Skip to content

chore(deps): update dependency qs to v6.15.0 (master)#44

Open
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/master-qs-6.x-lockfile
Open

chore(deps): update dependency qs to v6.15.0 (master)#44
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/master-qs-6.x-lockfile

Conversation

@mend-for-github-com
Copy link

@mend-for-github-com mend-for-github-com bot commented Feb 10, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
qs dependencies minor 6.14.06.15.0

This PR resolves the vulnerabilities described in Issue #41

Version 6.14.0
Risk Change Critical High Medium Low
N/A 0 0 0 2
Version 6.15.0
Risk Change Critical High Medium Low
-100% 0 (--) 0 (--) 0 (--) 0 (-2 )

Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.

Release Notes

ljharb/qs (qs)

v6.15.0

Compare Source

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#​425, #​122)
  • [Fix] duplicates option should not apply to bracket notation keys (#​514)

v6.14.2

Compare Source

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#​546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#​529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#​545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#​418)
  • [readme] clarify parseArrays and arrayLimit documentation (#​543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions

v6.14.1

Compare Source

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Feb 10, 2026
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/master-qs-6.x-lockfile branch 2 times, most recently from 92c483a to 0138782 Compare February 11, 2026 03:05
@mend-for-github-com mend-for-github-com bot changed the title chore(deps): update dependency qs to v6.14.1 (master) chore(deps): update dependency qs to v6.14.2 (master) Feb 12, 2026
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/master-qs-6.x-lockfile branch from 0138782 to 8bf3551 Compare February 12, 2026 14:31
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/master-qs-6.x-lockfile branch from 8bf3551 to cc69ab6 Compare March 15, 2026 06:47
@mend-for-github-com mend-for-github-com bot changed the title chore(deps): update dependency qs to v6.14.2 (master) chore(deps): update dependency qs to v6.15.0 (master) Mar 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants