fastify 5.5.0 → 5.6.1

package/SECURITY.md

@@ -110,6 +110,18 @@ Within HackerOne, this is handled through a "public disclosure request".
 Reference: [HackerOne:
 Disclosure](https://docs.hackerone.com/hackers/disclosure.html)
 
+### Secondary Contact
+
+If you do not receive an acknowledgment of your report within 6 business days,
+or if you cannot find a private security contact for the project, you may
+contact the OpenJS Foundation CNA at `security@lists.openjsf.org` for
+assistance.
+
+The CNA can help ensure your report is properly acknowledged, assist with
+coordinating disclosure timelines, and assign CVEs when necessary. This is a
+support mechanism to ensure security reports are handled appropriately across
+all OpenJS Foundation projects.
+
 ## The Fastify Security team
 
 The core team is responsible for the management of the security program and

package/SPONSORS.md

@@ -17,6 +17,7 @@ _Be the first!_
 - [Val Town, Inc.](https://opencollective.com/valtown)
 - [Handsontable - JavaScript Data Grid](https://handsontable.com/docs/react-data-grid/?utm_source=Fastify_GH&utm_medium=sponsorship&utm_campaign=library_sponsorship_2024)
 - [Lokalise - A Localization and Translation Software Tool](https://lokalise.com/?utm_source=Fastify_GH&utm_medium=sponsorship)
+- [Lambdatest](https://www.lambdatest.com/)
 
 ## Tier 2
 

package/docs/Reference/Decorators.md

@@ -366,201 +366,68 @@ Will define the `foo` property on the Fastify instance:
 console.log(fastify.foo) // 'a getter'
 ```
 
-### `getDecorator<T>` API
+#### `getDecorator(name)`
+<a id="get-decorator"></a>
 
-Fastify's `getDecorator<T>` API retrieves an existing decorator from the
-Fastify instance, `Request`, or `Reply`. If the decorator is not defined, an
-`FST_ERR_DEC_UNDECLARED` error is thrown.
+Used to retrieve an existing decorator from the Fastify instance, `Request`, or `Reply`.
+If the decorator is not defined, an `FST_ERR_DEC_UNDECLARED` error is thrown.
 
-#### Use cases
+```js
+// Get a decorator from the Fastify instance
+const utility = fastify.getDecorator('utility')
 
-**Early Plugin Dependency Validation**
+// Get a decorator from the request object
+const user = request.getDecorator('user')
 
-`getDecorator<T>` on Fastify instance verifies that required decorators are
-available at registration time. 
+// Get a decorator from the reply object
+const helper = reply.getDecorator('helper')
+```
 
-For example:
+The `getDecorator` method is useful for dependency validation - it can be used to
+check for required decorators at registration time. If any are missing, it fails
+at boot, ensuring dependencies are available during the request lifecycle.
 
 ```js
 fastify.register(async function (fastify) {
+  // Verify the decorator exists before using it
   const usersRepository = fastify.getDecorator('usersRepository')
 
   fastify.get('/users', async function (request, reply) {
-    // We are sure `usersRepository` exists at runtime
     return usersRepository.findAll()
   })
 })
 ```
 
-**Handling Missing Decorators**
-
-Directly accessing a decorator may lead to unexpected behavior if it is not declared:
-
-```ts
-const user = request.user;
-if (user && user.isAdmin) {
-  // Execute admin tasks.
-}
-```
-
-If `request.user` doesn't exist, then `user` will be set to `undefined`. 
-This makes it unclear whether the user is unauthenticated or the decorator is missing.
-
-Using `getDecorator` enforces runtime safety:
-
-```ts
-// If the decorator is missing, an explicit `FST_ERR_DEC_UNDECLARED` 
-// error is thrown immediately.
-const user = request.getDecorator('user');
-if (user && user.isAdmin) {
-  // Execute admin tasks.
-}
-```
-
-**Alternative to Module Augmentation**
-
-Decorators are typically typed via module augmentation:
-
-```ts
-declare module 'fastify' {
-  interface FastifyInstance {
-    usersRepository: IUsersRepository
-  }
-  interface FastifyRequest {
-    session: ISession
-  }
-  interface FastifyReply {
-    sendSuccess: SendSuccessFn
-  }
-}
-```
-
-This approach modifies the Fastify instance globally, which may lead to
-conflicts and inconsistent behavior in multi-server setups or with plugin
-encapsulation.
-
-Using `getDecorator<T>` allows to limit types scope:
-
-```ts
-serverOne.register(async function (fastify) {
-  const usersRepository = fastify.getDecorator<PostgreUsersRepository>(
-    'usersRepository'
-  )
-
-  fastify.decorateRequest('session', null)
-  fastify.addHook('onRequest', async (req, reply) => {
-    // Yes, the request object has a setDecorator method. 
-    // More information will be provided soon.
-    req.setDecorator('session', { user: 'Jean' })
-  })
-
-  fastify.get('/me', (request, reply) => {
-    const session = request.getDecorator<ISession>('session')
-    reply.send(session)
-  })
-})
-
-serverTwo.register(async function (fastify) {
-  const usersRepository = fastify.getDecorator<SqlLiteUsersRepository>(
-    'usersRepository'
-  )
-
-  fastify.decorateReply('sendSuccess', function (data) {
-    return this.send({ success: true })
-  })
-
-  fastify.get('/success', async (request, reply) => {
-    const sendSuccess = reply.getDecorator<SendSuccessFn>('sendSuccess')
-    await sendSuccess()
-  })
-})
-```
+> ℹ️ Note: For TypeScript users, `getDecorator` supports generic type parameters.
+> See the [TypeScript documentation](/docs/latest/Reference/TypeScript/) for
+> advanced typing examples.
 
-#### Bound functions inference
+#### `setDecorator(name, value)`
+<a id="set-decorator"></a>
 
-To save time, it's common to infer function types instead of 
-writing them manually:
+Used to safely update the value of a `Request` decorator.
+If the decorator does not exist, a `FST_ERR_DEC_UNDECLARED` error is thrown.
 
-```ts
-function sendSuccess (this: FastifyReply) {
-  return this.send({ success: true })
-}
-
-export type SendSuccess = typeof sendSuccess
-```
-
-However, `getDecorator` returns functions with the `this` 
-context already **bound**, meaning the `this` parameter disappears 
-from the function signature.
-
-To correctly type it, you should use `OmitThisParameter` utility:
-
-```ts
-function sendSuccess (this: FastifyReply) {
-  return this.send({ success: true })
-}
-
-type BoundSendSuccess = OmitThisParameter<typeof sendSuccess>
-
-fastify.decorateReply('sendSuccess', sendSuccess)
-fastify.get('/success', async (request, reply) => {
-  const sendSuccess = reply.getDecorator<BoundSendSuccess>('sendSuccess')
-  await sendSuccess()
-})
-```
-
-### `Request.setDecorator<T>` Method
-
-The `setDecorator<T>` method provides a safe and convenient way to 
-update the value of a `Request` decorator.  
-If the decorator does not exist, a `FST_ERR_DEC_UNDECLARED` error 
-is thrown.
-
-#### Use Cases
-
-**Runtime Safety**
-
-A typical way to set a `Request` decorator looks like this:
-
-```ts
-fastify.decorateRequest('user', '')
-fastify.addHook('preHandler', async (req, reply) => {
-  req.user = 'Bob Dylan'
-})
-```
-
-However, there is no guarantee that the decorator actually exists 
-unless you manually check beforehand.  
-Additionally, typos are common, e.g. `account`, `acount`, or `accout`.
-
-By using `setDecorator`, you are always sure that the decorator exists:
+```js
+fastify.decorateRequest('user', null)
 
-```ts
-fastify.decorateRequest('user', '')
 fastify.addHook('preHandler', async (req, reply) => {
-  // Throws FST_ERR_DEC_UNDECLARED if the decorator does not exist
-  req.setDecorator('user-with-typo', 'Bob Dylan')
+  // Safely set the decorator value
+  req.setDecorator('user', 'Bob Dylan')
 })
 ```
 
----
-
-**Type Safety**
+The `setDecorator` method provides runtime safety by ensuring the decorator exists
+before setting its value, preventing errors from typos in decorator names.
 
-If the `FastifyRequest` interface does not declare the decorator, you 
-would typically need to use type assertions:
-
-```ts
+```js
+fastify.decorateRequest('account', null)
 fastify.addHook('preHandler', async (req, reply) => {
-  (req as typeof req & { user: string }).user = 'Bob Dylan'
+  // This will throw FST_ERR_DEC_UNDECLARED due to typo in decorator name
+  req.setDecorator('acount', { id: 123 })
 })
 ```
 
-The `setDecorator<T>` method eliminates the need for explicit type 
-assertions while allowing type safety:
-
-```ts
-fastify.addHook('preHandler', async (req, reply) => {
-  req.setDecorator<string>('user', 'Bob Dylan')
-})
-```
+> ℹ️ Note: For TypeScript users, see the
+> [TypeScript documentation](/docs/latest/Reference/TypeScript/) for advanced
+> typing examples using `setDecorator<T>`.

package/docs/Reference/Reply.md

@@ -369,7 +369,7 @@ charset must be set explicitly.
 <a id="getserializationfunction"></a>
 
 By calling this function using a provided `schema` or `httpStatus`,
-and the optional `contentType`, it will return a `serialzation` function
+and the optional `contentType`, it will return a `serialization` function
 that can be used to serialize diverse inputs. It returns `undefined` if no
 serialization function was found using either of the provided inputs.
 

package/docs/Reference/Routes.md

@@ -636,8 +636,7 @@ has a version set, and will prefer a versioned route to a non-versioned route
 for the same path. Advanced version ranges and pre-releases currently are not
 supported.
 
-*Be aware that using this feature will cause a degradation of the overall
-performances of the router.*
+> **Note:** using this feature can degrade the router’s performance.
 
 ```js
 fastify.route({

package/docs/Reference/Server.md

@@ -170,6 +170,12 @@ When set to `true`, upon [`close`](#close) the server will iterate the current
 persistent connections and [destroy their
 sockets](https://nodejs.org/dist/latest-v16.x/docs/api/net.html#socketdestroyerror).
 
+When used with HTTP/2 server, it will also close all active HTTP/2 sessions.
+
+> ℹ️ Note:
+> Since Node.js v24 active sessions are closed by default
+
+
 > ⚠ Warning:
 > Connections are not inspected to determine if requests have
 > been completed.
@@ -966,7 +972,7 @@ Fastify uses [find-my-way](https://github.com/delvedor/find-my-way) which suppor
 separating the path and query string with a `;` character (code 59), e.g. `/dev;foo=bar`.
 This decision originated from [delvedor/find-my-way#76]
 (https://github.com/delvedor/find-my-way/issues/76). Thus, this option will support
-backwards compatiblilty for the need to split on `;`. To enable support for splitting
+backwards compatibility for the need to split on `;`. To enable support for splitting
 on `;` set `useSemicolonDelimiter` to `true`.
 
 ```js

package/docs/Reference/TypeScript.md

@@ -147,7 +147,7 @@ route-level `request` object.
      reply.code(200).send('uh-oh');
      // it even works for wildcards
      reply.code(404).send({ error: 'Not found' });
-     return `logged in!`
+     return { success: true }
    })
    ```
 
@@ -173,7 +173,7 @@ route-level `request` object.
    }, async (request, reply) => {
      const customerHeader = request.headers['h-Custom']
      // do something with request data
-     return `logged in!`
+     return { success: true }
    })
    ```
 7. Build and run and query with the `username` query string option set to
@@ -687,6 +687,142 @@ Or even explicit config on tsconfig
 }
 ```
 
