chore: upgrade qs to ^6.15.2 to address CVE-2026-8723 (#1282)

brendan-kellam · claude · web-flow · commit db44f1b83357 · 2026-06-08T16:37:25.000-07:00
* chore: upgrade qs to ^6.15.2 to address CVE-2026-8723 Refreshed the yarn.lock entry for qs (transitive via gitbeaker, express, azure-devops-node-api, and the MCP SDK) so every instance resolves to 6.15.2, which patches CVE-2026-8723. No package.json change was needed; the existing ^6.14.2 resolution already admits the patched version. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Update changelog Removed upgrade entry for 'qs' from CHANGELOG. --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
diff --git a/yarn.lock b/yarn.lock
@@ -19549,11 +19549,11 @@ __metadata:
   linkType: hard
 
 "qs@npm:^6.14.2":
-  version: 6.15.0
-  resolution: "qs@npm:6.15.0"
+  version: 6.15.2
+  resolution: "qs@npm:6.15.2"
   dependencies:
     side-channel: "npm:^1.1.0"
-  checksum: 10c0/ff341078a78a991d8a48b4524d52949211447b4b1ad907f489cac0770cbc346a28e47304455c0320e5fb000f8762d64b03331e3b71865f663bf351bcba8cdb4b
+  checksum: 10c0/e6fd5f6f0aab06d480fe9ab15cebfc4ce4235303e2f91dc69a8f7f4df1e668a61c11d1cfbabacf4295cbbeb7b670ed23db45307480726259761f98e5695e93a7
   languageName: node
   linkType: hard
 
