From 4b1b9fce49f7ce0afefc1b9c069024dc044672d6 Mon Sep 17 00:00:00 2001
From: Gerard <gerard@script.nl>
Date: Tue, 12 May 2026 15:35:00 +0200
Subject: [PATCH] chore(deps): bump fast-uri 3.1.0 -> 3.1.2 via npm audit fix

Resolves the CI npm audit gate failure currently blocking every dependabot
PR. The vulnerable version sits at a transitive depth:
  @stryker-mutator/core -> ajv -> fast-uri (dev-only)

Advisories addressed:
- GHSA-q3j6-qgpj-74h6  path traversal via percent-encoded dot segments
- GHSA-v39h-62p7-jpjc  host confusion via percent-encoded authority delimiters

Lockfile-only change; no package.json edits. Verified locally:
- npm audit            -> 0 vulnerabilities
- npm run format:check -> 532 files clean
- npm run lint         -> 0 warnings / 0 errors
- npm run build        -> 8 artifacts built

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a3e0418..9999283 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5565,9 +5565,9 @@
             }
         },
         "node_modules/fast-uri": {
-            "version": "3.1.0",
-            "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz",
-            "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==",
+            "version": "3.1.2",
+            "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz",
+            "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==",
             "dev": true,
             "funding": [
                 {