fastify 5.6.1 → 5.7.0

package/.claude/settings.local.json

@@ -0,0 +1,11 @@
+{
+  "permissions": {
+    "allow": [
+      "WebFetch(domain:github.com)",
+      "Bash(curl -sI https://github.com/nucleode/arecibo)",
+      "Bash(curl:*)"
+    ],
+    "deny": [],
+    "ask": []
+  }
+}

package/README.md

@@ -260,7 +260,8 @@ application. You should __always__ benchmark if performance matters to you.
 Please visit [Fastify help](https://github.com/fastify/help) to view prior
 support issues and to ask new support questions.
 
-Version 3 of Fastify and lower are EOL and will not receive any security or bug fixes.
+Version 3 of Fastify and lower are EOL and will not receive any security or bug
+fixes.
 
 Fastify's partner, HeroDevs, provides commercial security fixes for all
 unsupported versions at [https://herodevs.com/support/fastify-nes][hd-link].
@@ -280,70 +281,70 @@ listed in alphabetical order.
 
 **Lead Maintainers:**
 * [__Matteo Collina__](https://github.com/mcollina),
-  <https://twitter.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
+  <https://x.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
 * [__Tomas Della Vedova__](https://github.com/delvedor),
-  <https://twitter.com/delvedor>, <https://www.npmjs.com/~delvedor>
+  <https://x.com/delvedor>, <https://www.npmjs.com/~delvedor>
 * [__KaKa Ng__](https://github.com/climba03003),
   <https://www.npmjs.com/~climba03003>
 * [__Manuel Spigolon__](https://github.com/eomm),
-  <https://twitter.com/manueomm>, <https://www.npmjs.com/~eomm>
+  <https://x.com/manueomm>, <https://www.npmjs.com/~eomm>
 * [__James Sumners__](https://github.com/jsumners),
-  <https://twitter.com/jsumners79>, <https://www.npmjs.com/~jsumners>
+  <https://x.com/jsumners79>, <https://www.npmjs.com/~jsumners>
 
 ### Fastify Core team
 * [__Aras Abbasi__](https://github.com/uzlopak),
   <https://www.npmjs.com/~uzlopak>
 * [__Harry Brundage__](https://github.com/airhorns/),
-  <https://twitter.com/harrybrundage>, <https://www.npmjs.com/~airhorns>
+  <https://x.com/harrybrundage>, <https://www.npmjs.com/~airhorns>
 * [__Matteo Collina__](https://github.com/mcollina),
-  <https://twitter.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
+  <https://x.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
 * [__Gürgün Dayıoğlu__](https://github.com/gurgunday),
   <https://www.npmjs.com/~gurgunday>
 * [__Tomas Della Vedova__](https://github.com/delvedor),
-  <https://twitter.com/delvedor>, <https://www.npmjs.com/~delvedor>
+  <https://x.com/delvedor>, <https://www.npmjs.com/~delvedor>
 * [__Carlos Fuentes__](https://github.com/metcoder95),
-  <https://twitter.com/metcoder95>, <https://www.npmjs.com/~metcoder95>
+  <https://x.com/metcoder95>, <https://www.npmjs.com/~metcoder95>
 * [__Vincent Le Goff__](https://github.com/zekth)
 * [__Luciano Mammino__](https://github.com/lmammino),
-  <https://twitter.com/loige>, <https://www.npmjs.com/~lmammino>
+  <https://x.com/loige>, <https://www.npmjs.com/~lmammino>
 * [__Jean Michelet__](https://github.com/jean-michelet),
   <https://www.npmjs.com/~jean-michelet>
 * [__KaKa Ng__](https://github.com/climba03003),
   <https://www.npmjs.com/~climba03003>
 * [__Luis Orbaiceta__](https://github.com/luisorbaiceta),
-  <https://twitter.com/luisorbai>, <https://www.npmjs.com/~luisorbaiceta>
+  <https://x.com/luisorbai>, <https://www.npmjs.com/~luisorbaiceta>
 * [__Maksim Sinik__](https://github.com/fox1t),
-  <https://twitter.com/maksimsinik>, <https://www.npmjs.com/~fox1t>
+  <https://x.com/maksimsinik>, <https://www.npmjs.com/~fox1t>
 * [__Manuel Spigolon__](https://github.com/eomm),
-  <https://twitter.com/manueomm>, <https://www.npmjs.com/~eomm>
+  <https://x.com/manueomm>, <https://www.npmjs.com/~eomm>
 * [__James Sumners__](https://github.com/jsumners),
-  <https://twitter.com/jsumners79>, <https://www.npmjs.com/~jsumners>
+  <https://x.com/jsumners79>, <https://www.npmjs.com/~jsumners>
 
 ### Fastify Plugins team
 * [__Harry Brundage__](https://github.com/airhorns/),
-  <https://twitter.com/harrybrundage>, <https://www.npmjs.com/~airhorns>
+  <https://x.com/harrybrundage>, <https://www.npmjs.com/~airhorns>
 * [__Simone Busoli__](https://github.com/simoneb),
-  <https://twitter.com/simonebu>, <https://www.npmjs.com/~simoneb>
+  <https://x.com/simonebu>, <https://www.npmjs.com/~simoneb>
 * [__Dan Castillo__](https://github.com/dancastillo),
   <https://www.npmjs.com/~dancastillo>
 * [__Matteo Collina__](https://github.com/mcollina),
-  <https://twitter.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
+  <https://x.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
 * [__Gürgün Dayıoğlu__](https://github.com/gurgunday),
   <https://www.npmjs.com/~gurgunday>
 * [__Tomas Della Vedova__](https://github.com/delvedor),
-  <https://twitter.com/delvedor>, <https://www.npmjs.com/~delvedor>
+  <https://x.com/delvedor>, <https://www.npmjs.com/~delvedor>
 * [__Carlos Fuentes__](https://github.com/metcoder95),
-  <https://twitter.com/metcoder95>, <https://www.npmjs.com/~metcoder95>
+  <https://x.com/metcoder95>, <https://www.npmjs.com/~metcoder95>
 * [__Vincent Le Goff__](https://github.com/zekth)
 * [__Jean Michelet__](https://github.com/jean-michelet),
   <https://www.npmjs.com/~jean-michelet>
 * [__KaKa Ng__](https://github.com/climba03003),
   <https://www.npmjs.com/~climba03003>
 * [__Maksim Sinik__](https://github.com/fox1t),
-  <https://twitter.com/maksimsinik>, <https://www.npmjs.com/~fox1t>
+  <https://x.com/maksimsinik>, <https://www.npmjs.com/~fox1t>
 * [__Frazer Smith__](https://github.com/Fdawgs), <https://www.npmjs.com/~fdawgs>
 * [__Manuel Spigolon__](https://github.com/eomm),
-  <https://twitter.com/manueomm>, <https://www.npmjs.com/~eomm>
+  <https://x.com/manueomm>, <https://www.npmjs.com/~eomm>
 
 ### Emeritus Contributors
 Great contributors to a specific area of the Fastify ecosystem will be invited
@@ -351,32 +352,32 @@ to join this group by Lead Maintainers when they decide to step down from the
 active contributor's group.
 
 * [__Tommaso Allevi__](https://github.com/allevo),
-  <https://twitter.com/allevitommaso>, <https://www.npmjs.com/~allevo>
+  <https://x.com/allevitommaso>, <https://www.npmjs.com/~allevo>
 * [__Ethan Arrowood__](https://github.com/Ethan-Arrowood/),
-  <https://twitter.com/arrowoodtech>, <https://www.npmjs.com/~ethan_arrowood>
+  <https://x.com/arrowoodtech>, <https://www.npmjs.com/~ethan_arrowood>
 * [__Çağatay Çalı__](https://github.com/cagataycali),
-  <https://twitter.com/cagataycali>, <https://www.npmjs.com/~cagataycali>
+  <https://x.com/cagataycali>, <https://www.npmjs.com/~cagataycali>
 * [__David Mark Clements__](https://github.com/davidmarkclements),
-  <https://twitter.com/davidmarkclem>,
+  <https://x.com/davidmarkclem>,
   <https://www.npmjs.com/~davidmarkclements>
-* [__dalisoft__](https://github.com/dalisoft), <https://twitter.com/dalisoft>,
+* [__dalisoft__](https://github.com/dalisoft), <https://x.com/dalisoft>,
   <https://www.npmjs.com/~dalisoft>
 * [__Dustin Deus__](https://github.com/StarpTech),
-  <https://twitter.com/dustindeus>, <https://www.npmjs.com/~starptech>
+  <https://x.com/dustindeus>, <https://www.npmjs.com/~starptech>
 * [__Denis Fäcke__](https://github.com/SerayaEryn),
-  <https://twitter.com/serayaeryn>, <https://www.npmjs.com/~serayaeryn>
+  <https://x.com/serayaeryn>, <https://www.npmjs.com/~serayaeryn>
 * [__Rafael Gonzaga__](https://github.com/rafaelgss),
-  <https://twitter.com/_rafaelgss>, <https://www.npmjs.com/~rafaelgss>
+  <https://x.com/_rafaelgss>, <https://www.npmjs.com/~rafaelgss>
 * [__Trivikram Kamat__](https://github.com/trivikr),
-  <https://twitter.com/trivikram>, <https://www.npmjs.com/~trivikr>
+  <https://x.com/trivikram>, <https://www.npmjs.com/~trivikr>
 * [__Ayoub El Khattabi__](https://github.com/AyoubElk),
-  <https://twitter.com/ayoubelkh>, <https://www.npmjs.com/~ayoubelk>
+  <https://x.com/ayoubelkh>, <https://www.npmjs.com/~ayoubelk>
 * [__Cemre Mengu__](https://github.com/cemremengu),
-  <https://twitter.com/cemremengu>, <https://www.npmjs.com/~cemremengu>
+  <https://x.com/cemremengu>, <https://www.npmjs.com/~cemremengu>
 * [__Salman Mitha__](https://github.com/salmanm),
   <https://www.npmjs.com/~salmanm>
 * [__Nathan Woltman__](https://github.com/nwoltman),
-  <https://twitter.com/NathanWoltman>, <https://www.npmjs.com/~nwoltman>
+  <https://x.com/NathanWoltman>, <https://www.npmjs.com/~nwoltman>
 
 ## Hosted by
 

package/SECURITY.md

@@ -3,6 +3,46 @@
 This document describes the management of vulnerabilities for the Fastify
 project and its official plugins.
 
+## Threat Model
+
+Fastify's threat model extends the
+[Node.js threat model](https://github.com/nodejs/node/blob/main/SECURITY.md#the-nodejs-threat-model).
+
+**Trusted:** Application code (plugins, handlers, hooks, schemas), configuration,
+and the runtime environment.
+
+**Untrusted:** All network input (HTTP headers, body, query strings, URL
+parameters).
+
+### Examples of Vulnerabilities
+
+- Parsing flaws that bypass validation or security controls
+- DoS through malformed input to Fastify's core
+- Bypasses of built-in protections (prototype poisoning, schema validation)
+
+### Examples of Non-Vulnerabilities
+
+The following are **not** considered vulnerabilities in Fastify:
+
+- **Application code vulnerabilities**: XSS, SQL injection, or other flaws in
+user-written route handlers, hooks, or plugins
+- **Malicious application code**: Issues caused by intentionally malicious
+plugins or handlers (application code is trusted)
+- **Validation schema issues**: Weak or incorrect schemas provided by developers
+(schemas are trusted)
+- **ReDoS in user patterns**: Regular expression DoS in user-provided regex
+patterns for routes or validation
+- **Missing security features**: Lack of rate limiting, authentication, or
+authorization (these are application-level concerns)
+- **Configuration mistakes**: Security issues arising from developer
+misconfiguration (configuration is trusted)
+- **Third-party dependencies**: Vulnerabilities in npm packages used by the
+application (not Fastify core dependencies)
+- **Resource exhaustion from handlers**: DoS caused by expensive operations in
+user route handlers
+- **Information disclosure by design**: Exposing error details or stack traces
+explicitly enabled via configuration options
+
 ## Reporting vulnerabilities
 
 Individuals who find potential vulnerabilities in Fastify are invited to
@@ -137,13 +177,13 @@ work as a member of the Fastify Core team.
 ### Members
 
 * [__Matteo Collina__](https://github.com/mcollina),
-  <https://twitter.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
+  <https://x.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
 * [__Tomas Della Vedova__](https://github.com/delvedor),
-  <https://twitter.com/delvedor>, <https://www.npmjs.com/~delvedor>
+  <https://x.com/delvedor>, <https://www.npmjs.com/~delvedor>
 * [__Vincent Le Goff__](https://github.com/zekth)
 * [__KaKa Ng__](https://github.com/climba03003)
 * [__James Sumners__](https://github.com/jsumners),
-  <https://twitter.com/jsumners79>, <https://www.npmjs.com/~jsumners>
+  <https://x.com/jsumners79>, <https://www.npmjs.com/~jsumners>
 
 ## OpenSSF CII Best Practices
 
@@ -155,11 +195,9 @@ There are three “tiers”: passing, silver, and gold.
 We meet 100% of the “passing” criteria.
 
 ### Silver
-We meet 87% of the “silver” criteria. The gaps are as follows:
+We meet 87% of the "silver" criteria. The gaps are as follows:
   - we do not have a DCO or a CLA process for contributions.
-  - we do not currently document
-    “what the user can and cannot expect in terms of security” for our project.
-  - we do not currently document ”the architecture (aka high-level design)”
+  - we do not currently document "the architecture (aka high-level design)"
     for our project.
 
 ### Gold

package/SPONSORS.md

@@ -9,7 +9,7 @@ or [GitHub Sponsors](https://github.com/sponsors/fastify)!
 
 ## Tier 4
 
-_Be the first!_
+- [SerpApi](http://serpapi.com/)
 
 ## Tier 3
 

package/build/build-validation.js

@@ -16,7 +16,7 @@ module.exports.defaultInitOptions = ${JSON.stringify(defaultInitOptions)}
 /* c8 ignore stop */
 `
 
-    const file = path.join(__dirname, '..', 'lib', 'configValidator.js')
+    const file = path.join(__dirname, '..', 'lib', 'config-validator.js')
     fs.writeFileSync(file, moduleCode)
     console.log(`Saved ${file} file successfully`)
   }
@@ -98,7 +98,6 @@ const schema = {
     ignoreTrailingSlash: { type: 'boolean', default: defaultInitOptions.ignoreTrailingSlash },
     ignoreDuplicateSlashes: { type: 'boolean', default: defaultInitOptions.ignoreDuplicateSlashes },
     disableRequestLogging: {
-      type: 'boolean',
       default: false
     },
     maxParamLength: { type: 'integer', default: defaultInitOptions.maxParamLength },
@@ -112,7 +111,7 @@ const schema = {
     useSemicolonDelimiter: { type: 'boolean', default: defaultInitOptions.useSemicolonDelimiter },
     routerOptions: {
       type: 'object',
-      additionalProperties: false,
+      additionalProperties: true,
       properties: {
         ignoreTrailingSlash: { type: 'boolean', default: defaultInitOptions.routerOptions.ignoreTrailingSlash },
         ignoreDuplicateSlashes: { type: 'boolean', default: defaultInitOptions.routerOptions.ignoreDuplicateSlashes },

package/docs/Guides/Detecting-When-Clients-Abort.md

@@ -81,7 +81,7 @@ start()
 Our code is setting up a Fastify server which includes the following
 functionality:
 
-- Accepting requests at http://localhost:3000, with a 3 second delayed response
+- Accepting requests at `http://localhost:3000`, with a 3 second delayed response
 of `{ ok: true }`.
 - An onRequest hook that triggers when every request is received.
 - Logic that triggers in the hook when the request is closed.

package/docs/Guides/Ecosystem.md

@@ -119,6 +119,8 @@ section.
   HTTP errors and assertions, but also more request and reply methods.
 - [`@fastify/session`](https://github.com/fastify/session) a session plugin for
   Fastify.
+- [`@fastify/sse`](https://github.com/fastify/sse) Plugin for Server-Sent Events
+  (SSE) support in Fastify.
 - [`@fastify/static`](https://github.com/fastify/fastify-static) Plugin for
   serving static files as fast as possible.
 - [`@fastify/swagger`](https://github.com/fastify/fastify-swagger) Plugin for
@@ -165,6 +167,9 @@ section.
   A simple way to add a crud in your fastify project.
 - [`@applicazza/fastify-nextjs`](https://github.com/applicazza/fastify-nextjs)
   Alternate Fastify and Next.js integration.
+- [`@attaryz/fastify-devtools`](https://github.com/attaryz/fastify-devtools)
+  Development tools plugin for Fastify with live request dashboard, replay
+  capabilities, and metrics tracking.
 - [`@blastorg/fastify-aws-dynamodb-cache`](https://github.com/blastorg/fastify-aws-dynamodb-cache)
   A plugin to help with caching API responses using AWS DynamoDB.
 - [`@clerk/fastify`](https://github.com/clerkinc/javascript/tree/main/packages/fastify)
@@ -177,13 +182,8 @@ section.
   close the server gracefully on `SIGINT` and `SIGTERM` signals.
 - [`@eropple/fastify-openapi3`](https://github.com/eropple/fastify-openapi3) Provides
   easy, developer-friendly OpenAPI 3.1 specs + doc explorer based on your routes.
-- [`@ethicdevs/fastify-custom-session`](https://github.com/EthicDevs/fastify-custom-session)
-  A plugin lets you use session and decide only where to load/save from/to. Has
-  great TypeScript support + built-in adapters for common ORMs/databases (Firebase,
-  Prisma Client, Postgres (wip), InMemory) and you can easily make your own adapter!
-- [`@ethicdevs/fastify-git-server`](https://github.com/EthicDevs/fastify-git-server)
-  A plugin to easily create git server and make one/many Git repositories available
-  for clone/fetch/push through the standard `git` (over http) commands.
+
+
 - [`@exortek/fastify-mongo-sanitize`](https://github.com/ExorTek/fastify-mongo-sanitize)
   A Fastify plugin that protects against No(n)SQL injection by sanitizing data.
 - [`@exortek/remix-fastify`](https://github.com/ExorTek/remix-fastify)
@@ -241,6 +241,9 @@ section.
   request IDs into your logs.
 - [`electron-server`](https://github.com/anonrig/electron-server) A plugin for
   using Fastify without the need of consuming a port on Electron apps.
+- [`elements-fastify`](https://github.com/rohitsoni007/elements-fastify) Fastify
+  Plugin for Stoplight Elements API Documentation using
+  openapi swagger json yml.
 - [`fast-water`](https://github.com/tswayne/fast-water) A Fastify plugin for
   waterline. Decorates Fastify with waterline models.
 - [`fastify-204`](https://github.com/Shiva127/fastify-204) Fastify plugin that
@@ -368,7 +371,7 @@ section.
 - [`fastify-feature-flags`](https://gitlab.com/m03geek/fastify-feature-flags)
   Fastify feature flags plugin with multiple providers support (e.g. env,
   [config](https://lorenwest.github.io/node-config/),
-  [unleash](https://unleash.github.io/)).
+  [unleash](https://github.com/Unleash/unleash)).
 - [`fastify-file-routes`](https://github.com/spa5k/fastify-file-routes) Get
   Next.js based file system routing into fastify.
 - [`fastify-file-upload`](https://github.com/huangang/fastify-file-upload)
@@ -519,10 +522,7 @@ middlewares into Fastify plugins
   Add `additionalProperties: false` by default to your JSON Schemas.
 - [`fastify-no-icon`](https://github.com/jsumners/fastify-no-icon) Plugin to
   eliminate thrown errors for `/favicon.ico` requests.
-- [`fastify-normalize-request-reply`](https://github.com/ericrglass/fastify-normalize-request-reply)
-  Plugin to normalize the request and reply to the Express version 4.x request
-  and response, which allows use of middleware, like swagger-stats, that was
-  originally written for Express.
+
 - [`fastify-now`](https://github.com/yonathan06/fastify-now) Structure your
   endpoints in a folder and load them dynamically with Fastify.
 - [`fastify-nuxtjs`](https://github.com/gomah/fastify-nuxtjs) Vue server-side
@@ -566,8 +566,8 @@ middlewares into Fastify plugins
   custom permission checks.
 - [`fastify-piscina`](https://github.com/piscinajs/fastify-piscina) A worker
   thread pool plugin using [Piscina](https://github.com/piscinajs/piscina).
-- [`fastify-polyglot`](https://github.com/beliven-it/fastify-polyglot) A plugin to
-  handle i18n using
+- [`fastify-polyglot`](https://github.com/beliven-it/fastify-polyglot) A plugin
+  to handle i18n using
   [node-polyglot](https://www.npmjs.com/package/node-polyglot).
 - [`fastify-postgraphile`](https://github.com/alemagio/fastify-postgraphile)
   Plugin to integrate [PostGraphile](https://www.graphile.org/postgraphile/) in
@@ -641,6 +641,8 @@ middlewares into Fastify plugins
 - [`fastify-server-session`](https://github.com/jsumners/fastify-server-session)
   A session plugin with support for arbitrary backing caches via
   `fastify-caching`.
+- [`fastify-ses-mailer`](https://github.com/KaranHotwani/fastify-ses-mailer) A
+  Fastify plugin for sending emails via AWS SES using AWS SDK v3.
 - [`fastify-shared-schema`](https://github.com/Adibla/fastify-shared-schema) Plugin
   for sharing schemas between different routes.
 - [`fastify-slonik`](https://github.com/Unbuttun/fastify-slonik) Fastify Slonik
@@ -682,7 +684,7 @@ middlewares into Fastify plugins
 - [`fastify-type-provider-effect-schema`](https://github.com/daotl/fastify-type-provider-effect-schema)
   Fastify
   [type provider](https://fastify.dev/docs/latest/Reference/Type-Providers/)
-  for [@effect/schema](https://github.com/effect-ts/schema).
+  for [@effect/schema](https://github.com/Effect-TS/effect).
 - [`fastify-type-provider-zod`](https://github.com/turkerdev/fastify-type-provider-zod)
   Fastify
   [type provider](https://fastify.dev/docs/latest/Reference/Type-Providers/)

package/docs/Guides/Fluent-Schema.md

@@ -122,5 +122,5 @@ const schema = { body: bodyJsonSchema }
 fastify.post('/the/url', { schema }, handler)
 ```
 
-NB You can mix up the `$ref-way` and the `replace-way` when using
-`fastify.addSchema`.
+> ℹ️ Note: You can mix up the `$ref-way` and the `replace-way`
+> when using `fastify.addSchema`.

package/docs/Guides/Migration-Guide-V4.md

@@ -109,7 +109,8 @@ argument from your router handler.
 ### `exposeHeadRoutes` true by default
 
 Starting with v4, every `GET` route will create a sibling `HEAD` route.
-You can revert this behavior by setting `exposeHeadRoutes: false` in the server options.
+You can revert this behavior by setting `exposeHeadRoutes: false` in the server
+options.
 
 ### Synchronous route definitions ([#2954](https://github.com/fastify/fastify/pull/2954))
 

package/docs/Guides/Migration-Guide-V5.md

@@ -545,6 +545,15 @@ for more information.
 This was already deprecated in v4 as `FSTDEP014`,
 so you should have already updated your code.
 
+### `time` and `date-time` formats enforce timezone
+
+The updated AJV compiler updates `ajv-formats` which now
+enforce the use of timezone in `time` and `date-time` format.
+A workaround is to use `iso-time` and `iso-date-time` formats
+which support an optional timezone for backwards compatibility.  
+See the
+[full discussion](https://github.com/fastify/fluent-json-schema/issues/267).
+
 ## New Features
 
 ### Diagnostic Channel support

package/docs/Guides/Serverless.md

@@ -303,10 +303,10 @@ const fastifyApp = async (request, reply) => {
 
 ### Add Custom `contentTypeParser` to Fastify instance and define endpoints
 
-Firebase Function's HTTP layer already parses the request
-and makes a JSON payload available. It also provides access
-to the raw body, unparsed, which is useful for calculating
-request signatures to validate HTTP webhooks.
+Firebase Function's HTTP layer already parses the request and makes a JSON
+payload available through the property `payload.body` below. It also provides
+access to the raw body, unparsed, which is useful for calculating request
+signatures to validate HTTP webhooks.
 
 Add as follows to the `registerRoutes()` function:
 
@@ -332,6 +332,24 @@ async function registerRoutes (fastify) {
 }
 ```
 
+**Failing to add this `ContentTypeParser` may lead to the Fastify process
+remaining stuck and not processing any other requests after receiving one with
+the Content-Type `application/json`.**
+
+When using Typescript, since the type of `payload` is a native `IncomingMessage`
+that gets modified by Firebase, it won't be able to find the property
+`payload.body`.
+
+In order to suppress the error, you can use the following signature:
+
+```ts
+declare module 'http' {
+	interface IncomingMessage {
+		body?: unknown;
+	}
+}
+```
+
 ### Export the function using Firebase onRequest
 
 Final step is to export the Fastify app instance to Firebase's own
@@ -577,10 +595,10 @@ server-like concurrency with the autoscaling properties of traditional
 serverless functions.
 
 Get started with the
-[Fastify Node.js template on Vercel](
-https://vercel.com/templates/other/fastify-serverless-function).
+[Fastify template on Vercel](
+https://vercel.com/templates/backend/fastify-on-vercel).
 
 [Fluid compute](https://vercel.com/docs/functions/fluid-compute) currently
 requires an explicit opt-in. Learn more about enabling Fluid compute
 [here](
-https://vercel.com/docs/functions/fluid-compute#how-to-enable-fluid-compute).
+https://vercel.com/docs/functions/fluid-compute#how-to-enable-fluid-compute).

package/docs/Guides/Testing.md

@@ -353,8 +353,8 @@ Now you should be able to step through your test file (and the rest of
 
 
 ## Plugins
-Let's `cd` into a fresh directory called 'testing-plugin-example' and type `npm init
--y` in our terminal.
+Let's `cd` into a fresh directory called 'testing-plugin-example' and type
+`npm init -y` in our terminal.
 
 Run `npm i fastify fastify-plugin`
 

package/docs/Reference/Decorators.md

@@ -369,7 +369,8 @@ console.log(fastify.foo) // 'a getter'
 #### `getDecorator(name)`
 <a id="get-decorator"></a>
 
-Used to retrieve an existing decorator from the Fastify instance, `Request`, or `Reply`.
+Used to retrieve an existing decorator from the Fastify instance, `Request`,
+or `Reply`.
 If the decorator is not defined, an `FST_ERR_DEC_UNDECLARED` error is thrown.
 
 ```js
@@ -399,7 +400,7 @@ fastify.register(async function (fastify) {
 ```
 
 > ℹ️ Note: For TypeScript users, `getDecorator` supports generic type parameters.
-> See the [TypeScript documentation](/docs/latest/Reference/TypeScript/) for
+> See the [TypeScript documentation](/docs/Reference/TypeScript.md) for
 > advanced typing examples.
 
 #### `setDecorator(name, value)`
@@ -429,5 +430,5 @@ fastify.addHook('preHandler', async (req, reply) => {
 ```
 
 > ℹ️ Note: For TypeScript users, see the
-> [TypeScript documentation](/docs/latest/Reference/TypeScript/) for advanced
+> [TypeScript documentation](/docs/Reference/TypeScript.md) for advanced
 > typing examples using `setDecorator<T>`.

package/docs/Reference/Encapsulation.md

@@ -27,7 +27,11 @@ registered within its _grandchild context_.
 
 Given that everything in Fastify is a [plugin](./Plugins.md) except for the
 _root context_, every "context" and "plugin" in this example is a plugin
-that can consist of decorators, hooks, plugins, and routes. To put this
+that can consist of decorators, hooks, plugins, and routes. As plugins, they
+must still signal completion either by returning a Promise (e.g., using `async`
+functions) or by calling the `done` function if using the callback style.
+
+To put this
 example into concrete terms, consider a basic scenario of a REST API server
 with three routes: the first route (`/one`) requires authentication, the
 second route (`/two`) does not, and the third route (`/three`) has access to

package/docs/Reference/Logging.md

@@ -107,6 +107,10 @@ value is used; otherwise, a new incremental ID is generated. See Fastify Factory
 [`requestIdHeader`](./Server.md#factory-request-id-header) and Fastify Factory
 [`genReqId`](./Server.md#genreqid) for customization options.
 
+> ⚠ Warning: enabling `requestIdHeader` allows any callers to set `reqId` to a
+> value of their choosing.
+> No validation is performed on `requestIdHeader`.
+
 #### Serializers
 The default logger uses standard serializers for objects with `req`, `res`, and
 `err` properties. The `req` object is the Fastify [`Request`](./Request.md)

package/docs/Reference/Plugins.md

@@ -79,8 +79,8 @@ the Fastify instance by a preceding plugin, such as utilizing an existing databa
 connection.
 
 Keep in mind that the Fastify instance passed to the function is the same as the
-one passed into the plugin, a copy of the external Fastify instance rather than a
-reference. Any usage of the instance will behave the same as it would if called
+one passed into the plugin, a copy of the external Fastify instance rather than
+a reference. Any usage of the instance will behave the same as it would if called
 within the plugin's function. For example, if `decorate` is called, the decorated
 variables will be available within the plugin's function unless it was wrapped
 with [`fastify-plugin`](https://github.com/fastify/fastify-plugin).
@@ -171,18 +171,27 @@ export default plugin
 <a id="create-plugin"></a>
 
 Creating a plugin is easy. Create a function that takes three parameters: the
-`fastify` instance, an `options` object, and the `done` callback.
+`fastify` instance, an `options` object, and the `done` callback. Alternatively,
+use an `async` function and omit the `done` callback.
 
 Example:
 ```js
-module.exports = function (fastify, opts, done) {
+module.exports = function callbackPlugin (fastify, opts, done) {
   fastify.decorate('utility', function () {})
 
   fastify.get('/', handler)
 
   done()
 }
+
+// Or using async
+module.exports = async function asyncPlugin (fastify, opts) {
+  fastify.decorate('utility', function () {})
+
+  fastify.get('/', handler)
+}
 ```
+
 `register` can also be used inside another `register`:
 ```js
 module.exports = function (fastify, opts, done) {

package/docs/Reference/Principles.md

@@ -64,8 +64,8 @@ frameworks do this; Fastify does not.
 
 ## Semantic Versioning and Long Term Support
 
-A clear [Long Term Support strategy is provided](./LTS.md) to inform developers when
-to upgrade.
+A clear [Long Term Support strategy is provided](./LTS.md) to inform developers
+when to upgrade.
 
 ## Specification adherence
 

package/docs/Reference/Reply.md

@@ -70,8 +70,9 @@ since the request was received by Fastify.
 - `.serialize(payload)` - Serializes the specified payload using the default
   JSON serializer or using the custom serializer (if one is set) and returns the
   serialized payload.
-- `.getSerializationFunction(schema | httpStatus, [contentType])` - Returns the serialization
-  function for the specified schema or http status, if any of either are set.
+- `.getSerializationFunction(schema | httpStatus, [contentType])` - Returns the
+  serialization function for the specified schema or http status, if any of
+  either are set.
 - `.compileSerializationSchema(schema, [httpStatus], [contentType])` - Compiles
   the specified schema and returns a serialization function using the default
   (or customized) `SerializerCompiler`. The optional `httpStatus` is forwarded
@@ -688,6 +689,9 @@ If you are sending a stream and you have not set a `'Content-Type'` header,
 As noted above, streams are considered to be pre-serialized, so they will be
 sent unmodified without response validation.
 
+See special note about error handling for streams in
+[`setErrorHandler`](./Server.md#seterrorhandler).
+
 ```js
 const fs = require('node:fs')