v12.6.1

What's Changed

• build(deps-dev): Bump @sinonjs/fake-timers from 14.0.0 to 15.0.0 by @dependabot[bot] in #440
• build(deps-dev): Bump @types/node from 24.10.4 to 25.0.3 by @dependabot[bot] in #447
• fix: strip headers listed in Connection header per RFC 7230 Section 6.1 by @mcollina in #450
• feat: preserve undici agent by default by @mcollina in #452
• chore: removed unused files by @Tony133 in #453
• chore(license): standardise license notice by @Fdawgs in #454
• style: remove trailing whitespace by @Fdawgs in #455
• build(deps-dev): Bump c8 from 10.1.3 to 11.0.0 by @dependabot[bot] in #456
• fix: avoid trailing ? when queryString option resolves to empty string by @fooddilsn in #459

New Contributors

• @fooddilsn made their first contribution in #459

Full Changelog: v12.5.0...v12.6.1

v12.5.0

⚠️ Security Release ⚠️

By crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from.

Read more at GHSA-2q7r-29rg-6m5h. This is catalogued as CVE-2025-66415.

What's Changed

• Add test for text/event-stream proxying with custom parser by @mcollina in #438

Full Changelog: v12.4.0...v12.5.0

v12.4.0

What's Changed

• build(deps-dev): Bump tsd from 0.32.0 to 0.33.0 by @dependabot[bot] in #435
• docs: fix README line breaks by @mitrvlr in #434
• Add support for multipart proxying with custom parser by @mcollina in #436
• chore(.npmrc): ignore scripts by @Fdawgs in #437
• build(deps-dev): remove @fastify/pre-commit by @Fdawgs in #439
• ci(ci): add concurrency config by @Fdawgs in #442
• do not strip TE headers if trailing by @gunters63 in #443

New Contributors

• @mitrvlr made their first contribution in #434

Full Changelog: v12.3.1...v12.4.0

v12.3.1

What's Changed

• Improve typing and usage of getDefaultDelay by @Antiavanti in #432
• test: migrated utils-filter-pseudo-headers.test.js from tap to node:test by @Tony133 in #427
• Use isHttp2 check to detect we are canceling an HTTP2 request by @mcollina in #433

New Contributors

• @Antiavanti made their first contribution in #432
• @Tony133 made their first contribution in #427

Full Changelog: v12.3.0...v12.3.1

v12.3.0

What's Changed

• fix: handle closed HTTP/2 sessions after GOAWAY by @mcollina in #431

Full Changelog: v12.2.0...v12.3.0

v12.2.0

What's Changed

• ci: set permissions at workflow level by @Fdawgs in #415
• ci: restore job level permissions by @Fdawgs in #416
• build(deps): Bump fast-content-type-parse from 2.0.1 to 3.0.0 by @dependabot[bot] in #417
• tests: remove simple get and got by @ilteoood in #410
• build(deps-dev): Bump tsd from 0.31.2 to 0.32.0 by @dependabot[bot] in #420
• test: remove tap by @ilteoood in #418
• chore(license): update date ranges; standardise style by @Fdawgs in #422
• Feat/ balancedPool add by @gulbaki in #421
• types: improve onResponse hook typing by @t-tajiri in #423
• bug fix for #424 with test by @gunters63 in #426
• build(deps-dev): Bump @types/node from 22.15.34 to 24.0.8 by @dependabot[bot] in #425

New Contributors

• @ilteoood made their first contribution in #410
• @gulbaki made their first contribution in #421
• @t-tajiri made their first contribution in #423

Full Changelog: v12.1.0...v12.2.0

v12.1.0

What's Changed

• ci(ci): set job permissions by @Fdawgs in #411
• perf: use node: prefix to bypass require.cache call for builtins by @Fdawgs in #412
• feat: add specific timeout for request by @leonied7 in #414

New Contributors

• @leonied7 made their first contribution in #414

Full Changelog: v12.0.2...v12.1.0

v12.0.2

What's Changed

• build(dependabot): reduce npm updates to monthly by @Fdawgs in #403
• build(deps-dev): Bump nock from 13.5.6 to 14.0.0 by @dependabot in #407
• chore: rename master to main by @Fdawgs in #406
• types: Allow to pass any requestable undici instance by @g12i in #405

New Contributors

• @g12i made their first contribution in #405

Full Changelog: v12.0.1...v12.0.2

v12.0.1

What's Changed

• docs(readme): update ci badge syntax by @Fdawgs in #388
• build(deps-dev): Bump @types/tap from 15.0.12 to 18.0.0 by @dependabot in #390
• types: use node: prefix for builtins by @Fdawgs in #391
• build(deps-dev): replace standard with neostandard by @Fdawgs in #389
• build(deps-dev): add eslint, peer dep of neostandard by @Fdawgs in #393
• chore(package): add funding and contribs by @Fdawgs in #394
• chore: remove semver by @Uzlopak in #395
• build(deps-dev): Bump @sinonjs/fake-timers from 13.0.5 to 14.0.0 by @dependabot in #392
• chore: remove msgpack5 by @Uzlopak in #397
• chore: try to fix ci issue by @Uzlopak in #396
• perf: use optional chaining by @Fdawgs in #398
• refactor: prefix unused params with underscores by @Fdawgs in #399
• refactor(index): return directly in arrow function by @Fdawgs in #400
• docs(readme): spelling and grammar fixes by @Fdawgs in #401

Full Changelog: v12.0.0...v12.0.1

v12.0.0

What's Changed

• Update to Undici v7 by @mcollina in #387

Full Changelog: v11.0.2...v12.0.0