From 6a40d9e798fead7cda238097b622f80e78ca60ef Mon Sep 17 00:00:00 2001 From: Stefan Steiner Date: Sun, 31 May 2026 11:41:07 -0700 Subject: [PATCH] chore: update qs to 6.15.2 in hyper-explorer example (GHSA-q8mj-m7cp-5q26) Bumps the transitive qs dependency in hyperdb-api-node/examples/hyper-explorer from 6.14.2/6.15.1 to 6.15.2, resolving the moderate DoS advisory where qs.stringify crashes with a TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is true. Fixes dependabot alert #2. --- .../examples/hyper-explorer/package-lock.json | 46 +++++-------------- 1 file changed, 11 insertions(+), 35 deletions(-) diff --git a/hyperdb-api-node/examples/hyper-explorer/package-lock.json b/hyperdb-api-node/examples/hyper-explorer/package-lock.json index 19c1e50..dc15128 100644 --- a/hyperdb-api-node/examples/hyper-explorer/package-lock.json +++ b/hyperdb-api-node/examples/hyper-explorer/package-lock.json @@ -32,23 +32,14 @@ } }, "../..": { - "version": "0.1.0", "license": "MIT OR Apache-2.0", "devDependencies": { - "@napi-rs/cli": "^3", + "@napi-rs/cli": "^3.6.2", "apache-arrow": "^21.1.0", - "tsx": "^4.21.0" + "tsx": "^4.22.0" }, "engines": { - "node": ">= 18" - }, - "optionalDependencies": { - "hyperdb-api-node-darwin-arm64": "0.1.0", - "hyperdb-api-node-darwin-x64": "0.1.0", - "hyperdb-api-node-linux-arm64-gnu": "0.1.0", - "hyperdb-api-node-linux-x64-gnu": "0.1.0", - "hyperdb-api-node-linux-x64-musl": "0.1.0", - "hyperdb-api-node-win32-x64-msvc": "0.1.0" + "node": ">= 21" }, "peerDependencies": { "apache-arrow": ">=14.0.0" @@ -1700,21 +1691,6 @@ "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", "license": "MIT" }, - "node_modules/body-parser/node_modules/qs": { - "version": "6.15.1", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.1.tgz", - "integrity": "sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==", - "license": "BSD-3-Clause", - "dependencies": { - "side-channel": "^1.1.0" - }, - "engines": { - "node": ">=0.6" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, "node_modules/braces": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", @@ -2263,14 +2239,14 @@ } }, "node_modules/express": { - "version": "4.22.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", - "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", + "version": "4.22.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.22.2.tgz", + "integrity": "sha512-IuL+Elrou2ZvCFHs18/CIzy2Nzvo25nZ1/D2eIZlz7c+QUayAcYoiM2BthCjs+EBHVpjYjcuLDAiCWgeIX3X1Q==", "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", - "body-parser": "~1.20.3", + "body-parser": "~1.20.5", "content-disposition": "~0.5.4", "content-type": "~1.0.4", "cookie": "~0.7.1", @@ -2289,7 +2265,7 @@ "parseurl": "~1.3.3", "path-to-regexp": "~0.1.12", "proxy-addr": "~2.0.7", - "qs": "~6.14.0", + "qs": "~6.15.1", "range-parser": "~1.2.1", "safe-buffer": "5.2.1", "send": "~0.19.0", @@ -3286,9 +3262,9 @@ } }, "node_modules/qs": { - "version": "6.14.2", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz", - "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==", + "version": "6.15.2", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.2.tgz", + "integrity": "sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==", "license": "BSD-3-Clause", "dependencies": { "side-channel": "^1.1.0"