Fastify v4.3.0, Pino v8.3.0, Undici v5.8.0 and other Adventures in Nodeland - Issue #69

Hey Everyone! This week saw the release of Fastify v4.3.0, pino v8.3.0 (and v8.3.1), and a security release of Undici v5.8.0 for a few important security bugs. Go update!

I love receiving messages that show the impact that technologies I developed had across the globe. This last one was no exception:

If you like Adventures in Nodeland and would like to support my Open Source activities, consider sponsoring me on GitHub: https://github.com/sponsors/mcollina/

Fastify

• fastify v4.3.0 ships a minor breaking change in the types to fix a bad bug: we are changing the order of some generics.
• fastify-cookie v7.3.0 adds a new secure: auto option and improves the types. v7.3.1 makes the types compatible with TypeScript modulenext.
• @fastify/restartable v1.2.0 adds the types
• light-my-request v5.2.0 and v5.3.0 add support for using AbortSignal and and passing a query string as string respectively.

Pino

• sonic-boom v3.1.0 adds support for a fsync option to automatically flush to disk after every write. This is needed if you log to systemd and want your logs not to be buffered.
• pino v8.3.0 ensures that if process.stdout is passed as a destination, that object is used and it’s not automatically converted to sonic-boom. v8.3.1 fixes a regression introduced in v8.3.0 when running pino within worker threads, such as inside vitest.
• pino-socket v5.1.0 adds a backoff strategy before a reconnection and a queue to avoid losing packets. Check it out!

Node.js

I made a mistake while preparing the CVE details page for the July Security release and I typed v16.20.0 instead of v16.16.0. We are working to rectify that in the registries:

News

How to use Fastify hooks? They are one of the most powerful features of Fastify. Read more on this article from Simon:

In the last few years, Paolo Insogna and myself worked to make sure Node.js was robust against Slowloris attacks. Finally in Node v18 we are finally safe: