Skip to content

Bump qs from 6.12.0 to 6.15.2 in /project-templates/node-json-vscode#231

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/project-templates/node-json-vscode/qs-6.14.2
Closed

Bump qs from 6.12.0 to 6.15.2 in /project-templates/node-json-vscode#231
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/project-templates/node-json-vscode/qs-6.14.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 14, 2026

Copy link
Copy Markdown
Contributor

Bumps qs from 6.12.0 to 6.15.2.

Changelog

Sourced from qs's changelog.

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

  • [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
  • [Deps] update @ljharb/eslint-config
  • [Dev Deps] update @ljharb/eslint-config, iconv-lite
  • [Tests] increase coverage

6.15.0

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
  • [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions

6.14.1

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

  • [New] parse: add throwOnParameterLimitExceeded option (#517)
  • [Refactor] parse: use utils.combine more
  • [patch] parse: add explicit throwOnLimitExceeded default
  • [actions] use shared action; re-add finishers
  • [meta] Fix changelog formatting bug
  • [Deps] update side-channel
  • [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

... (truncated)

Commits
  • 9aca407 v6.15.2
  • 5e33d33 [Dev Deps] update @ljharb/eslint-config
  • 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
  • a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
  • e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
  • 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
  • 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
  • 96755ab [readme] fix grammar
  • a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
  • 3f5e1c5 v6.15.1
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/project-templates/node-json-vscode/qs-6.14.2 branch from 46a3967 to 22e820b Compare February 19, 2026 12:23
@tortmayr

tortmayr commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [qs](https://github.com/ljharb/qs) from 6.12.0 to 6.15.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.12.0...v6.15.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump qs from 6.12.0 to 6.14.2 in /project-templates/node-json-vscode Bump qs from 6.12.0 to 6.15.2 in /project-templates/node-json-vscode Jun 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/project-templates/node-json-vscode/qs-6.14.2 branch from 22e820b to 59d9d50 Compare June 9, 2026 05:55
tortmayr added a commit that referenced this pull request Jun 9, 2026
Regenerate the affected yarn.lock files so all transitive/in-range
dependencies flagged by the open Dependabot PRs are bumped to their
patched (latest in-range) versions, and prune the duplicate/orphan
lock entries left behind by the partial consolidation in #262.

Updated packages (>= the version Dependabot requested):
- handlebars 4.7.9, yaml 2.9.0, flatted 3.4.2, diff 4.0.4/5.2.2,
  picomatch 2.3.2, multer 2.1.1, socket.io-parser 4.2.6,
  basic-ftp 5.3.1 (workflow / project-templates/*)
- dompurify 3.4.8, tar-fs 2.1.4 (node-json-theia)
- axios 1.17.0, qs 6.15.2, ajv 6.15.0, underscore 1.13.8,
  serialize-javascript 6.0.2, webpack 5.107.2 (node-json-vscode)
- ajv 6.15.0, socket.io-parser 4.2.6 (java-emf-theia)
- webpack 5.107.2 (java-emf-eclipse, node-json-theia)

Supersedes #220-#231, #234-#259. All five lockfiles verified with
`yarn install --frozen-lockfile`.
@tortmayr

tortmayr commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor Author

Looks like qs is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 9, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/project-templates/node-json-vscode/qs-6.14.2 branch June 9, 2026 08:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant