Skip to content

chore(deps): update dependency qs to v6.15.1#5458

Merged
thomhurst merged 1 commit intomainfrom
renovate/qs-6.x
Apr 8, 2026
Merged

chore(deps): update dependency qs to v6.15.1#5458
thomhurst merged 1 commit intomainfrom
renovate/qs-6.x

Conversation

@thomhurst
Copy link
Copy Markdown
Owner

@thomhurst thomhurst commented Apr 8, 2026

This PR contains the following updates:

Package Type Update Change
qs resolutions patch 6.15.06.15.1

Release Notes

ljharb/qs (qs)

v6.15.1

Compare Source

  • [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
  • [Deps] update @ljharb/eslint-config
  • [Dev Deps] update @ljharb/eslint-config, iconv-lite
  • [Tests] increase coverage

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@thomhurst thomhurst added dependencies Pull requests that update a dependency file PATCH renovate-bot labels Apr 8, 2026
@thomhurst thomhurst enabled auto-merge (squash) April 8, 2026 20:21
@thomhurst thomhurst added dependencies Pull requests that update a dependency file PATCH renovate-bot labels Apr 8, 2026
@codacy-production
Copy link
Copy Markdown

codacy-production bot commented Apr 8, 2026

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

TIP This summary will be updated as you push new changes. Give us feedback

claude[bot]
claude bot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@claude claude bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a routine Renovate bot dependency update for the qs npm package (used in the docs site) from 6.15.0 to 6.15.1. The change is limited to docs/package.json and docs/yarn.lock — no production .NET code is touched.

What changed in qs 6.15.1

The upstream changelog lists one behavioural fix: when parameterLimit is set to Infinity and throwOnLimitExceeded is true, all parameters were silently dropped instead of being preserved. The rest of the release is eslint-config bumps and test coverage increases with no API or security changes.

Assessment

  • The scope is correct: only the resolutions pin in package.json and the corresponding lockfile entry are updated.
  • The lockfile hash change (db8fd5d...bdb55ae...) is consistent with a legitimate upstream patch release.
  • qs is listed under resolutions (a Yarn override) rather than as a direct dependency. This means it is a transitive dependency being pinned for security/correctness reasons, which is the right practice.
  • Auto-merge is already enabled, which is appropriate for a patch-level lockfile-only update to a docs-only dependency.

One minor observation

The qs@~6.14.0 alias in the lockfile is preserved alongside qs@6.15.1 in the same entry. This is expected Yarn behaviour — the ~6.14.0 range is satisfied by 6.15.1 — but it is worth being aware that if any transitive package ever requires a version outside that range, this resolution override will silently shadow it. That is pre-existing behaviour and not introduced by this PR.

No blocking issues. This is safe to merge.

@thomhurst thomhurst merged commit 526a540 into main Apr 8, 2026
15 checks passed
@thomhurst thomhurst deleted the renovate/qs-6.x branch April 8, 2026 20:56
This was referenced Apr 9, 2026
Merged
Closed
Open
Merged
intellitect-bot pushed a commit to IntelliTect/EssentialCSharp.Web that referenced this pull request Apr 9, 2026
@dependabot
Bump TUnit from 1.29.0 to 1.30.0 (#976)
5bc2bf0 
Updated [TUnit](https://github.com/thomhurst/TUnit) from 1.29.0 to
1.30.0.

<details>
<summary>Release notes</summary>

_Sourced from [TUnit's
releases](https://github.com/thomhurst/TUnit/releases)._

## 1.30.0

<!-- Release notes generated using configuration in .github/release.yml
at v1.30.0 -->

## What's Changed
### Other Changes
* perf: eliminate locks from mock invocation and verification hot paths
by @​thomhurst in thomhurst/TUnit#5422
* feat: TUnit0074 analyzer for redundant hook attributes on overrides by
@​thomhurst in thomhurst/TUnit#5459
* fix(mocks): respect generic type argument accessibility (#​5453) by
@​thomhurst in thomhurst/TUnit#5460
* fix(mocks): skip inaccessible internal accessors when mocking
Azure.Response by @​thomhurst in
thomhurst/TUnit#5461
* fix: apply CultureAttribute and STAThreadExecutorAttribute to hooks
(#​5452) by @​thomhurst in thomhurst/TUnit#5463
### Dependencies
* chore(deps): update tunit to 1.29.0 by @​thomhurst in
thomhurst/TUnit#5446
* chore(deps): update react to ^19.2.5 by @​thomhurst in
thomhurst/TUnit#5457
* chore(deps): update opentelemetry to 1.15.2 by @​thomhurst in
thomhurst/TUnit#5456
* chore(deps): update dependency qs to v6.15.1 by @​thomhurst in
thomhurst/TUnit#5458


**Full Changelog**:
thomhurst/TUnit@v1.29.0...v1.30.0

Commits viewable in [compare
view](thomhurst/TUnit@v1.29.0...v1.30.0).
</details>

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=TUnit&package-manager=nuget&previous-version=1.29.0&new-version=1.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This was referenced Apr 9, 2026
Open
Merged
Open
Open
Open
Open
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file PATCH renovate-bot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thomhurst @renovate-bot