Bump qs, @opennextjs/cloudflare and react-instantsearch

[dependabot]

Bumps qs to 6.14.1 and updates ancestor dependencies qs, @opennextjs/cloudflare and react-instantsearch. These dependencies need to be updated together.

Updates qs from 6.14.0 to 6.14.1

Changelog

Sourced from qs's changelog.

6.14.1

• [Fix] ensure arrayLength applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

• 3fa11a5 v6.14.1
• a626704 [Dev Deps] update npmignore
• 3086902 [Fix] ensure arrayLength applies to [] notation as well
• fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
• 0b06aac [Dev Deps] update @ljharb/eslint-config
• 64951f6 [Refactor] parse: extract key segment splitting helper
• e1bd259 [Dev Deps] update @ljharb/eslint-config
• f4b3d39 [eslint] add eslint 9 optional peer dep
• 6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
• 973dc3c [actions] add workflow permissions
• Additional commits viewable in compare view

Updates @opennextjs/cloudflare from 1.6.5 to 1.14.7

Release notes

Sourced from @​opennextjs/cloudflare's releases.

@​opennextjs/cloudflare@​1.14.7

Patch Changes

• #1053 d447125 Thanks @​vicb! - Support composable cache in Next 16

@​opennextjs/cloudflare@​1.14.6

Patch Changes

• #1043 c83cb83 Thanks @​vicb! - fix for CVE-2025-67779

  See https://nextjs.org/blog/security-update-2025-12-11

@​opennextjs/cloudflare@​1.14.5

Patch Changes

• #1042 763c4ec Thanks @​vicb! - Bump Next, React, and @​opennextjs/aws to fix vulnerabilities (CVE-2025-55184 and CVE-2025-55183)

  See https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components See https://nextjs.org/blog/security-update-2025-12-11 See https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.5

• #1034 721bff0 Thanks @​james-elicx! - output more wrangler command logs when the command fails

• #1023 a4a2f02 Thanks @​dario-piotrowicz! - When running wrangler deploy add a OPEN_NEXT_DEPLOY environment variable to let wrangler know that it is being run by open-next

@​opennextjs/cloudflare@​1.14.4

Patch Changes

• #1020 07919d8 Thanks @​dario-piotrowicz! - Add missing WORKER_SELF_REFERENCE service binding in the wrangler.jsonc that the CLI creates

• #1032 1de4899 Thanks @​vicb! - fix(images): allow any local path when no localPatterns are specified

@​opennextjs/cloudflare@​1.14.3

Patch Changes

• #1025 c3aba94 Thanks @​vicb! - bump @opennextjs/aws to 3.9.4

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.4

• #1025 c3aba94 Thanks @​vicb! - Bump Next

@​opennextjs/cloudflare@​1.14.2

Patch Changes

• #1021 250aba2 Thanks @​vicb! - bump @opennextjs/aws to 3.9.3

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.3

• #1021 250aba2 Thanks @​vicb! - Bump Next

... (truncated)

Changelog

Sourced from @​opennextjs/cloudflare's changelog.

1.14.7

Patch Changes

• #1053 d447125 Thanks @​vicb! - Support composable cache in Next 16

1.14.6

Patch Changes

• #1043 c83cb83 Thanks @​vicb! - fix for CVE-2025-67779

  See https://nextjs.org/blog/security-update-2025-12-11

1.14.5

Patch Changes

• #1042 763c4ec Thanks @​vicb! - Bump Next, React, and @​opennextjs/aws to fix vulnerabilities (CVE-2025-55184 and CVE-2025-55183)

  See https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components See https://nextjs.org/blog/security-update-2025-12-11 See https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.5

• #1034 721bff0 Thanks @​james-elicx! - output more wrangler command logs when the command fails

• #1023 a4a2f02 Thanks @​dario-piotrowicz! - When running wrangler deploy add a OPEN_NEXT_DEPLOY environment variable to let wrangler know that it is being run by open-next

1.14.4

Patch Changes

• #1020 07919d8 Thanks @​dario-piotrowicz! - Add missing WORKER_SELF_REFERENCE service binding in the wrangler.jsonc that the CLI creates

• #1032 1de4899 Thanks @​vicb! - fix(images): allow any local path when no localPatterns are specified

1.14.3

Patch Changes

• #1025 c3aba94 Thanks @​vicb! - bump @opennextjs/aws to 3.9.4

  See details at https://github.com/opennextjs/opennextjs-aws/releases/tag/v3.9.4

• #1025 c3aba94 Thanks @​vicb! - Bump Next

1.14.2

Patch Changes

... (truncated)

Commits

• e4e6191 Version Packages (#1054)
• d447125 Support composable cache in Next 16 (#1053)
• 8275878 Version Packages (#1045)
• c83cb83 fix for CVE-2025-67779 (#1043)
• e2db80e Version Packages (#1035)
• 763c4ec Bump Next, React, and @​opennextjs/aws to fix vulnerabilities (#1042)
• ac40c8c Update the c3 template to use placeholders (#1038)
• a4a2f02 When running wrangler deploy add a OPEN_NEXT_DEPLOY environment variable ...
• 721bff0 output more wrangler command logs on errors (#1034)
• 7159f6f Version Packages (#1027)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​opennextjs/cloudflare since your current version.

Updates react-instantsearch from 7.16.2 to 7.22.1

Release notes

Sourced from react-instantsearch's releases.

react-instantsearch@7.22.1

7.22.1 (2025-12-31)

Note: Version bump only for package react-instantsearch

react-instantsearch-router-nextjs@7.22.1

7.22.1 (2025-12-31)

Note: Version bump only for package react-instantsearch-router-nextjs

react-instantsearch-core@7.22.1

7.22.1 (2025-12-31)

Note: Version bump only for package react-instantsearch-core

react-instantsearch@7.22.0

7.22.0 (2025-12-30)

Bug Fixes

• types: expose types field in exports (#6838) (87f3aaf), closes #6836

Features

• autocomplete: add header to showRecents (#6816) (7f5e54d)
• autocomplete: implement apply suggestion button (#6844) (730e6f0)

react-instantsearch-router-nextjs@7.22.0

7.22.0 (2025-12-30)

Note: Version bump only for package react-instantsearch-router-nextjs

react-instantsearch-core@7.22.0

7.22.0 (2025-12-30)

Bug Fixes

• types: expose types field in exports (#6838) (87f3aaf), closes #6836

react-instantsearch@7.21.0

7.21.0 (2025-12-10)

Features

• react-instantsearch: export useStickToBottom hook (#6834) (b657e72)

... (truncated)

Commits

• 9af869e chore: release (#6851)
• ca86687 fix(dependencies): remove qs limitation (#6850)
• 13c7c91 chore: release (#6846)
• 730e6f0 feat(autocomplete): implement apply suggestion button (#6844)
• f7d7a66 feat(sortBy): support composition sorting strategies (#6841)
• 7f5e54d feat(autocomplete): add header to showRecents (#6816)
• 87f3aaf fix(types): expose types field in exports (#6838)
• b9d9f0f chore: release (#6837)
• b657e72 feat(react-instantsearch): export useStickToBottom hook (#6834)
• 8578265 fix(types): ensure TWidgetParams reference is kept (#6835)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cloudflare-workers-and-pages]

Deploying apis-guru-pages with    Cloudflare Pages

Latest commit:	31b2ff7
Status:	🚫  Build failed.

View logs

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	apis-guru	31b2ff7	Jan 01 2026, 08:05 AM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
🔵 In progress View logs	workers-apis-guru	31b2ff7	Jan 01 2026, 08:05 AM