Skip to content

refactor: Bump qs from 6.15.0 to 6.15.3#3366

Merged
mtrezza merged 1 commit into
alphafrom
dependabot/npm_and_yarn/qs-6.15.2
Jul 13, 2026
Merged

refactor: Bump qs from 6.15.0 to 6.15.3#3366
mtrezza merged 1 commit into
alphafrom
dependabot/npm_and_yarn/qs-6.15.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor

Bumps qs from 6.15.0 to 6.15.3.

Changelog

Sourced from qs's changelog.

6.15.3

  • [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via combine/merge
  • [Fix] utils: respect encoding of surrogate pairs across chunks (#559)
  • [Robustness] parse: throw the arrayLimit error before splitting oversized comma values
  • [Robustness] utils.merge / utils.assign: avoid invoking __proto__ setter when copying own properties
  • [Robustness] utils: enforce arrayLimit consistently across merge's array paths
  • [Perf] utils: make compact O(n) via a side-channel visited-set instead of Array.indexOf
  • [Deps] update side-channel
  • [Dev Deps] update eslint, mock-property, tape
  • [Tests] parse: characterize current lenient handling of unbalanced bracket keys (#558)

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

  • [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
  • [Deps] update @ljharb/eslint-config
  • [Dev Deps] update @ljharb/eslint-config, iconv-lite
  • [Tests] increase coverage
Commits
  • 18d085e v6.15.3
  • c38af42 [Deps] update side-channel
  • adce539 [Dev Deps] update eslint, mock-property, tape
  • 74a0f6a [Robustness] utils: enforce arrayLimit consistently across merge's arra...
  • f4938f5 [Tests] parse: characterize current lenient handling of unbalanced bracket ...
  • 5d5f723 [Perf] utils: make compact O(n) via a side-channel visited-set instead of...
  • 52afe00 [Robustness] parse: throw the arrayLimit error before splitting oversized...
  • 963e538 [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via...
  • 59da434 [Fix] utils: respect encoding of surrogate pairs across chunks
  • 9532969 [Robustness] utils.merge / utils.assign: avoid invoking __proto__ sette...
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels May 22, 2026
@mtrezza

mtrezza commented Jul 13, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

@dependabot dependabot Bot changed the title refactor: Bump qs from 6.15.0 to 6.15.2 refactor: Bump qs from 6.15.0 to 6.15.3 Jul 13, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/qs-6.15.2 branch from a13f747 to 2ef76e6 Compare July 13, 2026 21:28
@mtrezza

mtrezza commented Jul 13, 2026

Copy link
Copy Markdown
Member

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

  • Ignore

❌ Failed checks (2 errors)

Check name Status Explanation Resolution
Engage In Review Feedback ❌ Error Only a single Dependabot lockfile bump is present; no follow-up commit or repo evidence shows discussion or response to review feedback before resolution. Engage the reviewer in the feedback thread, then either commit the requested change or obtain explicit retraction before marking it resolved.
Description check ❌ Error The description omits the required Issue, Approach, and Tasks sections from the template. Add the Issue and Approach sections, and include the Tasks checklist items from the template, even if some are not applicable.
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Security Check ✅ Passed PASS: package-lock only bumps qs/side-channel to 6.15.3/1.1.1; GitHub advisories show qs 6.15.3 is outside known vulnerable ranges.
Title check ✅ Passed The title clearly matches the dependency update and uses an allowed prefix.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/qs-6.15.2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@mtrezza

mtrezza commented Jul 13, 2026

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [qs](https://github.com/ljharb/qs) from 6.15.0 to 6.15.3.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.0...v6.15.3)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/qs-6.15.2 branch from 2ef76e6 to 1fb5375 Compare July 13, 2026 21:52
@mtrezza mtrezza merged commit dff103a into alpha Jul 13, 2026
11 checks passed
@mtrezza mtrezza deleted the dependabot/npm_and_yarn/qs-6.15.2 branch July 13, 2026 22:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant