Skip to content

chore(deps): bump qs and express in /website#989

Merged
hasezoey merged 1 commit into
masterfrom
dependabot/npm_and_yarn/website/multi-f792d6d6d9
May 23, 2026
Merged

chore(deps): bump qs and express in /website#989
hasezoey merged 1 commit into
masterfrom
dependabot/npm_and_yarn/website/multi-f792d6d6d9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 23, 2026

Bumps qs and express. These dependencies needed to be updated together.
Updates qs from 6.15.1 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text
Commits
  • 9aca407 v6.15.2
  • 5e33d33 [Dev Deps] update @ljharb/eslint-config
  • 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
  • a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
  • e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
  • 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
  • 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
  • 96755ab [readme] fix grammar
  • a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
  • See full diff in compare view

Updates express from 4.22.1 to 4.22.2

Release notes

Sourced from express's releases.

v4.22.2

What's Changed

  • fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
    • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
  • deps: qs@~6.15.1
  • deps: body-parser@~1.20.5

New Contributors

Full Changelog: expressjs/express@v4.22.1...v4.22.2

Changelog

Sourced from express's changelog.

4.22.2 / 2026-05-011

  • fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
    • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
  • deps: qs@~6.15.1
  • deps: body-parser@~1.20.5
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump qs and express in /website
ab1c0da 
Bumps [qs](https://github.com/ljharb/qs) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `qs` from 6.15.1 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `express` from 4.22.1 to 4.22.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md)
- [Commits](expressjs/express@v4.22.1...v4.22.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
- dependency-name: express
  dependency-version: 4.22.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 23, 2026
@dependabot dependabot Bot requested a review from hasezoey as a code owner May 23, 2026 12:20
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 23, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 23, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.08%. Comparing base (d8da03a) to head (ab1c0da).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #989   +/-   ##
=======================================
  Coverage   92.08%   92.08%           
=======================================
  Files          15       15           
  Lines        2111     2111           
  Branches      542      542           
=======================================
  Hits         1944     1944           
  Misses        167      167

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@hasezoey hasezoey merged commit 925e85f into master May 23, 2026
13 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/website/multi-f792d6d6d9 branch May 23, 2026 12:22
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 28, 2026

🎉 This PR is included in version 11.2.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions github-actions Bot added the released Pull Request released | Issue is fixed label May 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hasezoey hasezoey Awaiting requested review from hasezoey hasezoey is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code released Pull Request released | Issue is fixed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hasezoey