fix(security): update qs to 6.14.1 to fix CVE-2025-15284 - qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion (#2534)

Author: jbocce

bun.lock

@@ -201,6 +201,7 @@
     "dcmjs": "0.45.0",
     "tar-fs": "2.1.4",
     "body-parser": "1.20.3",
-    "ws": "8.18.3"
+    "ws": "8.18.3",
+    "qs": "6.14.1"
   }
 }

package.json

@@ -93,6 +93,7 @@
     "typedoc": "0.26.10"
   },
   "resolutions": {
-    "node-forge": "1.3.2"
+    "node-forge": "1.3.2",
+    "qs": "6.14.1"
   }
 }

packages/docs/bun.lock

@@ -1185,10 +1185,10 @@
   resolved "https://registry.yarnpkg.com/@colors/colors/-/colors-1.5.0.tgz#bb504579c1cae923e6576a4f5da43d25f97bdbd9"
   integrity sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==
 
-"@cornerstonejs/adapters@4.13.3":
-  version "4.13.3"
-  resolved "https://registry.yarnpkg.com/@cornerstonejs/adapters/-/adapters-4.13.3.tgz#87ce253c268e25647e688a8409c7a9ea818727e6"
-  integrity sha512-gK6L3jQIM/hlgoeQV7BcSRqBgox3zndvn2ibOenDT4ogBuapuKGic2JP5UkeM8RFpZN2HeYvYaJ9HAbsnbVjRg==
+"@cornerstonejs/adapters@4.15.1":
+  version "4.15.1"
+  resolved "https://registry.yarnpkg.com/@cornerstonejs/adapters/-/adapters-4.15.1.tgz#0d11f5d0309fc465792ca1244ef42cb35c96260b"
+  integrity sha512-8wjyuAmeMOY1SaUqkGrm9Q+GaYdojhOs5M9lBq0WP+31SpYmXcv/cPAXTnW7BOc7g23nG291zjjLqtEsXbeAfw==
   dependencies:
     "@babel/runtime-corejs2" "7.26.10"
     buffer "6.0.3"
@@ -1216,20 +1216,20 @@
   resolved "https://registry.yarnpkg.com/@cornerstonejs/codec-openjph/-/codec-openjph-2.4.7.tgz#784394d05d8cf735640e9c3baa206535ee8e0376"
   integrity sha512-qvP4q4JDib7mi9r7LqKOwqz7YZ8gjtDX4ZCezeYf8+eb7MBXCz5uXAMeVF3yz9Axw4XiIMdB/pqXkm8tqCl13w==
 
-"@cornerstonejs/core@4.13.3":
-  version "4.13.3"
-  resolved "https://registry.yarnpkg.com/@cornerstonejs/core/-/core-4.13.3.tgz#8f888fb92e97c25edaa7e3c9001306b8ebd9b115"
-  integrity sha512-yXnjnuWqR2xB7wR67iYbCtLXTxxG64n546rGFdtjjo7hMbCg1iIqyMBQUt5J/HZ9sUkXkWhuyG14n2tYpJ0nBQ==
+"@cornerstonejs/core@4.15.1":
+  version "4.15.1"
+  resolved "https://registry.yarnpkg.com/@cornerstonejs/core/-/core-4.15.1.tgz#1baca6d84786420da4f2eba33001ab1a3257202a"
+  integrity sha512-f8WwizeNk2BjQMcQl5MdAlTZ9IodLw6/r+8xGLjAkkKiPYOKEylt+lzmvqMJ0z6lNBoKAWM6qlI+LkK9+GEWLA==
   dependencies:
     "@kitware/vtk.js" "34.15.1"
     comlink "4.4.2"
     gl-matrix "3.4.3"
     loglevel "1.9.2"
 
-"@cornerstonejs/dicom-image-loader@4.13.3":
-  version "4.13.3"
-  resolved "https://registry.yarnpkg.com/@cornerstonejs/dicom-image-loader/-/dicom-image-loader-4.13.3.tgz#b59dfc3ae616a8fce9c9751e4d1fa5a8e025e8c5"
-  integrity sha512-HWRFJSl/OkOolqTlfp003JYArBxXagxg9xYMHSNA6DVH9N3EH9F8nvF1iauJ881BKD/ERjB5WV3d5laJBQg2WA==
+"@cornerstonejs/dicom-image-loader@4.15.1":
+  version "4.15.1"
+  resolved "https://registry.yarnpkg.com/@cornerstonejs/dicom-image-loader/-/dicom-image-loader-4.15.1.tgz#3dcd7d542d84473b20571d89189beebcce9e03a0"
+  integrity sha512-oRba/lWuQMEXILCzGjFvZisdqczJaHxGclzb0DB/q49HQrvk3AXBHtnjZq15Ts6pF/oNx90xOMJ+RqcTgbV0DA==
   dependencies:
     "@cornerstonejs/codec-charls" "1.2.3"
     "@cornerstonejs/codec-libjpeg-turbo-8bit" "1.2.2"
@@ -1241,17 +1241,17 @@
     pako "2.1.0"
     uuid "9.0.1"
 
-"@cornerstonejs/nifti-volume-loader@4.13.3":
-  version "4.13.3"
-  resolved "https://registry.yarnpkg.com/@cornerstonejs/nifti-volume-loader/-/nifti-volume-loader-4.13.3.tgz#3eb3b67aef5aa8d8f4e242c4e84bbc578a290c2b"
-  integrity sha512-jIqR33KHRuCUH1+MHGO/uDwtHG7P+y+3poDkaZaFqORMaLXKxUqpqwkj5V2Gs4grX6iL6m1ymeJfHhRxrGSpnA==
+"@cornerstonejs/nifti-volume-loader@4.15.1":
+  version "4.15.1"
+  resolved "https://registry.yarnpkg.com/@cornerstonejs/nifti-volume-loader/-/nifti-volume-loader-4.15.1.tgz#929fc7d9fd91b112e1cd625bcad23180e3f0ca06"
+  integrity sha512-grnJSmN+/x6TuiWIs4SozDEF5Pmi9GoVcxpnZFSiEupqsNSLHNtPdkXcUMUJSZSLsNyV0WxZhJ2z+QZAKt2OzQ==
   dependencies:
     nifti-reader-js "0.6.9"
 
-"@cornerstonejs/tools@4.13.3":
-  version "4.13.3"
-  resolved "https://registry.yarnpkg.com/@cornerstonejs/tools/-/tools-4.13.3.tgz#3c473abef82fb57073502fb374cfb0d7b8d7a678"
-  integrity sha512-AhAU+6rMEuvIej0yFf5zmSvcIQMU5zz++BCHLJ5zaOhSe0ThZi0ZgC4ZC2M4KrhfiM2bd4wDJ7xAYq8Cn60gWA==
+"@cornerstonejs/tools@4.15.1":
+  version "4.15.1"
+  resolved "https://registry.yarnpkg.com/@cornerstonejs/tools/-/tools-4.15.1.tgz#30a1598dce12c3978babd806677040dc8586846b"
+  integrity sha512-vAT9bilk8icEW+xOJRsg5zeYfZNDRB5mgt8kfV+Hpx0pHO+l7xh0etHSluqXYLL/3YvU+kwqdzBVYoNLCfk8kA==
   dependencies:
     "@types/offscreencanvas" "2019.7.3"
     comlink "4.4.2"
@@ -9340,12 +9340,12 @@ puppeteer@24.27.0:
     puppeteer-core "24.27.0"
     typed-query-selector "^2.12.0"
 
-qs@6.13.0:
-  version "6.13.0"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.13.0.tgz#6ca3bd58439f7e245655798997787b0d88a51906"
-  integrity sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==
+qs@6.13.0, qs@6.14.1:
+  version "6.14.1"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.14.1.tgz#a41d85b9d3902f31d27861790506294881871159"
+  integrity sha512-4EK3+xJl8Ts67nLYNwqw/dsFVnCf+qR7RgXSK9jEEm9unao3njwMDdmsdvoKBKHzxd7tCYz5e5M+SnMjdtXGQQ==
   dependencies:
-    side-channel "^1.0.6"
+    side-channel "^1.1.0"
 
 queue-microtask@^1.2.2:
   version "1.2.3"
@@ -10257,7 +10257,7 @@ side-channel-weakmap@^1.0.2:
     object-inspect "^1.13.3"
     side-channel-map "^1.0.1"
 
-side-channel@^1.0.6:
+side-channel@^1.1.0:
   version "1.1.0"
   resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.1.0.tgz#c3fcff9c4da932784873335ec9765fa94ff66bc9"
   integrity sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==