Skip to content

chore(deps): bump qs from 6.14.0 to 6.14.2#4

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/qs-6.14.2
Open

chore(deps): bump qs from 6.14.0 to 6.14.2#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/qs-6.14.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 14, 2026

Copy link
Copy Markdown

Bumps qs from 6.14.0 to 6.14.2.

Changelog

Sourced from qs's changelog.

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions

6.14.1

  • [Fix] ensure arrayLimit applies to [] notation as well
  • [Fix] parse: when a custom decoder returns null for a key, ignore that key
  • [Refactor] parse: extract key segment splitting helper
  • [meta] add threat model
  • [actions] add workflow permissions
  • [Tests] stringify: increase coverage
  • [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect
Commits
  • bdcf0c7 v6.14.2
  • 294db90 [readme] document that addQueryPrefix does not add ? to empty output
  • 5c308e5 [readme] clarify parseArrays and arrayLimit documentation
  • 6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
  • cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
  • febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
  • f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
  • fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
  • 1b9a8b4 [actions] fix rebase workflow permissions
  • 2a35775 [meta] fix changelog typo (arrayLengtharrayLimit)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [qs](https://github.com/ljharb/qs) from 6.14.0 to 6.14.2.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.0...v6.14.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.14.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 14, 2026
@haiec-compliance

Copy link
Copy Markdown

🛡️ HAIEC Attestation Readiness: -- → 40 (0)

Frameworks Evaluated: SOC2, ISO27001, PCI-DSS
Progress: ████░░░░░░ 40%

HAIEC scans your repository for compliance evidence across multiple frameworks simultaneously.

⚠️ 4 Compliance Gaps Found

⚡ 3 HIGH across 3 frameworks

🟠 Missing SECURITY.md file [HIGH]

Affects: SOC2 · ISO27001 · PCI-DSS

Why This Matters: If you process credit cards and suffer a breach without a documented response plan, you could face fines up to $500,000 per incident and lose your ability to process payments.

How to Fix:

  1. Create SECURITY.md with PCI-compliant incident response plan
  2. Include breach notification procedures
  3. Document forensic investigation process

📄 Ready-to-use template: Download SECURITY.md →

⏱️ ~30 min to fix


🟠 Missing code ownership documentation [HIGH]

Affects: ISO27001 · PCI-DSS

Why This Matters: PCI auditors will fail you immediately. Without documented access controls, you cannot prove that only authorized personnel can modify payment processing code.

How to Fix:

  1. Create CODEOWNERS with strict ownership rules
  2. Assign payment code to PCI-trained developers only
  3. Enable required reviews from code owners

📄 Ready-to-use template: Download CODEOWNERS →

⏱️ ~25 min to fix


🟠 Dependabot not enabled [HIGH]

Affects: SOC2 · ISO27001 · PCI-DSS

Why This Matters: Unpatched vulnerabilities in payment systems are a common cause of breaches. The Equifax breach happened because of an unpatched vulnerability. Don't be next.

How to Fix:

  1. Enable Dependabot immediately
  2. Set up alerts for critical vulnerabilities
  3. Document patch management SLA

📄 Ready-to-use template: Download dependabot.yml →

⏱️ ~10 min to fix


📋 +1 more issue not shown. View complete report →

💡 Quick Wins: 2 issues fixable in ~15 minutes


💡 First scan complete. Showing top 3 priority items. View complete analysis →

🎯 Next Steps

  1. View Complete Report → - See all findings and recommendations
  2. Run Detailed Scan → - Get comprehensive compliance analysis
  3. Download Evidence Report → - Export for auditors

💡 Quick wins: Add the missing files shown above to improve your score to 100%


🔍 Free AI Code Security Scan

This scan checked repository metadata. Upgrade to AI Code Analysis (free for public repos) to scan your code for:

Category Examples
Prompt Injection User input reaching system prompts
Data Leakage PII/secrets in AI responses
Access Control Missing auth on AI endpoints
82+ AI Security Rules OWASP Top 10 for LLMs

Enable Free Code Analysis → | Learn More →


🤖 Automated by HAIEC — AI Compliance & Security Platform | Documentation | Support

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants