chore(deps): bump qs, @cypress/request and surge by dependabot[bot] · Pull Request #883 · patternfly/react-component-groups

dependabot · 2026-03-05T19:49:51Z

Bumps qs to 6.14.2 and updates ancestor dependencies qs, @cypress/request and surge. These dependencies need to be updated together.

Updates qs from 6.5.3 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.3

[Fix] fix regressions from robustness refactor [actions] update reusable workflows

6.13.2

[Robustness] avoid .push, use void

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] replace runkit CI badge with shields.io check-runs badge

[actions] fix rebase workflow permissions

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

... (truncated)

Commits

bdcf0c7 v6.14.2
294db90 [readme] document that addQueryPrefix does not add ? to empty output
5c308e5 [readme] clarify parseArrays and arrayLimit documentation
6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
1b9a8b4 [actions] fix rebase workflow permissions
2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
Additional commits viewable in compare view

Updates @cypress/request from 3.0.9 to 3.0.10

Release notes

Sourced from @cypress/request's releases.

v3.0.10

3.0.10 (2026-01-05)

Bug Fixes

release cypress-io/request#97 (#102) (e783d90)

Commits

e783d90 fix: release cypress-io/request#97 (#102)
e3d6845 chore: fix approval/release job (#100)
cea7bc6 chore: fix broken circle context (#99)
a5253c3 Merge pull request #97 from hmaesta/master
6cc9dde commig yarn.lock
d0c69d2 chore(deps): allow qs patch versions
72bbc6b chore(deps): update qs to v6.14.1
e02f5cb chore: use npm credentials context (#95)
See full diff in compare view

Updates surge from 0.24.6 to 0.27.3

Commits

9f3ef6c 0.27.3
a53c822 fixes help output
fac725e 0.27.2
ff5bf0d improves help output
73f231b 0.27.1
00ffc81 updates lock file
6765c7f freeze deps
55baf88 0.27.0
fb55ec4 removes commander and yargs tests
531fb00 update cli-table3, minimist, and surge-ignore
Additional commits viewable in compare view

patternfly-build · 2026-03-05T19:51:45Z

Preview: https://react-component-groups-pr-component-groups-883.surge.sh

A11y report: https://react-component-groups-pr-component-groups-883-a11y.surge.sh

Bumps [qs](https://github.com/ljharb/qs) to 6.14.2 and updates ancestor dependencies [qs](https://github.com/ljharb/qs), [@cypress/request](https://github.com/cypress-io/request) and [surge](https://github.com/sintaxi/surge). These dependencies need to be updated together. Updates `qs` from 6.14.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.2) Updates `@cypress/request` from 3.0.9 to 3.0.10 - [Release notes](https://github.com/cypress-io/request/releases) - [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md) - [Commits](cypress-io/request@v3.0.9...v3.0.10) Updates `surge` from 0.24.6 to 0.27.3 - [Release notes](https://github.com/sintaxi/surge/releases) - [Commits](sintaxi/surge@v0.24.6...v0.27.3) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect - dependency-name: "@cypress/request" dependency-version: 3.0.10 dependency-type: indirect - dependency-name: surge dependency-version: 0.27.3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-27T13:55:54Z

🎉 This PR is included in version 6.4.0-prerelease.16 🎉

The release is available on:

Your semantic-release bot 📦🚀

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 5, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/multi-decb515fb9 branch from 2f4e2d5 to 349f26d Compare March 27, 2026 13:03

nicolethoen approved these changes Mar 27, 2026

View reviewed changes

nicolethoen merged commit 12a2e38 into main Mar 27, 2026
6 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/multi-decb515fb9 branch March 27, 2026 13:34

github-actions bot added the released on @prerelease label Mar 27, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump qs, @cypress/request and surge#883

chore(deps): bump qs, @cypress/request and surge#883
nicolethoen merged 1 commit intomainfrom
dependabot/npm_and_yarn/multi-decb515fb9

dependabot bot commented on behalf of github Mar 5, 2026 •

edited

Loading

Uh oh!

patternfly-build commented Mar 5, 2026 •

edited

Loading

Uh oh!

Uh oh!

github-actions bot commented Mar 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

dependabot bot commented on behalf of github Mar 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

6.14.2

6.14.1

6.14.0

6.13.3

6.13.2

6.13.1

v3.0.10

3.0.10 (2026-01-05)

Bug Fixes

Uh oh!

patternfly-build commented Mar 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

github-actions bot commented Mar 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Mar 5, 2026 •

edited

Loading

patternfly-build commented Mar 5, 2026 •

edited

Loading