chore(deps-dev): bump fast-uri from 3.0.6 to 3.1.2 in /ui/apps/platform
Open
Number: #20449
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Unknown
Comments: 2
dependabot[bot]Association: Unknown
Comments: 2
Created:
May 08, 2026 at 10:08 PM UTC
(24 days ago)
(24 days ago)
Updated:
May 08, 2026 at 10:20 PM UTC
(24 days ago)
(24 days ago)
Labels:
dependencies area/ui auto-retest
dependencies area/ui auto-retest
Description:
Bumps fast-uri from 3.0.6 to 3.1.2.
Release notes
Sourced from fast-uri's releases.
v3.1.2
⚠️ Security Release
What's Changed
- Handle malformed fragment decoding as a parse error by
@mcollinain fastify/fast-uri#171Full Changelog: https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2
v3.1.1
⚠️ Security Release
What's Changed
- build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by
@dependabot[bot] in fastify/fast-uri#148- build(deps): bump actions/checkout from 4 to 5 by
@dependabot[bot] in fastify/fast-uri#149- chore(.npmrc): ignore scripts by
@Fdawgsin fastify/fast-uri#150- build(deps-dev): remove
@fastify/pre-commitby@Fdawgsin fastify/fast-uri#151- build(deps): bump actions/setup-node from 4 to 5 by
@dependabot[bot] in fastify/fast-uri#152- ci(ci): add concurrency config by
@Fdawgsin fastify/fast-uri#153- build(deps): bump actions/setup-node from 5 to 6 by
@dependabot[bot] in fastify/fast-uri#154- build(deps): bump actions/checkout from 5 to 6 by
@dependabot[bot] in fastify/fast-uri#156- chore(license): standardise license notice by
@Fdawgsin fastify/fast-uri#159- style: remove trailing whitespace by
@Fdawgsin fastify/fast-uri#161- ci: remove unused github files by
@Tony133in fastify/fast-uri#162- chore: update readme by
@Tony133in fastify/fast-uri#164- build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by
@dependabot[bot] in fastify/fast-uri#165- build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by
@dependabot[bot] in fastify/fast-uri#166- build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by
@dependabot[bot] in fastify/fast-uri#167- ci: add lock-threads workflow by
@Fdawgsin fastify/fast-uri#169New Contributors
@Tony133made their first contribution in fastify/fast-uri#162Full Changelog: https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1
v3.1.0
What's Changed
- ci: remove master branch support by
@Fdawgsin fastify/fast-uri#126- chore(test) remove .gitkeep by
@Fdawgsin fastify/fast-uri#128- ci(ci): set job permissions by
@Fdawgsin fastify/fast-uri#129- ci: set permissions at workflow level by
@Fdawgsin fastify/fast-uri#131- ci: set workflow permissions to read-only by default by
@Fdawgsin fastify/fast-uri#132- ci(ci): restore job level permissions by
@Fdawgsin fastify/fast-uri#133- build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by
@dependabot[bot] in fastify/fast-uri#134- ci(ci): pin actions to commit-hash by
@Fdawgsin fastify/fast-uri#135- ci: add node 24 to test matrix by
@Fdawgsin fastify/fast-uri#136
... (truncated)
Commits
919dd8eBumped v3.1.2c65ba57fixup: linting6c86c17Merge commit from forka95158aHandle malformed fragment decoding without throwing (#171)cea547cBumped v3.1.1876ce79Merge commit from forkdcdf690ci: add lock-threads workflow (#169)c860e65build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)9b4c6dcbuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)85d09a9build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Package Dependencies
Package:
fast-uri
Ecosystem:
npm
npm
Version Change:
3.0.6 → 3.1.2
Update Type:
Minor
Minor
Path:
/ui/apps/platform
Security Advisories
fast-uri vulnerable to path traversal via percent-encoded dot segments
GHSA-q3j6-qgpj-74h6
CVE-2026-6321
HIGH
### Impact
`fast-uri` v3.1.0 and earlier decodes percent-encoded path separators (`%2F`) and dot segments (`%2E`) before applying dot-segment removal in `normalize()` and `equal()`. This makes enc...
fast-uri vulnerable to host confusion via percent-encoded authority delimiters
GHSA-v39h-62p7-jpjc
CVE-2026-6322
HIGH
### Impact
`fast-uri` v3.1.1 and earlier decodes percent-encoded authority delimiters (`%40` as `@`, `%3A` as `:`) inside the host component and serializes them back as raw characters. This change...
Technical Details
| ID: | 15701704 |
| UUID: | 4409693040 |
| Node ID: | PR_kwDOGd6UEM7Zs-BE |
| Host: | GitHub |
| Repository: | stackrox/stackrox |