chore(deps): bump fast-uri from 3.1.0 to 3.1.2 in /preview#1460
chore(deps): bump fast-uri from 3.1.0 to 3.1.2 in /preview#1460dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.1.0 to 3.1.2. - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.1.0...v3.1.2) --- updated-dependencies: - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
Dependencies
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM, straightforward Dependabot patch bump for a dev-only transitive dependency in /preview.
Extended reasoning...
Overview
This PR bumps fast-uri from 3.1.0 to 3.1.2 in preview/package-lock.json. The change is limited to lockfile entries (version, resolved URL, and integrity hash) for a single transitive dev-dependency.
Security risks
None introduced by this PR — it is in fact a security update applying upstream advisory fixes (GHSA-v39h-62p7-jpjc and GHSA-q3j6-qgpj-74h6) related to URI fragment parsing. The package is dev-only and lives under /preview, so it is not shipped with the SDK to end users.
Level of scrutiny
Low. This is a mechanical lockfile-only patch-version bump generated by Dependabot, restricted to a preview/dev workspace, with no source code changes and no impact on the published SDK.
Other factors
The bug hunting system found no issues. No outstanding reviewer comments. Pattern matches several recent Dependabot patch bumps that have been merged in this repo.
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
1 participant
Bumps fast-uri from 3.1.0 to 3.1.2.
Release notes
Sourced from fast-uri's releases.
Commits
919dd8eBumped v3.1.2c65ba57fixup: linting6c86c17Merge commit from forka95158aHandle malformed fragment decoding without throwing (#171)cea547cBumped v3.1.1876ce79Merge commit from forkdcdf690ci: add lock-threads workflow (#169)c860e65build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)9b4c6dcbuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (#166)85d09a9build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.