fix(deps): update dependency @fastify/multipart to v8.3.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@fastify/multipart	8.0.0 → 8.3.1

GitHub Vulnerability Alerts

CVE-2025-24033

Impact

The saveRequestFiles function does not delete the uploaded temporary files when user cancels the request.

Patches

Fixed in version 8.3.1 and 9.0.3

Workarounds

Do not use saveRequestFiles.

References

This was identified in https://github.com/fastify/fastify-multipart/issues/546 and fixed in https://github.com/fastify/fastify-multipart/pull/567.

---

Release Notes

fastify/fastify-multipart (@​fastify/multipart)

v8.3.1

Compare Source

What's Changed

• chore(deps-dev): bump @​fastify/swagger-ui from 3.1.0 to 4.0.0 by @​dependabot in #​527
• chore(deps): bump @​fastify/deepmerge from 1.3.0 to 2.0.0 by @​dependabot in #​529
• chore(deps): bump @​fastify/error from 3.4.1 to 4.0.0 by @​dependabot in #​530
• chore(deps): bump @​fastify/busboy from 2.1.1 to 3.0.0 by @​dependabot in #​535
• Fixes #​567

Full Changelog: fastify/fastify-multipart@v8.3.0...v8.3.1

v8.3.0

Compare Source

What's Changed

• chore(deps-dev): bump tsd from 0.30.7 to 0.31.0 by @​dependabot in #​517
• chore(deps-dev): bump eslint-plugin-n from 16.6.2 to 17.0.0 by @​dependabot in #​519
• remove eslint plugins from direct dependencies by @​gurgunday in #​523
• Add FormData decorator to request by @​mcollina in #​522

Full Changelog: fastify/fastify-multipart@v8.2.0...v8.3.0

v8.2.0

Compare Source

What's Changed

• docs(readme): replace fastify.io links with fastify.dev by @​Fdawgs in #​503
• use @​fastify/busboy v2.1.0 by @​gurgunday in #​506
• chore(.gitignore): add .tap/ dir by @​Fdawgs in #​508
• chore(deps-dev): bump @​fastify/swagger-ui from 2.1.0 to 3.0.0 by @​dependabot in #​510
• chore(deps-dev): bump @​typescript-eslint/parser from 6.21.0 to 7.0.2 by @​dependabot in #​512
• backport: fix: make sure the handler resolves in all cases by @​gurgunday in #​515

Full Changelog: fastify/fastify-multipart@v8.1.0...v8.2.0

v8.1.0

Compare Source

What's Changed

• move unused packages to devDependencies by @​gurgunday in #​483
• fix eslint by @​gurgunday in #​485
• use in to check for prototype violation by @​gurgunday in #​484
• chore: add .gitattributes file by @​Fdawgs in #​487
• perf: do not mutate req.raw by @​gurgunday in #​488
• chore(deps-dev): bump climem from 1.0.3 to 2.0.0 by @​dependabot in #​490
• docs: update for attachFieldsToBody: keyValues by @​dancastillo in #​492
• add parts type and enable coverage checking by @​gurgunday in #​491
• chore(package): explicitly declare js module type by @​Fdawgs in #​493
• chore(deps-dev): bump @​fastify/swagger-ui from 1.10.2 to 2.0.1 by @​dependabot in #​499
• chore(deps-dev): bump tsd from 0.29.0 to 0.30.0 by @​dependabot in #​500
• chore(deps-dev): bump readable-stream from 3.6.2 to 4.5.1 by @​dependabot in #​501
• Partly closes #​496: add missing type by @​hash0000 in #​502

New Contributors

• @​dancastillo made their first contribution in #​492
• @​hash0000 made their first contribution in #​502

Full Changelog: fastify/fastify-multipart@v8.0.0...v8.1.0

---

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Shanghai, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.