Remove direct qs dependency#6865
Open
lukaselmer wants to merge 1 commit intoexpressjs:masterfrom
Open
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR removes the built-in 'extended' query parser option from Express and moves the qs package from dependencies to devDependencies. Users must now provide a custom parser function to replicate the previous 'extended' behavior.
Key changes:
- Removed
qsas a production dependency and added it as a devDependency - Replaced the
'extended'query parser option with a helpful error message directing users to use a custom parser function - Updated tests to use
qs.parsedirectly instead of the deprecated'extended'string option
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Moved qs from dependencies to devDependencies |
| lib/utils.js | Removed qs import, removed parseExtendedQueryString function, and replaced 'extended' case with an error throw |
| test/req.query.js | Added qs import, updated tests to use qs.parse directly, and added test for new error behavior |
| History.md | Documented the breaking change with migration instructions |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- As suggested here: expressjs#5783 (comment) - See also expressjs#6647, expressjs#5723, expressjs#6374, expressjs#3230, expressjs#3272, https://github.com/expressjs/express/pulls?q=is%3Apr+qs+is%3Aclosed - This doesn't remove `qs` from `body-parser`
lukaselmer
force-pushed
the
remove-direct-qs-dependency
branch
from
ea7e54e to
54e7050
Compare
This comment was marked as spam.
This comment was marked as spam.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
qs#5723, fix(deps): qs@^6.14.0 #6374, qs package security flaw #3230, qs module need to be update #3272, https://github.com/expressjs/express/pulls?q=is%3Apr+qs+is%3Aclosedqsfrombody-parserDeveloper's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.