Bump the npm_and_yarn group across 8 directories with 3 updates (#170)

Bumps the npm_and_yarn group with 1 update in the /apps/docs directory:
[next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 1 update in the /apps/prism-console
directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 1 update in the /apps/web directory:
[next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 1 update in the /blackroad-os-agents
directory: [qs](https://github.com/ljharb/qs).
Bumps the npm_and_yarn group with 2 updates in the /blackroad-os-api
directory: [qs](https://github.com/ljharb/qs) and
[axios](https://github.com/axios/axios).
Bumps the npm_and_yarn group with 1 update in the /blackroad-os-core
directory: [qs](https://github.com/ljharb/qs).
Bumps the npm_and_yarn group with 1 update in the /blackroad-os-operator
directory: [qs](https://github.com/ljharb/qs).
Bumps the npm_and_yarn group with 1 update in the /br95 directory:
[next](https://github.com/vercel/next.js).

Updates `next` from 14.2.3 to 15.5.10
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.10</h2>
<p>Please refer the following changelogs for more information about this
security release:</p>
<ul>
<li><a
href="https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472">https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472</a></li>
<li><a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">https://vercel.com/changelog/summary-of-cve-2026-23864</a></li>
</ul>
<h2>v15.4.11</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.3.9</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.2.9</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.1.12</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.0.8</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="60a2aa97b6"><code>60a2aa9</code></a>
v15.5.10</li>
<li><a
href="e5b834d208"><code>e5b834d</code></a>
fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (<a
href="https://redirect.github.com/vercel/next.js/issues/88588">#88588</a>)</li>
<li><a
href="39a2f6a8d1"><code>39a2f6a</code></a>
feat(next/image)!: add <code>images.maximumResponseBody</code> config
(<a
href="https://redirect.github.com/vercel/next.js/issues/88183">#88183</a>)</li>
<li><a
href="bf9f0843ed"><code>bf9f084</code></a>
Sync DoS mitigations for React Flight</li>
<li><a
href="c5de33e93c"><code>c5de33e</code></a>
v15.5.9</li>
<li><a
href="dd233994ae"><code>dd23399</code></a>
Backport <a
href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a>
for 15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/87086">#87086</a>)</li>
<li><a
href="7526cd6f24"><code>7526cd6</code></a>
v15.5.8</li>
<li><a
href="1e9ec4133a"><code>1e9ec41</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/41">#41</a>)</li>
<li><a
href="16141e5df9"><code>16141e5</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/30">#30</a>)</li>
<li><a
href="e01e589e18"><code>e01e589</code></a>
Backport Next.js changes to v15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/23">#23</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.2.3...v15.5.10">compare
view</a></li>
</ul>
</details>
<br />

Updates `next` from 14.2.3 to 15.5.10
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.10</h2>
<p>Please refer the following changelogs for more information about this
security release:</p>
<ul>
<li><a
href="https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472">https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472</a></li>
<li><a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">https://vercel.com/changelog/summary-of-cve-2026-23864</a></li>
</ul>
<h2>v15.4.11</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.3.9</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.2.9</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.1.12</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.0.8</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="60a2aa97b6"><code>60a2aa9</code></a>
v15.5.10</li>
<li><a
href="e5b834d208"><code>e5b834d</code></a>
fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (<a
href="https://redirect.github.com/vercel/next.js/issues/88588">#88588</a>)</li>
<li><a
href="39a2f6a8d1"><code>39a2f6a</code></a>
feat(next/image)!: add <code>images.maximumResponseBody</code> config
(<a
href="https://redirect.github.com/vercel/next.js/issues/88183">#88183</a>)</li>
<li><a
href="bf9f0843ed"><code>bf9f084</code></a>
Sync DoS mitigations for React Flight</li>
<li><a
href="c5de33e93c"><code>c5de33e</code></a>
v15.5.9</li>
<li><a
href="dd233994ae"><code>dd23399</code></a>
Backport <a
href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a>
for 15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/87086">#87086</a>)</li>
<li><a
href="7526cd6f24"><code>7526cd6</code></a>
v15.5.8</li>
<li><a
href="1e9ec4133a"><code>1e9ec41</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/41">#41</a>)</li>
<li><a
href="16141e5df9"><code>16141e5</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/30">#30</a>)</li>
<li><a
href="e01e589e18"><code>e01e589</code></a>
Backport Next.js changes to v15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/23">#23</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.2.3...v15.5.10">compare
view</a></li>
</ul>
</details>
<br />

Updates `next` from 14.2.3 to 15.5.10
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.10</h2>
<p>Please refer the following changelogs for more information about this
security release:</p>
<ul>
<li><a
href="https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472">https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472</a></li>
<li><a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">https://vercel.com/changelog/summary-of-cve-2026-23864</a></li>
</ul>
<h2>v15.4.11</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.3.9</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.2.9</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.1.12</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.0.8</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="60a2aa97b6"><code>60a2aa9</code></a>
v15.5.10</li>
<li><a
href="e5b834d208"><code>e5b834d</code></a>
fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (<a
href="https://redirect.github.com/vercel/next.js/issues/88588">#88588</a>)</li>
<li><a
href="39a2f6a8d1"><code>39a2f6a</code></a>
feat(next/image)!: add <code>images.maximumResponseBody</code> config
(<a
href="https://redirect.github.com/vercel/next.js/issues/88183">#88183</a>)</li>
<li><a
href="bf9f0843ed"><code>bf9f084</code></a>
Sync DoS mitigations for React Flight</li>
<li><a
href="c5de33e93c"><code>c5de33e</code></a>
v15.5.9</li>
<li><a
href="dd233994ae"><code>dd23399</code></a>
Backport <a
href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a>
for 15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/87086">#87086</a>)</li>
<li><a
href="7526cd6f24"><code>7526cd6</code></a>
v15.5.8</li>
<li><a
href="1e9ec4133a"><code>1e9ec41</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/41">#41</a>)</li>
<li><a
href="16141e5df9"><code>16141e5</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/30">#30</a>)</li>
<li><a
href="e01e589e18"><code>e01e589</code></a>
Backport Next.js changes to v15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/23">#23</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.2.3...v15.5.10">compare
view</a></li>
</ul>
</details>
<br />

Updates `qs` from 6.13.0 to 6.14.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's
changelog</a>.</em></p>
<blockquote>
<h2><strong>6.14.2</strong></h2>
<ul>
<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code> (<a
href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li>
<li>[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>
<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded
with indexed notation when <code>throwOnLimitExceeded</code> is true (<a
href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li>
<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as
max index; remove extraneous comments (<a
href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li>
<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>
<li>[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output (<a
href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li>
<li>[readme] clarify <code>parseArrays</code> and
<code>arrayLimit</code> documentation (<a
href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li>
<li>[readme] replace runkit CI badge with shields.io check-runs
badge</li>
<li>[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>[actions] fix rebase workflow permissions</li>
</ul>
<h2><strong>6.14.1</strong></h2>
<ul>
<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code>
notation as well</li>
<li>[Fix] <code>parse</code>: when a custom decoder returns
<code>null</code> for a key, ignore that key</li>
<li>[Refactor] <code>parse</code>: extract key segment splitting
helper</li>
<li>[meta] add threat model</li>
<li>[actions] add workflow permissions</li>
<li>[Tests] <code>stringify</code>: increase coverage</li>
<li>[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code>, <code>npmignore</code>,
<code>es-value-fixtures</code>, <code>for-each</code>,
<code>object-inspect</code></li>
</ul>
<h2><strong>6.14.0</strong></h2>
<ul>
<li>[New] <code>parse</code>: add
<code>throwOnParameterLimitExceeded</code> option (<a
href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li>
<li>[Refactor] <code>parse</code>: use <code>utils.combine</code>
more</li>
<li>[patch] <code>parse</code>: add explicit
<code>throwOnLimitExceeded</code> default</li>
<li>[actions] use shared action; re-add finishers</li>
<li>[meta] Fix changelog formatting bug</li>
<li>[Deps] update <code>side-channel</code></li>
<li>[Dev Deps] update <code>es-value-fixtures</code>,
<code>has-bigints</code>, <code>has-proto</code>,
<code>has-symbols</code></li>
<li>[Tests] increase coverage</li>
</ul>
<h2><strong>6.13.3</strong></h2>
<p>[Fix] fix regressions from robustness refactor
[actions] update reusable workflows</p>
<h2><strong>6.13.2</strong></h2>
<ul>
<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>
<li>[readme] clarify <code>parseArrays</code> and
<code>arrayLimit</code> documentation (<a
href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li>
<li>[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output (<a
href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li>
<li>[readme] replace runkit CI badge with shields.io check-runs
badge</li>
<li>[actions] fix rebase workflow permissions</li>
</ul>
<h2><strong>6.13.1</strong></h2>
<ul>
<li>[Fix] <code>stringify</code>: avoid a crash when a
<code>filter</code> key is <code>null</code></li>
<li>[Fix] <code>utils.merge</code>: functions should not be stringified
into keys</li>
<li>[Fix] <code>parse</code>: avoid a crash with
interpretNumericEntities: true, comma: true, and iso charset</li>
<li>[Fix] <code>stringify</code>: ensure a non-string
<code>filter</code> does not crash</li>
<li>[Refactor] use <code>__proto__</code> syntax instead of
<code>Object.create</code> for null objects</li>
<li>[Refactor] misc cleanup</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bdcf0c7f82"><code>bdcf0c7</code></a>
v6.14.2</li>
<li><a
href="294db90c81"><code>294db90</code></a>
[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output</li>
<li><a
href="5c308e5516"><code>5c308e5</code></a>
[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code>
documentation</li>
<li><a
href="6addf8cf73"><code>6addf8c</code></a>
[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code></li>
<li><a
href="cfc108f662"><code>cfc108f</code></a>
[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/`pars...</li>
<li><a
href="febb64442a"><code>febb644</code></a>
[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with
indexed notation when `thr...</li>
<li><a
href="f6a7abff1f"><code>f6a7abf</code></a>
[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li><a
href="fbc5206c25"><code>fbc5206</code></a>
[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max
index; remove e...</li>
<li><a
href="1b9a8b4e78"><code>1b9a8b4</code></a>
[actions] fix rebase workflow permissions</li>
<li><a
href="2a35775614"><code>2a35775</code></a>
[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `qs` from 6.13.0 to 6.14.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's
changelog</a>.</em></p>
<blockquote>
<h2><strong>6.14.2</strong></h2>
<ul>
<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code> (<a
href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li>
<li>[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>
<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded
with indexed notation when <code>throwOnLimitExceeded</code> is true (<a
href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li>
<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as
max index; remove extraneous comments (<a
href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li>
<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>
<li>[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output (<a
href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li>
<li>[readme] clarify <code>parseArrays</code> and
<code>arrayLimit</code> documentation (<a
href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li>
<li>[readme] replace runkit CI badge with shields.io check-runs
badge</li>
<li>[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>[actions] fix rebase workflow permissions</li>
</ul>
<h2><strong>6.14.1</strong></h2>
<ul>
<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code>
notation as well</li>
<li>[Fix] <code>parse</code>: when a custom decoder returns
<code>null</code> for a key, ignore that key</li>
<li>[Refactor] <code>parse</code>: extract key segment splitting
helper</li>
<li>[meta] add threat model</li>
<li>[actions] add workflow permissions</li>
<li>[Tests] <code>stringify</code>: increase coverage</li>
<li>[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code>, <code>npmignore</code>,
<code>es-value-fixtures</code>, <code>for-each</code>,
<code>object-inspect</code></li>
</ul>
<h2><strong>6.14.0</strong></h2>
<ul>
<li>[New] <code>parse</code>: add
<code>throwOnParameterLimitExceeded</code> option (<a
href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li>
<li>[Refactor] <code>parse</code>: use <code>utils.combine</code>
more</li>
<li>[patch] <code>parse</code>: add explicit
<code>throwOnLimitExceeded</code> default</li>
<li>[actions] use shared action; re-add finishers</li>
<li>[meta] Fix changelog formatting bug</li>
<li>[Deps] update <code>side-channel</code></li>
<li>[Dev Deps] update <code>es-value-fixtures</code>,
<code>has-bigints</code>, <code>has-proto</code>,
<code>has-symbols</code></li>
<li>[Tests] increase coverage</li>
</ul>
<h2><strong>6.13.3</strong></h2>
<p>[Fix] fix regressions from robustness refactor
[actions] update reusable workflows</p>
<h2><strong>6.13.2</strong></h2>
<ul>
<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>
<li>[readme] clarify <code>parseArrays</code> and
<code>arrayLimit</code> documentation (<a
href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li>
<li>[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output (<a
href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li>
<li>[readme] replace runkit CI badge with shields.io check-runs
badge</li>
<li>[actions] fix rebase workflow permissions</li>
</ul>
<h2><strong>6.13.1</strong></h2>
<ul>
<li>[Fix] <code>stringify</code>: avoid a crash when a
<code>filter</code> key is <code>null</code></li>
<li>[Fix] <code>utils.merge</code>: functions should not be stringified
into keys</li>
<li>[Fix] <code>parse</code>: avoid a crash with
interpretNumericEntities: true, comma: true, and iso charset</li>
<li>[Fix] <code>stringify</code>: ensure a non-string
<code>filter</code> does not crash</li>
<li>[Refactor] use <code>__proto__</code> syntax instead of
<code>Object.create</code> for null objects</li>
<li>[Refactor] misc cleanup</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bdcf0c7f82"><code>bdcf0c7</code></a>
v6.14.2</li>
<li><a
href="294db90c81"><code>294db90</code></a>
[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output</li>
<li><a
href="5c308e5516"><code>5c308e5</code></a>
[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code>
documentation</li>
<li><a
href="6addf8cf73"><code>6addf8c</code></a>
[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code></li>
<li><a
href="cfc108f662"><code>cfc108f</code></a>
[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/`pars...</li>
<li><a
href="febb64442a"><code>febb644</code></a>
[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with
indexed notation when `thr...</li>
<li><a
href="f6a7abff1f"><code>f6a7abf</code></a>
[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li><a
href="fbc5206c25"><code>fbc5206</code></a>
[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max
index; remove e...</li>
<li><a
href="1b9a8b4e78"><code>1b9a8b4</code></a>
[actions] fix rebase workflow permissions</li>
<li><a
href="2a35775614"><code>2a35775</code></a>
[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `axios` from 1.13.2 to 1.13.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>v1.13.5</h2>
<h2>Release 1.13.5</h2>
<h3>Highlights</h3>
<ul>
<li><strong>Security:</strong> Fixed a potential <strong>Denial of
Service</strong> issue involving the <code>__proto__</code> key in
<code>mergeConfig</code>. (PR <a
href="https://redirect.github.com/axios/axios/pull/7369">#7369</a>)</li>
<li><strong>Bug fix:</strong> Resolved an issue where
<code>AxiosError</code> could be missing the <code>status</code> field
on and after <strong>v1.13.3</strong>. (PR <a
href="https://redirect.github.com/axios/axios/pull/7368">#7368</a>)</li>
</ul>
<h3>Changes</h3>
<h4>Security</h4>
<ul>
<li>Fix Denial of Service via <code>__proto__</code> key in
<code>mergeConfig</code>. (PR <a
href="https://redirect.github.com/axios/axios/pull/7369">#7369</a>)</li>
</ul>
<h4>Fixes</h4>
<ul>
<li>Fix/5657. (PR <a
href="https://redirect.github.com/axios/axios/pull/7313">#7313</a>)</li>
<li>Ensure <code>status</code> is present in <code>AxiosError</code> on
and after v1.13.3. (PR <a
href="https://redirect.github.com/axios/axios/pull/7368">#7368</a>)</li>
</ul>
<h4>Features / Improvements</h4>
<ul>
<li>Add input validation to <code>isAbsoluteURL</code>. (PR <a
href="https://redirect.github.com/axios/axios/pull/7326">#7326</a>)</li>
<li>Refactor: bump minor package versions. (PR <a
href="https://redirect.github.com/axios/axios/pull/7356">#7356</a>)</li>
</ul>
<h4>Documentation</h4>
<ul>
<li>Clarify object-check comment. (PR <a
href="https://redirect.github.com/axios/axios/pull/7323">#7323</a>)</li>
<li>Fix deprecated <code>Buffer</code> constructor usage and README
formatting. (PR <a
href="https://redirect.github.com/axios/axios/pull/7371">#7371</a>)</li>
</ul>
<h4>CI / Maintenance</h4>
<ul>
<li>Chore: fix issues with YAML. (PR <a
href="https://redirect.github.com/axios/axios/pull/7355">#7355</a>)</li>
<li>CI: update workflow YAMLs. (PR <a
href="https://redirect.github.com/axios/axios/pull/7372">#7372</a>)</li>
<li>CI: fix run condition. (PR <a
href="https://redirect.github.com/axios/axios/pull/7373">#7373</a>)</li>
<li>Dev deps: bump <code>karma-sourcemap-loader</code> from 0.3.8 to
0.4.0. (PR <a
href="https://redirect.github.com/axios/axios/pull/7360">#7360</a>)</li>
<li>Chore(release): prepare release 1.13.5. (PR <a
href="https://redirect.github.com/axios/axios/pull/7379">#7379</a>)</li>
</ul>
<h3>New Contributors</h3>
<ul>
<li><a
href="https://github.com/sachin11063"><code>@​sachin11063</code></a>
(first contribution — PR <a
href="https://redirect.github.com/axios/axios/pull/7323">#7323</a>)</li>
<li><a
href="https://github.com/asmitha-16"><code>@​asmitha-16</code></a>
(first contribution — PR <a
href="https://redirect.github.com/axios/axios/pull/7326">#7326</a>)</li>
</ul>
<p><strong>Full Changelog:</strong> <a
href="https://github.com/axios/axios/compare/v1.13.4...v1.13.5">https://github.com/axios/axios/compare/v1.13.4...v1.13.5</a></p>
<h2>v1.13.4</h2>
<h2>Overview</h2>
<p>The release addresses issues discovered in v1.13.3 and includes
significant CI/CD improvements.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/axios/axios/compare/v1.13.3...v1.13.4">v1.13.3...v1.13.4</a></p>
<h2>What's New in v1.13.4</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>fix: issues with version 1.13.3</strong> (<a
href="https://redirect.github.com/axios/axios/issues/7352">#7352</a>)
(<a
href="ee90dfc28a">ee90dfc</a>)
<ul>
<li>Fixed issues discovered in v1.13.3 release</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/axios/axios/compare/v1.13.2...v1.13.3">1.13.3</a>
(2026-01-20)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>http2:</strong> Use port 443 for HTTPS connections by
default. (<a
href="https://redirect.github.com/axios/axios/issues/7256">#7256</a>)
(<a
href="d7e6065346">d7e6065</a>)</li>
<li><strong>interceptor:</strong> handle the error in the same
interceptor (<a
href="https://redirect.github.com/axios/axios/issues/6269">#6269</a>)
(<a
href="5945e40bb1">5945e40</a>)</li>
<li>main field in package.json should correspond to cjs artifacts (<a
href="https://redirect.github.com/axios/axios/issues/5756">#5756</a>)
(<a
href="7373fbff24">7373fbf</a>)</li>
<li><strong>package.json:</strong> add 'bun' package.json 'exports'
condition. Load the Node.js build in Bun instead of the browser build
(<a
href="https://redirect.github.com/axios/axios/issues/5754">#5754</a>)
(<a
href="b89217e3e9">b89217e</a>)</li>
<li>silentJSONParsing=false should throw on invalid JSON (<a
href="https://redirect.github.com/axios/axios/issues/7253">#7253</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/7257">#7257</a>)
(<a
href="7d19335e43">7d19335</a>)</li>
<li>turn AxiosError into a native error (<a
href="https://redirect.github.com/axios/axios/issues/5394">#5394</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/5558">#5558</a>)
(<a
href="1c6a86dd2c">1c6a86d</a>)</li>
<li><strong>types:</strong> add handlers to AxiosInterceptorManager
interface (<a
href="https://redirect.github.com/axios/axios/issues/5551">#5551</a>)
(<a
href="8d1271b49f">8d1271b</a>)</li>
<li><strong>types:</strong> restore AxiosError.cause type from unknown
to Error (<a
href="https://redirect.github.com/axios/axios/issues/7327">#7327</a>)
(<a
href="d8233d9e8e">d8233d9</a>)</li>
<li>unclear error message is thrown when specifying an empty proxy
authorization (<a
href="https://redirect.github.com/axios/axios/issues/6314">#6314</a>)
(<a
href="6ef867e684">6ef867e</a>)</li>
</ul>
<h3>Features</h3>
<ul>
<li>add <code>undefined</code> as a value in AxiosRequestConfig (<a
href="https://redirect.github.com/axios/axios/issues/5560">#5560</a>)
(<a
href="095033c626">095033c</a>)</li>
<li>add automatic minor and patch upgrades to dependabot (<a
href="https://redirect.github.com/axios/axios/issues/6053">#6053</a>)
(<a
href="65a7584eda">65a7584</a>)</li>
<li>add Node.js coverage script using c8 (closes <a
href="https://redirect.github.com/axios/axios/issues/7289">#7289</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/7294">#7294</a>)
(<a
href="ec9d94e9f8">ec9d94e</a>)</li>
<li>added copilot instructions (<a
href="3f83143bfe">3f83143</a>)</li>
<li>compatibility with frozen prototypes (<a
href="https://redirect.github.com/axios/axios/issues/6265">#6265</a>)
(<a
href="860e03396a">860e033</a>)</li>
<li>enhance pipeFileToResponse with error handling (<a
href="https://redirect.github.com/axios/axios/issues/7169">#7169</a>)
(<a
href="88d7884254">88d7884</a>)</li>
<li><strong>types:</strong> Intellisense for string literals in a
widened union (<a
href="https://redirect.github.com/axios/axios/issues/6134">#6134</a>)
(<a
href="f73474d02c">f73474d</a>),
closes <a
href="https://redirect.github.com//redirect.github.com/microsoft/TypeScript/issues/33471/issues/issuecomment-1376364329">microsoft/TypeScript#33471</a></li>
</ul>
<h3>Reverts</h3>
<ul>
<li>Revert &quot;fix: silentJSONParsing=false should throw on invalid
JSON (<a
href="https://redirect.github.com/axios/axios/issues/7253">#7253</a>)
(<a
href="https://redirect.github.com/axios/axios/issues/7">#7</a>…&quot;
(<a
href="https://redirect.github.com/axios/axios/issues/7298">#7298</a>)
(<a
href="a4230f5581">a4230f5</a>),
closes <a
href="https://redirect.github.com/axios/axios/issues/7253">#7253</a> <a
href="https://redirect.github.com/axios/axios/issues/7">#7</a> <a
href="https://redirect.github.com/axios/axios/issues/7298">#7298</a></li>
<li><strong>deps:</strong> bump peter-evans/create-pull-request from 7
to 8 in the github-actions group (<a
href="https://redirect.github.com/axios/axios/issues/7334">#7334</a>)
(<a
href="2d6ad5e48b">2d6ad5e</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/ashvin2005"
title="+1752/-4 ([#7218](https://github.com/axios/axios/issues/7218)
[#7218](https://github.com/axios/axios/issues/7218) )">Ashvin
Tiwari</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/mochinikunj"
title="+940/-12 ([#7294](https://github.com/axios/axios/issues/7294)
[#7294](https://github.com/axios/axios/issues/7294) )">Nikunj
Mochi</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/imanchalsingh"
title="+544/-102 ([#7169](https://github.com/axios/axios/issues/7169)
[#7185](https://github.com/axios/axios/issues/7185) )">Anchal
Singh</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+317/-73 ([#7334](https://github.com/axios/axios/issues/7334)
[#7298](https://github.com/axios/axios/issues/7298)
)">jasonsaayman</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/brodo"
title="+99/-120 ([#5558](https://github.com/axios/axios/issues/5558)
)">Julian Dax</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/AKASHDHARDUBEY" title="+167/-0
([#7287](https://github.com/axios/axios/issues/7287)
[#7288](https://github.com/axios/axios/issues/7288) )">Akash Dhar
Dubey</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/madhumitaaa"
title="+20/-68 ([#7198](https://github.com/axios/axios/issues/7198)
)">Madhumita</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Tackoil"
title="+80/-2 ([#6269](https://github.com/axios/axios/issues/6269)
)">Tackoil</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/justindhillon"
title="+41/-41 ([#6324](https://github.com/axios/axios/issues/6324)
[#6315](https://github.com/axios/axios/issues/6315) )">Justin
Dhillon</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Rudrxxx"
title="+71/-2 ([#7257](https://github.com/axios/axios/issues/7257)
)">Rudransh</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/WuMingDao"
title="+36/-36 ([#7215](https://github.com/axios/axios/issues/7215)
)">WuMingDao</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/codenomnom"
title="+70/-0 ([#7201](https://github.com/axios/axios/issues/7201)
[#7201](https://github.com/axios/axios/issues/7201)
)">codenomnom</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/Nandann018-ux"
title="+60/-10 ([#7272](https://github.com/axios/axios/issues/7272)
)">Nandan Acharya</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/KernelDeimos"
title="+22/-40 ([#7042](https://github.com/axios/axios/issues/7042)
)">Eric Dubé</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/tiborpilz"
title="+40/-4 ([#5551](https://github.com/axios/axios/issues/5551)
)">Tibor Pilz</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/joaoGabriel55"
title="+31/-4 ([#6314](https://github.com/axios/axios/issues/6314)
)">Gabriel Quaresma</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/turadg"
title="+23/-6 ([#6265](https://github.com/axios/axios/issues/6265)
)">Turadg Aleahmad</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="29f75425f0"><code>29f7542</code></a>
chore(release): prepare release 1.13.5 (<a
href="https://redirect.github.com/axios/axios/issues/7379">#7379</a>)</li>
<li><a
href="431c3a3614"><code>431c3a3</code></a>
ci: fix run condition (<a
href="https://redirect.github.com/axios/axios/issues/7373">#7373</a>)</li>
<li><a
href="9ff3a78ad7"><code>9ff3a78</code></a>
ci: update ymls (<a
href="https://redirect.github.com/axios/axios/issues/7372">#7372</a>)</li>
<li><a
href="265b71234c"><code>265b712</code></a>
docs: fix deprecated Buffer constructor and formatting issues in README
(<a
href="https://redirect.github.com/axios/axios/issues/7371">#7371</a>)</li>
<li><a
href="475e75a260"><code>475e75a</code></a>
feat: add input validation to isAbsoluteURL (<a
href="https://redirect.github.com/axios/axios/issues/7326">#7326</a>)</li>
<li><a
href="28c721588c"><code>28c7215</code></a>
fix: Denial of Service via <strong>proto</strong> Key in mergeConfig (<a
href="https://redirect.github.com/axios/axios/issues/7369">#7369</a>)</li>
<li><a
href="04cf01969e"><code>04cf019</code></a>
docs: clarify object check comment (<a
href="https://redirect.github.com/axios/axios/issues/7323">#7323</a>)</li>
<li><a
href="696fa753c5"><code>696fa75</code></a>
fix: status is missing in AxiosError on and after v1.13.3 (<a
href="https://redirect.github.com/axios/axios/issues/7368">#7368</a>)</li>
<li><a
href="569f028a58"><code>569f028</code></a>
fix: added a option to choose between legacy and the new
request/response int...</li>
<li><a
href="44b7c9f0c4"><code>44b7c9f</code></a>
chore(deps-dev): bump karma-sourcemap-loader (<a
href="https://redirect.github.com/axios/axios/issues/7360">#7360</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.13.2...v1.13.5">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for axios since your current version.</p>
</details>
<br />

Updates `qs` from 6.13.0 to 6.14.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's
changelog</a>.</em></p>
<blockquote>
<h2><strong>6.14.2</strong></h2>
<ul>
<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code> (<a
href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li>
<li>[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>
<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded
with indexed notation when <code>throwOnLimitExceeded</code> is true (<a
href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li>
<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as
max index; remove extraneous comments (<a
href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li>
<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>
<li>[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output (<a
href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li>
<li>[readme] clarify <code>parseArrays</code> and
<code>arrayLimit</code> documentation (<a
href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li>
<li>[readme] replace runkit CI badge with shields.io check-runs
badge</li>
<li>[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>[actions] fix rebase workflow permissions</li>
</ul>
<h2><strong>6.14.1</strong></h2>
<ul>
<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code>
notation as well</li>
<li>[Fix] <code>parse</code>: when a custom decoder returns
<code>null</code> for a key, ignore that key</li>
<li>[Refactor] <code>parse</code>: extract key segment splitting
helper</li>
<li>[meta] add threat model</li>
<li>[actions] add workflow permissions</li>
<li>[Tests] <code>stringify</code>: increase coverage</li>
<li>[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code>, <code>npmignore</code>,
<code>es-value-fixtures</code>, <code>for-each</code>,
<code>object-inspect</code></li>
</ul>
<h2><strong>6.14.0</strong></h2>
<ul>
<li>[New] <code>parse</code>: add
<code>throwOnParameterLimitExceeded</code> option (<a
href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li>
<li>[Refactor] <code>parse</code>: use <code>utils.combine</code>
more</li>
<li>[patch] <code>parse</code>: add explicit
<code>throwOnLimitExceeded</code> default</li>
<li>[actions] use shared action; re-add finishers</li>
<li>[meta] Fix changelog formatting bug</li>
<li>[Deps] update <code>side-channel</code></li>
<li>[Dev Deps] update <code>es-value-fixtures</code>,
<code>has-bigints</code>, <code>has-proto</code>,
<code>has-symbols</code></li>
<li>[Tests] increase coverage</li>
</ul>
<h2><strong>6.13.3</strong></h2>
<p>[Fix] fix regressions from robustness refactor
[actions] update reusable workflows</p>
<h2><strong>6.13.2</strong></h2>
<ul>
<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>
<li>[readme] clarify <code>parseArrays</code> and
<code>arrayLimit</code> documentation (<a
href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li>
<li>[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output (<a
href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li>
<li>[readme] replace runkit CI badge with shields.io check-runs
badge</li>
<li>[actions] fix rebase workflow permissions</li>
</ul>
<h2><strong>6.13.1</strong></h2>
<ul>
<li>[Fix] <code>stringify</code>: avoid a crash when a
<code>filter</code> key is <code>null</code></li>
<li>[Fix] <code>utils.merge</code>: functions should not be stringified
into keys</li>
<li>[Fix] <code>parse</code>: avoid a crash with
interpretNumericEntities: true, comma: true, and iso charset</li>
<li>[Fix] <code>stringify</code>: ensure a non-string
<code>filter</code> does not crash</li>
<li>[Refactor] use <code>__proto__</code> syntax instead of
<code>Object.create</code> for null objects</li>
<li>[Refactor] misc cleanup</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bdcf0c7f82"><code>bdcf0c7</code></a>
v6.14.2</li>
<li><a
href="294db90c81"><code>294db90</code></a>
[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output</li>
<li><a
href="5c308e5516"><code>5c308e5</code></a>
[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code>
documentation</li>
<li><a
href="6addf8cf73"><code>6addf8c</code></a>
[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code></li>
<li><a
href="cfc108f662"><code>cfc108f</code></a>
[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/`pars...</li>
<li><a
href="febb64442a"><code>febb644</code></a>
[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with
indexed notation when `thr...</li>
<li><a
href="f6a7abff1f"><code>f6a7abf</code></a>
[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li><a
href="fbc5206c25"><code>fbc5206</code></a>
[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max
index; remove e...</li>
<li><a
href="1b9a8b4e78"><code>1b9a8b4</code></a>
[actions] fix rebase workflow permissions</li>
<li><a
href="2a35775614"><code>2a35775</code></a>
[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `qs` from 6.13.0 to 6.14.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's
changelog</a>.</em></p>
<blockquote>
<h2><strong>6.14.2</strong></h2>
<ul>
<li>[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code> (<a
href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li>
<li>[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li>
<li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded
with indexed notation when <code>throwOnLimitExceeded</code> is true (<a
href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li>
<li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as
max index; remove extraneous comments (<a
href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li>
<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>
<li>[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output (<a
href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li>
<li>[readme] clarify <code>parseArrays</code> and
<code>arrayLimit</code> documentation (<a
href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li>
<li>[readme] replace runkit CI badge with shields.io check-runs
badge</li>
<li>[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>[actions] fix rebase workflow permissions</li>
</ul>
<h2><strong>6.14.1</strong></h2>
<ul>
<li>[Fix] ensure <code>arrayLimit</code> applies to <code>[]</code>
notation as well</li>
<li>[Fix] <code>parse</code>: when a custom decoder returns
<code>null</code> for a key, ignore that key</li>
<li>[Refactor] <code>parse</code>: extract key segment splitting
helper</li>
<li>[meta] add threat model</li>
<li>[actions] add workflow permissions</li>
<li>[Tests] <code>stringify</code>: increase coverage</li>
<li>[Dev Deps] update <code>eslint</code>,
<code>@ljharb/eslint-config</code>, <code>npmignore</code>,
<code>es-value-fixtures</code>, <code>for-each</code>,
<code>object-inspect</code></li>
</ul>
<h2><strong>6.14.0</strong></h2>
<ul>
<li>[New] <code>parse</code>: add
<code>throwOnParameterLimitExceeded</code> option (<a
href="https://redirect.github.com/ljharb/qs/issues/517">#517</a>)</li>
<li>[Refactor] <code>parse</code>: use <code>utils.combine</code>
more</li>
<li>[patch] <code>parse</code>: add explicit
<code>throwOnLimitExceeded</code> default</li>
<li>[actions] use shared action; re-add finishers</li>
<li>[meta] Fix changelog formatting bug</li>
<li>[Deps] update <code>side-channel</code></li>
<li>[Dev Deps] update <code>es-value-fixtures</code>,
<code>has-bigints</code>, <code>has-proto</code>,
<code>has-symbols</code></li>
<li>[Tests] increase coverage</li>
</ul>
<h2><strong>6.13.3</strong></h2>
<p>[Fix] fix regressions from robustness refactor
[actions] update reusable workflows</p>
<h2><strong>6.13.2</strong></h2>
<ul>
<li>[Robustness] avoid <code>.push</code>, use <code>void</code></li>
<li>[readme] clarify <code>parseArrays</code> and
<code>arrayLimit</code> documentation (<a
href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li>
<li>[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output (<a
href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li>
<li>[readme] replace runkit CI badge with shields.io check-runs
badge</li>
<li>[actions] fix rebase workflow permissions</li>
</ul>
<h2><strong>6.13.1</strong></h2>
<ul>
<li>[Fix] <code>stringify</code>: avoid a crash when a
<code>filter</code> key is <code>null</code></li>
<li>[Fix] <code>utils.merge</code>: functions should not be stringified
into keys</li>
<li>[Fix] <code>parse</code>: avoid a crash with
interpretNumericEntities: true, comma: true, and iso charset</li>
<li>[Fix] <code>stringify</code>: ensure a non-string
<code>filter</code> does not crash</li>
<li>[Refactor] use <code>__proto__</code> syntax instead of
<code>Object.create</code> for null objects</li>
<li>[Refactor] misc cleanup</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bdcf0c7f82"><code>bdcf0c7</code></a>
v6.14.2</li>
<li><a
href="294db90c81"><code>294db90</code></a>
[readme] document that <code>addQueryPrefix</code> does not add
<code>?</code> to empty output</li>
<li><a
href="5c308e5516"><code>5c308e5</code></a>
[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code>
documentation</li>
<li><a
href="6addf8cf73"><code>6addf8c</code></a>
[Fix] <code>parse</code>: mark overflow objects for indexed notation
exceeding <code>arrayLimit</code></li>
<li><a
href="cfc108f662"><code>cfc108f</code></a>
[Fix] <code>arrayLimit</code> means max count, not max index, in
<code>combine</code>/<code>merge</code>/`pars...</li>
<li><a
href="febb64442a"><code>febb644</code></a>
[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with
indexed notation when `thr...</li>
<li><a
href="f6a7abff1f"><code>f6a7abf</code></a>
[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on
<code>comma</code>-parsed values</li>
<li><a
href="fbc5206c25"><code>fbc5206</code></a>
[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max
index; remove e...</li>
<li><a
href="1b9a8b4e78"><code>1b9a8b4</code></a>
[actions] fix rebase workflow permissions</li>
<li><a
href="2a35775614"><code>2a35775</code></a>
[meta] fix changelog typo (<code>arrayLength</code> →
<code>arrayLimit</code>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ljharb/qs/compare/v6.13.0...v6.14.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `next` from 14.2.3 to 15.5.10
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.10</h2>
<p>Please refer the following changelogs for more information about this
security release:</p>
<ul>
<li><a
href="https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472">https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472</a></li>
<li><a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">https://vercel.com/changelog/summary-of-cve-2026-23864</a></li>
</ul>
<h2>v15.4.11</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.3.9</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.2.9</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.1.12</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
<h2>v15.0.8</h2>
<p>Please see this <a
href="https://vercel.com/changelog/summary-of-cve-2026-23864">changelog</a>
for more information about this security patch.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="60a2aa97b6"><code>60a2aa9</code></a>
v15.5.10</li>
<li><a
href="e5b834d208"><code>e5b834d</code></a>
fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (<a
href="https://redirect.github.com/vercel/next.js/issues/88588">#88588</a>)</li>
<li><a
href="39a2f6a8d1"><code>39a2f6a</code></a>
feat(next/image)!: add <code>images.maximumResponseBody</code> config
(<a
href="https://redirect.github.com/vercel/next.js/issues/88183">#88183</a>)</li>
<li><a
href="bf9f0843ed"><code>bf9f084</code></a>
Sync DoS mitigations for React Flight</li>
<li><a
href="c5de33e93c"><code>c5de33e</code></a>
v15.5.9</li>
<li><a
href="dd233994ae"><code>dd23399</code></a>
Backport <a
href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a>
for 15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/87086">#87086</a>)</li>
<li><a
href="7526cd6f24"><code>7526cd6</code></a>
v15.5.8</li>
<li><a
href="1e9ec4133a"><code>1e9ec41</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/41">#41</a>)</li>
<li><a
href="16141e5df9"><code>16141e5</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/30">#30</a>)</li>
<li><a
href="e01e589e18"><code>e01e589</code></a>
Backport Next.js changes to v15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/23">#23</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.2.3...v15.5.10">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/blackboxprogramming/BlackRoad-Operating-System/network/alerts).

</details>

apps/docs/package.json

@@ -10,7 +10,7 @@
     "health": "curl -f http://localhost:8080/health || exit 1"
   },
   "dependencies": {
-    "next": "14.2.3",
+    "next": "15.5.10",
     "react": "18.3.1",
     "react-dom": "18.3.1"
   },

apps/prism-console/package.json

@@ -10,7 +10,7 @@
     "health": "curl -f http://localhost:8080/health || exit 1"
   },
   "dependencies": {
-    "next": "14.2.3",
+    "next": "15.5.10",
     "react": "18.3.1",
     "react-dom": "18.3.1"
   },

apps/web/package.json

@@ -10,7 +10,7 @@
     "health": "curl -f http://localhost:8080/health || exit 1"
   },
   "dependencies": {
-    "next": "14.2.3",
+    "next": "15.5.10",
     "react": "18.3.1",
     "react-dom": "18.3.1"
   },

blackroad-os-agents/package-lock.json

@@ -10,7 +10,7 @@
       "dependencies": {
         "cors": "^2.8.5",
         "dotenv": "^16.4.5",
-        "express": "^4.19.0"
+        "express": "^4.22.1"
       },
       "devDependencies": {
         "@types/cors": "^2.8.17",
@@ -633,39 +633,39 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.2",
+      "version": "4.22.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
-      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
       "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
-        "body-parser": "1.20.3",
+        "body-parser": "~1.20.3",
-        "content-disposition": "0.5.4",
+        "content-disposition": "~0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.7.1",
+        "cookie": "~0.7.1",
-        "cookie-signature": "1.0.6",
+        "cookie-signature": "~1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "etag": "~1.8.1",
-        "finalhandler": "1.3.1",
+        "finalhandler": "~1.3.1",
-        "fresh": "0.5.2",
+        "fresh": "~0.5.2",
-        "http-errors": "2.0.0",
+        "http-errors": "~2.0.0",
         "merge-descriptors": "1.0.3",
         "methods": "~1.1.2",
-        "on-finished": "2.4.1",
+        "on-finished": "~2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.12",
+        "path-to-regexp": "~0.1.12",
         "proxy-addr": "~2.0.7",
-        "qs": "6.13.0",
+        "qs": "~6.14.0",
         "range-parser": "~1.2.1",
         "safe-buffer": "5.2.1",
-        "send": "0.19.0",
+        "send": "~0.19.0",
-        "serve-static": "1.16.2",
+        "serve-static": "~1.16.2",
         "setprototypeof": "1.2.0",
-        "statuses": "2.0.1",
+        "statuses": "~2.0.1",
         "type-is": "~1.6.18",
         "utils-merge": "1.0.1",
         "vary": "~1.1.2"
@@ -678,6 +678,21 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/express/node_modules/qs": {
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/fill-range": {
       "version": "7.1.1",
       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",

blackroad-os-agents/package.json

@@ -9,7 +9,7 @@
     "health": "curl -f http://localhost:8080/health || exit 1"
   },
   "dependencies": {
-    "express": "^4.19.0",
+    "express": "^4.22.1",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5"
   },

blackroad-os-api/package-lock.json

@@ -8,10 +8,10 @@
       "name": "blackroad-os-api",
       "version": "0.1.0",
       "dependencies": {
-        "axios": "^1.7.9",
+        "axios": "^1.13.5",
         "cors": "^2.8.5",
         "dotenv": "^16.4.5",
-        "express": "^4.19.0"
+        "express": "^4.22.1"
       },
       "devDependencies": {
         "@types/cors": "^2.8.17",
@@ -305,13 +305,13 @@
       "license": "MIT"
     },
     "node_modules/axios": {
-      "version": "1.13.2",
+      "version": "1.13.5",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.2.tgz",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz",
-      "integrity": "sha512-VPk9ebNqPcy5lRGuSlKx752IlDatOjT9paPlm8A7yOuW2Fbvp4X3JznJtT4f0GzGLLiWE9W8onz51SqLYwzGaA==",
+      "integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==",
       "license": "MIT",
       "dependencies": {
-        "follow-redirects": "^1.15.6",
+        "follow-redirects": "^1.15.11",
-        "form-data": "^4.0.4",
+        "form-data": "^4.0.5",
         "proxy-from-env": "^1.1.0"
       }
     },
@@ -687,39 +687,39 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.2",
+      "version": "4.22.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
-      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
       "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
-        "body-parser": "1.20.3",
+        "body-parser": "~1.20.3",
-        "content-disposition": "0.5.4",
+        "content-disposition": "~0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.7.1",
+        "cookie": "~0.7.1",
-        "cookie-signature": "1.0.6",
+        "cookie-signature": "~1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "etag": "~1.8.1",
-        "finalhandler": "1.3.1",
+        "finalhandler": "~1.3.1",
-        "fresh": "0.5.2",
+        "fresh": "~0.5.2",
-        "http-errors": "2.0.0",
+        "http-errors": "~2.0.0",
         "merge-descriptors": "1.0.3",
         "methods": "~1.1.2",
-        "on-finished": "2.4.1",
+        "on-finished": "~2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.12",
+        "path-to-regexp": "~0.1.12",
         "proxy-addr": "~2.0.7",
-        "qs": "6.13.0",
+        "qs": "~6.14.0",
         "range-parser": "~1.2.1",
         "safe-buffer": "5.2.1",
-        "send": "0.19.0",
+        "send": "~0.19.0",
-        "serve-static": "1.16.2",
+        "serve-static": "~1.16.2",
         "setprototypeof": "1.2.0",
-        "statuses": "2.0.1",
+        "statuses": "~2.0.1",
         "type-is": "~1.6.18",
         "utils-merge": "1.0.1",
         "vary": "~1.1.2"
@@ -732,6 +732,21 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/express/node_modules/qs": {
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/fill-range": {
       "version": "7.1.1",
       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",

blackroad-os-api/package.json

@@ -9,10 +9,10 @@
     "health": "curl -f http://localhost:8080/health || exit 1"
   },
   "dependencies": {
-    "express": "^4.19.0",
+    "express": "^4.22.1",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
-    "axios": "^1.7.9"
+    "axios": "^1.13.5"
   },
   "devDependencies": {
     "@types/cors": "^2.8.17",

blackroad-os-core/package-lock.json

@@ -10,7 +10,7 @@
       "dependencies": {
         "cors": "^2.8.5",
         "dotenv": "^16.4.5",
-        "express": "^4.19.0"
+        "express": "^4.22.1"
       },
       "devDependencies": {
         "@types/cors": "^2.8.17",
@@ -633,39 +633,39 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.2",
+      "version": "4.22.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
-      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
       "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
-        "body-parser": "1.20.3",
+        "body-parser": "~1.20.3",
-        "content-disposition": "0.5.4",
+        "content-disposition": "~0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.7.1",
+        "cookie": "~0.7.1",
-        "cookie-signature": "1.0.6",
+        "cookie-signature": "~1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "etag": "~1.8.1",
-        "finalhandler": "1.3.1",
+        "finalhandler": "~1.3.1",
-        "fresh": "0.5.2",
+        "fresh": "~0.5.2",
-        "http-errors": "2.0.0",
+        "http-errors": "~2.0.0",
         "merge-descriptors": "1.0.3",
         "methods": "~1.1.2",
-        "on-finished": "2.4.1",
+        "on-finished": "~2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.12",
+        "path-to-regexp": "~0.1.12",
         "proxy-addr": "~2.0.7",
-        "qs": "6.13.0",
+        "qs": "~6.14.0",
         "range-parser": "~1.2.1",
         "safe-buffer": "5.2.1",
-        "send": "0.19.0",
+        "send": "~0.19.0",
-        "serve-static": "1.16.2",
+        "serve-static": "~1.16.2",
         "setprototypeof": "1.2.0",
-        "statuses": "2.0.1",
+        "statuses": "~2.0.1",
         "type-is": "~1.6.18",
         "utils-merge": "1.0.1",
         "vary": "~1.1.2"
@@ -678,6 +678,21 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/express/node_modules/qs": {
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/fill-range": {
       "version": "7.1.1",
       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",

blackroad-os-core/package.json

@@ -9,7 +9,7 @@
     "health": "curl -f http://localhost:8080/health || exit 1"
   },
   "dependencies": {
-    "express": "^4.19.0",
+    "express": "^4.22.1",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5"
   },

blackroad-os-operator/package-lock.json

@@ -10,7 +10,7 @@
       "dependencies": {
         "cors": "^2.8.5",
         "dotenv": "^16.4.5",
-        "express": "^4.19.0"
+        "express": "^4.22.1"
       },
       "devDependencies": {
         "@types/cors": "^2.8.17",
@@ -633,39 +633,39 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.2",
+      "version": "4.22.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz",
-      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
+      "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==",
       "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
-        "body-parser": "1.20.3",
+        "body-parser": "~1.20.3",
-        "content-disposition": "0.5.4",
+        "content-disposition": "~0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.7.1",
+        "cookie": "~0.7.1",
-        "cookie-signature": "1.0.6",
+        "cookie-signature": "~1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
         "encodeurl": "~2.0.0",
         "escape-html": "~1.0.3",
         "etag": "~1.8.1",
-        "finalhandler": "1.3.1",
+        "finalhandler": "~1.3.1",
-        "fresh": "0.5.2",
+        "fresh": "~0.5.2",
-        "http-errors": "2.0.0",
+        "http-errors": "~2.0.0",
         "merge-descriptors": "1.0.3",
         "methods": "~1.1.2",
-        "on-finished": "2.4.1",
+        "on-finished": "~2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.12",
+        "path-to-regexp": "~0.1.12",
         "proxy-addr": "~2.0.7",
-        "qs": "6.13.0",
+        "qs": "~6.14.0",
         "range-parser": "~1.2.1",
         "safe-buffer": "5.2.1",
-        "send": "0.19.0",
+        "send": "~0.19.0",
-        "serve-static": "1.16.2",
+        "serve-static": "~1.16.2",
         "setprototypeof": "1.2.0",
-        "statuses": "2.0.1",
+        "statuses": "~2.0.1",
         "type-is": "~1.6.18",
         "utils-merge": "1.0.1",
         "vary": "~1.1.2"
@@ -678,6 +678,21 @@
         "url": "https://opencollective.com/express"
       }
     },
+    "node_modules/express/node_modules/qs": {
+      "version": "6.14.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+      "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "side-channel": "^1.1.0"
+      },
+      "engines": {
+        "node": ">=0.6"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
+    },
     "node_modules/fill-range": {
       "version": "7.1.1",
       "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",

blackroad-os-operator/package.json

@@ -9,7 +9,7 @@
     "health": "curl -f http://localhost:8080/health || exit 1"
   },
   "dependencies": {
-    "express": "^4.19.0",
+    "express": "^4.22.1",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5"
   },

br95/package.json

@@ -10,7 +10,7 @@
     "test": "echo \"No automated tests yet\""
   },
   "dependencies": {
-    "next": "14.2.3",
+    "next": "15.5.10",
     "react": "18.2.0",
     "react-dom": "18.2.0"
   },