Update dependency fastify to v2.15.1 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
fastify (source)	2.13.0 -> 2.15.1

GitHub Vulnerability Alerts

CVE-2020-8192

A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.

---

Release Notes

fastify/fastify

v2.15.1

Compare Source

Breaking Change

For security reasons we changed the default in the ajvconfiguration.
Unfortunately allErrors: true is a DoS attack vector for certain
schemas. So this changed to allErrors: false.

See: ajv-validator/ajv@334071a
Ref: https://hackerone.com/reports/903521

📚 PR:

• Add PATCH to body validation (#​2351)

v2.15.0

Compare Source

📚 PR:

• Bind error handler to instance (v2) (#​2305)
• Fix custom JSON support (#​2309)
• On ready backport (#​2296)

v2.14.1

Compare Source

• Tweak haproxy config for issue #​2036 (#​2270) (#​2271)
• Fix: call preHandler on reply.callNotFound (#​2256) (#​2264)
• doc: doc example to use ajv-errors (#​2254)
• Log clientError as trace to avoid dev confusion (#​2241) (#​2242)

v2.14.0

Compare Source

📚 PR:

• Support builder-style injection (#​2209)
• fix #​2214 (#​2218)
• http2: fix HEAD requests hanging (#​2233) (#​2239)

v2.13.1

Compare Source

📚 PR:

• Ignore pino@6.
• ignore fast-json-stringify in dependabot
• Fix link to Fastify Create (#​2146)
• test for issue #​2148 where typedefs for query params object were wrong (#​2149)
• Replace greenkeeper with dependabot (#​2162)
• add fastify-method-override to ecosystem (#​2165)
• Update Logging.md (#​2171)
• Add to fastify-qrcode into Ecosystem (#​2170)
• docs: errors in async hook (#​2176)
• docs: use direct references in the "Schema Resolver" example (#​2155)
• fix: typo in routes doc (#​2182)
• Add google cloud trace API plugin (#​2185)
• Fixes crash when using a non-standard error code (#​2184)
• Fix package-manager CI (#​2189)
• Fix for Link in docs/Middleware (#​2192)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities (and 0 Security Hotspots to review)
0 Code Smells

No Coverage information
No Duplication information

[codecov]

Codecov Report

Merging #63 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #63   +/-   ##
=======================================
  Coverage   78.64%   78.64%           
=======================================
  Files          28       28           
  Lines         412      412           
  Branches       56       56           
=======================================
  Hits          324      324           
  Misses         88       88           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 861e9c2...2b60579. Read the comment docs.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.