[Snyk] Security upgrade qs from 6.5.2 to 6.14.1#222
[Snyk] Security upgrade qs from 6.5.2 to 6.14.1#222ethanresnick wants to merge 1 commit intomasterfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-QS-14724253
There was a problem hiding this comment.
Pull request overview
This PR upgrades the qs package from version 6.5.2 to 6.14.1 to address a high-severity security vulnerability (SNYK-JS-QS-14724253) related to allocation of resources without limits or throttling. The upgrade remains within the same major version (v6), minimizing the risk of breaking changes.
Key Changes:
- Updates
qsdependency from^6.5.2to^6.14.1in package.json to fix CVE
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "pluralize": "0.0.11", | ||
| "pug": "^2.0.3", | ||
| "qs": "^6.5.2", | ||
| "qs": "^6.14.1", |
There was a problem hiding this comment.
The @types/qs package is currently at version ^6.5.1, which may not include type definitions for features or changes in qs version 6.14.1. Consider upgrading @types/qs to a compatible version to ensure TypeScript types remain accurate and prevent potential type mismatches.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-QS-14724253
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling