[Snyk] Upgrade: , , , , , ajv, , ws, zeromq

[Mhmonicox]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@grpc/grpc-js
from 1.3.7 to 1.11.1 | 89 versions ahead of your current version | 2 months ago
on 2024-07-16
@dashevo/grpc-common
from 0.5.4 to 0.25.22 | 185 versions ahead of your current version | 8 months ago
on 2024-01-19
@dashevo/dapi-grpc
from 0.21.0 to 0.25.22 | 186 versions ahead of your current version | 8 months ago
on 2024-01-19
@dashevo/dashcore-lib
from 0.19.26 to 0.21.3 | 33 versions ahead of your current version | 2 months ago
on 2024-07-19
@dashevo/dashd-rpc
from 2.3.0 to 2.4.2 | 5 versions ahead of your current version | 2 years ago
on 2022-09-16
ajv
from 8.6.3 to 8.17.1 | 16 versions ahead of your current version | 2 months ago
on 2024-07-12
@dashevo/dpp
from 0.21.0 to 0.25.8 | 155 versions ahead of your current version | a year ago
on 2023-10-20
ws
from 7.5.5 to 7.5.10 | 5 versions ahead of your current version | 3 months ago
on 2024-06-16
zeromq
from 5.2.0 to 5.3.1 | 10 versions ahead of your current version | 2 years ago
on 2022-11-16

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	696	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	696	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	696	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	696	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	696	Proof of Concept
	Prototype Pollution SNYK-JS-LODASHSET-1320032	696	Proof of Concept
	Information Exposure SNYK-JS-SIMPLEGET-2361683	696	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	696	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	696	Proof of Concept

Release notes

Package name: @grpc/grpc-js

• 1.11.1 - 2024-07-16
  
  • Fixed an issue where building from source would sometimes fail (#304)
  • Added NodeJS 10 pre-built binaries (#302)
  • Added Electron 2 pre-built binaries (#291)
  • Added TypeScript type definitions for APIs added in v1.11.x (#306)
• 1.11.0 - 2024-07-15
  

  @ grpc/proto-loader v0.1.0

  This is a new library for loading .proto files for use with gRPC using the latest version of Protobuf.js. The output of this package is intended to be loaded using the new loadPackageDefinition function in the grpc library.

  @ grpc/grpc-js v0.1.0

  This is the first alpha release of the new pure JavaScript implementation of gRPC. It implements the same API as the existing grpc library. Currently only the client is implemented, with the following functionality:

  • loadPackageDefinition
  • Unary and streaming calls
  • Cancellation
  • Deadlines
  • Metadata
  • Basic automatic reconnection logic
  • Channel and call credentials

  grpc v1.11.0

  Node changes:

  • Add client interceptors API (#59 contributed by @ drobertduke)
  • Add loadPackageDefintion function (#196)
  • Publish ARM64 binaries (#200)
  • Improve function type test in a client method (#204 contributed by @ arcana261)
  • Add details to UNIMPLEMENTED response status (#207 contributed by @ theogravity)
  • Add error handling for missing files when calling grpc.load (#228 contributed by @ cblair)
  • Fix error message in grpc.loadObject when failing to detect Protobuf.js version (#253 contributed by @ kellycampbell)
  • Remove -zdefs flag from binding.gyp to enable building on FreeBSD (#266)
• 1.10.11 - 2024-07-10
• 1.10.10 - 2024-06-24
• 1.10.9 - 2024-06-10
• 1.10.8 - 2024-05-15
• 1.10.7 - 2024-05-01
• 1.10.6 - 2024-04-03
• 1.10.5 - 2024-04-01
• 1.10.4 - 2024-03-26
• 1.10.3 - 2024-03-15
• 1.10.2 - 2024-03-11
• 1.10.1 - 2024-02-15
  

  Node changes:

  • Update dependency on node-pre-gyp to version 0.7.0 (#245)

  C core changes:

  • Decrease number of pings sent by clients (grpc/grpc#14804)
  • Fix memory leak caused by flow control bug (grpc/grpc#14828)
• 1.10.0 - 2024-02-06
  

  C Core Changes

  • Fix memory leaks in max_age_filter (grpc/grpc#14501) and http_proxy (grpc/grpc#14137)
  • Added re-resolution into grpclb policy (grpc/grpc#14438)
  • Update BoringSSL submodule (grpc/grpc#13948)
  • Make RR re-resolve when any of its subchannels fail (grpc/grpc#14170)
  • DNS resolver caches results, allowing it to be hit arbitrarily often. Resolution frequency is controlled via channel arg "grpc.dns_min_time_between_resolutions_ms". (grpc/grpc#14228)
• 1.9.15 - 2024-06-10
• 1.9.14 - 2024-01-16
• 1.9.13 - 2023-12-12
• 1.9.12 - 2023-11-27
• 1.9.11 - 2023-11-16
• 1.9.10 - 2023-11-14
• 1.9.9 - 2023-10-30
• 1.9.8 - 2023-10-27
• 1.9.7 - 2023-10-19
• 1.9.6 - 2023-10-17
• 1.9.5 - 2023-10-02
• 1.9.4 - 2023-09-26
• 1.9.3 - 2023-09-13
• 1.9.2 - 2023-08-31
• 1.9.1 - 2023-08-22
  
  • Fix usage of Protobuf.js Message type in TypeScript type definitions file (#177)
  • Fix handling of undefined values for optional call arguments (#179)
• 1.9.0 - 2023-08-01
  
  • Further improve the error output when failing to load an installed precompiled binary (#175)
  • Fix type definition documentation for KeyCertPair (#171)
  • Fix server segfault on invalid HTTP/2 (grpc/grpc#14199)
  • LB policies request re-resolution without shutting down (grpc/grpc#12829)
  • On server, include receiving HTTP/2 settings in handshake timeout (grpc/grpc#13336)
  • Fix max connection idleness crash (grpc/grpc#14122)
  • Report metadata plugin auth errors with an UNAVAILABLE status instead of UNAUTHENTICATED (grpc/grpc#13363).
• 1.8.22 - 2024-06-10
• 1.8.21 - 2023-07-28
• 1.8.20 - 2023-07-25
• 1.8.19 - 2023-07-24
• 1.8.18 - 2023-07-13
• 1.8.17 - 2023-06-27
• 1.8.16 - 2023-06-20
• 1.8.15 - 2023-06-05
• 1.8.14 - 2023-04-12
• 1.8.13 - 2023-03-23
• 1.8.12 - 2023-03-07
• 1.8.11 - 2023-02-24
• 1.8.10 - 2023-02-22
• 1.8.9 - 2023-02-15
• 1.8.8 - 2023-02-08
• 1.8.7 - 2023-01-25
• 1.8.6 - 2023-01-25
• 1.8.5 - 2023-01-23
• 1.8.4 - 2023-01-12
  
  • Add error code name and number to status Error objects for easier debugging. The status details string is now available in the Error object's details field. (#126)
  • Made a build process change that may fix some installation errors
  • Add more informative error for a missing callback to the Server#tryShutdown method (#143)
  • Removed extraneous files from published package
  • Mark some network errors with an UNAVAILABLE status (grpc/grpc#13917)
  • Fix HTTP/2 PING issues (grpc/grpc#13950)
• 1.8.3 - 2023-01-11
• 1.8.2 - 2023-01-09
• 1.8.1 - 2023-01-03
• 1.8.0 - 2022-12-07
  
  • Publish precompiled binaries for Alpine Linux
  • Improve the error output when failing to load an installed precompiled binary (#106).
• 1.7.3 - 2022-10-21
  
  • Pick up a security bug fix from gRPC core (grpc/grpc#13642).
• 1.7.2 - 2022-10-14
  
  • Separate precompiled binaries for glibc and musl libc (#82, courtesy of @ bkw)
    • Precompiled binaries are not yet distributed for musl libc. Installations on Alpine Linux will result in compiling the binary locally.
  • Remove incorrect assertion (#92)
• 1.7.1 - 2022-09-21
• 1.7.0 - 2022-09-08
• 1.6.12 - 2022-08-31
• 1.6.11 - 2022-08-29
• 1.6.10 - 2022-08-15
• 1.6.9 - 2022-08-09
• 1.6.8 - 2022-07-21
• 1.6.7 - 2022-04-20
• 1.6.6 - 2022-04-18
• 1.6.5 - 2022-04-15
• 1.6.4 - 2022-04-14
• 1.6.3 - 2022-04-11
• 1.6.2 - 2022-04-04
• 1.6.1 - 2022-04-01
• 1.6.0 - 2022-03-31
• 1.5.10 - 2022-03-24
• 1.5.9 - 2022-03-16
• 1.5.8 - 2022-03-14
• 1.5.7 - 2022-02-24
• 1.5.6 - 2022-02-23
• 1.5.5 - 2022-02-10
• 1.5.4 - 2022-01-31
• 1.5.3 - 2022-01-20
• 1.5.2 - 2022-01-19
• 1.5.1 - 2022-01-14
• 1.5.0 - 2022-01-06
• 1.4.6 - 2022-01-04
• 1.4.5 - 2021-12-16
• 1.4.4 - 2021-11-08
• 1.4.3 - 2021-11-05
• 1.4.2 - 2021-10-26
• 1.4.1 - 2021-10-13
• 1.4.0 - 2021-10-13
• 1.3.8 - 2021-10-12
• 1.3.7 - 2021-08-09

from @grpc/grpc-js GitHub release notes

Package name: @dashevo/dapi-grpc

• 0.25.22 - 2024-01-19
• 0.25.21 - 2023-12-28
• 0.25.20 - 2023-12-21
• 0.25.19 - 2023-12-19
• 0.25.18 - 2023-12-12
• 0.25.17 - 2023-12-11
• 0.25.16 - 2023-12-11
• 0.25.16-rc.6 - 2023-12-07
• 0.25.16-rc.5 - 2023-11-29
• 0.25.16-rc.4 - 2023-11-24
• 0.25.16-rc.3 - 2023-11-23
• 0.25.16-rc.2 - 2023-11-22
• 0.25.16-rc.1 - 2023-11-21
• 0.25.16-pr.1574.2 - 2023-11-18
• 0.25.16-pr.1562.13 - 2023-11-17
• 0.25.16-pr.1562.12 - 2023-11-17
• 0.25.16-pr.1562.7 - 2023-11-16
• 0.25.16-pr.1562.6 - 2023-11-16
• 0.25.16-pr.1562.5 - 2023-11-16
• 0.25.16-pr.1562.4 - 2023-11-16
• 0.25.16-pr.1562.3 - 2023-11-16
• 0.25.16-pr.1562.2 - 2023-11-16
• 0.25.16-pr.1562.1 - 2023-11-16
• 0.25.15 - 2023-11-14
• 0.25.13 - 2023-11-05
• 0.25.12 - 2023-11-03
• 0.25.11 - 2023-11-02
• 0.25.10 - 2023-11-02
• 0.25.9 - 2023-11-02
• 0.25.8 - 2023-10-20
• 0.25.6 - 2023-10-18
• 0.25.5 - 2023-10-17
• 0.25.4 - 2023-10-16
• 0.25.3 - 2023-10-12
• 0.25.2 - 2023-10-11
• 0.25.1 - 2023-10-11
• 0.25.0 - 2023-10-10
• 0.25.0-pr.1545.2 - 2023-11-08
• 0.25.0-dev.33 - 2023-10-05
• 0.25.0-dev.32 - 2023-09-29
• 0.25.0-dev.31 - 2023-09-28
• 0.25.0-dev.30 - 2023-09-28
• 0.25.0-dev.29 - 2023-09-23
• 0.25.0-dev.28 - 2023-09-19
• 0.25.0-dev.27 - 2023-09-18
• 0.25.0-dev.26 - 2023-09-16
• 0.25.0-dev.25 - 2023-09-15
• 0.25.0-dev.24 - 2023-09-15
• 0.25.0-dev.23 - 2023-09-11
• 0.25.0-dev.22 - 2023-09-08
• 0.25.0-dev.21 - 2023-09-07
• 0.25.0-dev.20 - 2023-09-06
• 0.25.0-dev.19 - 2023-09-06
• 0.25.0-dev.18 - 2023-09-04
• 0.25.0-dev.17 - 2023-08-31
• 0.25.0-dev.16 - 2023-08-15
• 0.25.0-dev.15 - 2023-05-30
• 0.25.0-dev.14 - 2023-05-29
• 0.25.0-dev.13 - 2023-05-18
• 0.25.0-dev.12 - 2023-05-09
• 0.25.0-dev.11 - 2023-05-08
• 0.25.0-dev.10 - 2023-05-08
• 0.25.0-dev.9 - 2023-05-03
• 0.25.0-dev.8 - 2023-05-03
• 0.25.0-dev.7 - 2023-05-02
• 0.25.0-dev.6 - 2023-05-02
• 0.25.0-dev.5 - 2023-05-02
• 0.25.0-dev.4 - 2023-05-01
• 0.25.0-dev.2 - 2023-05-01
• 0.25.0-dev.1 - 2023-05-01
• 0.24.23 - 2023-08-18
• 0.24.21 - 2023-08-10
• 0.24.20 - 2023-08-07
• 0.24.19 - 2023-07-28
• 0.24.18 - 2023-07-26
• 0.24.17 - 2023-07-26
• 0.24.16 - 2023-07-25
• 0.24.15 - 2023-07-10
• 0.24.14 - 2023-07-05
• 0.24.13 - 2023-06-29
• 0.24.12 - 2023-06-28
• 0.24.11 - 2023-06-23
• 0.24.10 - 2023-06-23
• 0.24.9 - 2023-06-22
• 0.24.8 - 2023-06-21
• 0.24.7 - 2023-06-21
• 0.24.6 - 2023-06-19
• 0.24.5 - 2023-05-22
• 0.24.4 - 2023-05-18
• 0.24.3 - 2023-05-16
• 0.24.2 - 2023-05-16
• 0.24.1 - 2023-05-15
• 0.24.0 - 2023-05-11
• 0.24.0-dev.34 - 2023-05-08
• 0.24.0-dev.33 - 2023-05-05
• 0.24.0-dev.32 - 2023-05-04
• 0.24.0-dev.31 - 2023-05-01
• 0.24.0-dev.30 - 2023-04-30
• 0.24.0-dev.29 - 2023-04-29
• 0.24.0-dev.28 - 2023-04-28
• 0.24.0-dev.27 - 2023-04-28
• 0.24.0-dev.26 - 2023-04-27
• 0.24.0-dev.25 - 2023-04-26
• 0.24.0-dev.24 - 2023-04-24
• 0.24.0-dev.23 - 2023-04-20
• 0.24.0-dev.22 - 2023-04-20
• 0.24.0-dev.21 - 2023-04-19
• 0.24.0-dev.20 - 2023-04-19
• 0.24.0-dev.19 - 2023-04-17
• 0.24.0-dev.18 - 2023-04-14
• 0.24.0-dev.17 - 2023-04-04
• 0.24.0-dev.16 - 2023-03-22
• 0.24.0-dev.15 - 2023-03-21
• 0.24.0-dev.14 - 2023-03-20
• 0.24.0-dev.13 - 2023-01-30
• 0.24.0-dev.12 - 2023-01-11
• 0.24.0-dev.11 - 2022-12-20
• 0.24.0-dev.10 - 2022-12-15
• 0.24.0-dev.6 - 2022-10-26
• 0.24.0-dev.5 - 2022-10-26
• 0.24.0-dev.3 - 2022-10-20
• 0.24.0-dev.2 - 2022-10-13
• 0.24.0-dev.1 - 2022-10-07
• 0.23.2 - 2023-01-20
• 0.23.1 - 2023-01-13
• 0.23.0 - 2022-12-05
• 0.23.0-dev.10 - 2022-09-27
• 0.23.0-dev.9 - 2022-09-05
• 0.23.0-dev.8 - 2022-08-22
• 0.23.0-dev.7 - 2022-08-18
• 0.23.0-dev.6 - 2022-08-12
• 0.23.0-dev.5 - 2022-08-05
• 0.23.0-dev.4 - 2022-07-12
• 0.23.0-dev.3 - 2022-06-30
• 0.23.0-dev.2 - 2022-05-20
• 0.23.0-dev.1 - 2022-04-08
• 0.23.0-alpha.9 - 2022-11-21
• 0.23.0-alpha.8 - 2022-11-04
• 0.23.0-alpha.7 - 2022-10-18
• 0.23.0-alpha.6 - 2022-10-12
• 0.23.0-alpha.4 - 2022-10-11
• 0.23.0-alpha.3 - 2022-10-10
• 0.23.0-alpha.2 - 2022-10-07
• 0.23.0-alpha.1 - 2022-09-30
• 0.22.16 - 2022-09-09
• 0.22.15 - 2022-08-31
• 0.22.14 - 2022-08-29
• 0.22.13 - 2022-06-17
• 0.22.12 - 2022-06-07
• 0.22.11 - 2022-05-31
• 0.22.10 - 2022-05-26
• 0.22.9 - 2022-05-24
• 0.22.8 - 2022-05-23
• 0.22.8-pr.405.2 - 2022-05-23
• 0.22.8-pr.405.1 - 2022-05-23
• 0.22.8-pr.405 - 2022-05-23
• 0.22.7 - 2022-05-02
• 0.22.6 - 2022-05-02
• 0.22.5 - 2022-04-29
• 0.22.4 - 2022-04-29
• 0.22.3 - 2022-04-27
• 0.22.2 - 2022-04-21
• 0.22.1 - 2022-03-25
• 0.22.0 - 2022-03-21
• 0.22.0-dev.16 - 2022-03-18
• 0.22.0-dev.15 - 2022-03-11
• 0.22.0-dev.14 - 2022-03-10
• 0.22.0-dev.13 - 2022-03-09
• 0.22.0-dev.12 - 2022-03-08
• 0.22.0-dev.11 - 2022-03-08
• 0.22.0-dev.10 - 2022-03-07
• 0.22.0-dev.9 - 2022-03-04
• 0.22.0-dev.8 - 2022-03-02
• 0.22.0-dev.7.alpha.2 - 2022-02-18
• 0.22.0-dev.7.alpha.1 - 2022-02-18
• 0.22.0-dev.7 - 2022-01-21
• 0.22.0-dev.6 - 2022-01-11
• 0.22.0-dev.5 - 2022-01-07
• 0.22.0-dev.4 - 2021-12-24
• 0.22.0-dev.3 - 2021-12-22
• 0.21.8 - 2022-02-15
• 0.21.7 - 2022-01-17
• 0.21.6 - 2021-12-14
• 0.21.5 - 2021-11-25
• 0.21.4 - 2021-11-23
• 0.21.1 - 2021-11-02
  

  Bug Fixes

  • cannot read properties of undefined (reading 'MethodInfo') (#152)
• 0.21.0 - 2021-10-12
  

  Features

  • support returning of a multiproof (#127)
  • implement getConsensusParams method (#126, #130, #132, #134)

  Bug Fixes

  • height type was uint32 instead of int64 (#123)

  BREAKING CHANGES

  • getStoreTreeProof now returns StoreTreeProof message instead of Buffer

from @dashevo/dapi-grpc GitHub release notes

Package name: @dashevo/dashcore-lib

• 0.21.3 - 2024-07-19
  

  What's Changed

  • fix: unknown empty service IP by @ shumkov in #299

  Full Changelog: v0.21.2...v0.21.3

• 0.21.2 - 2024-07-05
  

  What's Changed

  • fix: mn entry version deserialisation by @ shumkov in #297

  Full Changelog: v0.21.1...v0.21.2

• 0.21.1 - 2024-01-31
  

  What's Changed

  • feat: asset unlock transaction payload by @ markin-io

  Full Changelog: v0.21.0...v0.20.1

• 0.21.0 - 2023-10-30
  

  What's Changed

  • fix: instant lock version higher than 1 is not supported by @ shumkov in #291
  • fix!: invalid outpoint buffer by @ shumkov in #292

  Full Changelog: v0.20.10...v0.20.11

• 0.20.10 - 2023-10-19
  

  What's Changed

  • feat: asset lock special transaction by @ markin-io in #288

  Full Changelog: v0.20.9...v0.20.10

• 0.20.9 - 2023-06-22
  

  What's Changed

  • feat(sml): version is mandatory for SML entry by @ shumkov in #289

  Full Changelog: v0.20.8...v0.20.9

• 0.20.8 - 2023-06-08
  

  What's Changed

  • fix: missing internal types for transaction and block by @ markin-io in #286

  Full Changelog: v0.20.7...v0.20.8

• 0.20.7 - 2023-06-06
  

  What's Changed

  • fix: typescript definitions by @ markin-io in #284

  Full Changelog: v0.20.6...v0.20.7

• 0.20.6 - 2023-05-05
  

  What's Changed

  • feat: update coinbase payload accroding to changes in Core v20 by @ jawid-h in #282
  • chore(release): bump version to 0.20.6 by @ jawid-h in #283

  Full Changelog: v0.20.5...v0.20.6

• 0.20.5 - 2023-05-03
  

  What's Changed

  • fix: wrong rotated quorum type by @ shuplenkov in #280
  • chore(release): bump version to 0.20.5 by @ shuplenkov in #281

  Full Changelog: v0.20.4...v0.20.5

• 0.20.4 - 2023-05-01
• 0.20.3 - 2023-04-18
• 0.20.2 - 2023-04-17
• 0.20.1 - 2023-03-25
• 0.20.0 - 2023-03-20
• 0.19.44 - 2022-09-22
• 0.19.43 - 2022-09-20
• 0.19.42 - 2022-09-18
• 0.19.41 - 2022-08-22
• 0.19.40 - 2022-06-28
• 0.19.39 - 2022-06-17
• 0.19.38 - 2022-05-25
• 0.19.37 - 2022-05-24
• 0.19.36 - 2022-05-17
• 0.19.35 - 2022-05-02
• 0.19.34 - 2022-05-02
• 0.19.33 - 2022-04-29
• 0.19.32 - 2022-04-29
• 0.19.31 - 2022-04-21
• 0.19.30 - 2022-02-04
• 0.19.29 - 2022-01-14
• 0.19.28 - 2021-11-24
• 0.19.27 - 2021-11-22
• 0.19.26 - 2021-09-16

from @dashevo/dashcore-lib GitHub release notes

Package name: @dashevo/dashd-rpc

• 2.4.2 - 2022-09-16
  

  What's Changed

  • feat: add sporkupdate command #48

  Full Changelog: v2.4.1...v2.4.2

• 2.4.1 - 2022-07-06
  

  What's Changed

  • fix: сallback was already called by @ strophy in #46

  Full Changelog: v2.4.0...v2.4.1

• 2.4.0 - 2022-06-30
  

  What's Changed

  • feat: introduce timeout by @ strophy in #45

  Full Changelog: v2.3.2...v2.4.0

• 2.3.2 - 2022-01-13
  
  • added getBlockStats method
  • add handling of mixed type int_str
• 2.3.1 - 2021-09-26
  No content.
• 2.3.0 - 2021-04-28
  No content.

from @dashevo/dashd-rpc GitHub release notes

Package name: ajv

• 8.17.1 - 2024-07-12
  

  What's Changed

  • bump version to 8.17.1 by @ jasoniangreen in #2472

  Full Changelog: v8.17.0...v8.17.1

  Plus everything in 8.17.0 which failed to release

  The only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.

  Revert "Revert fast-uri change (#2444)" by @ gurgunday in #2448
  fix: ignore new eslint error for @ typescript-eslint/no-extraneous-class by @ jasoniangreen in #2455
  docs: clarify behaviour of addVocabulary by @ jasoniangreen in #2454
  docs: refactor to improve legibility by @ blottn in #2432
  Fix grammatical typo in managing-schemas.md by @ wetneb in #2305
  docs: Fix broken strict-mode link by @ alexanderjsx in #2459
  feat: add test for encoded refs and bump fast-uri by @ jasoniangreen in