fix(deps): update dependency @fastify/multipart to v8 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@fastify/multipart	7.7.3 → 8.3.1

GitHub Vulnerability Alerts

CVE-2025-24033

Impact

The saveRequestFiles function does not delete the uploaded temporary files when user cancels the request.

Patches

Fixed in version 8.3.1 and 9.0.3

Workarounds

Do not use saveRequestFiles.

References

This was identified in https://github.com/fastify/fastify-multipart/issues/546 and fixed in https://github.com/fastify/fastify-multipart/pull/567.

---

Release Notes

fastify/fastify-multipart (@​fastify/multipart)

v8.3.1

Compare Source

What's Changed

• chore(deps-dev): bump @​fastify/swagger-ui from 3.1.0 to 4.0.0 by @​dependabot in #​527
• chore(deps): bump @​fastify/deepmerge from 1.3.0 to 2.0.0 by @​dependabot in #​529
• chore(deps): bump @​fastify/error from 3.4.1 to 4.0.0 by @​dependabot in #​530
• chore(deps): bump @​fastify/busboy from 2.1.1 to 3.0.0 by @​dependabot in #​535
• Fixes #​567

Full Changelog: fastify/fastify-multipart@v8.3.0...v8.3.1

v8.3.0

Compare Source

What's Changed

• chore(deps-dev): bump tsd from 0.30.7 to 0.31.0 by @​dependabot in #​517
• chore(deps-dev): bump eslint-plugin-n from 16.6.2 to 17.0.0 by @​dependabot in #​519
• remove eslint plugins from direct dependencies by @​gurgunday in #​523
• Add FormData decorator to request by @​mcollina in #​522

Full Changelog: fastify/fastify-multipart@v8.2.0...v8.3.0

v8.2.0

Compare Source

What's Changed

• docs(readme): replace fastify.io links with fastify.dev by @​Fdawgs in #​503
• use @​fastify/busboy v2.1.0 by @​gurgunday in #​506
• chore(.gitignore): add .tap/ dir by @​Fdawgs in #​508
• chore(deps-dev): bump @​fastify/swagger-ui from 2.1.0 to 3.0.0 by @​dependabot in #​510
• chore(deps-dev): bump @​typescript-eslint/parser from 6.21.0 to 7.0.2 by @​dependabot in #​512
• backport: fix: make sure the handler resolves in all cases by @​gurgunday in #​515

Full Changelog: fastify/fastify-multipart@v8.1.0...v8.2.0

v8.1.0

Compare Source

What's Changed

• move unused packages to devDependencies by @​gurgunday in #​483
• fix eslint by @​gurgunday in #​485
• use in to check for prototype violation by @​gurgunday in #​484
• chore: add .gitattributes file by @​Fdawgs in #​487
• perf: do not mutate req.raw by @​gurgunday in #​488
• chore(deps-dev): bump climem from 1.0.3 to 2.0.0 by @​dependabot in #​490
• docs: update for attachFieldsToBody: keyValues by @​dancastillo in #​492
• add parts type and enable coverage checking by @​gurgunday in #​491
• chore(package): explicitly declare js module type by @​Fdawgs in #​493
• chore(deps-dev): bump @​fastify/swagger-ui from 1.10.2 to 2.0.1 by @​dependabot in #​499
• chore(deps-dev): bump tsd from 0.29.0 to 0.30.0 by @​dependabot in #​500
• chore(deps-dev): bump readable-stream from 3.6.2 to 4.5.1 by @​dependabot in #​501
• Partly closes #​496: add missing type by @​hash0000 in #​502

New Contributors

• @​dancastillo made their first contribution in #​492
• @​hash0000 made their first contribution in #​502

Full Changelog: fastify/fastify-multipart@v8.0.0...v8.1.0

v8.0.0

Compare Source

What's Changed

• move linting to CI by @​gurgunday in #​466
• chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 5.62.0 to 6.2.1 by @​dependabot in #​471
• chore(deps-dev): bump tsd from 0.28.1 to 0.29.0 by @​dependabot in #​475
• perf: use node: prefix to bypass require.cache call for builtins by @​Fdawgs in #​477
• Remove the deprecated addToBody option and return files as buffers when attachFieldsToBody is set to keyValues by @​gurgunday in #​481

Full Changelog: fastify/fastify-multipart@v7.7.3...v8.0.0

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[safedep]

SafeDep Report Summary

Package Details

Package	Malware	Vulnerability	Risky License	Report
@fastify/busboy @ 3.2.0 pnpm-lock.yaml				🔗
@fastify/deepmerge @ 2.0.2 pnpm-lock.yaml				🔗
@fastify/error @ 4.2.0 pnpm-lock.yaml				🔗
@fastify/multipart @ 8.3.1 pnpm-lock.yaml				🔗

_{This report is generated by SafeDep Github App}