chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: fastify and uuid.

Updates fastify from 4.29.1 to 5.8.5

Release notes

Sourced from fastify's releases.

v5.8.5

⚠️ Security Release

This fixes CVE CVE-2026-33806 GHSA-247c-9743-5963.

What's Changed

• chore: Fix port parsing by @​jsumners in fastify/fastify#6603
• chore: upgrade to typescript v6.0.2 by @​Tony133 in fastify/fastify#6605
• fix: restore trustProxy function for number and string types, add null check for socketAddr by @​mcollina in fastify/fastify#6613
• ci: reduce cron scheduled workflows from daily/weekly to monthly by @​Fdawgs in fastify/fastify#6623
• chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @​dependabot[bot] in fastify/fastify#6629
• chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by @​dependabot[bot] in fastify/fastify#6632
• chore: Bump borp from 0.21.0 to 1.0.0 by @​dependabot[bot] in fastify/fastify#6633
• chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @​dependabot[bot] in fastify/fastify#6630
• docs(ecosystem): add @​pompelmi/fastify-plugin by @​SonoTommy in fastify/fastify#6610

New Contributors

• @​SonoTommy made their first contribution in fastify/fastify#6610

Full Changelog: fastify/fastify@v5.8.4...v5.8.5

v5.8.4

Full Changelog: fastify/fastify@v5.8.3...v5.8.4

v5.8.3

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

• docs(readme): add @​Tony133 to plugin team by @​Tony133 in fastify/fastify#6565
• Updated Plugins-Guide.md; Changed "fastify" to "instance" during plugin registration to showcase that it's added as a child by @​kyrylchenko in fastify/fastify#6566
• test: use fastify.test in test case by @​climba03003 in fastify/fastify#6568
• docs: use fastify.example in documentation by @​climba03003 in fastify/fastify#6567
• docs: add common performance degradation guidance by @​maxpetrusenko in fastify/fastify#6520
• docs(server): fix camelCase anchor links in TOC by @​Deepvamja in fastify/fastify#6530
• ci(link-checker): fix root-relative links resolution by @​barba-rossa in fastify/fastify#6535
• docs: update syntax markdown, absolute paths and links by @​Tony133 in fastify/fastify#6569
• docs: clarify content-type parser/schema mismatch is outside threat model by @​mcollina in fastify/fastify#6537
• docs: fix incorrect code examples in Reply and Request reference by @​mahmoodhamdi in fastify/fastify#6582
• docs: replace redirected npm.im http-errors link by @​mcollina in fastify/fastify#6588
• types: Allow port to be null in request type definition by @​TristanBarlow in fastify/fastify#6589
• docs: update links by @​Tony133 in fastify/fastify#6593
• ci(lock-threads): use shared lock-threads workflow by @​Fdawgs in fastify/fastify#6592

New Contributors

• @​kyrylchenko made their first contribution in fastify/fastify#6566
• @​maxpetrusenko made their first contribution in fastify/fastify#6520
• @​Deepvamja made their first contribution in fastify/fastify#6530
• @​barba-rossa made their first contribution in fastify/fastify#6535

... (truncated)

Commits

• 3983cce Bumped v5.8.5
• 3ce3ae6 Merge commit from fork
• b06a196 docs(ecosystem): add @​pompelmi/fastify-plugin (#6610)
• 909c5d5 chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#6630)
• 4db21a3 chore: Bump borp from 0.21.0 to 1.0.0 (#6633)
• 0f4e544 chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (#6632)
• 33a2fcd chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (#6629)
• fd35d82 ci: reduce cron schedules from daily/weekly to monthly (#6623)
• 8dee9be fix: restore trustProxy function for number and string types, add null check ...
• d457aed chore: upgrade to typescript v6.0.2 (#6605)
• Additional commits viewable in compare view

Updates fast-uri from 2.4.0 to 3.1.2

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

• Fix for GHSA-v39h-62p7-jpjc

What's Changed

• Handle malformed fragment decoding as a parse error by @​mcollina in fastify/fast-uri#171

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

• Fix for GHSA-q3j6-qgpj-74h6

What's Changed

• build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @​dependabot[bot] in fastify/fast-uri#148
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in fastify/fast-uri#149
• chore(.npmrc): ignore scripts by @​Fdawgs in fastify/fast-uri#150
• build(deps-dev): remove @​fastify/pre-commit by @​Fdawgs in fastify/fast-uri#151
• build(deps): bump actions/setup-node from 4 to 5 by @​dependabot[bot] in fastify/fast-uri#152
• ci(ci): add concurrency config by @​Fdawgs in fastify/fast-uri#153
• build(deps): bump actions/setup-node from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#154
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#156
• chore(license): standardise license notice by @​Fdawgs in fastify/fast-uri#159
• style: remove trailing whitespace by @​Fdawgs in fastify/fast-uri#161
• ci: remove unused github files by @​Tony133 in fastify/fast-uri#162
• chore: update readme by @​Tony133 in fastify/fast-uri#164
• build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#165
• build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by @​dependabot[bot] in fastify/fast-uri#166
• build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by @​dependabot[bot] in fastify/fast-uri#167
• ci: add lock-threads workflow by @​Fdawgs in fastify/fast-uri#169

New Contributors

• @​Tony133 made their first contribution in fastify/fast-uri#162

Full Changelog: fastify/fast-uri@v3.1.0...v3.1.1

v3.1.0

What's Changed

• ci: remove master branch support by @​Fdawgs in fastify/fast-uri#126
• chore(test) remove .gitkeep by @​Fdawgs in fastify/fast-uri#128
• ci(ci): set job permissions by @​Fdawgs in fastify/fast-uri#129
• ci: set permissions at workflow level by @​Fdawgs in fastify/fast-uri#131
• ci: set workflow permissions to read-only by default by @​Fdawgs in fastify/fast-uri#132
• ci(ci): restore job level permissions by @​Fdawgs in fastify/fast-uri#133
• build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @​dependabot[bot] in fastify/fast-uri#134
• ci(ci): pin actions to commit-hash by @​Fdawgs in fastify/fast-uri#135
• ci: add node 24 to test matrix by @​Fdawgs in fastify/fast-uri#136

... (truncated)

Commits

• 919dd8e Bumped v3.1.2
• c65ba57 fixup: linting
• 6c86c17 Merge commit from fork
• a95158a Handle malformed fragment decoding without throwing (#171)
• cea547c Bumped v3.1.1
• 876ce79 Merge commit from fork
• dcdf690 ci: add lock-threads workflow (#169)
• c860e65 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)
• 9b4c6dc build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)
• 85d09a9 build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...
• Additional commits viewable in compare view

Updates uuid from 11.1.1 to 14.0.1

Release notes

Sourced from uuid's releases.

v14.0.1

14.0.1 (2026-06-20)

Bug Fixes

• add types condition to node export for moduleResolution bundler (#961) (27ffae5)

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

• expect crypto to be global everywhere (requires node@20+) (#935)
• drop node@18 support (#934)

Features

• drop node@18 support (#934) (dc4ddb8)

Bug Fixes

• expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
• Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

• rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

• backport fix for GHSA-w5hq-g745-h8pq (9d27ddf)

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.1 (2026-06-20)

Bug Fixes

• add types condition to node export for moduleResolution bundler (#961) (27ffae5)

14.0.0 (2026-04-19)

Security

• Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

• crypto is now expected to be globally defined (requires node@20+) (#935)
• drop node@18 support (#934)
• upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

• make browser exports the default (#901)

Bug Fixes

• make browser exports the default (#901) (bce9d72)

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

• update to typescript@5.2 (#887)
• remove CommonJS support (#886)
• drop node@16 support (#883)

Features

• add node@24 to ci matrix (#879) (42b6178)
• drop node@16 support (#883) (0f38cf1)
• remove CommonJS support (#886) (ae786e2)
• update to typescript@5.2 (#887) (c7ee405)

Bug Fixes

... (truncated)

Commits

• 7017780 chore(main): release 14.0.1 (#964)
• f2c3e4b chore: fix release-please workflow (#963)
• 27ffae5 fix: add types condition to node export for moduleResolution bundler (#961)
• 664cb31 Remove outdated security contact information (#959)
• d729016 fix(ci): checkout PR head commit in browser workflow (#957)
• 89a5ebc Workflows (#948)
• 196e208 chore: fix workflow (#947)
• 95af448 chore: update workflows (#946)
• 3b57f95 chore: add workflow_dispatch (#944)
• a433096 chore: add 12.x and 13.x maintenance release branches (#941)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.