+#### `getDecorator<T>`
+
+Fastify's `getDecorator<T>` method retrieves decorators with enhanced type safety.
+
+The `getDecorator<T>` method supports generic type parameters for enhanced type safety:
+
+```typescript
+// Type-safe decorator retrieval
+const usersRepository = fastify.getDecorator<IUsersRepository>('usersRepository')
+const session = request.getDecorator<ISession>('session')
+const sendSuccess = reply.getDecorator<SendSuccessFn>('sendSuccess')
+```
+
+**Alternative to Module Augmentation**
+
+Decorators are typically typed via module augmentation:
+
+```typescript
+declare module 'fastify' {
+  interface FastifyInstance {
+    usersRepository: IUsersRepository
+  }
+  interface FastifyRequest {
+    session: ISession
+  }
+  interface FastifyReply {
+    sendSuccess: SendSuccessFn
+  }
+}
+```
+
+This approach modifies the Fastify instance globally, which may lead to conflicts
+and inconsistent behavior in multi-server setups or with plugin encapsulation.
+
+Using `getDecorator<T>` allows limiting types scope:
+
+```typescript
+serverOne.register(async function (fastify) {
+  const usersRepository = fastify.getDecorator<PostgreUsersRepository>(
+    'usersRepository'
+  )
+
+  fastify.decorateRequest('session', null)
+  fastify.addHook('onRequest', async (req, reply) => {
+    req.setDecorator('session', { user: 'Jean' })
+  })
+
+  fastify.get('/me', (request, reply) => {
+    const session = request.getDecorator<ISession>('session')
+    reply.send(session)
+  })
+})
+
+serverTwo.register(async function (fastify) {
+  const usersRepository = fastify.getDecorator<SqlLiteUsersRepository>(
+    'usersRepository'
+  )
+
+  fastify.decorateReply('sendSuccess', function (data) {
+    return this.send({ success: true })
+  })
+
+  fastify.get('/success', async (request, reply) => {
+    const sendSuccess = reply.getDecorator<SendSuccessFn>('sendSuccess')
+    await sendSuccess()
+  })
+})
+```
+
+**Bound Functions Inference**
+
+To save time, it is common to infer function types instead of writing them manually:
+
+```typescript
+function sendSuccess (this: FastifyReply) {
+  return this.send({ success: true })
+}
+
+export type SendSuccess = typeof sendSuccess
+```
+
+However, `getDecorator` returns functions with the `this` context already **bound**,
+meaning the `this` parameter disappears from the function signature.
+
+To correctly type it, use the `OmitThisParameter` utility:
+
+```typescript
+function sendSuccess (this: FastifyReply) {
+  return this.send({ success: true })
+}
+
+type BoundSendSuccess = OmitThisParameter<typeof sendSuccess>
+
+fastify.decorateReply('sendSuccess', sendSuccess)
+fastify.get('/success', async (request, reply) => {
+  const sendSuccess = reply.getDecorator<BoundSendSuccess>('sendSuccess')
+  await sendSuccess()
+})
+```
+
+#### `setDecorator<T>`
+
+Fastify's `setDecorator<T>` method provides enhanced type safety for updating request
+decorators.
+
+The `setDecorator<T>` method provides enhanced type safety for updating request
+decorators:
+
+```typescript
+fastify.decorateRequest('user', '')
+fastify.addHook('preHandler', async (req, reply) => {
+  // Type-safe decorator setting
+  req.setDecorator<string>('user', 'Bob Dylan')
+})
+```
+
+**Type Safety Benefits**
+
+If the `FastifyRequest` interface does not declare the decorator, type assertions
+are typically needed:
+
+```typescript
+fastify.addHook('preHandler', async (req, reply) => {
+  (req as typeof req & { user: string }).user = 'Bob Dylan'
+})
+```
+
+The `setDecorator<T>` method eliminates the need for explicit type assertions
+while providing type safety:
+
+```typescript
+fastify.addHook('preHandler', async (req, reply) => {
+  req.setDecorator<string>('user', 'Bob Dylan')
+})
+```
+
 ## Code Completion In Vanilla JavaScript
 
 Vanilla JavaScript can use the published types to provide code completion (e.g.

package/fastify.d.ts

@@ -89,6 +89,22 @@ declare namespace fastify {
 
   type TrustProxyFunction = (address: string, hop: number) => boolean
 
+  export type FastifyRouterOptions<RawServer extends RawServerBase> = {
+    allowUnsafeRegex?: boolean,
+    buildPrettyMeta?: (route: { [k: string]: unknown, store: { [k: string]: unknown } }) => object,
+    caseSensitive?: boolean,
+    constraints?: {
+      [name: string]: ConstraintStrategy<FindMyWayVersion<RawServer>, unknown>,
+    },
+    defaultRoute?: (req: FastifyRequest, res: FastifyReply) => void,
+    ignoreDuplicateSlashes?: boolean,
+    ignoreTrailingSlash?: boolean,
+    maxParamLength?: number,
+    onBadUrl?: (path: string, req: FastifyRequest, res: FastifyReply) => void,
+    querystringParser?: (str: string) => { [key: string]: unknown },
+    useSemicolonDelimiter?: boolean,
+  }
+
   /**
    * Options for a fastify server instance. Utilizes conditional logic on the generic server parameter to enforce certain https and http2
    */
@@ -159,6 +175,7 @@ declare namespace fastify {
     clientErrorHandler?: (error: ConnectionError, socket: Socket) => void,
     childLoggerFactory?: FastifyChildLoggerFactory,
     allowErrorHandlerOverride?: boolean
+    routerOptions?: FastifyRouterOptions<RawServer>,
   }
 
   /**

package/fastify.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const VERSION = '5.5.0'
+const VERSION = '5.6.1'
 
 const Avvio = require('avvio')
 const http = require('node:http')
@@ -194,6 +194,7 @@ function fastify (options) {
 
   const serverHasCloseAllConnections = typeof server.closeAllConnections === 'function'
   const serverHasCloseIdleConnections = typeof server.closeIdleConnections === 'function'
+  const serverHasCloseHttp2Sessions = typeof server.closeHttp2Sessions === 'function'
 
   let forceCloseConnections = options.forceCloseConnections
   if (forceCloseConnections === 'idle' && !serverHasCloseIdleConnections) {
@@ -491,6 +492,10 @@ function fastify (options) {
           }
         }
 
+        if (serverHasCloseHttp2Sessions) {
+          instance.server.closeHttp2Sessions()
+        }
+
         // No new TCP connections are accepted.
         // We must call close on the server even if we are not listening
         // otherwise memory will be leaked.

package/lib/server.js

@@ -6,7 +6,7 @@ const http2 = require('node:http2')
 const dns = require('node:dns')
 const os = require('node:os')
 
-const { kState, kOptions, kServerBindings } = require('./symbols')
+const { kState, kOptions, kServerBindings, kHttp2ServerSessions } = require('./symbols')
 const { FSTWRN003 } = require('./warnings')
 const { onListenHookRunner } = require('./hooks')
 const {
@@ -175,6 +175,9 @@ function multipleBindings (mainServer, httpHandler, serverOpts, listenOptions, o
             if (typeof secondaryServer.closeAllConnections === 'function' && serverOpts.forceCloseConnections === true) {
               secondaryServer.closeAllConnections()
             }
+            if (typeof secondaryServer.closeHttp2Sessions === 'function') {
+              secondaryServer.closeHttp2Sessions()
+            }
           }
 
           secondaryServer.on('upgrade', mainServer.emit.bind(mainServer, 'upgrade'))
@@ -283,10 +286,16 @@ function getServerInstance (options, httpHandler) {
 
   if (options.http2) {
     const server = typeof httpsOptions === 'object' ? http2.createSecureServer(httpsOptions, httpHandler) : http2.createServer(options.http, httpHandler)
-    server.on('session', (session) => session.setTimeout(options.http2SessionTimeout, function closeSession () {
-      this.close()
+    server.on('session', (session) => session.setTimeout(options.http2SessionTimeout, () => {
+      session.close()
     }))
 
+    // This is only needed for Node.js versions < 24.0.0 since Node.js added native
+    // closeAllSessions() on server.close() support for HTTP/2 servers in v24.0.0
+    if (options.forceCloseConnections === true) {
+      server.closeHttp2Sessions = createCloseHttp2SessionsByHttp2Server(server)
+    }
+
     server.setTimeout(options.connectionTimeout)
 
     return server
@@ -353,3 +362,47 @@ function logServerAddress (server, listenTextResolver) {
   }
   return addresses[0]
 }
+
+/**
+ * @param {http2.Http2Server} http2Server
+ * @returns {() => void}
+ */
+function createCloseHttp2SessionsByHttp2Server (http2Server) {
+  /**
+   * @type {Set<http2.Http2Session>}
+   */
+  http2Server[kHttp2ServerSessions] = new Set()
+
+  http2Server.on('session', function (session) {
+    session.once('connect', function () {
+      http2Server[kHttp2ServerSessions].add(session)
+    })
+
+    session.once('close', function () {
+      http2Server[kHttp2ServerSessions].delete(session)
+    })
+
+    session.once('frameError', function (type, code, streamId) {
+      if (streamId === 0) {
+        // The stream ID is 0, which means that the error is related to the session itself.
+        // If the event is not associated with a stream, the Http2Session will be shut down immediately
+        http2Server[kHttp2ServerSessions].delete(session)
+      }
+    })
+
+    session.once('goaway', function () {
+      // The Http2Session instance will be shut down automatically when the 'goaway' event is emitted.
+      http2Server[kHttp2ServerSessions].delete(session)
+    })
+  })
+
+  return function closeHttp2Sessions () {
+    if (http2Server[kHttp2ServerSessions].size === 0) {
+      return
+    }
+
+    for (const session of http2Server[kHttp2ServerSessions]) {
+      session.close()
+    }
+  }
+}

