Bump qs and gatsby by dependabot[bot] · Pull Request #7 · dvrpc/plan-microsite

dependabot · 2026-02-03T18:15:05Z

Bumps qs to 6.14.1 and updates ancestor dependency gatsby. These dependencies need to be updated together.

Updates qs from 6.13.0 to 6.14.1

Changelog

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

[Tests] utils.merge: add some coverage

[Tests] fix a test case

[actions] split out node 10-20, and 20+

[Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates gatsby from 5.14.6 to 5.16.0

Release notes

Sourced from gatsby's releases.

gatsby@5.16.0

What's Changed

feat: support React 19 by @serhalp in gatsbyjs/gatsby#39306

feat: support Node.js 24 by @serhalp in gatsbyjs/gatsby#39380 and gatsbyjs/gatsby#39398

fix(deps): bump body-parser to resolve qs vulnerability warning by @serhalp in gatsbyjs/gatsby#39396

chore(docs,starters): remove misc. outdated, invalid, or misleading instructions by @serhalp in gatsbyjs/gatsby#39363

React 19

[!NOTE] 🔐 As of January 26 2026, none of the React 19 security vulnerabilities affect Gatsby.

🚀 React 19 is here!

React 19 is now officially supported by Gatsby and all gatsby- packages maintained by the Gatsby team.

This is not a breaking change. You can safely upgrade to this release while staying on React 18.

All packages' peer dependencies on react and react-dom have been extended from ^18.0.0 to ^18.0.0 || ^19.0.0.

All existing stable Gatsby functionality is intended to now work with React 19.

PR: gatsbyjs/gatsby#39306

Upgrade Guide

[!WARNING] Community plugins may not have been updated yet to support React 19, so please check their repository for the current status. All plugins managed by the Gatsby team (in the gatsbyjs/gatsby repository) have been updated.

To upgrade to React 19, first upgrade gatsby and all your dependencies that start with gatsby- to the latest version. (Check out this guide if you need help with that.)
[!TIP] If you use npm 7 or higher you’ll want to use the --legacy-peer-deps option. For example, if you use gatsby and gatsby-plugin-postcss:
npm install --legacy-peer-deps gatsby@latest gatsby-plugin-postcss@latest
Then, follow the React 19 upgrade guide. No other changes are required.

Please note:

Some new React 19 features may not be available yet via Gatsby.

Notably, the new document metadata hoisting feature is disabled in Gatsby, as it conflicts with the existing Gatsby Head API

Gatsby Partial Hydration, an experimental feature for three years now, is known to be incompatible with React 19 at this time. If you rely on this feature, do not upgrade to React 19.

New features

Gatsby now supports React 19's new root error callbacks.

... (truncated)

Commits

92d6c67 chore(release): Publish
3539ec8 Revert "chore(release): Publish next pre-minor"
c355640 fix: use more explicit node.js version range (#39398)
a1da58d ci: fix adapters e2e test (#39403)
2569b3a fix(deps): bump body-parser to resolve qs vulnerability warning (#39396)
aea34d8 chore(release): Publish next pre-minor
9e39c05 feat: support React 19 (#39306)
b131464 ci: clean up e2e debug tooling (#39374)
3690795 build: run e2e tests against node 22 (#39373)
c03a920 chore(changelogs): update changelogs (#39364)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [qs](https://github.com/ljharb/qs) to 6.14.1 and updates ancestor dependency [gatsby](https://github.com/gatsbyjs/gatsby). These dependencies need to be updated together. Updates `qs` from 6.13.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.14.1) Updates `gatsby` from 5.14.6 to 5.16.0 - [Release notes](https://github.com/gatsbyjs/gatsby/releases) - [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/CHANGELOG.md) - [Commits](https://github.com/gatsbyjs/gatsby/compare/gatsby@5.14.6...gatsby@5.16.0) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect - dependency-name: gatsby dependency-version: 5.16.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump qs and gatsby#7

Bump qs and gatsby#7
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-a79086c539

dependabot bot commented on behalf of github Feb 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 3, 2026

6.14.1

6.14.0

6.13.1

gatsby@5.16.0

What's Changed

React 19

Upgrade Guide

New features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants