Affected versions of decamelize package are vulnerable to Regular Expression Denial of Service (ReDoS). The seperators are not escaped and may allow an attacker to send seperators like |, which will cause the regex parser to hang for long periods of time. Upstream bug: https://github.com/sindresorhus/decamelize/issues/5 Upstream patch: https://github.com/sindresorhus/decamelize/commit/76d47d8de360afb574da2e34db87430ce11094e0