Qs security vulnerability fix

[BYK]

Fix: Upgrade qs to 6.14.1 to address DoS vulnerability

This PR addresses a security vulnerability in the qs package where its arrayLimit bypass in bracket notation (a[]=1&a[]=2) allows Denial-of-Service (DoS) via memory exhaustion.

The qs package was a transitive dependency at version 6.14.0, which is vulnerable. Dependabot could not automatically update it to the patched version 6.14.1.

To mitigate this, qs has been explicitly added to the resolutions section in package.json (and overrides in pnpm-lock.yaml), forcing the installation of version 6.14.1 or higher.

Verification:

• qs updated from 6.14.0 to 6.14.1.
• Linting and build processes completed successfully.

Before opening this PR:

• I added a Changeset Entry with pnpm changeset:add
• I referenced issues that this PR addresses

---

 

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
spotlightjs	Ready	Preview, Comment	Dec 31, 2025 8:09pm