fix: update qs to 6.15.0 to address CVE-2022-24999 and CVE-2025-15284

danieltruong · danieltruong · commit 999d64776919 · 2026-02-20T01:34:57.000Z
diff --git a/.yarn/install-state.gz b/.yarn/install-state.gz
diff --git a/package.json b/package.json
@@ -81,6 +81,7 @@
     "fast-xml-parser": "^5.3.6",
     "tar": "^7.5.8",
     "db-migrate-mongodb/mongodb": "^3.7.4",
-    "minimatch": "^10.2.2"
+    "minimatch": "^10.2.2",
+    "qs": "^6.14.1"
   }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -7214,7 +7214,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"qs@npm:^6.10.3, qs@npm:^6.11.0, qs@npm:^6.14.1":
+"qs@npm:^6.14.1":
   version: 6.15.0
   resolution: "qs@npm:6.15.0"
   dependencies:
@@ -7223,22 +7223,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"qs@npm:^6.5.1":
-  version: 6.5.1
-  resolution: "qs@npm:6.5.1"
-  checksum: 10c0/303ebd46385399d8dc4acebd509b7c40ec36ff1170efff0a529dbd39d9ba5e313006c2476d2477db5b1ed17ecbb99be4a6b237f50bd9702b277cc86cd63beb75
-  languageName: node
-  linkType: hard
-
-"qs@npm:~6.14.0":
-  version: 6.14.2
-  resolution: "qs@npm:6.14.2"
-  dependencies:
-    side-channel: "npm:^1.1.0"
-  checksum: 10c0/646110124476fc9acf3c80994c8c3a0600cbad06a4ede1c9e93341006e8426d64e85e048baf8f0c4995f0f1bf0f37d1f3acc5ec1455850b81978792969a60ef6
-  languageName: node
-  linkType: hard
-
 "query-string@npm:^7.1.1":
   version: 7.1.3
   resolution: "query-string@npm:7.1.3"
