chore(deps): bump qs and pouchdb #1190

dependabot · 2026-01-23T15:16:24Z

Bumps qs to 6.14.1 and updates ancestor dependency pouchdb. These dependencies need to be updated together.

Updates qs from 0.6.6 to 6.14.1

Changelog

6.14.1

[Fix] ensure arrayLength applies to [] notation as well

[Fix] parse: when a custom decoder returns null for a key, ignore that key

[Refactor] parse: extract key segment splitting helper

[meta] add threat model

[actions] add workflow permissions

[Tests] stringify: increase coverage

[Dev Deps] update eslint, @ljharb/eslint-config, npmignore, es-value-fixtures, for-each, object-inspect

6.14.0

[New] parse: add throwOnParameterLimitExceeded option (#517)

[Refactor] parse: use utils.combine more

[patch] parse: add explicit throwOnLimitExceeded default

[actions] use shared action; re-add finishers

[meta] Fix changelog formatting bug

[Deps] update side-channel

[Dev Deps] update es-value-fixtures, has-bigints, has-proto, has-symbols

[Tests] increase coverage

6.13.1

[Fix] stringify: avoid a crash when a filter key is null

[Fix] utils.merge: functions should not be stringified into keys

[Fix] parse: avoid a crash with interpretNumericEntities: true, comma: true, and iso charset

[Fix] stringify: ensure a non-string filter does not crash

[Refactor] use __proto__ syntax instead of Object.create for null objects

[Refactor] misc cleanup

[Tests] utils.merge: add some coverage

[Tests] fix a test case

[actions] split out node 10-20, and 20+

[Dev Deps] update es-value-fixtures, mock-property, object-inspect, tape

6.13.0

[New] parse: add strictDepth option (#511)

[Tests] use npm audit instead of aud

6.12.3

[Fix] parse: properly account for strictNullHandling when allowEmptyArrays

[meta] fix changelog indentation

6.12.2

[Fix] parse: parse encoded square brackets (#506)

[readme] add CII best practices badge

6.12.1

[Fix] parse: Disable decodeDotInKeys by default to restore previous behavior (#501)

[Performance] utils: Optimize performance under large data volumes, reduce memory usage, and speed up processing (#502)

[Refactor] utils: use +=

[Tests] increase coverage

6.12.0

... (truncated)

Commits

3fa11a5 v6.14.1
a626704 [Dev Deps] update npmignore
3086902 [Fix] ensure arrayLength applies to [] notation as well
fc7930e [Dev Deps] update eslint, @ljharb/eslint-config
0b06aac [Dev Deps] update @ljharb/eslint-config
64951f6 [Refactor] parse: extract key segment splitting helper
e1bd259 [Dev Deps] update @ljharb/eslint-config
f4b3d39 [eslint] add eslint 9 optional peer dep
6e94d95 [Dev Deps] update eslint, @ljharb/eslint-config, npmignore
973dc3c [actions] add workflow permissions
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for qs since your current version.

Updates pouchdb from 3.6.0 to 9.0.0

Release notes

Sourced from pouchdb's releases.

9.0.0

The PouchDB developers are delighted to announce the immediate availability of PouchDB 9.0.0. This is a major release with 202 PRs merged since the last version.

For a full changelog from 8.0.1 to 9.0.0, please see the releases page or view the latest commits.

The PouchDB developers would like to thank all contributors for their hard and diligent work.

Highlights

Massively improved the stability and performance of the indexeddb adapter. Special thanks to @alxndrsn, Medic, and the Google Advanced Web Apps Fund.

Introduce a default limit (of 25) to the .find() method. This constitutes a backwards incompatible change and is the reason for the major version bump.

Streamline the automated test suites and move in-browser testing to Playwright resulting in much more reliable test runs.

Continue to update the codebase to ES6.

Changelog

Features

c7c8afb1 chore: remove clone-buffer polyfill (#8957)

ef655ecc chore: remove AbortController dependency and polyfills

9a9ff27d chore: remove IE polyfill for ArrayBuffer.slice()

8739f80f chore: remove Set/Map polyfill

9c587a64 pouchdb-find: make _design/ prefix removal more specific (#8946)

0297c6a6 (#8927) - Set default limit on find queries to 25

2e48ed7d pouchdb-utils/flatten: replace with Array.flat() built-in (#8929)

e5731fae Replace lodash.flatten() with Array.flat() built-in (#8928)

7505bedd isValidRev(): reject revs with more than one dash (#8933)

3c852034 db.post(), db.bulkDocs(): throw INVALID_REV consistently (#8934)

4a765418 feat: migrate dev dep watch-glob with maintained glob-watcher

06170b67 replace the last occurrence of jsnext:main (#8663)

905dfdfb isValidRev(): cache regex

9afecb28 dev dependencies: replace individual lodash functions (#8907)

41cc5687 chore(PouchDB-find): purified promise flow (#8860)

08649d96 adapter-indexeddb: replace var with let/const (#8926)

2789b704 indexeddb: improve allDocs() perf with skip & key ranges (#8603)

95e8c1ee chore(PouchDB-find): utils oneSetIsSubArrayOfOther loop update (#8921)

e69fe210 chore(PouchDB-find): minor cleanup (#8920)

9ba277bd chore(PouchDB-find): loop updates (#8918)

d0eee195 chore(pouchdb-find): var -> const/let (#8917)

5bc8f319 chore: PouchDB-find abstract-mapper update (#8913)

3e3be0be chore: PouchDB-find adapters/local refactor to async/await (#8914)

f48c76f7 chore: PouchDB-find validateSelector cleanup (#8915)

d3014959 chore: PouchDB-find adapters/http update (#8912)

acc12f69 remove unused devDependency: query-string (#8909)

36d042b9 update dev dep: marky (#8903)

df735024 chore(abstract-mapreduce): cleanup taskqueue.js (#8891)

9aaba0c8 chore(abstract-mapreduce): refactor to for ... of loops (#8892)

96037a7b chore(abstract-mapreduce): reduce repetitive catch handlers (#8889)

5f647e52 Remove legacy polyfill: Blob.slice() (#8895)

59ac0d3e Remove legacy util/polyfill: Object.assign() (#8896)

94eccbb9 chore(abstract-mapreduce): replace var with const (#8880)

... (truncated)

Commits

b2882c1 build 9.0.0
194c075 fix: drop deleted directory from release script
ef04583 feat(docs): add 9.0.0 release post
c7c8afb chore: remove clone-buffer (#8957)
51380f9 fix(docs): update testing docs to match reality after #8569
d4dab68 Pat Helland's blog is now longer available
ef655ec chore: remove AbortController dependency and polyfills
9a9ff27 chore: remove IE polyfill for ArrayBuffer.slice
8739f80 chore: remove Set/Map polyfill
953f3b3 fix: docs/Gemfile & docs/Gemfile.lock to reduce vulnerabilities
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by albaherreriasdev, a new releaser for pouchdb since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [qs](https://github.com/ljharb/qs) to 6.14.1 and updates ancestor dependency [pouchdb](https://github.com/pouchdb/pouchdb). These dependencies need to be updated together. Updates `qs` from 0.6.6 to 6.14.1 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v0.6.6...v6.14.1) Updates `pouchdb` from 3.6.0 to 9.0.0 - [Release notes](https://github.com/pouchdb/pouchdb/releases) - [Commits](apache/pouchdb@3.6.0...9.0.0) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.1 dependency-type: indirect - dependency-name: pouchdb dependency-version: 9.0.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 23, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump qs and pouchdb #1190

chore(deps): bump qs and pouchdb #1190

Uh oh!

dependabot bot commented on behalf of github Jan 23, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

chore(deps): bump qs and pouchdb #1190

Are you sure you want to change the base?

chore(deps): bump qs and pouchdb #1190

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 23, 2026

6.14.1

6.14.0

6.13.1

6.13.0

6.12.3

6.12.2

6.12.1

6.12.0

9.0.0

Highlights

Changelog

Features

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants