Skip to content

Bump qs from 6.15.0 to 6.15.2#153

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/qs-6.15.2
Open

Bump qs from 6.15.0 to 6.15.2#153
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/qs-6.15.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 23, 2026
edited
Loading

Copy link
Copy Markdown

Bumps qs from 6.15.0 to 6.15.2.

Changelog

Sourced from qs's changelog.

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

  • [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
  • [Deps] update @ljharb/eslint-config
  • [Dev Deps] update @ljharb/eslint-config, iconv-lite
  • [Tests] increase coverage
Commits
  • 9aca407 v6.15.2
  • 5e33d33 [Dev Deps] update @ljharb/eslint-config
  • 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
  • a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
  • e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
  • 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
  • 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
  • 96755ab [readme] fix grammar
  • a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
  • 3f5e1c5 v6.15.1
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 23, 2026
@cursor

cursor Bot commented May 23, 2026
edited
Loading

Copy link
Copy Markdown

PR Summary

Low Risk
Patch-level transitive dependency update with bug fixes only; no application source changes, though query parsing/stringify edge cases could behave slightly differently.

Overview
Updates the lockfile to resolve qs from 6.15.0 to 6.15.2 (patch release). The app pulls qs in transitively through HTTP stack dependencies such as Express / body-parser and test tooling like supertest, so this is a dependency refresh rather than application code changes.

The 6.15.1–6.15.2 fixes affect parse and stringify edge cases (nested bracket groups, null/undefined entries in certain array formats, delimiter/formatter behavior, and a parameterLimit: Infinity bug with throwOnLimitExceeded). Behavior for typical query-string handling should be unchanged or more correct on those edge paths.

The diff also drops dev: true on the locked ws entry; that is a lockfile metadata/resolution tweak, not a direct feature change in this repo.

Reviewed by Cursor Bugbot for commit 5b3b640. Bugbot is set up for automated code reviews on this repo. Configure here.

@augmentcode

augmentcode Bot commented May 23, 2026

Copy link
Copy Markdown
🤖 Augment PR Summary

Summary: Updates the npm dependency qs from 6.15.0 to 6.15.2 via package-lock.json.

Why: Pulls in upstream bug fixes to qs parsing/stringifying behavior (including avoiding crashes on certain null/undefined array entries and improving handling of nested/encoded bracket groups).

🤖 Was this summary useful? React with 👍 or 👎

augmentcode[bot]
augmentcode Bot reviewed May 23, 2026
View reviewed changes

@augmentcode augmentcode Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. No suggestions at this time.

Comment augment review to trigger a new review at any time.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/qs-6.15.2 branch from 52e748c to d106928 Compare May 28, 2026 12:46
@dependabot dependabot Bot changed the title Build(deps): Bump qs from 6.15.0 to 6.15.2 Bump qs from 6.15.0 to 6.15.2 Jun 19, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/qs-6.15.2 branch from d106928 to de50d2f Compare June 19, 2026 15:30
@dependabot
Bump qs from 6.15.0 to 6.15.2
5b3b640 
Bumps [qs](https://github.com/ljharb/qs) from 6.15.0 to 6.15.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.0...v6.15.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/qs-6.15.2 branch from de50d2f to 5b3b640 Compare June 19, 2026 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@augmentcode augmentcode[bot] augmentcode[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants