Skip to content

fix(deps): vuln minor: qs · patch: path-to-regexp [test/crashtracker]#132

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 2 commits into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/crashtracker/1-1781559235
Open

fix(deps): vuln minor: qs · patch: path-to-regexp [test/crashtracker]#132
gh-worker-campaigns-3e9aa4[bot] wants to merge 2 commits into
mainfrom
engraver-auto-version-upgrade/minorpatch/npm/crashtracker/1-1781559235

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor

Summary: High-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

  • test/crashtracker (yarn)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
path-to-regexp 0.1.12 0.1.13 patch Transitive 1 HIGH
qs 6.14.2 6.15.2 minor Transitive 1 MEDIUM

Security Details

🚨 Critical & High Severity (1 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
path-to-regexp GHSA-37ch-88jc-xwx2 HIGH path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters 0.1.12 0.1.13
ℹ️ Other Vulnerabilities (1)
Package CVE Severity Summary Unsafe Version Fixed In
qs GHSA-q8mj-m7cp-5q26 MODERATE qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set 6.14.2 6.15.2

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown

Overall package size

Self size: 30.06 MB
Deduped: 30.06 MB
No deduping: 30.06 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------|

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@campaigner-prod campaigner-prod Bot marked this pull request as ready for review June 16, 2026 14:00
@campaigner-prod campaigner-prod Bot requested review from a team as code owners June 16, 2026 14:00
@dd-prapprover

dd-prapprover Bot commented Jun 16, 2026

Copy link
Copy Markdown

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-07-03T07:47:02Z
  • ✅ CI tests passed - 2026-07-03T07:55:12Z
  • ✅ Approved (commit: bec64f3) - 2026-07-03T07:55:14Z
  • ✅ Merge Started
  • ⬜ Merged

➡️ Current phase: merge in progress...

dd-prapprover[bot]
dd-prapprover Bot previously approved these changes Jun 16, 2026

@dd-prapprover dd-prapprover Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

@campaigner-prod

Copy link
Copy Markdown

/merge

@gh-worker-devflow-routing-ef8351

gh-worker-devflow-routing-ef8351 Bot commented Jun 16, 2026

Copy link
Copy Markdown

View all feedbacks in Devflow UI.

2026-06-16 19:29:16 UTC ℹ️ Start processing command /merge


2026-06-16 19:29:21 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 0s (p90).


2026-06-16 21:29:37 UTCMergeQueue: The build pipeline has timeout

The merge request has been interrupted because the build 0 took longer than expected. The current limit for the base branch 'main' is 120 minutes.

dd-octo-sts-6cbbf8 Bot and others added 2 commits July 3, 2026 07:46
Co-authored-by: gh-worker-campaigns-3e9aa4[bot] <244854796+gh-worker-campaigns-3e9aa4[bot]@users.noreply.github.com>
Co-authored-by: gh-worker-campaigns-3e9aa4[bot] <244854796+gh-worker-campaigns-3e9aa4[bot]@users.noreply.github.com>
@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor Author

Auto-rebase complete

Branch is up to date with main — rebased onto 29b2676.


Auto-Rebase · Add no-auto-rebase to opt out

@dd-octo-sts-6cbbf8 dd-octo-sts-6cbbf8 Bot force-pushed the engraver-auto-version-upgrade/minorpatch/npm/crashtracker/1-1781559235 branch from bd756a2 to bec64f3 Compare July 3, 2026 07:46

@dd-prapprover-prod-77c48c dd-prapprover-prod-77c48c Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR has been automatically approved by the DD PR Approver bot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants