Bump qs, jspdf, node-sass, react-scripts and cypress by dependabot[bot] · Pull Request #219 · Terralego/visu-front

dependabot · 2026-02-12T19:01:25Z

Bumps qs, jspdf, node-sass, react-scripts and cypress. These dependencies needed to be updated together.
Updates qs from 6.8.0 to 6.14.2

Changelog

Sourced from qs's changelog.

6.14.2

[Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)

[Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue

[Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)

[Fix] parse: enforce arrayLimit on comma-parsed values

[Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)

[Robustness] avoid .push, use void

[readme] document that addQueryPrefix does not add ? to empty output (#418)

[readme] clarify parseArrays and arrayLimit documentation (#543)

[readme] replace runkit CI badge with shields.io check-runs badge

[meta] fix changelog typo (arrayLength → arrayLimit)

[actions] fix rebase workflow permissions

6.14.1

[Fix] ensure arrayLimit applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

[Tests] utils.merge: add some coverage

[Tests] fix a test case

[actions] split out node 10-20, and 20+

[Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

6.13.0

[New] parse: add strictDepth option (#511)

[Tests] use npm audit instead of aud

6.12.3

[Fix] parse: properly account for strictNullHandling when allowEmptyArrays

... (truncated)

Commits

bdcf0c7 v6.14.2
294db90 [readme] document that addQueryPrefix does not add ? to empty output
5c308e5 [readme] clarify parseArrays and arrayLimit documentation
6addf8c [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit
cfc108f [Fix] arrayLimit means max count, not max index, in combine/merge/`pars...
febb644 [Fix] parse: throw on arrayLimit exceeded with indexed notation when `thr...
f6a7abf [Fix] parse: enforce arrayLimit on comma-parsed values
fbc5206 [Fix] parse: fix error message to reflect arrayLimit as max index; remove e...
1b9a8b4 [actions] fix rebase workflow permissions
2a35775 [meta] fix changelog typo (arrayLength → arrayLimit)
Additional commits viewable in compare view

Updates jspdf from 1.5.3 to 4.1.0

Release notes

Sourced from jspdf's releases.

v4.1.0

This release fixes several security issues.

What's Changed

Upgrade optional dompurify dependency to 3.3.1 in parallax/jsPDF#3948

Fix PDF Injection in AcroForm module allows Arbitrary JavaScript Execution vulnerability

Fix Stored XMP Metadata Injection (Spoofing & Integrity Violation) vulnerability

Fix Shared State Race Condition in addJS Method vulnerability

Fix Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder vulnerability

Full Changelog: parallax/jsPDF@v4.0.0...v4.1.0

v4.0.0

This release fixes a critical path traversal/local file inclusion security vulnerability in the jsPDF Node.js build. File system access is now restricted by default and can be enabled by either using node's --permission flag or the new jsPDF.allowFsRead property.

There are no other breaking changes.

v3.0.4

This release includes a bunch of bugfixes. Thanks to all contributors!

What's Changed

[Snyk] Upgrade @babel/runtime from 7.28.3 to 7.28.4 by @MrRio in parallax/jsPDF#3895

fix: cell function now properly accepts align parameter by @vishal-rathod-07 in parallax/jsPDF#3896

Remove duplicated function "ga" from WebPDecoder.js by @jvdp in parallax/jsPDF#3902

Fix font state management issue #3890 by @srikanth-s2003 in parallax/jsPDF#3891

Fix pages property to always return current array reference ( #3898 ) by @Opineppes in parallax/jsPDF#3899

Fix jsPDF + Vite compatibility issue #3851 by @tishajain25 in parallax/jsPDF#3903

Do not add pages dynamically unless autoPaging is enabled by @anmiles in parallax/jsPDF#3915

Fix: Context2d font regex too restrictive ( #3904 ) by @Opineppes in parallax/jsPDF#3906

Fix Incorrect Typing for Margins in the TableConfig Interface Definition by @Maito1794 in parallax/jsPDF#3816

New Contributors

@survivant made their first contribution in parallax/jsPDF#3897

@vishal-rathod-07 made their first contribution in parallax/jsPDF#3896

@jvdp made their first contribution in parallax/jsPDF#3902

@srikanth-s2003 made their first contribution in parallax/jsPDF#3891

@Opineppes made their first contribution in parallax/jsPDF#3899

@tishajain25 made their first contribution in parallax/jsPDF#3903

@anmiles made their first contribution in parallax/jsPDF#3915

@josephyi made their first contribution in parallax/jsPDF#3907

@Maito1794 made their first contribution in parallax/jsPDF#3816

Full Changelog: parallax/jsPDF@v3.0.3...v3.1.0

v3.0.3

This release fixes regressions with PNG encoding that were introduced in v3.0.2.

What's Changed

Fix division by zero when calculating word spacing by @alxndr-pggm in parallax/jsPDF#3879

fix scaling of form object bounding boxes by @HackbrettXXX in parallax/jsPDF#3888

... (truncated)

Commits

0227381 4.1.0
ae4b93f Merge commit from fork
2863e5c Merge commit from fork
efe54bf Merge commit from fork
da291a5 Merge commit from fork
685e41e Bump @koa/cors and local-web-server (#3951)
8cc22a5 Bump tmp, inquirer and karma (#3945)
008b276 Bump sha.js from 2.4.11 to 2.4.12 (#3946)
ff66d52 Bump vite from 5.4.20 to 5.4.21 in /examples/vite (#3949)
bcf79f2 Bump cipher-base from 1.0.4 to 1.0.7 (#3942)
Additional commits viewable in compare view

Updates node-sass from 4.12.0 to 9.0.0

Release notes

Sourced from node-sass's releases.

v9.0.0

What's Changed

Node 20 support by @nschonni in sass/node-sass#3355

Breaking changes

Drop support for Node 14 (@nschonni)

Supported Environments

OS Architecture Node

Windows x86 & x64 16, 18, 19, 20

OSX x64 16, 18, 19, 20

Linux* x64 16, 18, 19, 20

Alpine Linux x64 16, 18, 19, 20

*Linux support refers to major distributions like Ubuntu, and Debian

v8.0.0

What's Changed

Fix binaries being partially downloaded by @xzyfer in sass/node-sass#3313

Bump node-gyp and nan for node 19 support by @xzyfer in sass/node-sass#3314

feat: Node 18 and 19 support and drop Node 17 by @nschonni in sass/node-sass#3257

Breaking changes

Drop support for Node 12 (@nschonni)

Drop support for Node 17 (@nschonni)

Set rejectUnauthorized to true by default (@scott-ut, #3149)

Features

Add support for Node 18 (@nschonni)

Add support for Node 19 (@nschonni)

Replace request with make-fetch-happen (@CamilleDrapier @xzyfer, #3193, #3313)

Dependencies

Bump true-case-path@2.2.1

Bump node-gyp @9.0.0

Bump nan@^2.17.0

Bump sass-graph@^4.0.1

Misc

Bump various GitHub Actions dependencies (@nschonni)

... (truncated)

Changelog

Sourced from node-sass's changelog.

v4.14.0

https://github.com/sass/node-sass/releases/tag/v4.14.0

v4.13.1

https://github.com/sass/node-sass/releases/tag/v4.13.1

v4.13.0

https://github.com/sass/node-sass/releases/tag/v4.13.0

Commits

87f3899 feat: Node 20 support (#3355)
06ae4c7 build(deps): bump coverallsapp/github-action from 2.0.0 to 2.1.0 (#3350)
e069f73 build(deps): bump coverallsapp/github-action from 1.2.0 to 2.0.0
c34837d build(deps): bump coverallsapp/github-action from 1.1.3 to 1.2.0
ee13eb9 8.0.0
98e75b3 feat: Node 18 and 19 support and drop Node 17 (#3257)
e9bb866 Bump node-gyp and nan for node 19 support (#3314)
ab7840b Fix binaries being partially downloaded (#3313)
d595abf 7.0.3
3b556c1 7.0.2
Additional commits viewable in compare view

Updates react-scripts from 3.4.4 to 5.0.1

Commits

19fa58d Publish
9802941 fix: webpack noise printed only if error or warning (#12245)
2eef1d0 Update templates to use React 18 createRoot (#12220)
221e511 Publish
5614c87 Add support for Tailwind (#11717)
20edab4 fix(webpackDevServer): disable overlay for warnings (#11413)
3afbbc0 Update all dependencies (#11624)
f5467d5 feat(eslint-config-react-app): support ESLint 8.x (#11375)
c7627ce Update webpack and dev server (#11646)
544befe Update package.json (#11597)
Additional commits viewable in compare view

Updates cypress from 4.12.1 to 15.10.0

Release notes

Sourced from cypress's releases.

v15.10.0

Changelog: https://docs.cypress.io/app/references/changelog#15-10-0

v15.9.0

Changelog: https://docs.cypress.io/app/references/changelog#15-9-0

v15.8.2

Changelog: https://docs.cypress.io/app/references/changelog#15-8-2

v15.8.1

Changelog: https://docs.cypress.io/app/references/changelog#15-8-1

v15.8.0

Changelog: https://docs.cypress.io/app/references/changelog#15-8-0

v15.7.1

Changelog: https://docs.cypress.io/app/references/changelog#15-7-1

v15.7.0

Changelog: https://docs.cypress.io/app/references/changelog#15-7-0

v15.6.0

Changelog: https://docs.cypress.io/app/references/changelog#15-6-0

v15.5.0

Changelog: https://docs.cypress.io/app/references/changelog#15-5-0

v15.4.0

Changelog: https://docs.cypress.io/app/references/changelog#15-4-0

v15.3.0

Changelog: https://docs.cypress.io/app/references/changelog#15-3-0

v15.2.0

Changelog: https://docs.cypress.io/app/references/changelog#15-2-0

v15.1.0

Changelog: https://docs.cypress.io/app/references/changelog#15-1-0

v15.0.0

Changelog: https://docs.cypress.io/app/references/changelog#15-0-0

v14.5.4

Changelog: https://docs.cypress.io/app/references/changelog#14-5-4

v14.5.3

Changelog: https://docs.cypress.io/app/references/changelog#14-5-3

v14.5.2

Changelog: https://docs.cypress.io/app/references/changelog#14-5-2

... (truncated)

Commits

e4324d1 chore: v15.10.0 release (#33323)
5b93401 feat: display the resolved expose values in the resolved config ui (#33322)
babb713 docs: Update deprecation notice for Cypress.env() (#33320)
2e00636 chore: clarify allowCypressEnv error message (#33286)
1f9d7f5 docs: fix grammar in CLI README (#33317)
f40f51e chore: Update v8 snapshot cache - darwin (#33316)
c61359e chore: Update v8 snapshot cache - windows (#33315)
fd01024 chore: Update v8 snapshot cache - linux (#33314)
fa872c6 chore: fix cypress in cypress test replays (#33309)
eb0f256 chore(deps): update dependency devtools-protocol to v0.0.1575685 (#33294)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by cypress-npm-publisher, a new releaser for cypress since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [qs](https://github.com/ljharb/qs), [jspdf](https://github.com/parallax/jsPDF), [node-sass](https://github.com/sass/node-sass), [react-scripts](https://github.com/facebook/create-react-app/tree/HEAD/packages/react-scripts) and [cypress](https://github.com/cypress-io/cypress). These dependencies needed to be updated together. Updates `qs` from 6.8.0 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.8.0...v6.14.2) Updates `jspdf` from 1.5.3 to 4.1.0 - [Release notes](https://github.com/parallax/jsPDF/releases) - [Changelog](https://github.com/parallax/jsPDF/blob/master/RELEASE.md) - [Commits](parallax/jsPDF@v1.5.3...v4.1.0) Updates `node-sass` from 4.12.0 to 9.0.0 - [Release notes](https://github.com/sass/node-sass/releases) - [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md) - [Commits](sass/node-sass@v4.12.0...v9.0.0) Updates `react-scripts` from 3.4.4 to 5.0.1 - [Release notes](https://github.com/facebook/create-react-app/releases) - [Changelog](https://github.com/facebook/create-react-app/blob/main/CHANGELOG-3.x.md) - [Commits](https://github.com/facebook/create-react-app/commits/react-scripts@5.0.1/packages/react-scripts) Updates `cypress` from 4.12.1 to 15.10.0 - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](cypress-io/cypress@v4.12.1...v15.10.0) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.2 dependency-type: direct:production - dependency-name: jspdf dependency-version: 4.1.0 dependency-type: direct:production - dependency-name: node-sass dependency-version: 9.0.0 dependency-type: direct:production - dependency-name: react-scripts dependency-version: 5.0.1 dependency-type: direct:production - dependency-name: cypress dependency-version: 15.10.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Feb 12, 2026

This was referenced Feb 12, 2026

Bump qs from 6.8.0 to 6.14.1 #213

Closed

Bump jspdf from 1.5.3 to 4.1.0 #218

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump qs, jspdf, node-sass, react-scripts and cypress#219

Bump qs, jspdf, node-sass, react-scripts and cypress#219
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-e46b5609bf

dependabot bot commented on behalf of github Feb 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

OS	Architecture	Node
Windows	x86 & x64	16, 18, 19, 20
OSX	x64	16, 18, 19, 20
Linux*	x64	16, 18, 19, 20
Alpine Linux	x64	16, 18, 19, 20

Conversation

dependabot bot commented on behalf of github Feb 12, 2026

6.14.2

6.14.1

6.14.0

6.13.1

6.13.0

6.12.3

v4.1.0

What's Changed

v4.0.0

v3.0.4

What's Changed

New Contributors

v3.0.3

What's Changed

v9.0.0

What's Changed

Breaking changes

Supported Environments

v8.0.0

What's Changed

Breaking changes

Features

Dependencies

Misc

v4.14.0

v4.13.1

v4.13.0

v15.10.0

v15.9.0

v15.8.2

v15.8.1

v15.8.0

v15.7.1

v15.7.0

v15.6.0

v15.5.0

v15.4.0

v15.3.0

v15.2.0

v15.1.0

v15.0.0

v14.5.4

v14.5.3

v14.5.2

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants