Bump qs, babel-cli, http-server and express in /samples/graphiql-client

[dependabot]

Bumps qs to 6.15.2 and updates ancestor dependencies qs, babel-cli, http-server and express. These dependencies need to be updated together.

Updates qs from 6.14.2 to 6.15.2

Changelog

Sourced from qs's changelog.

6.15.2

• [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + encodeValuesOnly instead of crashing in encoder
• [Fix] stringify: use configured delimiter after charsetSentinel (#555)
• [Fix] stringify: apply formatter to encoded key under strictNullHandling (#554)
• [Fix] stringify: skip null/undefined filter-array entries instead of crashing in encoder (#551)
• [Fix] parse: handle nested bracket groups and add regression tests (#530)
• [readme] fix grammar (#550)
• [Dev Deps] update @ljharb/eslint-config
• [Tests] add regression tests for keys containing percent-encoded bracket text

6.15.1

• [Fix] parse: parameterLimit: Infinity with throwOnLimitExceeded: true silently drops all parameters
• [Deps] update @ljharb/eslint-config
• [Dev Deps] update @ljharb/eslint-config, iconv-lite
• [Tests] increase coverage

6.15.0

• [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
• [Fix] duplicates option should not apply to bracket notation keys (#514)

Commits

• 9aca407 v6.15.2
• 5e33d33 [Dev Deps] update @ljharb/eslint-config
• 21f80b3 [Fix] stringify: skip null/undefined entries in arrayFormat: 'comma' + `e...
• a0a81ea [Fix] stringify: use configured delimiter after charsetSentinel
• e3062f7 [Fix] stringify: apply formatter to encoded key under strictNullHandling
• 0c180a4 [Fix] stringify: skip null/undefined filter-array entries instead of crashi...
• 3a8b94a [Tests] add regression tests for keys containing percent-encoded bracket text
• 96755ab [readme] fix grammar
• a419ce5 [Fix] parse: handle nested bracket groups and add regression tests
• 3f5e1c5 v6.15.1
• Additional commits viewable in compare view

Updates babel-cli from 6.6.5 to 6.26.0

Changelog

Sourced from babel-cli's changelog.

6.26.0 (2017-08-16)

Backports for some folks (also other's when we accidently merged PRs from both 6.x/master) Lesson learned: just use master and backport on another branch.

👓 Spec Compliancy

• babel-core, babel-generator, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-traverse, babel-types
  • #6081 Flow opaque type 6.x backport. (@​jbrown215)

🚀 New Feature

• babel-cli
  • #5796 Allow --inspect-brk option to be used with babel-node [6.x backport]. (@​noinkling)

🐛 Bug Fix

• babel-plugin-transform-es2015-modules-commonjs
  • #5811 Fix 5768. (@​joshwnj)
  • #5469 Fix commonjs exports with destructuring.. (@​yavorsky)
• babel-types
  • #5693 Hoist toSequenceExpression's convert helper. (@​jridgewell)

📝 Documentation

• babel-plugin-transform-class-properties
  • #6005 FIX access to the prototype of an instance. (@​shuaibird)
• babel-plugin-transform-runtime
  • #5857 Fix typos in README.md. (@​danny-andrews)
• babel-plugin-transform-regenerator
  • #5852 Fix babel-plugin-transform-regenerator README. (@​k15a)
• Other
  • #5788 Add a section on troubleshooting [skip ci]. (@​peey)
  • #5755 Fix broken tables in README.md. (@​u9lyfish)
• babel-generator, babel-plugin-transform-es2015-arrow-functions, babel-plugin-transform-es2015-modules-commonjs, babel-plugin-transform-es2015-spread, babel-plugin-transform-runtime, babel-register
  • #5613 Backport doc changes. (@​xtuc)

🏠 Internal

• babel-traverse
  • #5965 Remove unused functions from renamer.js.. (@​mcav)
  • #5363 Increase the code coverage for traverse evaluation. (@​ssuman)
• Other
  • #5938 Remove codecov node package and use bash uploader. (@​existentialism)

Committers: 19

• Artem Yavorsky (yavorsky)
• Brian Ng (existentialism)
• Danny Andrews (danny-andrews)
• Henry Zhu (hzoo)
• Jeffrey Wear (wearhere)
• Jordan Brown (jbrown215)
• Josh Johnston (joshwnj)
• Justin Ridgewell (jridgewell)
• Konstantin Pschera (k15a)

... (truncated)

Commits

• cee4cde v6.26.0
• aa33099 update changelog
• 5749276 update deps
• 7b30f77 Merge pull request #6111 from modosc/update-regenerator
• f4716dc Backport #6031 (#6112)
• d375d80 6.26.0 changelog [skip ci]
• 98824e7 backport the fix #6052 [skip ci]
• c28465e Flow opaque type 6.x backport (#6081)
• 2dba910 Merge branch '6.x'
• 4d51052 FIX access to the prototype of an instance (#6005)
• Additional commits viewable in compare view

Updates http-server from 0.9.0 to 14.1.1

Release notes

Sourced from http-server's releases.

v14.1.1

• Patch CVE-2021-44906 @​dpassen (#803)

Other changes

• Bump follow-redirects from 1.14.4 to 1.14.8 @​dependabot (#794)

v14.1.0

This release contains an emergency fix which replaces colors.js with chalk. See #781 for more info and discussion, and Marak/colors.js#285 for broader discussion about colors.js.

• Switch from colors to chalk @​zbynek (#785)

v14.0.0

Breaking changes

• Add encoding charset sniffing @​boarwell (#736)
• Drop Node.js 10 support @​boarwell (#739)
  • Required to support charset sniffing

Features and enhancements

• add passphrase option @​chris--jones (#746)
• Make --ssl an alias for --tls @​thornjad (#747)
• add ability to pass proxyOptions @​yannickglt (#688)
• Replace mkdirp in tests with native JS @​thornjad (#743)
• Implement displaying last modified date in index @​owenl131 (#737)
• Adds version number to server startup output @​Innoveramera (#734)

Bug Fixes

• Don't crash when file path errors @​thornjad (#753)
• Fix CORS option detection @​thornjad (#748)
• fix crash on redirect with formfeed in URL @​thornjad (#749)
• Fixes --proxy without a protocol throwing an uncaught error @​Ratcoder (#742)
• Fix tests EACCESS by finding an open port every time @​thornjad (#741)
• Use relative paths in directory listing #661 @​boarwell (#732)

Other changes

• Add Contributing guide @​thornjad (#752)
• Eslint config - replace common-style with eslint-config-populist @​chris--jones (#744)
• Update some dependencies @​thornjad (#740)

Full Changelog: http-party/http-server@v13.0.2...v14.0.0

v13.1.0

This release contains an emergency backport from v14.1.0 which replaces colors.js with chalk

• Switch from colors to chalk @​zbynek (#785)

... (truncated)

Commits

• af0ac3e 14.1.1
• e5301d3 update license year
• 318c55f Merge pull request #794 from http-party/dependabot/npm_and_yarn/follow-redire...
• 284a0b0 Merge pull request #803 from dpassen/patch-CVE-2021-44906
• 17cc8d6 Patch CVE-2021-44906
• dc2fcf0 Bump follow-redirects from 1.14.4 to 1.14.8
• 33a6639 Update SECURITY.md
• 251d4a1 Update support commitments for Jan 2022
• e16ed1d 14.1.0
• 56bdf6e Merge pull request #785 from zbynek/use-chalk
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by thornjad, a new releaser for http-server since your current version.

Updates express from 4.22.1 to 4.22.2

Release notes

Sourced from express's releases.

v4.22.2

What's Changed

• fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
  • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
• deps: qs@~6.15.1
• deps: body-parser@~1.20.5

New Contributors

• @​suuuuuuminnnnnn made their first contribution in expressjs/express#7021
• @​SAY-5 made their first contribution in expressjs/express#7181

Full Changelog: expressjs/express@v4.22.1...v4.22.2

Changelog

Sourced from express's changelog.

4.22.2 / 2026-05-011

• fix: restore >20 array parsing for req.query repeated keys (8d09bfe6)
  • This also unifies array-cap behavior across notations. Indexed notation (a[0]=...) was historically capped at qs's default arrayLimit of 20 even in older qs versions; after this change it also allows up to 1000 items.
• deps: qs@~6.15.1
• deps: body-parser@~1.20.5

Commits

• df0abc9 4.22.2
• 836d366 4.x update qs to 6.15.1, body-parser 1.20.5 (#7224)
• 8d09bfe fix: restore array parsing for req.query repeated keys (#7181)
• d39e8ad deps: body-parser@~1.20.4 (#7021)
• efe85d9 deps: qs@^6.14.1 (#6972)
• f62378e 📝 add note to history
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.