chore(deps): bump @fastify/busboy from 1.2.1 to 2.0.0 #486
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
|
@Uzlopak Would you consider that to be a semver major for fastify-multipart? |
|
Well the tests break. Worse they break with status 500. So somehow it must be decided if we handle them gracefully and keep the old behavior (semver-minor) or we repackage the error to status 400 (semver-major). I personally never used this package, so i dont know what the better UX is. From a technical point of view I think returning 400 is more appropriate. |
|
Any opinion or insights you can share? |
|
It’s unfortunate that we couldn’t align the releases (I didn’t know when we’d bump busboy as the undici PR could require more breaking changes) I’m fine with both options - two major releases with this little between them won’t look great but this change should’ve been part of v8.0 anyway |
|
We can postpone the upgrade till our changes in busboy landed. |
Just to add, let’s use this opportunity to also align 100% with the RFC, the way it currently handles some malformed parts should be a higher level functionality |
Bumps [@fastify/busboy](https://github.com/fastify/busboy) from 1.2.1 to 2.0.0. - [Release notes](https://github.com/fastify/busboy/releases) - [Changelog](https://github.com/fastify/busboy/blob/master/CHANGELOG.md) - [Commits](fastify/busboy@v1.2.1...2.0.0) --- updated-dependencies: - dependency-name: "@fastify/busboy" dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/fastify/busboy-2.0.0
branch
from
a372113
to
62ba364
Compare
|
Superseded by #494. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/fastify/busboy-2.0.0
branch
Bumps @fastify/busboy from 1.2.1 to 2.0.0.
Release notes
Sourced from
@fastify/busboy's releases.Commits
5f71e5fPrepare to release 2.0.047291c4perf: usenode:prefix to bypass require.cache call for builtins (#125)06bad11build(deps-dev): bump tsd from 0.28.1 to 0.29.0 (#124)0ff7d3dthrow when there's no boundary (#122)1cdb224remove text-decoding (#120)9261ecbfix: busboy is not a constructor (#119)dccf575build(deps-dev): bump eslint-plugin-n from 15.7.0 to 16.0.0 (#118)08ae1f4build(deps-dev): bump@types/nodefrom 18.16.5 to 20.1.0 (#117)57b354dci: only trigger on pushes to main branches (#116)9e24edcbuild(deps-dev): bump typescript from 4.9.5 to 5.0.2 (#114)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)