Skip to content

chore(deps): Bump qs from 6.15.2 to 6.15.3#2827

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/qs-6.15.3
Open

chore(deps): Bump qs from 6.15.2 to 6.15.3#2827
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/qs-6.15.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps qs from 6.15.2 to 6.15.3.

Changelog

Sourced from qs's changelog.

6.15.3

  • [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via combine/merge
  • [Fix] utils: respect encoding of surrogate pairs across chunks (#559)
  • [Robustness] parse: throw the arrayLimit error before splitting oversized comma values
  • [Robustness] utils.merge / utils.assign: avoid invoking __proto__ setter when copying own properties
  • [Robustness] utils: enforce arrayLimit consistently across merge's array paths
  • [Perf] utils: make compact O(n) via a side-channel visited-set instead of Array.indexOf
  • [Deps] update side-channel
  • [Dev Deps] update eslint, mock-property, tape
  • [Tests] parse: characterize current lenient handling of unbalanced bracket keys (#558)
Commits
  • 18d085e v6.15.3
  • c38af42 [Deps] update side-channel
  • adce539 [Dev Deps] update eslint, mock-property, tape
  • 74a0f6a [Robustness] utils: enforce arrayLimit consistently across merge's arra...
  • f4938f5 [Tests] parse: characterize current lenient handling of unbalanced bracket ...
  • 5d5f723 [Perf] utils: make compact O(n) via a side-channel visited-set instead of...
  • 52afe00 [Robustness] parse: throw the arrayLimit error before splitting oversized...
  • 963e538 [Fix] parse: enforce throwOnLimitExceeded for cumulative array growth via...
  • 59da434 [Fix] utils: respect encoding of surrogate pairs across chunks
  • 9532969 [Robustness] utils.merge / utils.assign: avoid invoking __proto__ sette...
  • See full diff in compare view

@dependabot dependabot Bot added dependencies One or more dependencies are being bumped javascript Pull requests that update Javascript code labels Jun 29, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 29, 2026 08:43
@dependabot dependabot Bot added dependencies One or more dependencies are being bumped javascript Pull requests that update Javascript code labels Jun 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/qs-6.15.3 branch 3 times, most recently from af1619c to 4716ee1 Compare June 30, 2026 05:53
@dependabot
chore(deps): Bump qs from 6.15.2 to 6.15.3
4f25801 
Bumps [qs](https://github.com/ljharb/qs) from 6.15.2 to 6.15.3.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.2...v6.15.3)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/qs-6.15.3 branch from 4716ee1 to 4f25801 Compare June 30, 2026 07:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies One or more dependencies are being bumped javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants