Skip to content

fix(deps): update dependency query-string to v9 #3585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency query-string to v9 #3585

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@
"prettier": "^3.0.3",
"prettier-plugin-django-alpine": "^1.1.1",
"prop-types": "^15.5.10",
"query-string": "^6.4.0",
"query-string": "^9.0.0",
Copy link
Copy Markdown

@sentry sentry bot Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The upgrade to query-string v9 removes the default export. Existing default imports will resolve to undefined, causing runtime TypeError exceptions when its methods are called.
Severity: CRITICAL

Suggested Fix

Update all default imports of query-string to use named imports. For example, change import qs from 'query-string' to import { parse, stringify } from 'query-string', and update the corresponding function calls from qs.parse() to parse().

Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L77

Potential issue: The project upgrades `query-string` to v9, which is an ESM-only package
and no longer provides a default export. However, the codebase continues to use default
imports (e.g., `import qs from 'query-string'`) in at least nine files. Since
`esModuleInterop` is not enabled, these imports will resolve to `undefined` at runtime.
Consequently, any attempt to call methods on the imported object, such as `qs.parse()`
or `qs.stringify()`, will throw a `TypeError`. This will break critical functionality,
including authentication flows, URL parsing, the checkout page, and the user dashboard.

Did we get this right? 👍 / 👎 to inform future reviews.

"raf": "^3.4.1",
"ramda": "^0.32.0",
"react": "^16.8.4",
Expand Down
48 changes: 20 additions & 28 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4741,10 +4741,10 @@ __metadata:
languageName: node
linkType: hard

"decode-uri-component@npm:^0.2.0":
version: 0.2.2
resolution: "decode-uri-component@npm:0.2.2"
checksum: 95476a7d28f267292ce745eac3524a9079058bbb35767b76e3ee87d42e34cd0275d2eb19d9d08c3e167f97556e8a2872747f5e65cbebcac8b0c98d83e285f139
"decode-uri-component@npm:^0.4.1":
version: 0.4.1
resolution: "decode-uri-component@npm:0.4.1"
checksum: 0473924860986fb6ca19ee65a2af13e08801b4f3660475b058500ea8479ed715c919884a026b6bf4296dbb640d3cea74fadf45490b2439152fc548271d0201ec
languageName: node
linkType: hard

Expand Down Expand Up @@ -6113,10 +6113,10 @@ __metadata:
languageName: node
linkType: hard

"filter-obj@npm:^1.1.0":
version: 1.1.0
resolution: "filter-obj@npm:1.1.0"
checksum: cf2104a7c45ff48e7f505b78a3991c8f7f30f28bd8106ef582721f321f1c6277f7751aacd5d83026cb079d9d5091082f588d14a72e7c5d720ece79118fa61e10
"filter-obj@npm:^5.1.0":
version: 5.1.0
resolution: "filter-obj@npm:5.1.0"
checksum: ba7c24d9b2c0552ee87d268e07eca74483af61fb740545ffa809f7e9e5294de38cf163ecc55af0e8a40020af9a49512c32f4022de2a858b110420fc8bffa7c9c
languageName: node
linkType: hard

Expand Down Expand Up @@ -9164,7 +9164,7 @@ __metadata:
prettier: ^3.0.3
prettier-plugin-django-alpine: ^1.1.1
prop-types: ^15.5.10
query-string: ^6.4.0
query-string: ^9.0.0
raf: ^3.4.1
ramda: ^0.32.0
react: ^16.8.4
Expand Down Expand Up @@ -10417,15 +10417,14 @@ __metadata:
languageName: node
linkType: hard

"query-string@npm:^6.4.0":
version: 6.14.1
resolution: "query-string@npm:6.14.1"
"query-string@npm:^9.0.0":
version: 9.3.1
resolution: "query-string@npm:9.3.1"
dependencies:
decode-uri-component: ^0.2.0
filter-obj: ^1.1.0
split-on-first: ^1.0.0
strict-uri-encode: ^2.0.0
checksum: f2c7347578fa0f3fd4eaace506470cb4e9dc52d409a7ddbd613f614b9a594d750877e193b5d5e843c7477b3b295b857ec328903c943957adc41a3efb6c929449
decode-uri-component: ^0.4.1
filter-obj: ^5.1.0
split-on-first: ^3.0.0
checksum: 4f2b600e0226e680956e08bd5f27ccb6c9b832aedca7eeab844da85aac6624b340e2cc5dd77129bc96a9fadbec0d847decadecd115eb43a6b9cdafa078c98f75
languageName: node
linkType: hard

Expand Down Expand Up @@ -11985,10 +11984,10 @@ __metadata:
languageName: node
linkType: hard

"split-on-first@npm:^1.0.0":
version: 1.1.0
resolution: "split-on-first@npm:1.1.0"
checksum: 16ff85b54ddcf17f9147210a4022529b343edbcbea4ce977c8f30e38408b8d6e0f25f92cd35b86a524d4797f455e29ab89eb8db787f3c10708e0b47ebf528d30
"split-on-first@npm:^3.0.0":
version: 3.0.0
resolution: "split-on-first@npm:3.0.0"
checksum: 75dc27ecbac65cfbeab9a3b90cf046307220192d3d7a30e46aa0f19571cc9b4802aac813f3de2cc9b16f2e46aae72f275659b5d2614bb5369c77724d739e5f73
languageName: node
linkType: hard

Expand Down Expand Up @@ -12034,13 +12033,6 @@ __metadata:
languageName: node
linkType: hard

"strict-uri-encode@npm:^2.0.0":
version: 2.0.0
resolution: "strict-uri-encode@npm:2.0.0"
checksum: eaac4cf978b6fbd480f1092cab8b233c9b949bcabfc9b598dd79a758f7243c28765ef7639c876fa72940dac687181b35486ea01ff7df3e65ce3848c64822c581
languageName: node
linkType: hard

"string-natural-compare@npm:^3.0.1":
version: 3.0.1
resolution: "string-natural-compare@npm:3.0.1"
Expand Down
Loading