Skip to content

chore(deps): update dependency qs to v6.14.1#1051

Open
mend-for-gitlite.zycloud.tk[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/qs-6.x-lockfile
Open

chore(deps): update dependency qs to v6.14.1#1051
mend-for-gitlite.zycloud.tk[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/qs-6.x-lockfile

Conversation

@mend-for-gitlite.zycloud.tk
Copy link
Copy Markdown
Contributor

@mend-for-gitlite.zycloud.tk mend-for-gitlite.zycloud.tk bot commented Feb 16, 2026

This PR contains the following updates:

Package Type Update Change
qs dependencies minor 6.12.16.14.1

By merging this PR, the issue #1049 will be automatically resolved and closed:

Severity CVSS Score Vulnerability
Low Low 3.7 CVE-2025-15284

Release Notes

ljharb/qs (qs)

v6.14.1

Compare Source

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

v6.14.0

Compare Source

  • [New] parse: add throwOnParameterLimitExceeded option (#​517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols
  • [Tests] increase coverage

v6.13.3

Compare Source

[Fix] fix regressions from robustness refactor
[actions] update reusable workflows

v6.13.2

Compare Source

  • [Robustness] avoid .push, use void
  • [readme] clarify parseArrays and arrayLimit documentation (#​543)
  • [readme] document that addQueryPrefix does not add ? to empty output (#​418)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [actions] fix rebase workflow permissions

v6.13.1

Compare Source

  • [Fix] stringify: avoid a crash when a filter key is null
  • [Fix] utils.merge: functions should not be stringified into keys
  • [Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset
  • [Fix] stringify: ensure a non-string filter does not crash
  • [Refactor] use __proto__ syntax instead of Object.create for null objects
  • [Refactor] misc cleanup
  • [Tests] utils.merge: add some coverage
  • [Tests] fix a test case
  • [actions] split out node 10-20, and 20+
  • [Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

v6.13.0

Compare Source

  • [New] parse: add strictDepth option (#​511)
  • [Tests] use npm audit instead of aud

v6.12.5

Compare Source

  • [Fix] fix regressions from robustness refactor
  • [actions] update reusable workflows

v6.12.4

Compare Source

  • [Robustness] avoid .push, use void
  • [readme] clarify parseArrays and arrayLimit documentation (#​543)
  • [readme] document that addQueryPrefix does not add ? to empty output (#​418)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [actions] fix rebase workflow permissions

v6.12.3

Compare Source

  • [Fix] parse: properly account for strictNullHandling when allowEmptyArrays
  • [meta] fix changelog indentation

v6.12.2

Compare Source

  • [Fix] parse: parse encoded square brackets (#​506)
  • [readme] add CII best practices badge
  • If you want to rebase/retry this PR, check this box

@mend-for-gitlite.zycloud.tk mend-for-gitlite.zycloud.tk bot added the security fix Security fix generated by Mend label Feb 16, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Feb 16, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.43%. Comparing base (9323555) to head (e63ebe6).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1051   +/-   ##
=======================================
  Coverage   85.43%   85.43%           
=======================================
  Files          60       60           
  Lines        2142     2142           
  Branches      545      562   +17     
=======================================
  Hits         1830     1830           
  Misses        291      291           
  Partials       21       21

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 16, 2026
edited
Loading

Changes Analysis

Commit SHA: e63ebe6
Comparing To SHA: b3dea31

API Changes

Summary

SUCCESS: No changes found between specifications

Report

The full API changes report is available at: https://github.com/opensearch-project/opensearch-api-specification/actions/runs/23578801678/artifacts/6116814525

API Coverage

Before After Δ
Covered (%) 666 (65.23 %) 666 (65.23 %) 0 (0 %)
Uncovered (%) 355 (34.77 %) 355 (34.77 %) 0 (0 %)
Unknown 149 149 0

@mend-for-gitlite.zycloud.tk mend-for-gitlite.zycloud.tk bot force-pushed the whitesource-remediate/qs-6.x-lockfile branch from 4e0f8eb to 9a579a2 Compare February 17, 2026 05:19
@mend-for-gitlite.zycloud.tk mend-for-gitlite.zycloud.tk bot force-pushed the whitesource-remediate/qs-6.x-lockfile branch 3 times, most recently from 6666e31 to 93737b1 Compare March 3, 2026 05:19
@mend-for-gitlite.zycloud.tk mend-for-gitlite.zycloud.tk bot force-pushed the whitesource-remediate/qs-6.x-lockfile branch 3 times, most recently from c1493de to 7464e3c Compare March 11, 2026 05:16
@mend-for-gitlite.zycloud.tk mend-for-gitlite.zycloud.tk bot force-pushed the whitesource-remediate/qs-6.x-lockfile branch 3 times, most recently from e50cf53 to 4c133a1 Compare March 18, 2026 05:35
@mend-for-gitlite.zycloud.tk mend-for-gitlite.zycloud.tk bot force-pushed the whitesource-remediate/qs-6.x-lockfile branch from 4c133a1 to e63ebe6 Compare March 26, 2026 05:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@harshavamsi harshavamsi Awaiting requested review from harshavamsi harshavamsi is a code owner

@sachetalva sachetalva Awaiting requested review from sachetalva sachetalva is a code owner

@Xtansia Xtansia Awaiting requested review from Xtansia Xtansia is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

@Tokesh Tokesh Awaiting requested review from Tokesh Tokesh is a code owner

@aabeshov aabeshov Awaiting requested review from aabeshov aabeshov is a code owner

@karenyrx karenyrx Awaiting requested review from karenyrx karenyrx is a code owner

@lucy66hw lucy66hw Awaiting requested review from lucy66hw lucy66hw is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants