Update qs

[gcarvelli]

Description

qs version 6.14.0 is vulnerable to a memory exhaustion exploit. Let's require 6.14.1.

qs is removed in the workos-node v8 beta.

Documentation

Does this require changes to the WorkOS Docs? E.g. the API Reference or code snippets need updates.

[ ] Yes

If yes, link a related docs PR and add a docs maintainer as a reviewer. Their approval is required.

[greptile-apps]

Greptile Summary

Updated the qs dependency from version 6.14.0 to 6.14.1 to address a security vulnerability (CVE-2025-21528) that could lead to memory exhaustion attacks.

• Patch version bump maintains backward compatibility with existing usage
• The library is used in SSO and user management modules for query string serialization
• No API changes or breaking modifications
• Security fix prevents potential DoS through crafted query strings

Confidence Score: 5/5

• This PR is safe to merge - it's a critical security patch with no breaking changes
• Simple patch version bump that fixes a known security vulnerability without introducing any API changes or compatibility issues. The change is minimal, well-justified, and follows best practices for dependency security updates.
• No files require special attention

Important Files Changed

Filename	Overview
package.json	Updated qs from 6.14.0 to 6.14.1 to patch memory exhaustion vulnerability (CVE-2025-21528)

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant PM as Package Manager
    participant QS as qs Library
    participant App as workos-node

    Dev->>PM: Update qs: 6.14.0 → 6.14.1
    Note over PM: package.json modified
    PM->>QS: Install patched version
    Note over QS: Security fix applied<br/>(CVE-2025-21528)
    QS-->>App: Provide secure query string parsing
    Note over App: SSO & User Management<br/>modules protected from<br/>memory exhaustion attacks

Loading

[greptile-apps]

_{1 file reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}