fastify 5.6.2 → 5.7.0

package/.claude/settings.local.json

@@ -0,0 +1,11 @@
+{
+  "permissions": {
+    "allow": [
+      "WebFetch(domain:github.com)",
+      "Bash(curl -sI https://github.com/nucleode/arecibo)",
+      "Bash(curl:*)"
+    ],
+    "deny": [],
+    "ask": []
+  }
+}

package/README.md

@@ -260,7 +260,8 @@ application. You should __always__ benchmark if performance matters to you.
 Please visit [Fastify help](https://github.com/fastify/help) to view prior
 support issues and to ask new support questions.
 
-Version 3 of Fastify and lower are EOL and will not receive any security or bug fixes.
+Version 3 of Fastify and lower are EOL and will not receive any security or bug
+fixes.
 
 Fastify's partner, HeroDevs, provides commercial security fixes for all
 unsupported versions at [https://herodevs.com/support/fastify-nes][hd-link].
@@ -280,70 +281,70 @@ listed in alphabetical order.
 
 **Lead Maintainers:**
 * [__Matteo Collina__](https://github.com/mcollina),
-  <https://twitter.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
+  <https://x.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
 * [__Tomas Della Vedova__](https://github.com/delvedor),
-  <https://twitter.com/delvedor>, <https://www.npmjs.com/~delvedor>
+  <https://x.com/delvedor>, <https://www.npmjs.com/~delvedor>
 * [__KaKa Ng__](https://github.com/climba03003),
   <https://www.npmjs.com/~climba03003>
 * [__Manuel Spigolon__](https://github.com/eomm),
-  <https://twitter.com/manueomm>, <https://www.npmjs.com/~eomm>
+  <https://x.com/manueomm>, <https://www.npmjs.com/~eomm>
 * [__James Sumners__](https://github.com/jsumners),
-  <https://twitter.com/jsumners79>, <https://www.npmjs.com/~jsumners>
+  <https://x.com/jsumners79>, <https://www.npmjs.com/~jsumners>
 
 ### Fastify Core team
 * [__Aras Abbasi__](https://github.com/uzlopak),
   <https://www.npmjs.com/~uzlopak>
 * [__Harry Brundage__](https://github.com/airhorns/),
-  <https://twitter.com/harrybrundage>, <https://www.npmjs.com/~airhorns>
+  <https://x.com/harrybrundage>, <https://www.npmjs.com/~airhorns>
 * [__Matteo Collina__](https://github.com/mcollina),
-  <https://twitter.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
+  <https://x.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
 * [__Gürgün Dayıoğlu__](https://github.com/gurgunday),
   <https://www.npmjs.com/~gurgunday>
 * [__Tomas Della Vedova__](https://github.com/delvedor),
-  <https://twitter.com/delvedor>, <https://www.npmjs.com/~delvedor>
+  <https://x.com/delvedor>, <https://www.npmjs.com/~delvedor>
 * [__Carlos Fuentes__](https://github.com/metcoder95),
-  <https://twitter.com/metcoder95>, <https://www.npmjs.com/~metcoder95>
+  <https://x.com/metcoder95>, <https://www.npmjs.com/~metcoder95>
 * [__Vincent Le Goff__](https://github.com/zekth)
 * [__Luciano Mammino__](https://github.com/lmammino),
-  <https://twitter.com/loige>, <https://www.npmjs.com/~lmammino>
+  <https://x.com/loige>, <https://www.npmjs.com/~lmammino>
 * [__Jean Michelet__](https://github.com/jean-michelet),
   <https://www.npmjs.com/~jean-michelet>
 * [__KaKa Ng__](https://github.com/climba03003),
   <https://www.npmjs.com/~climba03003>
 * [__Luis Orbaiceta__](https://github.com/luisorbaiceta),
-  <https://twitter.com/luisorbai>, <https://www.npmjs.com/~luisorbaiceta>
+  <https://x.com/luisorbai>, <https://www.npmjs.com/~luisorbaiceta>
 * [__Maksim Sinik__](https://github.com/fox1t),
-  <https://twitter.com/maksimsinik>, <https://www.npmjs.com/~fox1t>
+  <https://x.com/maksimsinik>, <https://www.npmjs.com/~fox1t>
 * [__Manuel Spigolon__](https://github.com/eomm),
-  <https://twitter.com/manueomm>, <https://www.npmjs.com/~eomm>
+  <https://x.com/manueomm>, <https://www.npmjs.com/~eomm>
 * [__James Sumners__](https://github.com/jsumners),
-  <https://twitter.com/jsumners79>, <https://www.npmjs.com/~jsumners>
+  <https://x.com/jsumners79>, <https://www.npmjs.com/~jsumners>
 
 ### Fastify Plugins team
 * [__Harry Brundage__](https://github.com/airhorns/),
-  <https://twitter.com/harrybrundage>, <https://www.npmjs.com/~airhorns>
+  <https://x.com/harrybrundage>, <https://www.npmjs.com/~airhorns>
 * [__Simone Busoli__](https://github.com/simoneb),
-  <https://twitter.com/simonebu>, <https://www.npmjs.com/~simoneb>
+  <https://x.com/simonebu>, <https://www.npmjs.com/~simoneb>
 * [__Dan Castillo__](https://github.com/dancastillo),
   <https://www.npmjs.com/~dancastillo>
 * [__Matteo Collina__](https://github.com/mcollina),
-  <https://twitter.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
+  <https://x.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
 * [__Gürgün Dayıoğlu__](https://github.com/gurgunday),
   <https://www.npmjs.com/~gurgunday>
 * [__Tomas Della Vedova__](https://github.com/delvedor),
-  <https://twitter.com/delvedor>, <https://www.npmjs.com/~delvedor>
+  <https://x.com/delvedor>, <https://www.npmjs.com/~delvedor>
 * [__Carlos Fuentes__](https://github.com/metcoder95),
-  <https://twitter.com/metcoder95>, <https://www.npmjs.com/~metcoder95>
+  <https://x.com/metcoder95>, <https://www.npmjs.com/~metcoder95>
 * [__Vincent Le Goff__](https://github.com/zekth)
 * [__Jean Michelet__](https://github.com/jean-michelet),
   <https://www.npmjs.com/~jean-michelet>
 * [__KaKa Ng__](https://github.com/climba03003),
   <https://www.npmjs.com/~climba03003>
 * [__Maksim Sinik__](https://github.com/fox1t),
-  <https://twitter.com/maksimsinik>, <https://www.npmjs.com/~fox1t>
+  <https://x.com/maksimsinik>, <https://www.npmjs.com/~fox1t>
 * [__Frazer Smith__](https://github.com/Fdawgs), <https://www.npmjs.com/~fdawgs>
 * [__Manuel Spigolon__](https://github.com/eomm),
-  <https://twitter.com/manueomm>, <https://www.npmjs.com/~eomm>
+  <https://x.com/manueomm>, <https://www.npmjs.com/~eomm>
 
 ### Emeritus Contributors
 Great contributors to a specific area of the Fastify ecosystem will be invited
@@ -351,32 +352,32 @@ to join this group by Lead Maintainers when they decide to step down from the
 active contributor's group.
 
 * [__Tommaso Allevi__](https://github.com/allevo),
-  <https://twitter.com/allevitommaso>, <https://www.npmjs.com/~allevo>
+  <https://x.com/allevitommaso>, <https://www.npmjs.com/~allevo>
 * [__Ethan Arrowood__](https://github.com/Ethan-Arrowood/),
-  <https://twitter.com/arrowoodtech>, <https://www.npmjs.com/~ethan_arrowood>
+  <https://x.com/arrowoodtech>, <https://www.npmjs.com/~ethan_arrowood>
 * [__Çağatay Çalı__](https://github.com/cagataycali),
-  <https://twitter.com/cagataycali>, <https://www.npmjs.com/~cagataycali>
+  <https://x.com/cagataycali>, <https://www.npmjs.com/~cagataycali>
 * [__David Mark Clements__](https://github.com/davidmarkclements),
-  <https://twitter.com/davidmarkclem>,
+  <https://x.com/davidmarkclem>,
   <https://www.npmjs.com/~davidmarkclements>
-* [__dalisoft__](https://github.com/dalisoft), <https://twitter.com/dalisoft>,
+* [__dalisoft__](https://github.com/dalisoft), <https://x.com/dalisoft>,
   <https://www.npmjs.com/~dalisoft>
 * [__Dustin Deus__](https://github.com/StarpTech),
-  <https://twitter.com/dustindeus>, <https://www.npmjs.com/~starptech>
+  <https://x.com/dustindeus>, <https://www.npmjs.com/~starptech>
 * [__Denis Fäcke__](https://github.com/SerayaEryn),
-  <https://twitter.com/serayaeryn>, <https://www.npmjs.com/~serayaeryn>
+  <https://x.com/serayaeryn>, <https://www.npmjs.com/~serayaeryn>
 * [__Rafael Gonzaga__](https://github.com/rafaelgss),
-  <https://twitter.com/_rafaelgss>, <https://www.npmjs.com/~rafaelgss>
+  <https://x.com/_rafaelgss>, <https://www.npmjs.com/~rafaelgss>
 * [__Trivikram Kamat__](https://github.com/trivikr),
-  <https://twitter.com/trivikram>, <https://www.npmjs.com/~trivikr>
+  <https://x.com/trivikram>, <https://www.npmjs.com/~trivikr>
 * [__Ayoub El Khattabi__](https://github.com/AyoubElk),
-  <https://twitter.com/ayoubelkh>, <https://www.npmjs.com/~ayoubelk>
+  <https://x.com/ayoubelkh>, <https://www.npmjs.com/~ayoubelk>
 * [__Cemre Mengu__](https://github.com/cemremengu),
-  <https://twitter.com/cemremengu>, <https://www.npmjs.com/~cemremengu>
+  <https://x.com/cemremengu>, <https://www.npmjs.com/~cemremengu>
 * [__Salman Mitha__](https://github.com/salmanm),
   <https://www.npmjs.com/~salmanm>
 * [__Nathan Woltman__](https://github.com/nwoltman),
-  <https://twitter.com/NathanWoltman>, <https://www.npmjs.com/~nwoltman>
+  <https://x.com/NathanWoltman>, <https://www.npmjs.com/~nwoltman>
 
 ## Hosted by
 

package/SECURITY.md

@@ -3,6 +3,46 @@
 This document describes the management of vulnerabilities for the Fastify
 project and its official plugins.
 
+## Threat Model
+
+Fastify's threat model extends the
+[Node.js threat model](https://github.com/nodejs/node/blob/main/SECURITY.md#the-nodejs-threat-model).
+
+**Trusted:** Application code (plugins, handlers, hooks, schemas), configuration,
+and the runtime environment.
+
+**Untrusted:** All network input (HTTP headers, body, query strings, URL
+parameters).
+
+### Examples of Vulnerabilities
+
+- Parsing flaws that bypass validation or security controls
+- DoS through malformed input to Fastify's core
+- Bypasses of built-in protections (prototype poisoning, schema validation)
+
+### Examples of Non-Vulnerabilities
+
+The following are **not** considered vulnerabilities in Fastify:
+
+- **Application code vulnerabilities**: XSS, SQL injection, or other flaws in
+user-written route handlers, hooks, or plugins
+- **Malicious application code**: Issues caused by intentionally malicious
+plugins or handlers (application code is trusted)
+- **Validation schema issues**: Weak or incorrect schemas provided by developers
+(schemas are trusted)
+- **ReDoS in user patterns**: Regular expression DoS in user-provided regex
+patterns for routes or validation
+- **Missing security features**: Lack of rate limiting, authentication, or
+authorization (these are application-level concerns)
+- **Configuration mistakes**: Security issues arising from developer
+misconfiguration (configuration is trusted)
+- **Third-party dependencies**: Vulnerabilities in npm packages used by the
+application (not Fastify core dependencies)
+- **Resource exhaustion from handlers**: DoS caused by expensive operations in
+user route handlers
+- **Information disclosure by design**: Exposing error details or stack traces
+explicitly enabled via configuration options
+
 ## Reporting vulnerabilities
 
 Individuals who find potential vulnerabilities in Fastify are invited to
@@ -137,13 +177,13 @@ work as a member of the Fastify Core team.
 ### Members
 
 * [__Matteo Collina__](https://github.com/mcollina),
-  <https://twitter.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
+  <https://x.com/matteocollina>, <https://www.npmjs.com/~matteo.collina>
 * [__Tomas Della Vedova__](https://github.com/delvedor),
-  <https://twitter.com/delvedor>, <https://www.npmjs.com/~delvedor>
+  <https://x.com/delvedor>, <https://www.npmjs.com/~delvedor>
 * [__Vincent Le Goff__](https://github.com/zekth)
 * [__KaKa Ng__](https://github.com/climba03003)
 * [__James Sumners__](https://github.com/jsumners),
-  <https://twitter.com/jsumners79>, <https://www.npmjs.com/~jsumners>
+  <https://x.com/jsumners79>, <https://www.npmjs.com/~jsumners>
 
 ## OpenSSF CII Best Practices
 
@@ -155,11 +195,9 @@ There are three “tiers”: passing, silver, and gold.
 We meet 100% of the “passing” criteria.
 
 ### Silver
-We meet 87% of the “silver” criteria. The gaps are as follows:
+We meet 87% of the "silver" criteria. The gaps are as follows:
   - we do not have a DCO or a CLA process for contributions.
-  - we do not currently document
-    “what the user can and cannot expect in terms of security” for our project.
-  - we do not currently document ”the architecture (aka high-level design)”
+  - we do not currently document "the architecture (aka high-level design)"
     for our project.
 
 ### Gold

package/SPONSORS.md

@@ -9,7 +9,7 @@ or [GitHub Sponsors](https://github.com/sponsors/fastify)!
 
 ## Tier 4
 
-_Be the first!_
+- [SerpApi](http://serpapi.com/)
 
 ## Tier 3
 

package/build/build-validation.js

@@ -98,7 +98,6 @@ const schema = {
     ignoreTrailingSlash: { type: 'boolean', default: defaultInitOptions.ignoreTrailingSlash },
     ignoreDuplicateSlashes: { type: 'boolean', default: defaultInitOptions.ignoreDuplicateSlashes },
     disableRequestLogging: {
-      type: 'boolean',
       default: false
     },
     maxParamLength: { type: 'integer', default: defaultInitOptions.maxParamLength },
@@ -112,7 +111,7 @@ const schema = {
     useSemicolonDelimiter: { type: 'boolean', default: defaultInitOptions.useSemicolonDelimiter },
     routerOptions: {
       type: 'object',
-      additionalProperties: false,
+      additionalProperties: true,
       properties: {
         ignoreTrailingSlash: { type: 'boolean', default: defaultInitOptions.routerOptions.ignoreTrailingSlash },
         ignoreDuplicateSlashes: { type: 'boolean', default: defaultInitOptions.routerOptions.ignoreDuplicateSlashes },

package/build/sync-version.js

@@ -9,4 +9,3 @@ const { version } = JSON.parse(fs.readFileSync(path.join(__dirname, '..', 'packa
 const fastifyJs = path.join(__dirname, '..', 'fastify.js')
 
 fs.writeFileSync(fastifyJs, fs.readFileSync(fastifyJs).toString('utf8').replace(/const\s*VERSION\s*=.*/, `const VERSION = '${version}'`))
-console.log(`Synchronized fastify.js VERSION to ${version}`)

package/docs/Guides/Detecting-When-Clients-Abort.md

@@ -81,7 +81,7 @@ start()
 Our code is setting up a Fastify server which includes the following
 functionality:
 
-- Accepting requests at http://localhost:3000, with a 3 second delayed response
+- Accepting requests at `http://localhost:3000`, with a 3 second delayed response
 of `{ ok: true }`.
 - An onRequest hook that triggers when every request is received.
 - Logic that triggers in the hook when the request is closed.

package/docs/Guides/Ecosystem.md

@@ -182,13 +182,8 @@ section.
   close the server gracefully on `SIGINT` and `SIGTERM` signals.
 - [`@eropple/fastify-openapi3`](https://github.com/eropple/fastify-openapi3) Provides
   easy, developer-friendly OpenAPI 3.1 specs + doc explorer based on your routes.
-- [`@ethicdevs/fastify-custom-session`](https://github.com/EthicDevs/fastify-custom-session)
-  A plugin lets you use session and decide only where to load/save from/to. Has
-  great TypeScript support + built-in adapters for common ORMs/databases (Firebase,
-  Prisma Client, Postgres (wip), InMemory) and you can easily make your own adapter!
-- [`@ethicdevs/fastify-git-server`](https://github.com/EthicDevs/fastify-git-server)
-  A plugin to easily create git server and make one/many Git repositories available
-  for clone/fetch/push through the standard `git` (over http) commands.
+
+
 - [`@exortek/fastify-mongo-sanitize`](https://github.com/ExorTek/fastify-mongo-sanitize)
   A Fastify plugin that protects against No(n)SQL injection by sanitizing data.
 - [`@exortek/remix-fastify`](https://github.com/ExorTek/remix-fastify)
@@ -246,6 +241,9 @@ section.
   request IDs into your logs.
 - [`electron-server`](https://github.com/anonrig/electron-server) A plugin for
   using Fastify without the need of consuming a port on Electron apps.
+- [`elements-fastify`](https://github.com/rohitsoni007/elements-fastify) Fastify
+  Plugin for Stoplight Elements API Documentation using
+  openapi swagger json yml.
 - [`fast-water`](https://github.com/tswayne/fast-water) A Fastify plugin for
   waterline. Decorates Fastify with waterline models.
 - [`fastify-204`](https://github.com/Shiva127/fastify-204) Fastify plugin that
@@ -373,7 +371,7 @@ section.
 - [`fastify-feature-flags`](https://gitlab.com/m03geek/fastify-feature-flags)
   Fastify feature flags plugin with multiple providers support (e.g. env,
   [config](https://lorenwest.github.io/node-config/),
-  [unleash](https://unleash.github.io/)).
+  [unleash](https://github.com/Unleash/unleash)).
 - [`fastify-file-routes`](https://github.com/spa5k/fastify-file-routes) Get
   Next.js based file system routing into fastify.
 - [`fastify-file-upload`](https://github.com/huangang/fastify-file-upload)
@@ -524,10 +522,7 @@ middlewares into Fastify plugins
   Add `additionalProperties: false` by default to your JSON Schemas.
 - [`fastify-no-icon`](https://github.com/jsumners/fastify-no-icon) Plugin to
   eliminate thrown errors for `/favicon.ico` requests.
-- [`fastify-normalize-request-reply`](https://github.com/ericrglass/fastify-normalize-request-reply)
-  Plugin to normalize the request and reply to the Express version 4.x request
-  and response, which allows use of middleware, like swagger-stats, that was
-  originally written for Express.
+
 - [`fastify-now`](https://github.com/yonathan06/fastify-now) Structure your
   endpoints in a folder and load them dynamically with Fastify.
 - [`fastify-nuxtjs`](https://github.com/gomah/fastify-nuxtjs) Vue server-side
@@ -571,8 +566,8 @@ middlewares into Fastify plugins
   custom permission checks.
 - [`fastify-piscina`](https://github.com/piscinajs/fastify-piscina) A worker
   thread pool plugin using [Piscina](https://github.com/piscinajs/piscina).
-- [`fastify-polyglot`](https://github.com/beliven-it/fastify-polyglot) A plugin to
-  handle i18n using
+- [`fastify-polyglot`](https://github.com/beliven-it/fastify-polyglot) A plugin
+  to handle i18n using
   [node-polyglot](https://www.npmjs.com/package/node-polyglot).
 - [`fastify-postgraphile`](https://github.com/alemagio/fastify-postgraphile)
   Plugin to integrate [PostGraphile](https://www.graphile.org/postgraphile/) in
@@ -646,6 +641,8 @@ middlewares into Fastify plugins
 - [`fastify-server-session`](https://github.com/jsumners/fastify-server-session)
   A session plugin with support for arbitrary backing caches via
   `fastify-caching`.
+- [`fastify-ses-mailer`](https://github.com/KaranHotwani/fastify-ses-mailer) A
+  Fastify plugin for sending emails via AWS SES using AWS SDK v3.
 - [`fastify-shared-schema`](https://github.com/Adibla/fastify-shared-schema) Plugin
   for sharing schemas between different routes.
 - [`fastify-slonik`](https://github.com/Unbuttun/fastify-slonik) Fastify Slonik
@@ -687,7 +684,7 @@ middlewares into Fastify plugins
 - [`fastify-type-provider-effect-schema`](https://github.com/daotl/fastify-type-provider-effect-schema)
   Fastify
   [type provider](https://fastify.dev/docs/latest/Reference/Type-Providers/)
-  for [@effect/schema](https://github.com/effect-ts/schema).
+  for [@effect/schema](https://github.com/Effect-TS/effect).
 - [`fastify-type-provider-zod`](https://github.com/turkerdev/fastify-type-provider-zod)
   Fastify
   [type provider](https://fastify.dev/docs/latest/Reference/Type-Providers/)

package/docs/Guides/Migration-Guide-V4.md

@@ -109,7 +109,8 @@ argument from your router handler.
 ### `exposeHeadRoutes` true by default
 
 Starting with v4, every `GET` route will create a sibling `HEAD` route.
-You can revert this behavior by setting `exposeHeadRoutes: false` in the server options.
+You can revert this behavior by setting `exposeHeadRoutes: false` in the server
+options.
 
 ### Synchronous route definitions ([#2954](https://github.com/fastify/fastify/pull/2954))
 

package/docs/Guides/Migration-Guide-V5.md

@@ -545,6 +545,15 @@ for more information.
 This was already deprecated in v4 as `FSTDEP014`,
 so you should have already updated your code.
 
+### `time` and `date-time` formats enforce timezone
+
+The updated AJV compiler updates `ajv-formats` which now
+enforce the use of timezone in `time` and `date-time` format.
+A workaround is to use `iso-time` and `iso-date-time` formats
+which support an optional timezone for backwards compatibility.  
+See the
+[full discussion](https://github.com/fastify/fluent-json-schema/issues/267).
+
 ## New Features
 
 ### Diagnostic Channel support

package/docs/Guides/Serverless.md

@@ -303,10 +303,10 @@ const fastifyApp = async (request, reply) => {
 
 ### Add Custom `contentTypeParser` to Fastify instance and define endpoints
 
-Firebase Function's HTTP layer already parses the request
-and makes a JSON payload available. It also provides access
-to the raw body, unparsed, which is useful for calculating
-request signatures to validate HTTP webhooks.
+Firebase Function's HTTP layer already parses the request and makes a JSON
+payload available through the property `payload.body` below. It also provides
+access to the raw body, unparsed, which is useful for calculating request
+signatures to validate HTTP webhooks.
 
 Add as follows to the `registerRoutes()` function:
 
@@ -332,6 +332,24 @@ async function registerRoutes (fastify) {
 }
 ```
 
+**Failing to add this `ContentTypeParser` may lead to the Fastify process
+remaining stuck and not processing any other requests after receiving one with
+the Content-Type `application/json`.**
+
+When using Typescript, since the type of `payload` is a native `IncomingMessage`
+that gets modified by Firebase, it won't be able to find the property
+`payload.body`.
+
+In order to suppress the error, you can use the following signature:
+
+```ts
+declare module 'http' {
+	interface IncomingMessage {
+		body?: unknown;
+	}
+}
+```
+
 ### Export the function using Firebase onRequest
 
 Final step is to export the Fastify app instance to Firebase's own
@@ -577,10 +595,10 @@ server-like concurrency with the autoscaling properties of traditional
 serverless functions.
 
 Get started with the
-[Fastify Node.js template on Vercel](
-https://vercel.com/templates/other/fastify-serverless-function).
+[Fastify template on Vercel](
+https://vercel.com/templates/backend/fastify-on-vercel).
 
 [Fluid compute](https://vercel.com/docs/functions/fluid-compute) currently
 requires an explicit opt-in. Learn more about enabling Fluid compute
 [here](
-https://vercel.com/docs/functions/fluid-compute#how-to-enable-fluid-compute).
+https://vercel.com/docs/functions/fluid-compute#how-to-enable-fluid-compute).

package/docs/Guides/Testing.md

@@ -353,8 +353,8 @@ Now you should be able to step through your test file (and the rest of
 
 
 ## Plugins
-Let's `cd` into a fresh directory called 'testing-plugin-example' and type `npm init
--y` in our terminal.
+Let's `cd` into a fresh directory called 'testing-plugin-example' and type
+`npm init -y` in our terminal.
 
 Run `npm i fastify fastify-plugin`
 

package/docs/Reference/Decorators.md

@@ -369,7 +369,8 @@ console.log(fastify.foo) // 'a getter'
 #### `getDecorator(name)`
 <a id="get-decorator"></a>
 
-Used to retrieve an existing decorator from the Fastify instance, `Request`, or `Reply`.
+Used to retrieve an existing decorator from the Fastify instance, `Request`,
+or `Reply`.
 If the decorator is not defined, an `FST_ERR_DEC_UNDECLARED` error is thrown.
 
 ```js
@@ -399,7 +400,7 @@ fastify.register(async function (fastify) {
 ```
 
 > ℹ️ Note: For TypeScript users, `getDecorator` supports generic type parameters.
-> See the [TypeScript documentation](/docs/latest/Reference/TypeScript/) for
+> See the [TypeScript documentation](/docs/Reference/TypeScript.md) for
 > advanced typing examples.
 
 #### `setDecorator(name, value)`
@@ -429,5 +430,5 @@ fastify.addHook('preHandler', async (req, reply) => {
 ```
 
 > ℹ️ Note: For TypeScript users, see the
-> [TypeScript documentation](/docs/latest/Reference/TypeScript/) for advanced
+> [TypeScript documentation](/docs/Reference/TypeScript.md) for advanced
 > typing examples using `setDecorator<T>`.

package/docs/Reference/Encapsulation.md

@@ -28,8 +28,8 @@ registered within its _grandchild context_.
 Given that everything in Fastify is a [plugin](./Plugins.md) except for the
 _root context_, every "context" and "plugin" in this example is a plugin
 that can consist of decorators, hooks, plugins, and routes. As plugins, they
-must still signal completion either by returning a Promise (e.g., using `async` functions)
-or by calling the `done` function if using the callback style.
+must still signal completion either by returning a Promise (e.g., using `async`
+functions) or by calling the `done` function if using the callback style.
 
 To put this
 example into concrete terms, consider a basic scenario of a REST API server

package/docs/Reference/Logging.md

@@ -107,6 +107,10 @@ value is used; otherwise, a new incremental ID is generated. See Fastify Factory
 [`requestIdHeader`](./Server.md#factory-request-id-header) and Fastify Factory
 [`genReqId`](./Server.md#genreqid) for customization options.
 
+> ⚠ Warning: enabling `requestIdHeader` allows any callers to set `reqId` to a
+> value of their choosing.
+> No validation is performed on `requestIdHeader`.
+
 #### Serializers
 The default logger uses standard serializers for objects with `req`, `res`, and
 `err` properties. The `req` object is the Fastify [`Request`](./Request.md)

package/docs/Reference/Plugins.md

@@ -79,8 +79,8 @@ the Fastify instance by a preceding plugin, such as utilizing an existing databa
 connection.
 
 Keep in mind that the Fastify instance passed to the function is the same as the
-one passed into the plugin, a copy of the external Fastify instance rather than a
-reference. Any usage of the instance will behave the same as it would if called
+one passed into the plugin, a copy of the external Fastify instance rather than
+a reference. Any usage of the instance will behave the same as it would if called
 within the plugin's function. For example, if `decorate` is called, the decorated
 variables will be available within the plugin's function unless it was wrapped
 with [`fastify-plugin`](https://github.com/fastify/fastify-plugin).

package/docs/Reference/Principles.md

@@ -64,8 +64,8 @@ frameworks do this; Fastify does not.
 
 ## Semantic Versioning and Long Term Support
 
-A clear [Long Term Support strategy is provided](./LTS.md) to inform developers when
-to upgrade.
+A clear [Long Term Support strategy is provided](./LTS.md) to inform developers
+when to upgrade.
 
 ## Specification adherence
 

package/docs/Reference/Reply.md

@@ -70,8 +70,9 @@ since the request was received by Fastify.
 - `.serialize(payload)` - Serializes the specified payload using the default
   JSON serializer or using the custom serializer (if one is set) and returns the
   serialized payload.
-- `.getSerializationFunction(schema | httpStatus, [contentType])` - Returns the serialization
-  function for the specified schema or http status, if any of either are set.
+- `.getSerializationFunction(schema | httpStatus, [contentType])` - Returns the
+  serialization function for the specified schema or http status, if any of
+  either are set.
 - `.compileSerializationSchema(schema, [httpStatus], [contentType])` - Compiles
   the specified schema and returns a serialization function using the default
   (or customized) `SerializerCompiler`. The optional `httpStatus` is forwarded

package/docs/Reference/Server.md

@@ -317,7 +317,7 @@ Pino interface by having the following methods: `info`, `error`, `debug`,
     },
   };
 
-  const fastify = require('fastify')({logger: customLogger});
+  const fastify = require('fastify')({ loggerInstance: customLogger });
   ```
 
 ### `disableRequestLogging`
@@ -331,6 +331,20 @@ been sent. By setting this option to `true`, these log messages will be
 disabled. This allows for more flexible request start and end logging by
 attaching custom `onRequest` and `onResponse` hooks.
 
+This option can also be a function that receives the Fastify request object
+and returns a boolean. This allows for conditional request logging based on the
+request properties (e.g., URL, headers, decorations).
+
+```js
+const fastify = require('fastify')({
+  logger: true,
+  disableRequestLogging: (request) => {
+    // Disable logging for health check endpoints
+    return request.url === '/health' || request.url === '/ready'
+  }
+})
+```
+
 The other log entries that will be disabled are:
 - an error log written by the default `onResponse` hook on reply callback errors
 - the error and info logs written by the `defaultErrorHandler`
@@ -413,6 +427,10 @@ const fastify = require('fastify')({
 })
 ```
 
+> ⚠ Warning: enabling this allows any callers to set `reqId` to a
+> value of their choosing.
+> No validation is performed on `requestIdHeader`.
+
 ### `requestIdLogLabel`
 <a id="factory-request-id-log-label"></a>
 
@@ -565,7 +583,11 @@ const fastify = require('fastify')({
       [require('ajv-keywords'), 'instanceof']
       // Usage: [plugin, pluginOptions] - Plugin with options
       // Usage: plugin - Plugin without options
-    ]
+    ],
+    onCreate: (ajv) => {
+      // Modify the ajv instance as you need.
+      ajv.addFormat('myFormat', (data) => typeof data === 'string')
+    }
   }
 })
 ```
@@ -839,6 +861,12 @@ const fastify = require('fastify')({
 })
 ```
 
+> **Note**
+> The `req` and `res` objects passed to `defaultRoute` are the raw Node.js
+> `IncomingMessage` and `ServerResponse` instances. They do **not** expose the
+> Fastify-specific methods available on `FastifyRequest`/`FastifyReply` (for
+> example, `res.send`).
+
 ### `ignoreDuplicateSlashes`
 <a id="factory-ignore-duplicate-slashes"></a>
 
@@ -930,6 +958,9 @@ const fastify = require('fastify')({
 })
 ```
 
+As with `defaultRoute`, `req` and `res` are the raw Node.js request/response
+objects and do not provide Fastify's decorated helpers.
+
 ### `querystringParser`
 <a id="querystringparser"></a>
 
@@ -1789,8 +1820,8 @@ different plugins can set different logger factories.
 <a id="set-gen-req-id"></a>
 
 `fastify.setGenReqId(function (rawReq))` Synchronous function for setting the request-id
-for additional Fastify instances. It will receive the _raw_ incoming request as a
-parameter. The provided function should not throw an Error in any case.
+for additional Fastify instances. It will receive the _raw_ incoming request as
+a parameter. The provided function should not throw an Error in any case.
 
 Especially in distributed systems, you may want to override the default ID
 generation behavior to handle custom ways of generating different IDs in

package/docs/Reference/TypeScript.md

@@ -691,7 +691,8 @@ Or even explicit config on tsconfig
 
 Fastify's `getDecorator<T>` method retrieves decorators with enhanced type safety.
 
-The `getDecorator<T>` method supports generic type parameters for enhanced type safety:
+The `getDecorator<T>` method supports generic type parameters for enhanced type
+safety:
 
 ```typescript
 // Type-safe decorator retrieval