From dfc8f1b344862c23a4437f05aebc084f93c2fc6b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 4 Jun 2026 06:00:03 +0000
Subject: [PATCH 1/2] Bump fast-uri to 3.1.2 to fix path traversal
 (GHSA-q3j6-qgpj-74h6)

Co-authored-by: mikeharder <9459391+mikeharder@users.noreply.github.com>
---
 eng/common/tsp-client/package-lock.json | 6 +++---
 eng/common/tsp-client/package.json      | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/eng/common/tsp-client/package-lock.json b/eng/common/tsp-client/package-lock.json
index ee4c242e2..d5d146f8a 100644
--- a/eng/common/tsp-client/package-lock.json
+++ b/eng/common/tsp-client/package-lock.json
@@ -1241,9 +1241,9 @@
       }
     },
     "node_modules/fast-uri": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz",
-      "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==",
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz",
+      "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==",
       "funding": [
         {
           "type": "github",
diff --git a/eng/common/tsp-client/package.json b/eng/common/tsp-client/package.json
index 5e79f394a..31bd175d2 100644
--- a/eng/common/tsp-client/package.json
+++ b/eng/common/tsp-client/package.json
@@ -2,6 +2,9 @@
   "dependencies": {
     "@azure-tools/typespec-client-generator-cli": "0.32.1"
   },
+  "overrides": {
+    "fast-uri": "3.1.2"
+  },
   "engines": {
     "node": ">=20.19.0"
   }

From bea87f337c8b1cb5689e0c5cf8f78a9468570c1e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 4 Jun 2026 06:25:33 +0000
Subject: [PATCH 2/2] Revert package.json override; bump fast-uri directly in
 package-lock.json

Co-authored-by: mikeharder <9459391+mikeharder@users.noreply.github.com>
---
 eng/common/tsp-client/package.json | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/eng/common/tsp-client/package.json b/eng/common/tsp-client/package.json
index 31bd175d2..5e79f394a 100644
--- a/eng/common/tsp-client/package.json
+++ b/eng/common/tsp-client/package.json
@@ -2,9 +2,6 @@
   "dependencies": {
     "@azure-tools/typespec-client-generator-cli": "0.32.1"
   },
-  "overrides": {
-    "fast-uri": "3.1.2"
-  },
   "engines": {
     "node": ">=20.19.0"
   }