[Security] Bump decode-uri-component from 0.2.0 to 0.2.2 in /assets (!194) · Merge requests · Up Learn / Admin Elf

Dependabot Zahir's Email requested to merge dependabot-npm_and_yarn-assets-decode-uri-component-0.2.2 into master Nov 20, 2023

Bumps decode-uri-component from 0.2.0 to 0.2.2. This update includes a security fix.

Vulnerabilities fixed

decode-uri-component vulnerable to Denial of Service (DoS) decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.

Patched versions: 0.2.1 Affected versions: < 0.2.1

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

Prevent overwriting previously decoded tokens 980e0bf

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

v0.2.1

Switch to GitHub workflows 76abc93

Fix issue where decode throws - fixes #6 746ca5d

Update license (#1) 486d7e2

Tidelift tasks a650457

Meta tweaks 66e1c28

https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

Commits

a0eea46 0.2.2
980e0bf Prevent overwriting previously decoded tokens
3c8a373 0.2.1
76abc93 Switch to GitHub workflows
746ca5d Fix issue where decode throws - fixes #6
486d7e2 Update license (#1)
a650457 Tidelift tasks
66e1c28 Meta tweaks
See full diff in compare view

[Security] Bump decode-uri-component from 0.2.0 to 0.2.2 in /assets

v0.2.2

v0.2.1

Merge request reports