22269415748
100%

Ran 22 Feb 2026 03:13AM UTC

Jobs 1

Files 7

Run time 1min

Badge

Embed ▾

Committed 22 Feb 2026 03:11AM UTC coverage: 99.611%. Remained the same

Build # 22269415748

Build Type

push

github

Committed by

web-flow

Commit Message

fix: bump qs minimum to ^6.14.2 for CVE-2026-2391 (#7057)

qs versions before 6.14.2 have an arrayLimit bypass in comma parsing
that allows denial of service (GHSA-w7fw-mjwx-w883).

While the existing ^6.14.1 semver range allows 6.14.2 on fresh
installs, bumping the minimum ensures the vulnerable version cannot
be resolved.

Signed-off-by: davetashner <5702882+davetashner@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Run Details

768 of 771 relevant lines covered (99.61%)

2272.54 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	22269415748.1	22 Feb 2026 03:13AM UTC	7	99.61	GitHub Action Run

expressjs / express / 22269415748
100%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 22269415748

expressjs / express / 22269415748 100%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 22269415748

expressjs / express / 22269415748
100%

README BADGES
x