build(deps): Bump qs from 6.11.2 to 6.15.2

[dependabot]

Bumps qs from 6.11.2 to 6.15.2.

Changelog

Sourced from qs's changelog.

6.15.2

• [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
• [Fix] stringify: use configured delimiter after charsetSentinel (#555)
• [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
• [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
• [Fix] parse: handle nested bracket groups and add regression tests (#530)
• [readme] fix grammar (#550)
• [Dev Deps] update @ljharb/eslint-config
• [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

• [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
• [Deps] update @ljharb/eslint-config
• [Dev Deps] update @ljharb/eslint-config, iconv-lite
• [Tests] increase coverage

6.15.0

• [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
• [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

• [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
• [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
• [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
• [Fix] parse: enforce arrayLimit on comma-parsed values
• [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
• [Robustness] avoid .push, use void
• [readme] document that addQueryPrefix does not add ? to empty output (#418)
• [readme] clarify parseArrays and arrayLimit documentation (#543)
• [readme] replace runkit CI badge with shields.io check-runs badge
• [meta] fix changelog typo (arrayLength → arrayLimit)
• [actions] fix rebase workflow permissions

6.14.1

• [Fix] ensure arrayLimit applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

• [New] parse: add throwOnParameterLimitExceeded option (#517)
• [Refactor] parse: use utils.combine more
• [patch] parse: add explicit throwOnLimitExceeded default
• [actions] use shared action; re-add finishers
• [meta] Fix changelog formatting bug
• [Deps] update side-channel
• [Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

... (truncated)

Commits

• 9aca407 v6.15.2
• 5e33d33 [Dev Deps] update @ljharb/eslint-config
• 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
• a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
• e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
• 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
• 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
• 96755ab [readme] fix grammar
• a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
• 3f5e1c5 v6.15.1
• Additional commits viewable in compare view

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR bumps the qs query-string library from 6.11.2 to 6.15.2 in two packages (ethereum-storage and request-client.js), and updates the lockfile accordingly.

• qs 6.15.2 delivers several bug fixes (crash in stringify with arrayFormat: 'comma' + encodeValuesOnly, nested bracket parsing, parameterLimit: Infinity silently dropping params, etc.) and no breaking API changes.
• The lockfile reflects updated transitive dependencies: side-channel is now at 1.1.0 (split into side-channel-list, side-channel-map, side-channel-weakmap), plus minor bumps to object-inspect, call-bound, get-intrinsic, and underscore.

Confidence Score: 5/5

Routine patch/minor dependency update with no breaking changes; safe to merge.

The bump spans six minor/patch releases of qs, all of which contain only bug fixes and no breaking API changes. The lockfile correctly consolidates the old pinned 6.11.2 entry and updates transitive dependencies in a consistent way. No application code was modified.

No files require special attention.

Important Files Changed

Filename	Overview
packages/ethereum-storage/package.json	Bumps qs direct dependency from 6.11.2 to 6.15.2; no other changes.
packages/request-client.js/package.json	Bumps qs direct dependency from 6.11.2 to 6.15.2; no other changes.
yarn.lock	Lockfile updated to reflect qs 6.15.2, side-channel 1.1.0 (split into sub-packages), and minor bumps to object-inspect, call-bound, get-intrinsic, and underscore.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[ethereum-storage\npackage.json] -->|depends on| B[qs 6.15.2]
    C[request-client.js\npackage.json] -->|depends on| B
    B -->|depends on| D[side-channel 1.1.0]
    D --> E[side-channel-list 1.0.1]
    D --> F[side-channel-map 1.0.1]
    D --> G[side-channel-weakmap 1.0.2]
    F --> H[get-intrinsic 1.3.0]
    F --> I[object-inspect 1.13.4]
    G --> H
    G --> I

Loading

_{Reviews (2): Last reviewed commit: "build(deps): Bump qs from 6.11.2 to 6.15..." | Re-trigger Greptile}

[MantisClone]

@dependabot recreate

[MantisClone]

Congratulations, your pull request has been merged! Thank you for your valuable contribution to Request Network. As a reminder, every merged PR is automatically entered into our Best PR Initiative, offering a quarterly prize of $500. Your work significantly supports our project's growth, and we encourage you to continue engaging with our community. Additionally, if you want to build or add crypto payments and invoicing features, explore how our API can reduce deployment time from months to hours while offering advanced features. Get in touch to learn more and fast-track your development.