Skip to content

Bump qs and express#134

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-f792d6d6d9
May 22, 2026
Merged

Bump qs and express#134
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-f792d6d6d9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor

Bumps qs and express. These dependencies needed to be updated together.
Updates qs from 6.15.1 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

  • [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
  • [Fix] stringify: use configured delimiter after charsetSentinel (#555)
  • [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
  • [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
  • [Fix] parse: handle nested bracket groups and add regression tests (#530)
  • [readme] fix grammar (#550)
  • [Dev Deps] update @ljharb/eslint-config
  • [Tests] add regression tests for keys containing percent-encoded bracket text
Commits
  • 9aca407 v6.15.2
  • 5e33d33 [Dev Deps] update @ljharb/eslint-config
  • 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
  • a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
  • e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
  • 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
  • 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
  • 96755ab [readme] fix grammar
  • a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
  • See full diff in compare view

Updates express from 4.22.1 to 4.22.2

Release notes

Sourced from express's releases.

v4.22.2

What's Changed

  • fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
    • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
  • deps: qs@~6.15.1
  • deps: body-parser@~1.20.5

New Contributors

Full Changelog: expressjs/express@v4.22.1...v4.22.2

Changelog

Sourced from express's changelog.

4.22.2 / 2026-05-011

  • fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
    • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
  • deps: qs@~6.15.1
  • deps: body-parser@~1.20.5
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [qs](https://github.com/ljharb/qs) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `qs` from 6.15.1 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.15.1...v6.15.2)

Updates `express` from 4.22.1 to 4.22.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md)
- [Commits](expressjs/express@v4.22.1...v4.22.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
- dependency-name: express
  dependency-version: 4.22.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies for managing dependencies javascript Pull requests that update Javascript code labels May 22, 2026
@github-actions github-actions Bot merged commit 1cf32ca into main May 22, 2026
12 of 23 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/multi-f792d6d6d9 branch May 22, 2026 20:07
@what-the-diff

what-the-diff Bot commented May 22, 2026

Copy link
Copy Markdown

PR Summary

  • Removal of 'qs' module entry
    The existing 'qs' module in the 'body-parser' node modules has been removed from the 'package-lock.json' file. It appears to be clean-up activity to ensure there isn't any unnecessary code.

  • Update to 'express' version
    The version of the 'express' module has been updated from '4.22.1' to '4.22.2'. This points at an implementation of a recent release including bug fixes, security patches or new features from the 'express' module.

  • Update to 'body-parser' dependency in 'express'
    The 'body-parser' module's version in 'express' dependencies has been updated from '~1.20.3' to '~1.20.5', signifying utilization of recent improvements, functionalities or bug fixes in 'body-parser'.

  • Update to 'qs' module version in 'express' dependencies
    The version of the 'qs' module in 'express' has been updated from '~6.14.0' to '~6.15.1' chiefly indicating adoption of the latest 'qs' version benefits, which could range from security enhancements to new features or performance improvements.

  • Updated 'qs' version entries in overall dependencies
    All instances of the 'qs' module in the overall project dependencies have been updated from '6.14.2' to '6.15.2' and associated metadata like resolved URLs and integrity hashes have been updated. This marks the shift to a more recent version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies for managing dependencies javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants