chore(deps): bump qs override to >=6.15.2 (GHSA-q8mj-m7cp-5q26)

[educlopez]

Resolves Dependabot alert #155.

qs resolved to 6.15.1 via the existing >=6.14.2 override — still inside the vulnerable range (>= 6.11.1, <= 6.15.1).

Advisory: GHSA-q8mj-m7cp-5q26 — remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set. Patched in 6.15.2.

Changes

• pnpm-workspace.yaml: override qs: ">=6.14.2" → ">=6.15.2"
• pnpm-lock.yaml: regenerated, qs@6.15.1 → qs@6.15.2 (transitive)

Summary by CodeRabbit

• Chores
  • Updated dependency version constraint to ensure compatibility with newer package releases.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
smoothui	Ignored		Jun 1, 2026 2:02pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2bcfd7dd-fb5f-460b-a46c-b8d375eeb3c9

📥 Commits

Reviewing files that changed from the base of the PR and between ba5c1ae and c37b467.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• pnpm-workspace.yaml

---

Walkthrough

The PR updates the minimum version constraint for the qs package in the pnpm workspace overrides from 6.14.2 to 6.15.2, ensuring the workspace enforces use of the newer version.

Changes

Dependency Management

Layer / File(s)	Summary
qs version constraint update pnpm-workspace.yaml	The overrides entry for qs is bumped from >=6.14.2 to >=6.15.2 to enforce a higher minimum version across the workspace.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• educlopez/smoothui#79: Adjusts the same qs version constraint in the pnpm-workspace.yaml overrides block.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: bumping the qs override to version 6.15.2, and includes the relevant security advisory identifier (GHSA-q8mj-m7cp-5q26) that provides important context.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/qs-dos-6.15.2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}