package/lib/symbols.js

@@ -17,6 +17,7 @@ const keys = {
   kPluginNameChain: Symbol('fastify.pluginNameChain'),
   kRouteContext: Symbol('fastify.context'),
   kGenReqId: Symbol('fastify.genReqId'),
+  kHttp2ServerSessions: Symbol('fastify.http2ServerSessions'),
   // Schema
   kSchemaController: Symbol('fastify.schemaController'),
   kSchemaHeaders: Symbol('headers-schema'),

package/lib/warnings.js

@@ -43,7 +43,7 @@ const FSTSEC001 = createWarning({
 
 const FSTDEP022 = createWarning({
   name: 'FastifyWarning',
-  code: 'FSTDPE022',
+  code: 'FSTDEP022',
   message: 'The router options for %s property access is deprecated. Please use "options.routerOptions" instead for accessing router options. The router options will be removed in `fastify@6`.',
   unlimited: true
 })

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fastify",
-  "version": "5.5.0",
+  "version": "5.6.1",
   "description": "Fast and low overhead web framework, for Node.js",
   "main": "fastify.js",
   "type": "commonjs",

package/test/decorator-namespace.test._js_

@@ -20,7 +20,7 @@ test('plugin namespace', async t => {
       // ! the plugin does not know about the namespace
       reply.send({ utility: app.utility() })
     })
-  }, { namepace: 'foo' })
+  }, { namespace: 'foo' })
 
   // ! but outside the plugin the decorator would be app.foo.utility()
   t.assert.ok(app.foo.utility)

package/test/http2/closing.test.js

@@ -8,6 +8,7 @@ const connect = promisify(http2.connect)
 const { once } = require('node:events')
 const { buildCertificate } = require('../build-certificate')
 const { getServerUrl } = require('../helper')
+const { kHttp2ServerSessions } = require('../../lib/symbols')
 
 test.before(buildCertificate)
 
@@ -180,3 +181,90 @@ test('http/2 server side session emits a timeout event', async t => {
   await p
   await fastify.close()
 })
+
+test('http/2 sessions closed after closing server', async t => {
+  t.plan(1)
+  const fastify = Fastify({
+    http2: true,
+    http2SessionTimeout: 100
+  })
+  await fastify.listen()
+  const url = getServerUrl(fastify)
+  const waitSessionConnect = once(fastify.server, 'session')
+  const session = http2.connect(url)
+  await once(session, 'connect')
+  await waitSessionConnect
+  const waitSessionClosed = once(session, 'close')
+  await fastify.close()
+  await waitSessionClosed
+  t.assert.strictEqual(session.closed, true)
+})
+
+test('http/2 sessions should be closed when setting forceClosedConnections to true', async t => {
+  t.plan(2)
+  const fastify = Fastify({ http2: true, http2SessionTimeout: 100, forceCloseConnections: true })
+  fastify.get('/', () => 'hello world')
+  await fastify.listen()
+  const client = await connect(getServerUrl(fastify))
+  const req = client.request({
+    [http2.HTTP2_HEADER_PATH]: '/',
+    [http2.HTTP2_HEADER_METHOD]: 'GET'
+  })
+  await once(req, 'response')
+  fastify.close()
+  const r2 = client.request({
+    [http2.HTTP2_HEADER_PATH]: '/',
+    [http2.TTP2_HEADER_METHOD]: 'GET'
+  })
+  r2.on('error', (err) => {
+    t.assert.strictEqual(err.toString(), 'Error [ERR_HTTP2_STREAM_ERROR]: Stream closed with error code NGHTTP2_REFUSED_STREAM')
+  })
+  await once(r2, 'error')
+  r2.end()
+  t.assert.strictEqual(client.closed, true)
+  client.destroy()
+})
+
+test('http/2 sessions should be removed from server[kHttp2ServerSessions] Set on goaway', async t => {
+  t.plan(2)
+  const fastify = Fastify({ http2: true, http2SessionTimeout: 100, forceCloseConnections: true })
+  await fastify.listen()
+  const waitSession = once(fastify.server, 'session')
+  const client = http2.connect(getServerUrl(fastify))
+  const [session] = await waitSession
+  const waitGoaway = once(session, 'goaway')
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 1)
+  client.goaway()
+  await waitGoaway
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 0)
+  client.destroy()
+  await fastify.close()
+})
+
+test('http/2 sessions should be removed from server[kHttp2ServerSessions] Set on frameError', async t => {
+  t.plan(2)
+  const fastify = Fastify({ http2: true, http2SessionTimeout: 100, forceCloseConnections: true })
+  await fastify.listen()
+  const waitSession = once(fastify.server, 'session')
+  const client = http2.connect(getServerUrl(fastify))
+  const [session] = await waitSession
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 1)
+  session.emit('frameError', 0, 0, 0)
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 0)
+  client.destroy()
+  await fastify.close()
+})
+
+test('http/2 sessions should not be removed from server[kHttp2ServerSessions] from Set if stream id passed on frameError', async t => {
+  t.plan(2)
+  const fastify = Fastify({ http2: true, http2SessionTimeout: 100, forceCloseConnections: true })
+  await fastify.listen()
+  const waitSession = once(fastify.server, 'session')
+  const client = http2.connect(getServerUrl(fastify))
+  const [session] = await waitSession
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 1)
+  session.emit('frameError', 0, 0, 1)
+  t.assert.strictEqual(fastify.server[kHttp2ServerSessions].size, 1)
+  client.destroy()
+  await fastify.close()
+})

package/test/set-error-handler.test.js

@@ -24,7 +24,7 @@ test('setErrorHandler can be set independently in parent and child scopes', asyn
   })
 })
 
-test('setErrorHandler can be overriden if allowErrorHandlerOverride is set to true', async t => {
+test('setErrorHandler can be overridden if allowErrorHandlerOverride is set to true', async t => {
   t.plan(2)
 
   const fastify = Fastify()

package/test/skip-reply-send.test.js

@@ -244,12 +244,12 @@ function testHandlerOrBeforeHandlerHook (test, hookOrHandler) {
       if (hookOrHandler === 'handler') {
         app.get('/', (req, reply) => {
           reply.hijack()
-          throw new Error('This wil be skipped')
+          throw new Error('This will be skipped')
         })
       } else {
         app.addHook(hookOrHandler, async (req, reply) => {
           reply.hijack()
-          throw new Error('This wil be skipped')
+          throw new Error('This will be skipped')
         })
         app.get('/', (req, reply) => t.assert.fail('Handler should not be called'))
       }

package/test/types/instance.test-d.ts

@@ -15,6 +15,8 @@ import { FastifyRequest } from '../../types/request'
 import { FastifySchemaControllerOptions, FastifySchemaCompiler, FastifySerializerCompiler } from '../../types/schema'
 import { AddressInfo } from 'node:net'
 import { Bindings, ChildLoggerOptions } from '../../types/logger'
+import { ConstraintStrategy } from 'find-my-way'
+import { FindMyWayVersion } from '../../types/instance'
 
 const server = fastify()
 
@@ -309,7 +311,22 @@ type InitialConfig = Readonly<{
   requestIdHeader?: string | false,
   requestIdLogLabel?: string,
   http2SessionTimeout?: number,
-  useSemicolonDelimiter?: boolean
+  useSemicolonDelimiter?: boolean,
+  routerOptions?: {
+    allowUnsafeRegex?: boolean,
+    buildPrettyMeta?: (route: { [k: string]: unknown, store: { [k: string]: unknown } }) => object,
+    caseSensitive?: boolean,
+    constraints?: {
+      [name: string]: ConstraintStrategy<FindMyWayVersion<RawServerDefault>, unknown>
+    }
+    defaultRoute?: (req: FastifyRequest, res: FastifyReply) => void,
+    ignoreDuplicateSlashes?: boolean,
+    ignoreTrailingSlash?: boolean,
+    maxParamLength?: number,
+    onBadUrl?: (path: string, req: FastifyRequest, res: FastifyReply) => void,
+    querystringParser?: (str: string) => { [key: string]: unknown },
+    useSemicolonDelimiter?: boolean,
+  }
 }>
 
 expectType<InitialConfig>(fastify().initialConfig)

package/test/types/schema.test-d.ts

@@ -72,6 +72,27 @@ expectAssignable<FastifyInstance>(server.post('/test', {
   }
 }, async req => req.body))
 
+expectAssignable<FastifyInstance>(server.post('/test', {
+  validatorCompiler: ({ schema }) => {
+    return data => {
+      if (!data || data.constructor !== Object) {
+        return {
+          error: [
+            {
+              keyword: 'type',
+              instancePath: '',
+              schemaPath: '#/type',
+              params: { type: 'object' },
+              message: 'value is not an object'
+            }
+          ]
+        }
+      }
+      return { value: data }
+    }
+  }
+}, async req => req.body))
+
 expectAssignable<FastifyInstance>(server.setValidatorCompiler<FastifySchema & { validate: Record<string, unknown> }>(
   function ({ schema }) {
     return new Ajv().compile(schema)

package/types/instance.d.ts

@@ -23,6 +23,7 @@ import {
   SafePromiseLike
 } from './type-provider'
 import { ContextConfigDefault, HTTPMethods, RawReplyDefaultExpression, RawRequestDefaultExpression, RawServerBase, RawServerDefault } from './utils'
+import { FastifyRouterOptions } from '../fastify'
 
 export interface PrintRoutesOptions {
   method?: HTTPMethods;
@@ -603,5 +604,6 @@ export interface FastifyInstance<
     requestIdLogLabel?: string,
     http2SessionTimeout?: number,
     useSemicolonDelimiter?: boolean,
+    routerOptions?: FastifyRouterOptions<RawServer>
   }>
 }

package/types/logger.d.ts

@@ -7,20 +7,24 @@ import { FastifySchema } from './schema'
 import { FastifyTypeProvider, FastifyTypeProviderDefault } from './type-provider'
 import { ContextConfigDefault, RawReplyDefaultExpression, RawRequestDefaultExpression, RawServerBase, RawServerDefault } from './utils'
 
-import pino from 'pino'
+import type {
+  BaseLogger,
+  LogFn as FastifyLogFn,
+  LevelWithSilent as LogLevel,
+  Bindings,
+  ChildLoggerOptions,
+  LoggerOptions as PinoLoggerOptions
+} from 'pino'
 
-/**
- * Standard Fastify logging function
- */
-export type FastifyLogFn = pino.LogFn
-
-export type LogLevel = pino.LevelWithSilent
-
-export type Bindings = pino.Bindings
-
-export type ChildLoggerOptions = pino.ChildLoggerOptions
+export type {
+  FastifyLogFn,
+  LogLevel,
+  Bindings,
+  ChildLoggerOptions,
+  PinoLoggerOptions
+}
 
-export interface FastifyBaseLogger extends pino.BaseLogger {
+export interface FastifyBaseLogger extends Pick<BaseLogger, 'level' | 'info' | 'error' | 'debug' | 'fatal' | 'warn' | 'trace' | 'silent'> {
   child(bindings: Bindings, options?: ChildLoggerOptions): FastifyBaseLogger
 }
 
@@ -34,8 +38,6 @@ export interface FastifyLoggerStreamDestination {
   write(msg: string): void;
 }
 
-export type PinoLoggerOptions = pino.LoggerOptions
-
 // TODO: once node 18 is EOL, this type can be replaced with plain FastifyReply.
 /**
  * Specialized reply type used for the `res` log serializer, since only `statusCode` is passed in certain cases.

package/types/schema.d.ts

@@ -33,7 +33,7 @@ export interface FastifySchemaValidationError {
 }
 
 export interface FastifyValidationResult {
-  (data: any): boolean | SafePromiseLike<any> | { error?: Error, value?: any }
+  (data: any): boolean | SafePromiseLike<any> | { error?: Error | FastifySchemaValidationError[], value?: any }
   errors?: FastifySchemaValidationError[] | null;
 }