[Snyk] Upgrade qs from 6.7.2 to 6.12.1

[adamsousa]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade qs from 6.7.2 to 6.12.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 24 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-04-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-QS-3153490	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: qs

• 6.12.1 - 2024-04-12
  

  v6.12.1

• 6.12.0 - 2024-03-06
  

  v6.12.0

• 6.11.2 - 2023-05-15
  

  v6.11.2

• 6.11.1 - 2023-03-06
  

  v6.11.1

• 6.11.0 - 2022-06-27
  

  v6.11.0

• 6.10.5 - 2022-06-06
  

  v6.10.5

• 6.10.4 - 2022-06-06
  

  v6.10.4

• 6.10.3 - 2022-01-11
  
  • [Fix] parse: ignore __proto__ keys (#428)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [actions] reuse common workflows
  • [Dev Deps] update eslint, @ ljharb/eslint-config, object-inspect, tape
• 6.10.2 - 2021-12-06
• 6.10.1 - 2021-03-22
• 6.10.0 - 2021-03-18
• 6.9.7 - 2022-01-11
• 6.9.6 - 2021-01-14
• 6.9.5 - 2021-01-13
• 6.9.4 - 2020-05-03
• 6.9.3 - 2020-03-25
• 6.9.2 - 2020-03-22
• 6.9.1 - 2019-11-08
• 6.9.0 - 2019-09-21
• 6.8.3 - 2022-01-11
  
  • [Fix] parse: ignore __proto__ keys (#428)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Tests] clean up stringify tests slightly
  • [Docs] add note and links for coercing primitive values (#408)
  • [meta] fix README.md (#399)
  • [actions] backport actions from main
  • [Dev Deps] backport updates from main
  • [Refactor] stringify: reduce branching
  • [meta] do not publish workflow files
• 6.8.2 - 2020-03-25
• 6.8.1 - 2020-03-24
• 6.8.0 - 2019-08-17
• 6.7.3 - 2022-01-11
• 6.7.2 - 2020-03-25

from qs GitHub release notes

Commit messages

Package name: qs

• 59d765f v6.12.1
• 7e18298 [Fix] `parse`: Disable `decodeDotInKeys` by default to restore previous behavior
• fd3cd7a [Tests] increase coverage
• 6d7df02 [Performance] `utils`: Optimize performance under large data volumes, reduce memory usage, and speed up processing
• 572533c [Refactor] `utils`: use `+=`
• c4d29f3 [meta] add tea.yaml
• 062334a v6.12.0
• f09cffc [meta] make the dist build 50% smaller
• 934dfe8 [meta] run build in prepack, not prepublish
• c8a269f [Tests] `parse`: remove useless tests; add coverage
• 1e04701 [Tests] `stringify`: increase coverage
• e679e12 [Deps] update `side-channel`
• 6799475 [Dev Deps] update `has-override-mistake`
• cc60bbd [Tests] use `mock-property`
• 30004b2 [New] `parse`/`stringify`: add `decodeDotInKeys`/`encodeDotKeys` options
• 82a098e [Refactor] `parse`/`stringify`: move allowDots config logic to its own variable
• 5f0449f [Dev Deps] pin `glob`, since v10.3.8+ requires a broken `jackspeak`
• bb83fab [Dev Deps] pin `jackspeak` since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6
• 9c5dda2 [meta] add `sideEffects` flag
• bb15aae [Deps] update `side-channel`
• 0d3ce03 [Dev Deps] update `has-property-descriptors`, `tape`
• 981ce09 [New] `parse`: add `duplicates` option
• 3cd59f2 [readme] fix line wrapping
• f22b2bc [New] `parse`/`stringify`: add `allowEmptyArrays` option to allow [] in object values

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs