[Snyk] Security upgrade qs from 5.2.1 to 6.2.4

[ajesse11x]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • public/reindex-graphiql/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-QS-3153490	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: qs

The new version differs by 86 commits.

• 90d9f2b v6.2.4
• ba24e74 [Fix] `parse`: ignore `__proto__` keys (#428)
• f047c9d [Dev Deps] backport from main
• 5f8e28b [actions] backport actions from main
• 2c38654 [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
• 37e176d [meta] fix README.md (#399)
• 081a3ab [Tests] use `safer-buffer` instead of `Buffer` constructor
• 943e411 [meta] Clean up license text so it’s properly detected as BSD-3-Clause
• 0d82916 [Fix] `utils.merge`: avoid a crash with a null target and an array source
• c103b90 [Fix]` `utils.merge`: avoid a crash with a null target and a truthy non-array source
• 563588d [Refactor] use cached `Array.isArray`
• 39a11bc [Docs] Clarify the need for "arrayLimit" option
• 4c8dcaf [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided
• 42de207 [Tests] remove nonexistent tape option
• 1b7c83e [meta] add FUNDING.yml
• d828941 [Fix] when `parseArrays` is false, properly handle keys ending in `[]`
• 1fb74cb v6.2.3
• eb2e3a5 [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds.
• 1c045ca [Fix] support keys starting with brackets.
• 7d58e13 [Fix] chmod a-x
• 760d0a1 [Fix] follow `allowPrototypes` option during merge
• ff662ec v6.2.2
• 970fb26 remove unnecessary escapes (according to npm test results)
• 50ea161 [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution