify#5132 - chore: Bump actions/github-script from 6 to 7 by [@​dependabot](https://togithub.com/dependabot) in [fastify/fastify#5183 - ci: fix broken ci by skipping tests if node v > 18.19.0 by [@​Uzlopak](https://togithub.com/Uzlopak) in [fastify/fastify#5195 - fix: allow async hooks in `RouteShorthandOptions` without breaking `request` and `reply` types by [@​bienzaaron](https://togithub.com/bienzaaron) in [fastify/fastify#5147 - fix([#​5180](https://togithub.com/fastify/fastify/issues/5180)): close secondary bindings after primary is closed by [@​metcoder95](https://togithub.com/metcoder95) in [fastify/fastify#5201 - chore: update process-warning by [@​Eomm](https://togithub.com/Eomm) in [fastify/fastify#5206 - types: nullish error types in callback function's parameter for `after` and `ready` method by [@​nokazn](https://togithub.com/nokazn) in [fastify/fastify#5191 - fix([#​5049](https://togithub.com/fastify/fastify/issues/5049)): Remove duplicated calls to onReady by [@​metcoder95](https://togithub.com/metcoder95) in [fastify/fastify#5051 - chore: remove unused type assertion by [@​UndefinedBehaviour](https://togithub.com/UndefinedBehaviour) in [fastify/fastify#5184 #### New Contributors - [@​Fcmam5](https://togithub.com/Fcmam5) made their first contribution in [fastify/fastify#5097 - [@​SgtPooki](https://togithub.com/SgtPooki) made their first contribution in [fastify/fastify#5124 - [@​MikeJeffers](https://togithub.com/MikeJeffers) made their first contribution in [fastify/fastify#5136 - [@​john-ko](https://togithub.com/john-ko) made their first contribution in [fastify/fastify#5145 - [@​fawazahmed0](https://togithub.com/fawazahmed0) made their first contribution in [fastify/fastify#5144 - [@​hanspagel](https://togithub.com/hanspagel) made their first contribution in [fastify/fastify#5154 - [@​shadahmad7](https://togithub.com/shadahmad7) made their first contribution in [fastify/fastify#5156 - [@​giovanni-bertoncelli](https://togithub.com/giovanni-bertoncelli) made their first contribution in [fastify/fastify#5161 - [@​RjManhas](https://togithub.com/RjManhas) made their first contribution in [fastify/fastify#5163 - [@​MunifTanjim](https://togithub.com/MunifTanjim) made their first contribution in [fastify/fastify#5155 - [@​bngarren](https://togithub.com/bngarren) made their first contribution in [fastify/fastify#5186 - [@​ghostdevv](https://togithub.com/ghostdevv) made their first contribution in [fastify/fastify#5168 - [@​itssimon](https://togithub.com/itssimon) made their first contribution in [fastify/fastify#5175 - [@​avaly](https://togithub.com/avaly) made their first contribution in [fastify/fastify#5179 - [@​fredrikj31](https://togithub.com/fredrikj31) made their first contribution in [fastify/fastify#5158 - [@​tarunrajput](https://togithub.com/tarunrajput) made their first contribution in [fastify/fastify#5189 - [@​skwee357](https://togithub.com/skwee357) made their first contribution in [fastify/fastify#5046 - [@​flodlc](https://togithub.com/flodlc) made their first contribution in [fastify/fastify#5132 - [@​nokazn](https://togithub.com/nokazn) made their first contribution in [fastify/fastify#5191 - [@​UndefinedBehaviour](https://togithub.com/UndefinedBehaviour) made their first contribution in [fastify/fastify#5184 **Full Changelog**: fastify/fastify@v4.24.3...v4.25.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/redwoodjs/redwood). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [fastify](https://www.fastify.dev/) ([source](https://togithub.com/fastify/fastify)) | [`4.24.3` -> `4.25.2`](https://renovatebot.com/diffs/npm/fastify/4.24.3/4.25.2) | [![age](https://developer.mend.io/api/mc/badges/age/npm/fastify/4.25.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/fastify/4.25.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/fastify/4.24.3/4.25.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/fastify/4.24.3/4.25.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>fastify/fastify (fastify)</summary> ### [`v4.25.2`](https://togithub.com/fastify/fastify/releases/tag/v4.25.2) [Compare Source](https://togithub.com/fastify/fastify/compare/v4.25.1...v4.25.2) #### What's Changed - fix: `npm run test:watch` by [@​domdomegg](https://togithub.com/domdomegg) in [fastify/fastify#5221 - fix: always consume stream payloads when responding to 204 with no body by [@​mcollina](https://togithub.com/mcollina) in [fastify/fastify#5231 - docs: update setErrorHandler to explain not found behaviour by [@​domdomegg](https://togithub.com/domdomegg) in [fastify/fastify#5218 #### New Contributors - [@​domdomegg](https://togithub.com/domdomegg) made their first contribution in [fastify/fastify#5221 **Full Changelog**: fastify/fastify@v4.25.1...v4.25.2 ### [`v4.25.1`](https://togithub.com/fastify/fastify/releases/tag/v4.25.1) [Compare Source](https://togithub.com/fastify/fastify/compare/v4.25.0...v4.25.1) #### What's Changed - fix: route constraints by [@​climba03003](https://togithub.com/climba03003) in [fastify/fastify#5207 - fix: Better plugin name detection for FSTWRN002 by [@​mcollina](https://togithub.com/mcollina) in [fastify/fastify#5209 - chore: at-large project by [@​Eomm](https://togithub.com/Eomm) in [fastify/fastify#5211 **Full Changelog**: fastify/fastify@v4.25.0...v4.25.1 ### [`v4.25.0`](https://togithub.com/fastify/fastify/releases/tag/v4.25.0) [Compare Source](https://togithub.com/fastify/fastify/compare/v4.24.3...v4.25.0) #### What's Changed - feat: Improve RouteShorthandOptions\['constraints'] type by [@​Fcmam5](https://togithub.com/Fcmam5) in [fastify/fastify#5097 - fix: add [@​eomm](https://togithub.com/eomm) and [@​jsumners](https://togithub.com/jsumners) as lead maintainers by [@​mcollina](https://togithub.com/mcollina) in [fastify/fastify#5115 - fix: reply.send supports Uint8Array payload by [@​SgtPooki](https://togithub.com/SgtPooki) in [fastify/fastify#5124 - refactor: migrate deprecation warnings to actual deprecation warnings by [@​jsumners](https://togithub.com/jsumners) in [fastify/fastify#5126 - docs: added documentation about warnings by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide) in [fastify/fastify#5108 - test(logger): restrict temp file permissions by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5128 - refactor(lib/hooks): replace `typeof` undefined check by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5127 - chore: replace mention of fastify `.io` domain with `.dev` by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5129 - docs(security): add prose explaining OpenSSF CII Best Practices badge results by [@​ljharb](https://togithub.com/ljharb) in [fastify/fastify#5111 - chore: Bump actions/setup-node from 3 to 4 by [@​dependabot](https://togithub.com/dependabot) in [fastify/fastify#5134 - fix(types): add handler property to routeOptions by [@​MikeJeffers](https://togithub.com/MikeJeffers) in [fastify/fastify#5136 - docs(readme): fix ci badge path by [@​Fdawgs](https://togithub.com/Fdawgs) in [fastify/fastify#5138 - docs: Fix small typo in Typescript docs by [@​john-ko](https://togithub.com/john-ko) in [fastify/fastify#5145 - feat(plugins): mixing async and callback style now returns a warning by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide) in [fastify/fastify#5139 - docs: mention about multipart support by [@​fawazahmed0](https://togithub.com/fawazahmed0) in [fastify/fastify#5144 - docs: add [@​fastify/vite](https://togithub.com/fastify/vite) to core plugins list by [@​galvez](https://togithub.com/galvez) in [fastify/fastify#5153 - docs: add [@​scalar/fastify-api-reference](https://togithub.com/scalar/fastify-api-reference) to community plugins list by [@​hanspagel](https://togithub.com/hanspagel) in [fastify/fastify#5154 - docs: Remove routeOptions reference in Reply.md by [@​shadahmad7](https://togithub.com/shadahmad7) in [fastify/fastify#5156 - docs(ecosystem): add fastify-uws by [@​tinchoz49](https://togithub.com/tinchoz49) in [fastify/fastify#5160 - docs: removed unmaintained fastify-nodemailer from ecosystem by [@​giovanni-bertoncelli](https://togithub.com/giovanni-bertoncelli) in [fastify/fastify#5161 - docs: clarify handling of streams and buffers by [@​brettwillis](https://togithub.com/brettwillis) in [fastify/fastify#5166 - docs([#​5142](https://togithub.com/fastify/fastify/issues/5142)): aligned errors and warnings documentation by [@​giuliowaitforitdavide](https://togithub.com/giuliowaitforitdavide) in [fastify/fastify#5162 - docs(reference/hooks): add information about prehandler by [@​RjManhas](https://togithub.com/RjManhas) in [fastify/fastify#5163 - fix: type FastifyInstance\['route'] and RouteShorthandMethod by [@​MunifTanjim](https://togithub.com/MunifTanjim) in [fastify/fastify#5155 - docs (reference): Fix small typo in Request by [@​bngarren](https://togithub.com/bngarren) in [fastify/fastify#5186 - chore: gitpodify by [@​ghostdevv](https://togithub.com/ghostdevv) in [fastify/fastify#5168 - docs(ecosystem): Add Apitally by [@​itssimon](https://togithub.com/itssimon) in [fastify/fastify#5175 - fix: Update reply.context deprecation warning by [@​avaly](https://togithub.com/avaly) in [fastify/fastify#5179 - docs(ecosystem): adds @​blastorg/fastify/aws-dynamodb-cache to community plugins list by [@​fredrikj31](https://togithub.com/fredrikj31) in [fastify/fastify#5158 - docs: update preHandler hook example by [@​tarunrajput](https://togithub.com/tarunrajput) in [fastify/fastify#5189 - types: added http header types to reply by [@​skwee357](https://togithub.com/skwee357) in [fastify/fastify#5046 - test: add tests for TOC of errors.md by [@​Uzlopak](https://togithub.com/Uzlopak) in [fastify/fastify#5194 - ci: pin node 18 to 18.18.2 by [@​Uzlopak](https://togithub.com/Uzlopak) in [fastify/fastify#5197 - docs(ecosystem): add http-wizard by [@​flodlc](https://togithub.com/flodlc) in [fastify/fastify#5132 - chore: Bump actions/github-script from 6 to 7 by [@​dependabot](https://togithub.com/dependabot) in [fastify/fastify#5183 - ci: fix broken ci by skipping tests if node v > 18.19.0 by [@​Uzlopak](https://togithub.com/Uzlopak) in [fastify/fastify#5195 - fix: allow async hooks in `RouteShorthandOptions` without breaking `request` and `reply` types by [@​bienzaaron](https://togithub.com/bienzaaron) in [fastify/fastify#5147 - fix([#​5180](https://togithub.com/fastify/fastify/issues/5180)): close secondary bindings after primary is closed by [@​metcoder95](https://togithub.com/metcoder95) in [fastify/fastify#5201 - chore: update process-warning by [@​Eomm](https://togithub.com/Eomm) in [fastify/fastify#5206 - types: nullish error types in callback function's parameter for `after` and `ready` method by [@​nokazn](https://togithub.com/nokazn) in [fastify/fastify#5191 - fix([#​5049](https://togithub.com/fastify/fastify/issues/5049)): Remove duplicated calls to onReady by [@​metcoder95](https://togithub.com/metcoder95) in [fastify/fastify#5051 - chore: remove unused type assertion by [@​UndefinedBehaviour](https://togithub.com/UndefinedBehaviour) in [fastify/fastify#5184 #### New Contributors - [@​Fcmam5](https://togithub.com/Fcmam5) made their first contribution in [fastify/fastify#5097 - [@​SgtPooki](https://togithub.com/SgtPooki) made their first contribution in [fastify/fastify#5124 - [@​MikeJeffers](https://togithub.com/MikeJeffers) made their first contribution in [fastify/fastify#5136 - [@​john-ko](https://togithub.com/john-ko) made their first contribution in [fastify/fastify#5145 - [@​fawazahmed0](https://togithub.com/fawazahmed0) made their first contribution in [fastify/fastify#5144 - [@​hanspagel](https://togithub.com/hanspagel) made their first contribution in [fastify/fastify#5154 - [@​shadahmad7](https://togithub.com/shadahmad7) made their first contribution in [fastify/fastify#5156 - [@​giovanni-bertoncelli](https://togithub.com/giovanni-bertoncelli) made their first contribution in [fastify/fastify#5161 - [@​RjManhas](https://togithub.com/RjManhas) made their first contribution in [fastify/fastify#5163 - [@​MunifTanjim](https://togithub.com/MunifTanjim) made their first contribution in [fastify/fastify#5155 - [@​bngarren](https://togithub.com/bngarren) made their first contribution in [fastify/fastify#5186 - [@​ghostdevv](https://togithub.com/ghostdevv) made their first contribution in [fastify/fastify#5168 - [@​itssimon](https://togithub.com/itssimon) made their first contribution in [fastify/fastify#5175 - [@​avaly](https://togithub.com/avaly) made their first contribution in [fastify/fastify#5179 - [@​fredrikj31](https://togithub.com/fredrikj31) made their first contribution in [fastify/fastify#5158 - [@​tarunrajput](https://togithub.com/tarunrajput) made their first contribution in [fastify/fastify#5189 - [@​skwee357](https://togithub.com/skwee357) made their first contribution in [fastify/fastify#5046 - [@​flodlc](https://togithub.com/flodlc) made their first contribution in [fastify/fastify#5132 - [@​nokazn](https://togithub.com/nokazn) made their first contribution in [fastify/fastify#5191 - [@​UndefinedBehaviour](https://togithub.com/UndefinedBehaviour) made their first contribution in [fastify/fastify#5184 **Full Changelog**: fastify/fastify@v4.24.3...v4.25.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/redwoodjs/redwood). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNTMuMiIsInVwZGF0ZWRJblZlciI6IjM3LjE1My4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Checklist
and the Code of conduct
See openjs-foundation/security-collab-space#36; if this PR is merged or rejected, that requirement is satisfied. Before writing this, I went through and marked a few more things as "Met" so the scores would be more accurate.
Fixes openjs-foundation/security-collab-space#36.