Skip to content

deps(docs): Bump qs to fix CVE-2026-2391#7479

Merged
matthewelwell merged 2 commits into
mainfrom
deps/docs-npm-audit-fix
May 11, 2026
Merged

deps(docs): Bump qs to fix CVE-2026-2391#7479
matthewelwell merged 2 commits into
mainfrom
deps/docs-npm-audit-fix

Conversation

@matthewelwell
Copy link
Copy Markdown
Contributor

@matthewelwell matthewelwell commented May 11, 2026
edited
Loading

Thanks for submitting a PR! Please check the boxes below:

  • I have read the Contributing Guide.
  • I have added information to docs/ if required so people know about the feature.
  • I have filled in the "Changes" section below.
  • I have filled in the "How did you test this code" section below.

Changes

Pins qs to ^6.14.2 via npm overrides to address CVE-2026-2391.

Note that I did this via an override because of issues updating all dependencies which rely on qs (see here).

How did you test this code?

Ran npm docusaurus start locally. Will also verify via preview links once available on the PR.

@matthewelwell matthewelwell requested a review from a team as a code owner May 11, 2026 15:19
@matthewelwell matthewelwell requested review from adamvialpando and removed request for a team May 11, 2026 15:19
claude[bot]
claude Bot reviewed May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

Tip: disable this comment in your organization's Code Review settings.

@vercel
Copy link
Copy Markdown

vercel Bot commented May 11, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment May 11, 2026 3:51pm
2 Skipped Deployments
Project Deployment Actions Updated (UTC)
flagsmith-frontend-preview Ignored Ignored Preview May 11, 2026 3:51pm
flagsmith-frontend-staging Ignored Ignored Preview May 11, 2026 3:51pm

Request Review

@github-actions github-actions Bot added the docs Documentation updates label May 11, 2026
@matthewelwell matthewelwell marked this pull request as draft May 11, 2026 15:23
@matthewelwell matthewelwell force-pushed the deps/docs-npm-audit-fix branch from 03801a9 to d5c1482 Compare May 11, 2026 15:33
@matthewelwell @claude
deps(docs): bump qs to fix CVE-2026-2391
ea00acc 
Pins qs to ^6.14.2 via npm overrides to address GHSA-w7fw-mjwx-w883
(arrayLimit bypass in comma parsing, DoS, low severity).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@matthewelwell matthewelwell force-pushed the deps/docs-npm-audit-fix branch from fdc020a to ea00acc Compare May 11, 2026 15:50
@matthewelwell matthewelwell changed the title deps(docs): npm audit fix deps(docs): bump qs to fix CVE-2026-2391 May 11, 2026
@matthewelwell matthewelwell marked this pull request as ready for review May 11, 2026 15:52
@matthewelwell matthewelwell changed the title deps(docs): bump qs to fix CVE-2026-2391 deps(docs): Bump qs to fix CVE-2026-2391 May 11, 2026
@matthewelwell matthewelwell merged commit bc08f59 into main May 11, 2026
13 checks passed
@matthewelwell matthewelwell deleted the deps/docs-npm-audit-fix branch May 11, 2026 16:59
@flagsmithdev flagsmithdev mentioned this pull request May 11, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@Zaimwa9 Zaimwa9 Zaimwa9 approved these changes

@adamvialpando adamvialpando Awaiting requested review from adamvialpando adamvialpando is a code owner automatically assigned from Flagsmith/flagsmith-docs

Assignees

No one assigned

Labels

docs Documentation updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matthewelwell @Zaimwa9