From c88644f3dc0659e78d0a9098fe49534a722b7c8c Mon Sep 17 00:00:00 2001
From: Stephane Bouchet <sbouchet@redhat.com>
Date: Tue, 2 Jun 2026 17:42:31 +0200
Subject: [PATCH] Fix CVE-2026-8723 by upgrading qs to 6.15.2

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 cloud-shell/package.json | 3 ++-
 cloud-shell/yarn.lock    | 8 ++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/cloud-shell/package.json b/cloud-shell/package.json
index 7134f3cbd..06380e38f 100644
--- a/cloud-shell/package.json
+++ b/cloud-shell/package.json
@@ -31,7 +31,8 @@
     "tar": "7.5.11",
     "minimatch@^3.1.1": "^3.1.5",
     "minimatch@^10.1.1": "^10.2.4",
-    "ajv": "6.14.0"
+    "ajv": "6.14.0",
+    "qs": "^6.15.2"
   },
   "packageManager": "yarn@4.12.0"
 }
diff --git a/cloud-shell/yarn.lock b/cloud-shell/yarn.lock
index 03291c0ab..405d014de 100644
--- a/cloud-shell/yarn.lock
+++ b/cloud-shell/yarn.lock
@@ -3377,12 +3377,12 @@ __metadata:
   languageName: node
   linkType: hard
 
-"qs@npm:^6.12.3":
-  version: 6.14.1
-  resolution: "qs@npm:6.14.1"
+"qs@npm:^6.15.2":
+  version: 6.15.2
+  resolution: "qs@npm:6.15.2"
   dependencies:
     side-channel: "npm:^1.1.0"
-  checksum: 10c0/0e3b22dc451f48ce5940cbbc7c7d9068d895074f8c969c0801ac15c1313d1859c4d738e46dc4da2f498f41a9ffd8c201bd9fb12df67799b827db94cc373d2613
+  checksum: 10c0/e6fd5f6f0aab06d480fe9ab15cebfc4ce4235303e2f91dc69a8f7f4df1e668a61c11d1cfbabacf4295cbbeb7b670ed23db45307480726259761f98e5695e93a7
   languageName: node
   linkType: hard