fix(deps): force qs >= 6.15.2 to resolve DoS advisory

express 4 pins qs to ~6.14.0, which falls in the vulnerable range of
GHSA-q8mj-m7cp-5q26 (remotely triggerable TypeError in qs.stringify).
Add an npm override so the transitive dependency resolves to the patched
6.15.2.

package-lock.json

@@ -1915,9 +1915,9 @@
       }
     },
     "node_modules/qs": {
-      "version": "6.14.2",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
-      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "version": "6.15.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz",
+      "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==",
       "license": "BSD-3-Clause",
       "dependencies": {
         "side-channel": "^1.1.0"

package.json

@@ -21,6 +21,9 @@
   "devDependencies": {
     "nodemon": "^3.1.0"
   },
+  "overrides": {
+    "qs": "^6.15.2"
+  },
   "engines": {
     "node": ">=20"
   }