Skip to content

[Snyk] Security upgrade qs from 6.14.0 to 6.14.1#1127

Merged
cdimascio merged 1 commit intomasterfrom
snyk-fix-f56064687c7cca16a59e2e1fa785080f
Jan 14, 2026
Merged

[Snyk] Security upgrade qs from 6.14.0 to 6.14.1#1127
cdimascio merged 1 commit intomasterfrom
snyk-fix-f56064687c7cca16a59e2e1fa785080f

Conversation

@cdimascio
Copy link
Owner

@cdimascio cdimascio commented Jan 3, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-QS-14724253		   828  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

@cvchauhan
Copy link
Contributor

cvchauhan commented Jan 9, 2026
edited
Loading

Hi @cdimascio is there any plan for merge this pr & publish? Express is already updated this dependency

@rajnish21m
Copy link

rajnish21m commented Jan 13, 2026

@cdimascio , could we please get this merged?

@cdimascio cdimascio merged commit 48e08a7 into master Jan 14, 2026
6 checks passed
@cdimascio
Copy link
Owner Author

cdimascio commented Jan 14, 2026

Will roll a new version tomorrow

@cvchauhan
Copy link
Contributor

cvchauhan commented Jan 17, 2026

@cdimascio hope will see new release today

@cdimascio
Copy link
Owner Author

cdimascio commented Jan 17, 2026

v5.6.1 is out

@cdimascio cdimascio deleted the snyk-fix-f56064687c7cca16a59e2e1fa785080f branch January 18, 2026 00:01
@cvchauhan
Copy link
Contributor

cvchauhan commented Jan 20, 2026
edited
Loading

Hi @cdimascio , it looks like the latest version of @apidevtools/json-schema-ref-parser no longer supports CommonJS.

After upgrading to the latest version, our existing CommonJS-based project started failing with an error indicating that require() is not supported. This has broken backward compatibility for older projects that still rely on CommonJS.

Could you please confirm:

Whether CommonJS support has been officially dropped?

If there is a recommended workaround or a compatible version we should pin to for CommonJS projects?

Thanks for your help.

@cdimascio
Copy link
Owner Author

cdimascio commented Jan 20, 2026
edited
Loading

thanks @cvchauhan, reverted upgrade of that lib for now. will revisit

@cdimascio
Copy link
Owner Author

cdimascio commented Jan 20, 2026

the upgrade for @apidevtools/json-schema-ref-parser with continued support for both esm and non-esm is here: #1132

@cvchauhan
Copy link
Contributor

cvchauhan commented Jan 20, 2026

Thanks @cdimascio after override old version we are able to run our application on server but for latest it was failed

1 similar comment
@cvchauhan
Copy link
Contributor

cvchauhan commented Jan 20, 2026

Thanks @cdimascio after override old version we are able to run our application on server but for latest it was failed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cvchauhan cvchauhan cvchauhan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cdimascio @cvchauhan @rajnish21m @snyk-bot