[Snyk] Upgrade qs from 6.1.0 to 6.11.2

[wellcathita]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade qs from 6.1.0 to 6.11.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 44 versions ahead of your current version.
• The recommended version was released 10 months ago, on 2023-05-15.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Poisoning SNYK-JS-QS-3153490	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Override Protection Bypass npm:qs:20170213	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: qs

• 6.11.2 - 2023-05-15
  

  v6.11.2

• 6.11.1 - 2023-03-06
  

  v6.11.1

• 6.11.0 - 2022-06-27
  

  v6.11.0

• 6.10.5 - 2022-06-06
  

  v6.10.5

• 6.10.4 - 2022-06-06
  

  v6.10.4

• 6.10.3 - 2022-01-11
  
  • [Fix] parse: ignore __proto__ keys (#428)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [actions] reuse common workflows
  • [Dev Deps] update eslint, @ ljharb/eslint-config, object-inspect, tape
• 6.10.2 - 2021-12-06
• 6.10.1 - 2021-03-22
• 6.10.0 - 2021-03-18
• 6.9.7 - 2022-01-11
• 6.9.6 - 2021-01-14
• 6.9.5 - 2021-01-13
• 6.9.4 - 2020-05-03
• 6.9.3 - 2020-03-25
• 6.9.2 - 2020-03-22
• 6.9.1 - 2019-11-08
• 6.9.0 - 2019-09-21
• 6.8.3 - 2022-01-11
  
  • [Fix] parse: ignore __proto__ keys (#428)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Tests] clean up stringify tests slightly
  • [Docs] add note and links for coercing primitive values (#408)
  • [meta] fix README.md (#399)
  • [actions] backport actions from main
  • [Dev Deps] backport updates from main
  • [Refactor] stringify: reduce branching
  • [meta] do not publish workflow files
• 6.8.2 - 2020-03-25
• 6.8.1 - 2020-03-24
• 6.8.0 - 2019-08-17
• 6.7.3 - 2022-01-11
  
  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [meta] fix README.md (#399)
  • [meta] do not publish workflow files
  • [actions] backport actions from main
  • [Dev Deps] backport updates from main
  • [Tests] use nyc for coverage
  • [Tests] clean up stringify tests slightly
• 6.7.2 - 2020-03-25
• 6.7.1 - 2020-03-24
• 6.7.0 - 2019-03-22
• 6.6.1 - 2022-01-11
  
  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] fix for an impossible situation: when the formatter is called with a non-string value
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] correctly parse nested arrays
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [Robustness] stringify: cache Object.prototype.hasOwnProperty
  • [Refactor] formats: tiny bit of cleanup.
  • [Refactor] utils: isBuffer: small tweak; add tests
  • [Refactor]: stringify/utils: cache Array.isArray
  • [Refactor] utils: reduce observable [[Get]]s
  • [Refactor] use cached Array.isArray
  • [Refactor] parse/stringify: make a function to normalize the options
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] do not publish workflow files
  • [meta] Clean up license text so it’s properly detected as BSD-3-Clause
  • [meta] add FUNDING.yml
  • [meta] Fixes typo in CHANGELOG.md
  • [actions] backport actions from main
  • [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
  • [Tests] always use String(x) over x.toString()
  • [Dev Deps] backport from main
• 6.6.0 - 2018-11-25
• 6.5.3 - 2022-01-11
• 6.5.2 - 2018-05-04
• 6.5.1 - 2017-09-09
• 6.5.0 - 2017-06-28
• 6.4.1 - 2022-01-11
• 6.4.0 - 2017-03-06
• 6.3.3 - 2022-01-11
• 6.3.2 - 2017-03-06
• 6.3.1 - 2017-02-16
• 6.3.0 - 2016-10-17
• 6.2.4 - 2022-01-11
  
  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] utils.merge: avoid a crash with a null target and an array source
  • [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
  • [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
  • [Fix] when parseArrays is false, properly handle keys ending in []
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [Refactor] use cached Array.isArray
  • [Docs] Clarify the need for "arrayLimit" option
  • [meta] fix README.md (#399)
  • [meta] Clean up license text so it’s properly detected as BSD-3-Clause
  • [meta] add FUNDING.yml
  • [actions] backport actions from main
  • [Tests] use safer-buffer instead of Buffer constructor
  • [Tests] remove nonexistent tape option
  • [Dev Deps] backport from main
• 6.2.3 - 2017-03-06
• 6.2.2 - 2017-02-16
• 6.2.1 - 2016-07-20
• 6.2.0 - 2016-05-08
• 6.1.2 - 2017-03-06
• 6.1.1 - 2017-02-16
• 6.1.0 - 2016-02-04

from qs GitHub release notes

Commit messages

Package name: qs

• 410bdd3 v6.11.2
• a5609c7 [Tests] add passing test cases with empty keys
• 7895b94 [Fix] `parse`: Fix parsing when the global Object prototype is frozen
• 9dca37f v6.11.1
• 4c4b23d [Fix] `stringify`: encode comma values more consistently
• 1778ed4 [Dev Deps] update `@ ljharb/eslint-config`, `object-inspect`, `tape`
• 20820fa [Dev Deps] update `aud`
• 2048fa5 [meta] remove extraneous code backticks
• 7e937fa [actions] update checkout action
• 6ce7665 [Dev Deps] update `aud`, `tape`
• e45d713 [actions] restrict action permissions
• 997044d [meta] fix changelog markdown
• 92c746b [readme] add usage of `filter` option for injecting custom serialization, i.e. of custom types.
• 56763c1 v6.11.0
• ddd3e29 [readme] fix version badge
• c313472 [New] [Fix] `stringify`: revert 0e903c0; add `commaRoundTrip` option
• 95bc018 v6.10.5
• 0e903c0 [Fix] `stringify`: with `arrayFormat: comma`, properly include an explicit `[]` on a single-item array
• ba9703c v6.10.4
• 4e44019 [Fix] `stringify`: with `arrayFormat: comma`, include an explicit `[]` on a single-item array
• 113b990 [Dev Deps] update `object-inspect`
• c77f38f [Dev Deps] update `eslint`, `@ ljharb/eslint-config`, `aud`, `has-symbol`, `tape`
• 2cf45b2 [meta] use `npmignore` to autogenerate an npmignore file
• 542a5c7 Merge changelogs from v6.10.3, v6.9.7, v6.8.3, v6.7.3, v6.6.1, v6.5.3, v6.4.1, v6.3.3, v6.2.4

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs