fix(deps): update dependency fastify to v4.10.2 [security] (#1126)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [fastify](https://www.fastify.io/)
([source](https://togithub.com/fastify/fastify)) | [`4.9.2` ->
`4.10.2`](https://renovatebot.com/diffs/npm/fastify/4.9.2/4.10.2) |
[![age](https://badges.renovateapi.com/packages/npm/fastify/4.10.2/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/fastify/4.10.2/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/fastify/4.10.2/compatibility-slim/4.9.2)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/fastify/4.10.2/confidence-slim/4.9.2)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2022-41919](https://togithub.com/fastify/fastify/security/advisories/GHSA-3fjj-p79j-c9hh)

### Impact

The attacker can use the incorrect `Content-Type` to bypass the
`Pre-Flight` checking of `fetch`. `fetch()` requests with Content-Type’s
[essence](https://mimesniff.spec.whatwg.org/#mime-type-essence) as
"application/x-www-form-urlencoded", "multipart/form-data", or
"text/plain", could potentially be used to invoke routes that only
accepts `application/json` content type, thus bypassing any [CORS
protection](https://fetch.spec.whatwg.org/#simple-header), and therefore
they could lead to a Cross-Site Request Forgery attack.

### Patches
For `4.x` users, please update to at least `4.10.2`
For `3.x` users, please update to at least `3.29.4`

### Workarounds

Implement Cross-Site Request Forgery protection using
[`@fastify/csrf`](https://www.npmjs.com/package/@​fastify/csrf).

### References

Check out the HackerOne report: https://hackerone.com/reports/1763832.

### For more information

[Fastify security
policy](https://togithub.com/fastify/fastify/security/policy)

---

### Release Notes

<details>
<summary>fastify/fastify</summary>

###
[`v4.10.2`](https://togithub.com/fastify/fastify/releases/tag/v4.10.2)

[Compare
Source](https://togithub.com/fastify/fastify/compare/v4.10.1...v4.10.2)

#### ⚠️ Security Release ⚠️

- Fix for ["Incorrect Content-Type parsing can lead to CSRF
attack"](https://togithub.com/fastify/fastify/security/advisories/GHSA-3fjj-p79j-c9hh)
    and CVE-2022-41919

**Full Changelog**:
fastify/fastify@v4.10.1...v4.10.2

###
[`v4.10.1`](https://togithub.com/fastify/fastify/releases/tag/v4.10.1)

[Compare
Source](https://togithub.com/fastify/fastify/compare/v4.10.0...v4.10.1)

#### What's Changed

- fix node 19.1.0 port validation test by
[@&#8203;Uzlopak](https://togithub.com/Uzlopak) in
[https://github.com/fastify/fastify/pull/4427](https://togithub.com/fastify/fastify/pull/4427)
- Add fastify-constraints to community plugins by
[@&#8203;Ceres6](https://togithub.com/Ceres6) in
[https://github.com/fastify/fastify/pull/4428](https://togithub.com/fastify/fastify/pull/4428)
- build(deps-dev): bump
[@&#8203;sinonjs/fake-timers](https://togithub.com/sinonjs/fake-timers)
from 9.1.2 to 10.0.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/fastify/fastify/pull/4421](https://togithub.com/fastify/fastify/pull/4421)
- add silent option to LogLevel by
[@&#8203;Uzlopak](https://togithub.com/Uzlopak) in
[https://github.com/fastify/fastify/pull/4432](https://togithub.com/fastify/fastify/pull/4432)

#### New Contributors

- [@&#8203;Ceres6](https://togithub.com/Ceres6) made their first
contribution in
[https://github.com/fastify/fastify/pull/4428](https://togithub.com/fastify/fastify/pull/4428)

**Full Changelog**:
fastify/fastify@v4.10.0...v4.10.1

###
[`v4.10.0`](https://togithub.com/fastify/fastify/releases/tag/v4.10.0)

[Compare
Source](https://togithub.com/fastify/fastify/compare/v4.9.2...v4.10.0)

#### What's Changed

- docs(reference/reply): spelling fixes by
[@&#8203;Fdawgs](https://togithub.com/Fdawgs) in
[https://github.com/fastify/fastify/pull/4358](https://togithub.com/fastify/fastify/pull/4358)
- Support different content-type typed reply with TypeProvider by
[@&#8203;rain714](https://togithub.com/rain714) in
[https://github.com/fastify/fastify/pull/4360](https://togithub.com/fastify/fastify/pull/4360)
- chore: remove leading empty lines by
[@&#8203;LinusU](https://togithub.com/LinusU) in
[https://github.com/fastify/fastify/pull/4364](https://togithub.com/fastify/fastify/pull/4364)
- fix types after pino 8.7.0 change by
[@&#8203;mcollina](https://togithub.com/mcollina) in
[https://github.com/fastify/fastify/pull/4365](https://togithub.com/fastify/fastify/pull/4365)
- Node.js V19 support by
[@&#8203;mcollina](https://togithub.com/mcollina) in
[https://github.com/fastify/fastify/pull/4366](https://togithub.com/fastify/fastify/pull/4366)
- fix: no check on `null` or `undefined` values passed as fn by
[@&#8203;metcoder95](https://togithub.com/metcoder95) in
[https://github.com/fastify/fastify/pull/4367](https://togithub.com/fastify/fastify/pull/4367)
- docs(server): config is lost when reply.call not found() is called by
[@&#8203;cesarvspr](https://togithub.com/cesarvspr) in
[https://github.com/fastify/fastify/pull/4368](https://togithub.com/fastify/fastify/pull/4368)
- Fix typo - 'sever' to 'server' by
[@&#8203;utsav91](https://togithub.com/utsav91) in
[https://github.com/fastify/fastify/pull/4372](https://togithub.com/fastify/fastify/pull/4372)
- Add platformatic to the Acknowledgements by
[@&#8203;mcollina](https://togithub.com/mcollina) in
[https://github.com/fastify/fastify/pull/4378](https://togithub.com/fastify/fastify/pull/4378)
- docs: add Simone Busoli to plugin maintainers by
[@&#8203;simoneb](https://togithub.com/simoneb) in
[https://github.com/fastify/fastify/pull/4379](https://togithub.com/fastify/fastify/pull/4379)
- add missing 'validationContext' field to FastifyError type by
[@&#8203;jakubburzynski](https://togithub.com/jakubburzynski) in
[https://github.com/fastify/fastify/pull/4363](https://togithub.com/fastify/fastify/pull/4363)
- fix(type-providers): assignability of instance with enabled type
provider by [@&#8203;driimus](https://togithub.com/driimus) in
[https://github.com/fastify/fastify/pull/4371](https://togithub.com/fastify/fastify/pull/4371)
- feat: support async trailer by
[@&#8203;climba03003](https://togithub.com/climba03003) in
[https://github.com/fastify/fastify/pull/4380](https://togithub.com/fastify/fastify/pull/4380)
- fix: trailers async race condition by
[@&#8203;climba03003](https://togithub.com/climba03003) in
[https://github.com/fastify/fastify/pull/4383](https://togithub.com/fastify/fastify/pull/4383)
- docs(ecosystem): Add fastify-list-routes by
[@&#8203;chuongtrh](https://togithub.com/chuongtrh) in
[https://github.com/fastify/fastify/pull/4385](https://togithub.com/fastify/fastify/pull/4385)
- build(deps-dev): bump
[@&#8203;sinclair/typebox](https://togithub.com/sinclair/typebox) from
0.24.51 to 0.25.2 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/fastify/fastify/pull/4388](https://togithub.com/fastify/fastify/pull/4388)
- \[ Fix ] Improve error message for hooks check by
[@&#8203;debadutta98](https://togithub.com/debadutta98) in
[https://github.com/fastify/fastify/pull/4387](https://togithub.com/fastify/fastify/pull/4387)
- fix: tiny-lru usage by
[@&#8203;climba03003](https://togithub.com/climba03003) in
[https://github.com/fastify/fastify/pull/4391](https://togithub.com/fastify/fastify/pull/4391)
- Removes old note about named imports in ESM by
[@&#8203;fox1t](https://togithub.com/fox1t) in
[https://github.com/fastify/fastify/pull/4392](https://togithub.com/fastify/fastify/pull/4392)
- docs: Add section about capacity planning by
[@&#8203;kibertoad](https://togithub.com/kibertoad) in
[https://github.com/fastify/fastify/pull/4386](https://togithub.com/fastify/fastify/pull/4386)
- docs(recommendations): grammar fixes by
[@&#8203;Fdawgs](https://togithub.com/Fdawgs) in
[https://github.com/fastify/fastify/pull/4396](https://togithub.com/fastify/fastify/pull/4396)
- chore(doc): duplicated menu item by
[@&#8203;Eomm](https://togithub.com/Eomm) in
[https://github.com/fastify/fastify/pull/4398](https://togithub.com/fastify/fastify/pull/4398)
- feat: add request.routeOptions object by
[@&#8203;debadutta98](https://togithub.com/debadutta98) in
[https://github.com/fastify/fastify/pull/4397](https://togithub.com/fastify/fastify/pull/4397)
- docs: Document multiple app approach by
[@&#8203;kibertoad](https://togithub.com/kibertoad) in
[https://github.com/fastify/fastify/pull/4393](https://togithub.com/fastify/fastify/pull/4393)
- fix example using db decorator on fastify instance by
[@&#8203;mmarti](https://togithub.com/mmarti) in
[https://github.com/fastify/fastify/pull/4406](https://togithub.com/fastify/fastify/pull/4406)
- docs: fix removeAdditional refer by
[@&#8203;shunyue1320](https://togithub.com/shunyue1320) in
[https://github.com/fastify/fastify/pull/4410](https://togithub.com/fastify/fastify/pull/4410)

#### New Contributors

- [@&#8203;rain714](https://togithub.com/rain714) made their first
contribution in
[https://github.com/fastify/fastify/pull/4360](https://togithub.com/fastify/fastify/pull/4360)
- [@&#8203;LinusU](https://togithub.com/LinusU) made their first
contribution in
[https://github.com/fastify/fastify/pull/4364](https://togithub.com/fastify/fastify/pull/4364)
- [@&#8203;cesarvspr](https://togithub.com/cesarvspr) made their first
contribution in
[https://github.com/fastify/fastify/pull/4368](https://togithub.com/fastify/fastify/pull/4368)
- [@&#8203;utsav91](https://togithub.com/utsav91) made their first
contribution in
[https://github.com/fastify/fastify/pull/4372](https://togithub.com/fastify/fastify/pull/4372)
- [@&#8203;jakubburzynski](https://togithub.com/jakubburzynski) made
their first contribution in
[https://github.com/fastify/fastify/pull/4363](https://togithub.com/fastify/fastify/pull/4363)
- [@&#8203;driimus](https://togithub.com/driimus) made their first
contribution in
[https://github.com/fastify/fastify/pull/4371](https://togithub.com/fastify/fastify/pull/4371)
- [@&#8203;chuongtrh](https://togithub.com/chuongtrh) made their first
contribution in
[https://github.com/fastify/fastify/pull/4385](https://togithub.com/fastify/fastify/pull/4385)
- [@&#8203;debadutta98](https://togithub.com/debadutta98) made their
first contribution in
[https://github.com/fastify/fastify/pull/4387](https://togithub.com/fastify/fastify/pull/4387)
- [@&#8203;mmarti](https://togithub.com/mmarti) made their first
contribution in
[https://github.com/fastify/fastify/pull/4406](https://togithub.com/fastify/fastify/pull/4406)
- [@&#8203;shunyue1320](https://togithub.com/shunyue1320) made their
first contribution in
[https://github.com/fastify/fastify/pull/4410](https://togithub.com/fastify/fastify/pull/4410)

**Full Changelog**:
fastify/fastify@v4.9.2...v4.10.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/quirrel-dev/quirrel).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xNC4yIiwidXBkYXRlZEluVmVyIjoiMzUuMTMxLjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Author: renovate[bot]