fix(ui): bump qs past CVE-2026-8723#350

Open

NikolayS wants to merge 1 commit into

fix/qs-cve-2026-8723

Contributor

NikolayS commented May 23, 2026

Summary

add a pnpm override for qs@>=6.11.1 <6.15.2 to resolve to >=6.15.2
refresh the UI lockfile so Cypress' request dependency uses qs@6.15.2

Verification

npx --yes pnpm@8.15.9 install --lockfile-only
npx --yes pnpm@8.15.9 install --frozen-lockfile --ignore-scripts
npx --yes pnpm@8.15.9 audit --audit-level high --json → 8 total advisories, 0 for qs

Refs #349


          fix(ui): bump qs past CVE-2026-8723

16a7886

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet