fastify 4.19.2 → 4.21.0

package/.c8rc.json

@@ -0,0 +1,8 @@
+{
+  "exclude": [
+    "lib/configValidator.js",
+    "lib/error-serializer.js",
+    "build/build-error-serializer.js",
+    "test/*"
+  ]
+}

package/.taprc

@@ -1,8 +1,9 @@
 ts: false
 jsx: false
 flow: false
-check-coverage: true
-coverage: true
+# the coverage is performed by c8
+check-coverage: false
+coverage: false
 node-arg: --allow-natives-syntax
 
 files:

package/README.md

@@ -15,6 +15,7 @@ CI](https://github.com/fastify/fastify/workflows/package-manager-ci/badge.svg?br
 [![Web
 SIte](https://github.com/fastify/fastify/workflows/website/badge.svg?branch=main)](https://github.com/fastify/fastify/actions/workflows/website.yml)
 [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://standardjs.com/)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/7585/badge)](https://bestpractices.coreinfrastructure.org/projects/7585)
 
 </div>
 
@@ -48,7 +49,7 @@ The `main` branch refers to the Fastify `v4` release. Check out the
 
 
 
-### Table of Contents 
+### Table of Contents
 
  - [Quick start](#quick-start)
  - [Install](#install)

package/SECURITY.md

@@ -27,6 +27,15 @@ reported vulnerabilities:
   validity of the report. In any case, the report should follow the same process
   as outlined below of inviting the maintainers to review and accept the
   vulnerability.
+* ***Do not*** attempt to show CI/CD vulnerabilities by creating new pull
+  requests to any of the Fastify organization's repositories. Doing so will
+  result in a [content report][cr] to GitHub as an unsolicited exploit.
+  The proper way to provide such reports is by creating a new repository,
+  configured in the same manner as the repository you would like to submit
+  a report about, and with a pull request to your own repository showing
+  the proof of concept.
+
+[cr]: https://docs.github.com/en/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam#reporting-an-issue-or-pull-request
 
 ### Vulnerabilities found outside this process
 

package/docs/Guides/Prototype-Poisoning.md

@@ -13,8 +13,8 @@ open-source software and the limitations of existing communication channels.
 
 But first, if we use a JavaScript framework to process incoming JSON data, take
 a moment to read up on [Prototype Poisoning](https://medium.com/intrinsic/javascript-prototype-poisoning-vulnerabilities-in-the-wild-7bc15347c96)
-in general, and the specific [technical details]
-(https://github.com/hapijs/hapi/issues/3916) of this issue.
+in general, and the specific
+[technical details](https://github.com/hapijs/hapi/issues/3916) of this issue.
 This could be a critical issue so, we might need to verify your own code first.
 It focuses on specific framework however, any solution that uses `JSON.parse()` 
 to process external data is potentially at risk.

package/docs/Reference/Errors.md

@@ -168,8 +168,6 @@ ajv.plugins option should be an array.
 
 Version constraint should be a string.
 
-<a name="FST_ERR_CTP_ALREADY_PRESENT"></a>
-
 #### FST_ERR_CTP_ALREADY_PRESENT
 <a id="FST_ERR_CTP_ALREADY_PRESENT"></a>
 
@@ -260,6 +258,11 @@ The hook name must be a string.
 
 The hook callback must be a function.
 
+#### FST_ERR_HOOK_INVALID_ASYNC_HANDLER
+<a id="FST_ERR_HOOK_INVALID_ASYNC_HANDLER"></a>
+
+Async function has too many arguments. Async hooks should not use the `done` argument.
+
 #### FST_ERR_HOOK_NOT_SUPPORTED
 <a id="FST_ERR_HOOK_NOT_SUPPORTED"></a>
 
@@ -271,8 +274,8 @@ The hook is not supported.
 You must register a plugin for handling middlewares,
 visit [`Middleware`](./Middleware.md) for more info.
 
-<a name="FST_ERR_HOOK_TIMEOUT"></a>
 #### FST_ERR_HOOK_TIMEOUT
+<a id="FST_ERR_HOOK_TIMEOUT"></a>
 
 A callback for a hook timed out
 
@@ -327,11 +330,21 @@ Called `reply.trailer` with an invalid header name.
 
 Called `reply.trailer` with an invalid type. Expected a function.
 
+#### FST_ERR_FAILED_ERROR_SERIALIZATION
+<a id="FST_ERR_FAILED_ERROR_SERIALIZATION"></a>
+
+Failed to serialize an error.
+
 #### FST_ERR_MISSING_SERIALIZATION_FN
 <a id="FST_ERR_MISSING_SERIALIZATION_FN"></a>
 
 Missing serialization function.
 
+#### FST_ERR_MISSING_CONTENTTYPE_SERIALIZATION_FN
+<a id="FST_ERR_MISSING_CONTENTTYPE_SERIALIZATION_FN"></a>
+
+Missing serialization function.
+
 #### FST_ERR_REQ_INVALID_VALIDATION_INVOCATION
 <a id="FST_ERR_REQ_INVALID_VALIDATION_INVOCATION"></a>
 
@@ -348,6 +361,11 @@ The schema provided does not have `$id` property.
 
 A schema with the same `$id` already exists.
 
+#### FST_ERR_SCH_CONTENT_MISSING_SCHEMA
+<a id="FST_ERR_SCH_CONTENT_MISSING_SCHEMA"></a>
+
+A schema is missing for the corresponding content type.
+
 #### FST_ERR_SCH_DUPLICATE
 <a id="FST_ERR_SCH_DUPLICATE"></a>
 
@@ -384,8 +402,8 @@ Invalid initialization options.
 Cannot set forceCloseConnections to `idle` as your HTTP server
 does not support `closeIdleConnections` method.
 
-<a name="FST_ERR_DUPLICATED_ROUTE"></a>
 #### FST_ERR_DUPLICATED_ROUTE
+<a id="FST_ERR_DUPLICATED_ROUTE"></a>
 
 The HTTP method already has a registered controller for that URL
 
@@ -394,7 +412,7 @@ The HTTP method already has a registered controller for that URL
 
 The router received an invalid url.
 
-### FST_ERR_ASYNC_CONSTRAINT
+#### FST_ERR_ASYNC_CONSTRAINT
 <a id="FST_ERR_ASYNC_CONSTRAINT"></a>
 
 The router received an error when using asynchronous constraints.
@@ -469,38 +487,42 @@ Fastify is already listening.
 
 Installed Fastify plugin mismatched expected version.
 
-<a name="FST_ERR_PLUGIN_CALLBACK_NOT_FN"></a>
-
 #### FST_ERR_PLUGIN_CALLBACK_NOT_FN
+<a id="FST_ERR_PLUGIN_CALLBACK_NOT_FN"></a>
 
 Callback for a hook is not a function (mapped directly from `avvio`)
 
-<a name="FST_ERR_PLUGIN_NOT_VALID"></a>
-
 #### FST_ERR_PLUGIN_NOT_VALID
+<a id="FST_ERR_PLUGIN_NOT_VALID"></a>
 
 Plugin must be a function or a promise.
 
-<a name="FST_ERR_ROOT_PLG_BOOTED"></a>
-
 #### FST_ERR_ROOT_PLG_BOOTED
+<a id="FST_ERR_ROOT_PLG_BOOTED"></a>
 
 Root plugin has already booted (mapped directly from `avvio`)
 
-<a name="FST_ERR_PARENT_PLUGIN_BOOTED"></a>
-
 #### FST_ERR_PARENT_PLUGIN_BOOTED
+<a id="FST_ERR_PARENT_PLUGIN_BOOTED"></a>
 
 Impossible to load plugin because the parent (mapped directly from `avvio`)
 
-<a name="FST_ERR_PLUGIN_TIMEOUT"></a>
-
 #### FST_ERR_PLUGIN_TIMEOUT
+<a id="FST_ERR_PLUGIN_TIMEOUT"></a>
 
 Plugin did not start in time. Default timeout (in millis): `10000`
 
-<a name="FST_ERR_PLUGIN_NOT_PRESENT_IN_INSTANCE"></a>
-
 #### FST_ERR_PLUGIN_NOT_PRESENT_IN_INSTANCE
+<a id="FST_ERR_PLUGIN_NOT_PRESENT_IN_INSTANCE"></a>
 
 The decorator is not present in the instance.
+
+#### FST_ERR_VALIDATION
+<a id="FST_ERR_VALIDATION"></a>
+
+The Request failed the payload validation.
+
+#### FST_ERR_LISTEN_OPTIONS_INVALID
+<a id="FST_ERR_LISTEN_OPTIONS_INVALID"></a>
+
+Invalid listen options.

package/docs/Reference/Logging.md

@@ -196,7 +196,7 @@ app.addHook('preHandler', function (req, reply, done) {
 })
 ```
 
-**Note**: Care should be take to ensure serializers never throw, as an error
+**Note**: Care should be taken to ensure serializers never throw, as an error
 thrown from a serializer has the potential to cause the Node process to exit.
 See the [Pino documentation](https://getpino.io/#/docs/api?id=opt-serializers)
 on serializers for more information.

package/docs/Reference/Plugins.md

@@ -145,6 +145,10 @@ await fastify.ready()
 
 await fastify.listen({ port: 3000 })
 ```
+*Note: Using `await` when registering a plugin loads the plugin
+and the underlying dependency tree, "finalizing" the encapsulation process.
+Any mutations to the plugin after it and its dependencies have been
+loaded will not be reflected in the parent instance.*
 
 #### ESM support
 <a id="esm-support"></a>

package/docs/Reference/Routes.md

@@ -90,6 +90,14 @@ fastify.route(options)
   To access the default handler, you can access `instance.errorHandler`. Note
   that this will point to fastify's default `errorHandler` only if a plugin
   hasn't overridden it already.
+* `childLoggerFactory(logger, binding, opts, rawReq)`: a custom factory function
+  that will be called to produce a child logger instance for every request.
+  See [`childLoggerFactory`](./Server.md#childloggerfactory) for more info.
+  Overrides the default logger factory, and anything set by 
+  [`setChildLoggerFactory`](./Server.md#setchildloggerfactory), for requests to
+  the route. To access the default factory, you can access 
+  `instance.childLoggerFactory`. Note that this will point to Fastify's default
+  `childLoggerFactory` only if a plugin hasn't overridden it already.
 * `validatorCompiler({ schema, method, url, httpPart })`: function that builds
   schemas for request validations. See the [Validation and
   Serialization](./Validation-and-Serialization.md#schema-validator)