build(deps): bump qs, body-parser and express in /samples/client/petstore/typescript-angular-v20-provided-in-root by dependabot[bot] · Pull Request #22678 · OpenAPITools/openapi-generator

dependabot · 2026-01-12T07:50:42Z

Bumps qs, body-parser and express. These dependencies needed to be updated together.
Updates qs from 6.14.0 to 6.14.1

Changelog

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Updates body-parser from 1.20.3 to 1.20.4

Release notes

Sourced from body-parser's releases.

1.20.4

What's Changed

Remove redundant depth check by @blakeembrey in expressjs/body-parser#538

ci: add support for Node.js v23 by @Phillip9587 in expressjs/body-parser#553

ci: restore CI for 1.x branch by @bjohansebas in expressjs/body-parser#665

deps: qs@^6.14.0 by @bjohansebas in expressjs/body-parser#664

deps: use tilde notation and update certain dependencies by @Phillip9587 in expressjs/body-parser#668

chore: remove SECURITY.md by @Phillip9587 in expressjs/body-parser#669

ci: add CodeQL (SAST) by @Phillip9587 in expressjs/body-parser#670

Release: 1.20.4 by @UlisesGascon in expressjs/body-parser#672

Full Changelog: expressjs/body-parser@1.20.3...1.20.4

Changelog

Sourced from body-parser's changelog.

1.20.4 / 2025-12-01

deps: qs@~6.14.0

deps: use tilde notation for dependencies

deps: http-errors@~2.0.1

deps: raw-body@~2.5.3

Commits

7db202c 1.20.4 (#672)
d8f8adb ci: add CodeQL (SAST) (#670)
6d133c1 chore: remove SECURITY.md (#669)
fcd1535 deps: use tilde notation and update certain dependencies (#668)
ec5fa29 deps: qs@~6.14.0 (#664)
ffb95c1 ci: restore CI for 1.x branch (#665)
48a5f07 ci: add support for Node.js v23 (#553)
f20f6ad Remove redundant depth check (#538)
See full diff in compare view

Updates express from 4.21.2 to 4.22.1

Release notes

Sourced from express's releases.

v4.22.1

What's Changed

[!IMPORTANT]
The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Release: 4.22.1 by @UlisesGascon in expressjs/express#6934

Full Changelog: expressjs/express@4.22.0...v4.22.1

4.22.0

Important: Security

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

Refactor: improve readability by @sazk07 in expressjs/express#6190

ci: add support for Node.js@23.0 by @UlisesGascon in expressjs/express#6080

Method functions with no path should error by @wesleytodd in expressjs/express#5957

ci: updated github actions ci workflow by @Phillip9587 in expressjs/express#6323

ci: reorder npm i steps to fix ci for older node versions by @Phillip9587 in expressjs/express#6336

Backport: ci: add node.js 24 to test matrix by @Phillip9587 in expressjs/express#6506

chore(4.x): wider range for query test skip by @jonchurch in expressjs/express#6513

use tilde notation for certain dependencies by @UlisesGascon in expressjs/express#6905

deps: qs@6.14.0 by @UlisesGascon in expressjs/express#6909

deps: use tilde notation for qs by @Phillip9587 in expressjs/express#6919

Release: 4.22.0 by @UlisesGascon in expressjs/express#6921

Full Changelog: expressjs/express@4.21.2...4.22.0

Changelog

Sourced from express's changelog.

4.22.1 / 2025-12-01

Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

4.22.0 / 2025-12-01

Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

deps: use tilde notation for dependencies

deps: qs@6.14.0

Commits

12fae14 4.22.1
5ddf311 Revert "sec: security patch for CVE-2024-51999"
49744ab 4.22.0 (#6921)
6e97452 sec: security patch for CVE-2024-51999
6a23d34 deps: use tilde notation for qs (#6919)
8c12cdf deps: qs@6.14.0 (#6909)
7fea74f deps: use tilde notation for certain dependencies (#6905)
dac7a04 chore: wider range for query test skip (#6513)
997919b ci: add node.js 24 to test matrix (#6506)
36fb59c fix(ci): reorder npm i steps to fix ci for older node versions (#6336)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by cubic

Update qs, body-parser, and express in the Angular v20 petstore sample to pick up parser fixes and keep Express behavior stable. This is a lockfile-only change.

Dependencies
- qs → 6.14.1 (parse fixes for empty arrays and null-decoded keys)
- body-parser → 1.20.4 (aligns with qs ~6.14; maintenance updates)
- express → 4.22.1 (reverts 4.22.0’s extended query change; preserves expected behavior)

^{Written for commit 77f2968. Summary will update on new commits.}

Bumps [qs](https://github.com/ljharb/qs), [body-parser](https://github.com/expressjs/body-parser) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `qs` from 6.14.0 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.0...v6.14.1) Updates `body-parser` from 1.20.3 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.3...1.20.4) Updates `express` from 4.21.2 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.21.2...v4.22.1) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: indirect - dependency-name: express dependency-version: 4.22.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

cubic-dev-ai

No issues found across 1 file

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 12, 2026

cubic-dev-ai Bot reviewed Jan 12, 2026

View reviewed changes

wing328 merged commit d90bfe0 into master Jan 12, 2026
50 checks passed

wing328 deleted the dependabot/npm_and_yarn/samples/client/petstore/typescript-angular-v20-provided-in-root/multi-6d05d0e569 branch January 12, 2026 17:11

wing328 added this to the 7.19.0 milestone Jan 19, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump qs, body-parser and express in /samples/client/petstore/typescript-angular-v20-provided-in-root#22678

build(deps): bump qs, body-parser and express in /samples/client/petstore/typescript-angular-v20-provided-in-root#22678
wing328 merged 1 commit intomasterfrom
dependabot/npm_and_yarn/samples/client/petstore/typescript-angular-v20-provided-in-root/multi-6d05d0e569

dependabot Bot commented on behalf of github Jan 12, 2026 •

edited by cubic-dev-ai Bot

Loading

Uh oh!

cubic-dev-ai Bot left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jan 12, 2026 • edited by cubic-dev-ai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

6.14.1

1.20.4

What's Changed

1.20.4 / 2025-12-01

v4.22.1

What's Changed

4.22.0

Important: Security

What's Changed

4.22.1 / 2025-12-01

4.22.0 / 2025-12-01

Summary by cubic

Uh oh!

cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Jan 12, 2026 •

edited by cubic-dev-ai Bot

Loading