From 980e0bf09b64d94f1aa79012f895816c30ffd152 Mon Sep 17 00:00:00 2001
From: Sam Verschueren <sam.verschueren@gmail.com>
Date: Thu, 1 Dec 2022 19:18:04 +0100
Subject: [PATCH 1/2] Prevent overwriting previously decoded tokens

---
 index.js | 2 +-
 test.js  | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/index.js b/index.js
index d33e06e..24e7db0 100644
--- a/index.js
+++ b/index.js
@@ -1,6 +1,6 @@
 'use strict';
 var token = '%[a-f0-9]{2}';
-var singleMatcher = new RegExp(token, 'gi');
+var singleMatcher = new RegExp('(' + token + ')|([^%]+?)', 'gi');
 var multiMatcher = new RegExp('(' + token + ')+', 'gi');
 
 function decodeComponents(components, split) {
diff --git a/test.js b/test.js
index c083cc6..86fabd5 100644
--- a/test.js
+++ b/test.js
@@ -33,9 +33,9 @@ const tests = {
 	'%C2%B5': 'µ',
 	'%C2%B5%': 'µ%',
 	'%%C2%B5%': '%µ%',
-
-	// This should actually return `%ea%baZ%ba`, but fixes a DOS attack for now
-	'%ea%ba%5a%ba': '꺺'
+	'%ea%ba%5a%ba': '%ea%baZ%ba',
+	'%C3%5A%A5': '%C3Z%A5',
+	'%C3%5A%A5%AB': '%C3Z%A5%AB'
 };
 
 function macro(t, input, expected) {

From a0eea469d26eb0df668b081672cdb9581feb78eb Mon Sep 17 00:00:00 2001
From: Sam Verschueren <sam.verschueren@gmail.com>
Date: Thu, 1 Dec 2022 19:22:43 +0100
Subject: [PATCH 2/2] 0.2.2

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 1666841..e232823 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "decode-uri-component",
-	"version": "0.2.1",
+	"version": "0.2.2",
 	"description": "A better decodeURIComponent",
 	"license": "MIT",
 	"repository": "SamVerschueren/decode-uri-component",