Skip to content

build(deps-dev): bump qs from 6.14.1 to 6.15.2#873

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/qs-6.15.2
Open

build(deps-dev): bump qs from 6.14.1 to 6.15.2#873
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/qs-6.15.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 23, 2026

Copy link
Copy Markdown
Contributor

Bumps qs from 6.14.1 to 6.15.2.

Changelog

Sourced from qs's changelog.

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

  • [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
  • [Deps] update @ljharb/eslint-config
  • [Dev Deps] update @ljharb/eslint-config, iconv-lite
  • [Tests] increase coverage

6.15.0

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
  • [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions
Commits
  • 9aca407 v6.15.2
  • 5e33d33 [Dev Deps] update @ljharb/eslint-config
  • 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
  • a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
  • e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
  • 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
  • 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
  • 96755ab [readme] fix grammar
  • a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
  • 3f5e1c5 v6.15.1
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.15.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.1...v6.15.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 23, 2026
@netlify

netlify Bot commented May 23, 2026

Copy link
Copy Markdown

Deploy Preview for phillips-seldon ready!

Name Link
🔨 Latest commit 9266605
🔍 Latest deploy log https://app.netlify.com/projects/phillips-seldon/deploys/6a1190d69634ac0008ded108
😎 Deploy Preview https://deploy-preview-873--phillips-seldon.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@davidicus davidicus left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot squash and merge

@chromatic-com

chromatic-com Bot commented May 23, 2026

Copy link
Copy Markdown

Important

Testing in progress…

🟢 UI Tests: 458 tests unchanged
UI Review: Comparing 229 stories…
Storybook icon Storybook Publish: 229 stories published

@chromatic-com

chromatic-com Bot commented May 23, 2026

Copy link
Copy Markdown

Tip

All tests passed and all changes approved!

🟢 UI Tests: 458 tests unchanged
🟢 UI Review: 229 stories published -- no changes
Storybook icon Storybook Publish: 229 stories published

@github-actions

Copy link
Copy Markdown

@scottdickerson

Copy link
Copy Markdown
Contributor

Dependency Upgrade Risk Assessment

Risk Level: low

What This Library Does & How We Use It

qs is a query string parsing and stringifying library. In seldon it appears as an indirect dev dependency (not in the published bundle).

What Changed

6.14.1 → 6.15.2 (minor)

Risk Rationale

  • Breaking changes: no
  • Usage breadth: not in published bundle
  • Criticality: dev/transitive only — no impact on the published component library

Regression Tests Checklist

Before merging, confirm:

  • bun run build completes without errors and produces expected dist output
  • bun test passes

Assessment performed automatically. Review and adjust if you have additional context.

@scottdickerson

Copy link
Copy Markdown
Contributor

Dependency Upgrade Risk Assessment

Risk Level: low

What This Library Does & How We Use It

qs is a query string parsing and stringifying library. In seldon it is an indirect dev dependency — not part of the published component bundle.

What Changed

6.14.1 → 6.15.2 (minor)

Risk Rationale

  • Breaking changes: no
  • Usage breadth: not in the published bundle
  • Criticality: transitive dev dep — no impact on the published library

Regression Tests Checklist

Before merging, confirm:

  • bun run build completes without errors and produces expected dist output
  • bun test passes

Assessment performed automatically. Review and adjust if you have additional context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file dependency-upgrade-risk:low javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants