chore(deps): bump fastify from 4.29.1 to 5.8.5#123
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/fastify-5.8.5
branch
from
3d54333 to
25eea62
Compare
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/fastify-5.8.5
branch
3 times, most recently
from
b9bab8a to
d3153e0
Compare
Bumps [fastify](https://github.com/fastify/fastify) from 4.29.1 to 5.8.5. - [Release notes](https://github.com/fastify/fastify/releases) - [Commits](fastify/fastify@v4.29.1...v5.8.5) --- updated-dependencies: - dependency-name: fastify dependency-version: 5.8.5 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/fastify-5.8.5
branch
from
d3153e0 to
adab160
Compare
📝 WalkthroughWalkthroughBump Fastify dependency from ^4.28.0 to ^5.8.5 and update Fastify initialization to pass the imported logger via the loggerInstance option. ChangesFastify Upgrade and App Change
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@package.json`:
- Line 25: The Fastify major version bump ("fastify" dependency) may introduce
breaking changes; before merging, run full test suite and environment checks:
execute unit tests (npm test) and integration tests (npm run test:integration),
compile TypeScript to ensure types pass, manually exercise all API endpoints
(including routes using Fastify server/route handlers), validate error handling
and rate limiting/CORS middleware behavior, and run these validations in a
staging environment if available to catch runtime regressions introduced by the
fastify upgrade.
- Line 25: Update the Fastify constructor call in src/app.ts to use the Fastify
v5-compatible option name: replace the legacy logger: logger with
loggerInstance: logger when creating the Fastify instance (the call to
Fastify({...}) that currently uses logger must be changed to loggerInstance and
keep trustProxy: true); ensure the imported/created logger symbol remains the
same and is passed as loggerInstance so the custom Pino logger is accepted by
Fastify v5.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: e4110e12-9238-4661-9571-afa5e451d6c6
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json
Fastify 5 requires custom pino instances via loggerInstance and matching v5-compatible plugins. Update @fastify/rate-limit alongside the Fastify major bump so app construction and rate-limit tests pass.
georgyia
left a comment
georgyia
left a comment
There was a problem hiding this comment.
Reviewed after fix: Fastify 5 is now paired with the matching @fastify/rate-limit major and Fastify 5's loggerInstance option. Local verification passed: npm ci, prisma generate, typecheck, focused API/payments/orchestrator tests, format check, and full unit suite (391/391). GitHub CI is green except CodeRabbit is still pending.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@package.json`:
- Line 25: Add a Node.js engine floor to package.json to enforce compatibility
with Fastify v5: update the top-level package manifest (where "fastify":
"^5.8.5" is declared) to include an "engines" field specifying node >=20 (e.g.,
"engines": { "node": ">=20.0.0" }) so local installs surface a clear constraint;
ensure the change is committed to package.json and mention this requirement in
any contributing/dev docs if present.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 35085669-9011-4516-a61e-d7eb4191b880
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (2)
package.jsonsrc/app.ts
| "bullmq": "^5.76.1", | ||
| "dotenv": "^17.4.2", | ||
| "fastify": "^4.28.0", | ||
| "fastify": "^5.8.5", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== package.json engines ==="
python - <<'PY'
import json
with open("package.json") as f:
pkg = json.load(f)
print(pkg.get("engines"))
PY
echo
echo "=== Node version pin files ==="
fd -HI '(^\.nvmrc$|^\.node-version$|^\.tool-versions$|^Dockerfile(\..*)?$|^docker-compose(\..*)?\.ya?ml$)' || true
echo
echo "=== CI workflow references to Node versions ==="
WORKFLOWS="$(fd -HI '\.ya?ml$' | rg '\.github/workflows/' || true)"
if [ -n "$WORKFLOWS" ]; then
echo "$WORKFLOWS" | xargs -r rg -n 'setup-node|node-version|FROM node:'
else
echo "No .github/workflows/*.yml files found."
fiRepository: JonasBaeumer/AgentWallet
Length of output: 1266
🏁 Script executed:
cat -n docker-compose.ymlRepository: JonasBaeumer/AgentWallet
Length of output: 539
🏁 Script executed:
rg -n "node" docker-compose.yml -iRepository: JonasBaeumer/AgentWallet
Length of output: 50
Declare a Node.js runtime floor for Fastify v5.
Fastify v5 requires Node.js v20+, but package.json does not declare an engines.node constraint. While CI pipelines enforce Node 20, this lacks protection for local development where developers could install on older Node versions and encounter runtime errors.
Proposed patch
{
"name": "trustedpaymentinfrastructureforagents",
"version": "0.1.0",
"private": true,
+ "engines": {
+ "node": ">=20"
+ },
"scripts": {🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 25, Add a Node.js engine floor to package.json to
enforce compatibility with Fastify v5: update the top-level package manifest
(where "fastify": "^5.8.5" is declared) to include an "engines" field specifying
node >=20 (e.g., "engines": { "node": ">=20.0.0" }) so local installs surface a
clear constraint; ensure the change is committed to package.json and mention
this requirement in any contributing/dev docs if present.
|
@dependabot rebase |
|
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
1 participant
Bumps fastify from 4.29.1 to 5.8.5.
Release notes
Sourced from fastify's releases.
... (truncated)
Commits
3983cceBumped v5.8.53ce3ae6Merge commit from forkb06a196docs(ecosystem): add@pompelmi/fastify-plugin(#6610)909c5d5chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#6630)4db21a3chore: Bump borp from 0.21.0 to 1.0.0 (#6633)0f4e544chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (#6632)33a2fcdchore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (#6629)fd35d82ci: reduce cron schedules from daily/weekly to monthly (#6623)8dee9befix: restore trustProxy function for number and string types, add null check ...d457aedchore: upgrade to typescript v6.0.2 (#6605)Summary by CodeRabbit