This is an automated email from the ASF dual-hosted git repository.
thiagoelg pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-tools.git
The following commit(s) were added to refs/heads/main by this push:
new b2a4d3b3e8b NO-ISSUE: Update qs to 6.15.2 address CVE-2026-8723 (#3612)
b2a4d3b3e8b is described below
commit b2a4d3b3e8bf9bacb0e215873b32f84d976088cd
Author: Adarsh vk <[email protected]>
AuthorDate: Tue Jun 9 21:47:46 2026 +0530
NO-ISSUE: Update qs to 6.15.2 address CVE-2026-8723 (#3612)
---
pnpm-lock.yaml | 11 ++---------
pnpm-workspace.yaml | 3 +++
2 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 61818fcca0f..4c03d9fb794 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -14,6 +14,7 @@ overrides:
minimatch@^3>brace-expansion: 1.1.13
minimatch@^5>brace-expansion: ^2.0.3
openapi-types: 7.2.3
+ '@cypress/request@3>qs': 6.15.2
path-to-regexp@^0: 0.1.13
react-dropzone: ^11.4.2
superagent: 10.2.2
@@ -20868,10 +20869,6 @@ packages:
resolution: {integrity:
sha512-8YOJEHtxpySA3fFDyCRxA+UUV+fA+rTWnuWvylOK/NCjhY+b4ocCtmu8TtsWb+mYeU+GCHf/S66KZF/AsteKHg==}
engines: {node: '>=0.9'}
- [email protected]:
- resolution: {integrity:
sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==}
- engines: {node: '>=0.6'}
-
[email protected]:
resolution: {integrity:
sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==}
engines: {node: '>=0.6'}
@@ -25897,7 +25894,7 @@ snapshots:
json-stringify-safe: 5.0.1
mime-types: 2.1.35
performance-now: 2.1.0
- qs: 6.14.1
+ qs: 6.15.2
safe-buffer: 5.2.1
tough-cookie: 5.1.2
tunnel-agent: 0.6.0
@@ -40148,10 +40145,6 @@ snapshots:
[email protected]: {}
- [email protected]:
- dependencies:
- side-channel: 1.1.0
-
[email protected]:
dependencies:
side-channel: 1.1.0
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 4c9a6b4a92f..c9149b6649b 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -14,6 +14,9 @@ overrides:
"minimatch@^3>brace-expansion": "1.1.13"
"minimatch@^5>brace-expansion": "^2.0.3"
"openapi-types": "7.2.3"
+ # CVE-2026-8723: Fix TypeError in qs.stringify (comma arrayFormat +
encodeValuesOnly with null/undefined)
+ # Overriding transitive dependency until @cypress/request updates to patched
qs version
+ "@cypress/request@3>qs": "6.15.2"
"path-to-regexp@^0": "0.1.13"
"react-dropzone": "^11.4.2"
"superagent": "10.2.2"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
