[Snyk] Upgrade: , ajv, fast-uri, fastify, jsonwebtoken

[X-oss-byte]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@fastify/csrf-protection
from 6.3.0 to 6.4.1 | 2 versions ahead of your current version | 10 months ago
on 2023-11-06
ajv
from 8.12.0 to 8.17.1 | 5 versions ahead of your current version | 2 months ago
on 2024-07-12
fast-uri
from 2.2.0 to 2.4.0 | 3 versions ahead of your current version | 3 months ago
on 2024-06-10
fastify
from 4.19.2 to 4.28.1 | 21 versions ahead of your current version | 2 months ago
on 2024-06-29
jsonwebtoken
from 9.0.1 to 9.0.2 | 1 version ahead of your current version | a year ago
on 2023-08-30

Release notes

Package name: @fastify/csrf-protection

• 6.4.1 - 2023-11-06
  

  What's Changed

  • fix(types): hmacKey only mandatory with fastify/cookie by @ hobi9 in #148

  New Contributors

  • @ hobi9 made their first contribution in #148

  Full Changelog: v6.4.0...v6.4.1

• 6.4.0 - 2023-10-29
  

  What's Changed

  • ci: only trigger on pushes to main branches by @ Fdawgs in #134
  • build(deps-dev): bump @ types/node from 18.16.5 to 20.1.0 by @ dependabot in #136
  • build(deps-dev): bump @ fastify/cookie from 8.3.0 to 9.0.4 by @ dependabot in #137
  • build(deps-dev): bump @ fastify/secure-session from 6.2.0 to 7.0.0 by @ dependabot in #138
  • docs - update @ fastify/session docs by @ leftieFriele in #139
  • build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by @ dependabot in #140
  • perf: use node: prefix to bypass require.cache call for builtins by @ Fdawgs in #141
  • build(deps-dev): bump sinon from 15.2.0 to 16.0.0 by @ dependabot in #142
  • chore: add .gitattributes file by @ Fdawgs in #144
  • build(deps-dev): bump sinon from 16.1.3 to 17.0.0 by @ dependabot in #145
  • chore(package): explicitly declare js module type by @ Fdawgs in #146

  New Contributors

  • @ leftieFriele made their first contribution in #139

  Full Changelog: v6.3.0...v6.4.0

• 6.3.0 - 2023-04-20
  

  ⚠️ Security Release ⚠️

  This release fixes a vulnerability (CVE-2023-27495) that can lead to a bypass of the CSRF protection in the case of predictable userInfo more details at GHSA-qrgf-9gpc-vrxw.

  What's Changed

  • chore(.gitignore): add bun lockfile by @ Fdawgs in #126
  • build(deps-dev): bump tsd from 0.25.0 to 0.27.0 by @ dependabot in #128
  • build(deps-dev): bump tsd from 0.27.0 to 0.28.0 by @ dependabot in #129

  Full Changelog: v6.2.0...v6.3.0

from @fastify/csrf-protection GitHub release notes

Package name: ajv

• 8.17.1 - 2024-07-12
  

  What's Changed

  • bump version to 8.17.1 by @ jasoniangreen in #2472

  Full Changelog: v8.17.0...v8.17.1

  Plus everything in 8.17.0 which failed to release

  The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

  Revert "Revert fast-uri change (#2444)" by @ gurgunday in #2448
  fix: ignore new eslint error for @ typescript-eslint/no-extraneous-class by @ jasoniangreen in #2455
  docs: clarify behaviour of addVocabulary by @ jasoniangreen in #2454
  docs: refactor to improve legibility by @ blottn in #2432
  Fix grammatical typo in managing-schemas.md by @ wetneb in #2305
  docs: Fix broken strict-mode link by @ alexanderjsx in #2459
  feat: add test for encoded refs and bump fast-uri by @ jasoniangreen in #2449
  fix: changes for @ typescript-eslint/array-type rule by @ jasoniangreen in #2467
  fixes #2217 - clarify custom keyword naming by @ jasoniangreen in #2457

• 8.16.0 - 2024-06-04
  

  What's Changed

  • Revert fast-uri change by @ jasoniangreen in #2444

  Full Changelog: v8.15.0...v8.16.0

• 8.15.0 - 2024-06-03
  

  What's Changed

  • Replace uri-js with fast-uri by @ vixalien in #2415
  • Bump to 8.15.0 by @ jasoniangreen in #2442

  New Contributors

  • @ vixalien made their first contribution in #2415

  Full Changelog: v8.14.0...v8.15.0

• 8.14.0 - 2024-05-25
  

  What's Changed

  • readme: build badge by @ epoberezkin in #2424
  • Update workflows by @ rotu in #2410
  • docs: add warning to maxLength / minLength by @ jasoniangreen in #2428
  • fix: broken link in docs warning by @ jasoniangreen in #2431
  • compileAsync a schema with discriminator and $ref, fixes #2427 by @ jasoniangreen in #2433
  • bump version to 8.14.0 for publishing by @ jasoniangreen in #2440

  New Contributors

  • @ rotu made their first contribution in #2410

  Full Changelog: v8.13.0...v8.14.0

• 8.13.0 - 2024-04-29
  
  • add named exports
  • update dependencies
  • update node.js
• 8.12.0 - 2023-01-03
  
  • fix JTD serialisation (remove leading comma in objects with only optional properties) (#2190, @ piliugin-anton)
  • empty JTD "values" schema (#2191)
  • empty object to work with JTD utility type (#2158, @ erikbrinkman)
  • fix JTD "discriminator" schema for objects with more than 8 properties (#2194)
  • correctly narrow "number" type to "integer" (#2192, @ JacobLey)
  • update Node.js versions in CI to 14, 16, 18 and 19

from ajv GitHub release notes

Package name: fast-uri

• 2.4.0 - 2024-06-10
  

  What's Changed

  • Improve compatibility with uri-js by @ gurgunday in #84

  Full Changelog: v2.3.1...v2.4.0

• 2.3.1 - 2024-06-05
  

  What's Changed

  • build(deps-dev): bump tsd from 0.29.0 to 0.30.0 by @ dependabot in #75
  • chore(package): fix repository url by @ Fdawgs in #77
  • chore(.gitignore): add .tap/ dir by @ Fdawgs in #78
  • build(deps-dev): bump tsd from 0.30.7 to 0.31.0 by @ dependabot in #79
  • Do not use node's URL module by @ gurgunday in #83

  Full Changelog: v2.3.0...v2.3.1

• 2.3.0 - 2023-10-30
  

  What's Changed

  • build(deps-dev): bump tsd from 0.24.1 to 0.25.0 by @ dependabot in #55
  • chore(.gitignore): add clinic by @ Fdawgs in #56
  • ci(package-manager): update ubuntu os to latest by @ Fdawgs in #58
  • chore(.gitignore): add bun lockfile by @ Fdawgs in #59
  • build(deps-dev): bump tsd from 0.25.0 to 0.26.0 by @ dependabot in #60
  • build(deps-dev): bump tsd from 0.26.1 to 0.27.0 by @ dependabot in #61
  • build(deps-dev): bump tsd from 0.27.0 to 0.28.0 by @ dependabot in #62
  • ci(package-manager-ci): add node 18 to test matrix by @ Fdawgs in #63
  • ci: only trigger on pushes to main branches by @ Fdawgs in #64
  • ci(package-manager-ci): replace jobs with reusable workflow by @ Fdawgs in #65
  • refactor(schemes): convert unused capture group to non-capture group by @ Fdawgs in #66
  • perf: avoid domainToAscii on pure lowercase ascii cases by @ Uzlopak in #67
  • build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by @ dependabot in #68
  • perf: use node: prefix to bypass require.cache call for builtins by @ Fdawgs in #69
  • chore: add .gitattributes file by @ Fdawgs in #71
  • chore(benchmark): add missing strict directive by @ Fdawgs in #72
  • perf(index): convert unused capture groups to non-capture groups by @ Fdawgs in #74

  Full Changelog: v2.2.0...v2.3.0

• 2.2.0 - 2022-12-05
  

  What's Changed

  • chore(.gitignore): use updated skeleton template by @ Fdawgs in #40
  • build(deps-dev): bump tsd from 0.20.0 to 0.21.0 by @ dependabot in #41
  • LGTM-Alert: remove unused parameters by @ Uzlopak in #43
  • fix: unused IE fix path by @ zekth in #44
  • test(equal): refactor test suites by @ zekth in #45
  • build(deps-dev): bump tsd from 0.21.0 to 0.22.0 by @ dependabot in #46
  • fix(readme): CI badge reference by @ zekth in #47
  • ci: enable license checking by @ Fdawgs in #48
  • build(deps-dev): bump tsd from 0.22.0 to 0.23.0 by @ dependabot in #49
  • build(deps-dev): remove typescript by @ Fdawgs in #50
  • chore(.npmrc): disable package-lock generation by @ Fdawgs in #52
  • build(deps-dev): bump tsd from 0.23.0 to 0.24.1 by @ dependabot in #53
  • nodenext compatibility by @ Uzlopak in #54

  New Contributors

  • @ Uzlopak made their first contribution in #43

  Full Changelog: v2.1.0...v2.2.0

from fast-uri GitHub release notes

Package name: fastify

• 4.28.1 - 2024-06-29
  

  What's Changed

  • [Backport 4.x] fix: server.listen listener is not cleanup properly by @ github-actions in #5523
  • [Backport 4.x] test: fix test finished earlier than expected by @ github-actions in #5541
  • fix(v4): update .npmignore by @ Eomm in #5538

  Full Changelog: v4.28.0...v4.28.1

• 4.28.0 - 2024-06-14
  

  What's Changed

  • test: fix closing - pipelining by @ climba03003 in #5486
  • refactor(backport v4.x): change reply.redirect() signature (#5483) by @ gurgunday in #5484
  • refactor(backport v4.x): hasRoute method comparison with case insensitive by @ SMNBLMRR in #5513
  • fix: (backport) Type inferrence with auxilliary hook handlers by @ aadito123 in #5518

  Full Changelog: v4.27.0...v4.28.0

• 4.27.0 - 2024-05-07
  

  What's Changed

  • docs(request): update request page by @ Tony133 in

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 24b0f05

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.

[KolomboPulse]

3.0

[KolomboPulse]

4.1

[KolomboPulse]

12.0

[KolomboPulse]

17.1

[KolomboPulse]

2

[KolomboPulse]

19.2

[KolomboPulse]

4

[KolomboPulse]

28.1

[KolomboPulse]

1

[KolomboPulse]

2