Bump fastify and netlify-cli

[dependabot]

Bumps fastify to 5.8.5 and updates ancestor dependency netlify-cli. These dependencies need to be updated together.

Updates fastify from 5.7.4 to 5.8.5

Release notes

Sourced from fastify's releases.

v5.8.5

⚠️ Security Release

This fixes CVE CVE-2026-33806 GHSA-247c-9743-5963.

What's Changed

• chore: Fix port parsing by @​jsumners in fastify/fastify#6603
• chore: upgrade to typescript v6.0.2 by @​Tony133 in fastify/fastify#6605
• fix: restore trustProxy function for number and string types, add null check for socketAddr by @​mcollina in fastify/fastify#6613
• ci: reduce cron scheduled workflows from daily/weekly to monthly by @​Fdawgs in fastify/fastify#6623
• chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 by @​dependabot[bot] in fastify/fastify#6629
• chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 by @​dependabot[bot] in fastify/fastify#6632
• chore: Bump borp from 0.21.0 to 1.0.0 by @​dependabot[bot] in fastify/fastify#6633
• chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 by @​dependabot[bot] in fastify/fastify#6630
• docs(ecosystem): add @​pompelmi/fastify-plugin by @​SonoTommy in fastify/fastify#6610

New Contributors

• @​SonoTommy made their first contribution in fastify/fastify#6610

Full Changelog: fastify/fastify@v5.8.4...v5.8.5

v5.8.4

Full Changelog: fastify/fastify@v5.8.3...v5.8.4

v5.8.3

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

• docs(readme): add @​Tony133 to plugin team by @​Tony133 in fastify/fastify#6565
• Updated Plugins-Guide.md; Changed "fastify" to "instance" during plugin registration to showcase that it's added as a child by @​kyrylchenko in fastify/fastify#6566
• test: use fastify.test in test case by @​climba03003 in fastify/fastify#6568
• docs: use fastify.example in documentation by @​climba03003 in fastify/fastify#6567
• docs: add common performance degradation guidance by @​maxpetrusenko in fastify/fastify#6520
• docs(server): fix camelCase anchor links in TOC by @​Deepvamja in fastify/fastify#6530
• ci(link-checker): fix root-relative links resolution by @​barba-rossa in fastify/fastify#6535
• docs: update syntax markdown, absolute paths and links by @​Tony133 in fastify/fastify#6569
• docs: clarify content-type parser/schema mismatch is outside threat model by @​mcollina in fastify/fastify#6537
• docs: fix incorrect code examples in Reply and Request reference by @​mahmoodhamdi in fastify/fastify#6582
• docs: replace redirected npm.im http-errors link by @​mcollina in fastify/fastify#6588
• types: Allow port to be null in request type definition by @​TristanBarlow in fastify/fastify#6589
• docs: update links by @​Tony133 in fastify/fastify#6593
• ci(lock-threads): use shared lock-threads workflow by @​Fdawgs in fastify/fastify#6592

New Contributors

• @​kyrylchenko made their first contribution in fastify/fastify#6566
• @​maxpetrusenko made their first contribution in fastify/fastify#6520
• @​Deepvamja made their first contribution in fastify/fastify#6530
• @​barba-rossa made their first contribution in fastify/fastify#6535

... (truncated)

Commits

• 3983cce Bumped v5.8.5
• 3ce3ae6 Merge commit from fork
• b06a196 docs(ecosystem): add @​pompelmi/fastify-plugin (#6610)
• 909c5d5 chore: Bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#6630)
• 4db21a3 chore: Bump borp from 0.21.0 to 1.0.0 (#6633)
• 0f4e544 chore: Bump markdownlint-cli2 from 0.21.0 to 0.22.0 (#6632)
• 33a2fcd chore: Bump pnpm/action-setup from 4.2.0 to 5.0.0 (#6629)
• fd35d82 ci: reduce cron schedules from daily/weekly to monthly (#6623)
• 8dee9be fix: restore trustProxy function for number and string types, add null check ...
• d457aed chore: upgrade to typescript v6.0.2 (#6605)
• Additional commits viewable in compare view

Updates netlify-cli from 24.0.1 to 25.0.0

Release notes

Sourced from netlify-cli's releases.

v25.0.0

25.0.0 (2026-04-17)

⚠ BREAKING CHANGES

• stop including npm-shrinkwrap.json (#8163)
• remove logs:function, logs:deploy, and logs:edge-functions commands in favor of a new unified logs command (#8158)
• remove Go and Rust function templates from functions:create command (#7957)

Features

• add improved logs command (#8158) (28c958f)
• remove Go and Rust function templates (#7957) (c0333a6)
• stop including npm-shrinkwrap.json (#8163) (0f444ae), closes #6731

Bug Fixes

• deps: update dependency @​netlify/dev to v4.17.1 (#8160) (f8da537)

v24.11.3

24.11.3 (2026-04-15)

Bug Fixes

• deps: update netlify packages (#8151) (d7b048f)

v24.11.2

24.11.2 (2026-04-13)

Bug Fixes

• deps: upgrade vulnerable lodash, picomatch, and defu (#8146) (4f5073d)

v24.11.1

24.11.1 (2026-04-09)

Bug Fixes

• deps: update netlify packages (#8143) (0489cac)

v24.11.0

24.11.0 (2026-04-09)

Features

... (truncated)

Changelog

Sourced from netlify-cli's changelog.

25.0.0 (2026-04-17)

⚠ BREAKING CHANGES

• stop including npm-shrinkwrap.json (#8163)
• remove logs:function, logs:deploy, and logs:edge-functions commands in favor of a new unified logs command (#8158)
• remove Go and Rust function templates from functions:create command (#7957)

Features

• add improved logs command (#8158) (28c958f)
• remove Go and Rust function templates (#7957) (c0333a6)
• stop including npm-shrinkwrap.json (#8163) (0f444ae), closes #6731

Bug Fixes

• deps: update dependency @​netlify/dev to v4.17.1 (#8160) (f8da537)

24.11.3 (2026-04-15)

Bug Fixes

• deps: update netlify packages (#8151) (d7b048f)

24.11.2 (2026-04-13)

Bug Fixes

• deps: upgrade vulnerable lodash, picomatch, and defu (#8146) (4f5073d)

24.11.1 (2026-04-09)

Bug Fixes

• deps: update netlify packages (#8143) (0489cac)

24.11.0 (2026-04-09)

Features

• load connection string from env var (#8142) (e522b7e)
• pull DB migrations (#8139) (2a8f7c0)
• re-structure db commands (#8137) (c28ffa3)

... (truncated)

Commits

• 8976f0b chore(main): release 25.0.0 (#8162)
• 0f444ae feat!: stop including npm-shrinkwrap.json (#8163)
• 28c958f feat!: add improved logs command (#8158)
• c0333a6 feat!: remove Go and Rust function templates (#7957)
• f8da537 fix(deps): update dependency @​netlify/dev to v4.17.1 (#8160)
• ef8edea fix(deps): update dependency fastify to v5.8.5 [security] (#8157)
• 89249d0 ci: fix failing dev server tests on PRs from forks (#8153)
• b19d977 chore(main): release 24.11.3 (#8152)
• 0188275 build(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#8150)
• d7b048f fix(deps): update netlify packages (#8151)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

🍱 Your pull request preview is ready

Please use this preview to check your changes. Ideally use the test documentation template and document your test results by commenting on the PR. This will speed up the review process for everyone.

FYI, once this PR is merged, you can use the iD Editor Preview to test your changes in interaction with all other changes.

[matkoniecz]

still the same bug as #2126 (comment)