fix(deps): vuln minor: qs · patch: path-to-regexp [test/crashtracker]

[gh-worker-campaigns-3e9aa4]

Summary: High-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• test/crashtracker (yarn)

---

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

---

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
path-to-regexp	0.1.12	0.1.13	patch	Transitive	1 HIGH
qs	6.14.2	6.15.2	minor	Transitive	1 MEDIUM

---

Security Details

🚨 Critical & High Severity (1 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
path-to-regexp	GHSA-37ch-88jc-xwx2	HIGH	path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters	0.1.12	0.1.13

ℹ️ Other Vulnerabilities (1)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
qs	GHSA-q8mj-m7cp-5q26	MODERATE	qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set	6.14.2	6.15.2

---

Review Checklist

Standard review:

• Review changes for compatibility with your code
• Check for breaking changes in release notes
• Run tests locally or wait for CI
• Approve and merge this PR

---

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

[github-actions]

Overall package size

Self size: 28 MB
Deduped: 28 MB
No deduping: 28 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------|

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[dd-prapprover]

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

• ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-06-16T14:00:47Z
• ✅ CI tests passed - 2026-06-16T14:00:53Z
• ✅ Approved (commit: bd756a2) - 2026-06-16T14:00:57Z
• ✅ Merge Started
• ⬜ Merged

➡️ Current phase: merge in progress...

[dd-prapprover]

This PR has been automatically approved by the DD PR Approver bot.

[campaigner-prod]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-06-16 19:29:16 UTC ℹ️ Start processing command /merge
Use /merge -c to cancel this operation!

---

2026-06-16 19:29:21 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in main is approximately 0s (p90).

Use /merge -c to cancel this operation!

---

⏳ Processing