Skip to content

Bump fast-uri from 3.0.3 to 3.1.2#6013

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/fast-uri-3.1.2
Open

Bump fast-uri from 3.0.3 to 3.1.2#6013
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/fast-uri-3.1.2

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 8, 2026
edited by cursor Bot
Loading

Bumps fast-uri from 3.0.3 to 3.1.2.

Release notes

Sourced from fast-uri's releases.

v3.1.2

⚠️ Security Release

What's Changed

Full Changelog: fastify/fast-uri@v3.1.1...v3.1.2

v3.1.1

⚠️ Security Release

What's Changed

New Contributors

Full Changelog: fastify/fast-uri@v3.1.0...v3.1.1

v3.1.0

What's Changed

... (truncated)

Commits
  • 919dd8e Bumped v3.1.2
  • c65ba57 fixup: linting
  • 6c86c17 Merge commit from fork
  • a95158a Handle malformed fragment decoding without throwing (#171)
  • cea547c Bumped v3.1.1
  • 876ce79 Merge commit from fork
  • dcdf690 ci: add lock-threads workflow (#169)
  • c860e65 build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)
  • 9b4c6dc build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)
  • 85d09a9 build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...
  • Additional commits viewable in compare view

Note

Low Risk
Dependency-only lockfile change with no app code; upgrade patches known URI parsing vulnerabilities in a transitive library used by ajv.

Overview
Updates fast-uri from 3.0.3 to 3.1.2 in yarn.lock only (no application source changes). The package is a transitive dependency of ajv (^3.0.1).

3.1.2 is a security release that treats malformed fragment decoding as a parse error instead of throwing (GHSA-v39h-62p7-jpjc). Intermediate 3.1.x releases also include related URI parsing security fixes noted in upstream release notes.

Reviewed by Cursor Bugbot for commit a196a68. Bugbot is set up for automated code reviews on this repo. Configure here.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 8, 2026
claude[bot]
claude Bot reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/fast-uri-3.1.2 branch from 1b22f7e to f5fb069 Compare June 3, 2026 22:53
@dependabot
Bump fast-uri from 3.0.3 to 3.1.2
a196a68 
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.0.3 to 3.1.2.
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.3...v3.1.2)

---
updated-dependencies:
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/fast-uri-3.1.2 branch from f5fb069 to a196a68 Compare June 3, 2026 22:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants