NO-ISSUE: Bump qs to ^6.14.1

[sunku5494]

Fixing CVE-2025-15284

Summary by CodeRabbit

• Chores
  • Updated project dependency resolution configuration.

[openshift-ci]

Hi @sunku5494. Thanks for your PR.

I'm waiting for a openshift-assisted member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated package.json resolutions to explicitly pin the "qs" package to version 6.14.1, alongside the existing lodash-es resolution. This change enforces specific dependency versions through npm's resolutions field.

Changes

Cohort / File(s)	Summary
Dependency Resolution package.json	Added explicit resolution for "qs" package (^6.14.1) in the resolutions map and reformatted with trailing comma.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• OCPBUGS-74470: bump lodash to ^4.17.23 to address CVE-2025-13465 #3410: Also modifies the top-level package.json "resolutions" map to add explicit dependency overrides.

Suggested labels

lgtm, approved, ok-to-test, size/S

Suggested reviewers

• ElayAharoni
• rawagner
• jkilzi

Poem

🐰 A tiny hop through package terrain,
Where "qs" now joins the resolution chain,
Locked and loaded, versions pinned tight,
Dependencies dancing in perfect delight! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title references bumping 'qs' to '^6.14.1', which is the core change in package.json, but omits the critical CVE security context mentioned in the PR description and commit message.	Consider revising the title to reflect the security nature of the change, such as 'Fix CVE-2025-15284: Bump qs to ^6.14.1' for better clarity on the purpose.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@sunku5494: This pull request explicitly references no jira issue.

Details

In response to this:

Fixing CVE-2025-15284

Summary by CodeRabbit

• Chores
• Updated project dependency resolution configuration.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[rawagner]

/ok-to-test

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ElayAharoni, rawagner, sunku5494

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [rawagner]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment