Bump qs, @vue/cli-service, body-parser, @cypress/request and jest

[dependabot]

Bumps qs to 6.14.2 and updates ancestor dependencies qs, @vue/cli-service, body-parser, @cypress/request and jest. These dependencies need to be updated together.

Updates qs from 6.14.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

• [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
• [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
• [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
• [Fix] parse: enforce arrayLimit on comma-parsed values
• [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
• [Robustness] avoid .push, use void
• [readme] document that addQueryPrefix does not add ? to empty output (#418)
• [readme] clarify parseArrays and arrayLimit documentation (#543)
• [readme] replace runkit CI badge with shields.io check-runs badge
• [meta] fix changelog typo (arrayLength → arrayLimit)
• [actions] fix rebase workflow permissions

6.14.1

• [Fix] ensure arrayLimit applies to [] notation as well
• [Fix] parse: when a custom decoder returns null for a key, ignore that key
• [Refactor] parse: extract key segment splitting helper
• [meta] add threat model
• [actions] add workflow permissions
• [Tests] stringify: increase coverage
• [Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

• bdcf0c7 v6.14.2
• 294db90 [readme] document that addQueryPrefix does not add ? to empty output
• 5c308e5 [readme] clarify parseArrays and arrayLimit documentation
• 6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
• cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
• febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
• f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
• fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
• 1b9a8b4 [actions] fix rebase workflow permissions
• 2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
• Additional commits viewable in compare view

Updates @vue/cli-service from 4.5.19 to 5.0.9

Release notes

Sourced from @​vue/cli-service's releases.

v5.0.9

🐛 Bug Fix

• @vue/cli-service
  • #7443 fix: add missing default __VUE_PROD_HYDRATION_MISMATCH_DETAILS__, fixes compatibility with vue 3.5.19 (@​bobvandevijver)

v5.0.8

🐛 Bug Fix

• @vue/cli-service
  • 0260e4d fix: add devServer.server.type to useHttps judgement (vuejs/vue-cli#7222)
• @vue/cli-ui
  • 07052c4 fix: Vue CLI UI graphql subscription server error, fixes vuejs/vue-cli#7221

v5.0.7

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

v5.0.6

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

v5.0.5

🐛 Bug Fix

• @vue/cli
  • #7167 fix(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)
• @vue/cli-plugin-e2e-cypress
  • [697bb44] fix: should correctly resolve cypress bin path for Cypress 10 (Note that the project is still created with Cypress 9 by default, but you can upgrade to Cypress 10 on your own now)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

v5.0.4

🐛 Bug Fix

• @vue/cli-service
  • #7005 Better handling of publicPath: 'auto' (@​AndreiSoroka)
• @vue/cli-shared-utils, @vue/cli-ui
  • 75826d6 fix: replace node-ipc with @achrinza/node-ipc to further secure the dependency chain

... (truncated)

Changelog

Sourced from @​vue/cli-service's changelog.

5.0.9 (2025-08-21)

🐛 Bug Fix

• @vue/cli
  • #7265 fix: pnpm v7 install error (@​lvqq)

Committers: 2

• Bob van de Vijver (@​bobvandevijver)
• chlorine (@​lvqq)

5.0.7 (2022-07-05)

• @vue/cli-service
  • #7202, [558dea2] fix: support devServer.server option, avoid deprecation warnings (@​backrunner, @​sodatea)
  • [beffe8a] fix: allow disabling progress plugin via devServer.client.progress
• @vue/cli-ui
  • #7210 chore: upgrade to apollo-server-express 3.x

Committers: 2

• BackRunner (@​backrunner)
• Haoqun Jiang (@​sodatea)

5.0.6 (2022-06-16)

Fix compatibility with the upcoming Vue 2.7 (currently in alpha) and Vue Loader 15.10 (currently in beta).

In Vue 2.7, vue-template-compiler is no longer a required peer dependency. Rather, there's a new export under the main package as vue/compiler-sfc.

5.0.5 (2022-06-16)

🐛 Bug Fix

• @vue/cli
  • #7167 feat(upgrade): prevent changing the structure of package.json file during upgrade (@​blzsaa)
• @vue/cli-service
  • #7023 fix: windows vue.config.mjs support (@​xiaoxiangmoe)

Committers: 3

• Martijn Jacobs (@​maerteijn)
• ZHAO Jinxiang (@​xiaoxiangmoe)
• @​blzsaa

... (truncated)

Commits

• 7eb93c1 v5.0.9
• c21c156 fix: add missing default __VUE_PROD_HYDRATION_MISMATCH_DETAILS__ (#7443)
• b154dbd v5.0.8
• 0260e4d fix: add devServer.server.type to useHttps judgement (#7222)
• 4a0655f v5.0.7
• beffe8a fix: allow disabling progress plugin via devServer.client.progress
• 558dea2 fix: support devServer.server option, avoid deprecation warning
• bddd64d fix: optimize the judgment on whether HTTPS has been set in options (#7202)
• ef08a08 v5.0.6
• fcf27e3 fixup! fix: compatibility with Vue 2.7
• Additional commits viewable in compare view

Updates body-parser from 1.20.3 to 1.20.4

Release notes

Sourced from body-parser's releases.

1.20.4

What's Changed

• Remove redundant depth check by @​blakeembrey in expressjs/body-parser#538
• ci: add support for Node.js v23 by @​Phillip9587 in expressjs/body-parser#553
• ci: restore CI for 1.x branch by @​bjohansebas in expressjs/body-parser#665
• deps: qs@^6.14.0 by @​bjohansebas in expressjs/body-parser#664
• deps: use tilde notation and update certain dependencies by @​Phillip9587 in expressjs/body-parser#668
• chore: remove SECURITY.md by @​Phillip9587 in expressjs/body-parser#669
• ci: add CodeQL (SAST) by @​Phillip9587 in expressjs/body-parser#670
• Release: 1.20.4 by @​UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

Changelog

Sourced from body-parser's changelog.

1.20.4 / 2025-12-01

• deps: qs@~6.14.0
• deps: use tilde notation for dependencies
• deps: http-errors@~2.0.1
• deps: raw-body@~2.5.3

Commits

• 7db202c 1.20.4 (#672)
• d8f8adb ci: add CodeQL (SAST) (#670)
• 6d133c1 chore: remove SECURITY.md (#669)
• fcd1535 deps: use tilde notation and update certain dependencies (#668)
• ec5fa29 deps: qs@~6.14.0 (#664)
• ffb95c1 ci: restore CI for 1.x branch (#665)
• 48a5f07 ci: add support for Node.js v23 (#553)
• f20f6ad Remove redundant depth check (#538)
• See full diff in compare view

Updates @cypress/request from 3.0.9 to 3.0.10

Release notes

Sourced from @​cypress/request's releases.

v3.0.10

3.0.10 (2026-01-05)

Bug Fixes

• release cypress-io/request#97 (#102) (e783d90)

Commits

• e783d90 fix: release cypress-io/request#97 (#102)
• e3d6845 chore: fix approval/release job (#100)
• cea7bc6 chore: fix broken circle context (#99)
• a5253c3 Merge pull request #97 from hmaesta/master
• 6cc9dde commig yarn.lock
• d0c69d2 chore(deps): allow qs patch versions
• 72bbc6b chore(deps): update qs to v6.14.1
• e02f5cb chore: use npm credentials context (#95)
• See full diff in compare view

Updates jest from 25.5.4 to 30.3.0

Release notes

Sourced from jest's releases.

v30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#15803)

30.1.1

Fixes

... (truncated)

Changelog

Sourced from jest's changelog.

30.3.0

Features

• [jest-config] Add defineConfig and mergeConfig helpers for type-safe Jest config (#15844)
• [jest-fake-timers] Add setTimerTickMode to configure how timers advance
• [*] Reduce token usage when run through LLMs (3f17932)

Fixes

• [jest-config] Keep CLI coverage output when using --json with --outputFile (#15918)
• [jest-mock] Use Symbol from test environment (#15858)
• [jest-reporters] Fix issue where console output not displayed for GHA reporter even with silent: false option (#15864)
• [jest-runtime] Fix issue where user cannot utilize dynamic import despite specifying --experimental-vm-modules Node option (#15842)
• [jest-test-sequencer] Fix issue where failed tests due to compilation errors not getting re-executed even with --onlyFailures CLI option (#15851)
• [jest-util] Make sure process.features.require_module is false (#15867)

Chore & Maintenance

• [*] Replace remaining micromatch uses with picomatch
• [deps] Update to sinon/fake-timers v15
• [docs] Update V30 migration guide to notify users on jest.mock() work with case-sensitive path (#15849)
• Updated Twitter icon to match the latest brand guidelines (#15869)

30.2.0

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#15832)
• [*] Update jest-watch-typeahead to v3 (#15830)

Features

• [jest-environment-jsdom-abstract] Add support for JSDOM v27 (#15834)

Fixes

• [jest-matcher-utils] Fix infinite recursion with self-referential getters in deepCyclicCopyReplaceable (#15831)
• [babel-jest] Export the TransformerConfig interface (#15820)
• [jest-config] Fix jest.config.ts with TS loader specified in docblock pragma (#15839)

30.1.3

Fixes

• Fix unstable_mockModule with node: prefixed core modules.

30.1.2

Fixes

... (truncated)

Commits

• efb59c2 v30.3.0
• 96c53d3 feat(jest-config): add defineConfig and mergeConfig functions (#15844)
• 855864e v30.2.0
• da9b532 v30.1.3
• ebfa31c v30.1.2
• d347c0f v30.1.1
• 4d5f41d v30.1.0
• 22236cf v30.0.5
• f4296d2 v30.0.4
• d4a6c94 v30.0.3
• Additional commits viewable in compare view