chore: upgrade qs to ^6.15.2 to address CVE-2026-8723

brendan-kellam · claude · brendan-kellam · commit 3eadce9a3441 · 2026-06-04T17:53:23.000-07:00
Refreshed the yarn.lock entry for qs (transitive via gitbeaker, express, azure-devops-node-api, and the MCP SDK) so every instance resolves to 6.15.2, which patches CVE-2026-8723. No package.json change was needed; the existing ^6.14.2 resolution already admits the patched version. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 - Upgraded `protobufjs` to `^7.6.2`. [#1281](https://github.com/sourcebot-dev/sourcebot/pull/1281)
+- Upgraded `qs` to `^6.15.2`. [#PR](https://github.com/sourcebot-dev/sourcebot/pull/PR)
 
 ## [5.0.1] - 2026-06-04
 
diff --git a/yarn.lock b/yarn.lock
@@ -19549,11 +19549,11 @@ __metadata:
   linkType: hard
 
 "qs@npm:^6.14.2":
-  version: 6.15.0
-  resolution: "qs@npm:6.15.0"
+  version: 6.15.2
+  resolution: "qs@npm:6.15.2"
   dependencies:
     side-channel: "npm:^1.1.0"
-  checksum: 10c0/ff341078a78a991d8a48b4524d52949211447b4b1ad907f489cac0770cbc346a28e47304455c0320e5fb000f8762d64b03331e3b71865f663bf351bcba8cdb4b
+  checksum: 10c0/e6fd5f6f0aab06d480fe9ab15cebfc4ce4235303e2f91dc69a8f7f4df1e668a61c11d1cfbabacf4295cbbeb7b670ed23db45307480726259761f98e5695e93a7
   languageName: node
   linkType: hard
 
