steve/check-printing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deps): force qs >= 6.15.2 to resolve DoS advisory

Browse Source 
express 4 pins qs to ~6.14.0, which falls in the vulnerable range of
GHSA-q8mj-m7cp-5q26 (remotely triggerable TypeError in qs.stringify).
Add an npm override so the transitive dependency resolves to the patched
6.15.2.
This commit is contained in:
Steve Dogiakos
2026-06-11 22:29:52 -06:00
parent 34540e410c
commit 5d66d1f575
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package-lock.json
Generated
+3 -3
View File
@@ -1915,9 +1915,9 @@
} }
}, },
"node_modules/qs": { "node_modules/qs": {
"version": "6.14.2", "version": "6.15.2",
"resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz", "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz",
"integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==", "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==",
"license": "BSD-3-Clause", "license": "BSD-3-Clause",
"dependencies": { "dependencies": {
"side-channel": "^1.1.0" "side-channel": "^1.1.0"
package.json
+3
View File
@@ -21,6 +21,9 @@
"devDependencies": { "devDependencies": {
"nodemon": "^3.1.0" "nodemon": "^3.1.0"
}, },
"overrides": {
"qs": "^6.15.2"
},
"engines": { "engines": {
"node": ">=20" "node": ">=20"
} }