Skip to content

Bump qs and @workos-inc/node#58

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-ba99732ad1
Open

Bump qs and @workos-inc/node#58
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-ba99732ad1

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 14, 2026

Removes qs. It's no longer used after updating ancestor dependency @workos-inc/node. These dependencies need to be updated together.

Removes qs

Updates @workos-inc/node from 7.77.0 to 8.5.0

Release notes

Sourced from @​workos-inc/node's releases.

v8.5.0

What's Changed

Full Changelog: workos/workos-node@v8.4.0...v8.5.0

v8.4.0

What's Changed

v8.3.1

What's Changed

New Contributors

Full Changelog: workos/workos-node@v8.3.0...v8.3.1

v8.3.0

What's Changed

Full Changelog: workos/workos-node@v8.2.0...v8.3.0

v8.2.0

What's Changed

Full Changelog: workos/workos-node@v8.1.0...v8.2.0

v8.1.0

What's Changed

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​workos-inc/node since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump qs and @workos-inc/node
f3b1550 
Removes [qs](https://github.com/ljharb/qs). It's no longer used after updating ancestor dependency [@workos-inc/node](https://github.com/workos/workos-node). These dependencies need to be updated together.


Removes `qs`

Updates `@workos-inc/node` from 7.77.0 to 8.5.0
- [Release notes](https://github.com/workos/workos-node/releases)
- [Commits](workos/workos-node@v7.77.0...v8.5.0)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 
  dependency-type: indirect
- dependency-name: "@workos-inc/node"
  dependency-version: 8.5.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 14, 2026
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 14, 2026

Greptile Overview

Greptile Summary

This PR upgrades @workos-inc/node from v7.77.0 to v8.5.0 and removes the qs dependency that is no longer needed by the updated SDK.

Key changes:

  • Upgraded @workos-inc/node to v8.5.0 (major version bump from v7)
  • Removed qs package and related type definitions
  • No code changes required - the API surface used by this library remains compatible

The v8.x release of @workos-inc/node includes new features like Authorization Resources, Role support, and deprecates FGA. The upgrade appears safe as the library only uses basic WorkOS SDK functionality (userManagement.authenticateWithCode, WorkOS constructor) which remains stable across the major version.

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • This is a straightforward dependency update generated by Dependabot. The @workos-inc/node v8.x upgrade maintains backward compatibility for the API methods used in this codebase (userManagement.authenticateWithCode and WorkOS constructor). The removal of qs is correct as it's no longer a transitive dependency of the updated WorkOS SDK. No source code changes are required, and the library's usage patterns remain fully compatible with the new version.
  • No files require special attention

Important Files Changed

Filename Overview
package.json Updated @workos-inc/node from v7.77.0 to v8.5.0 in both dependencies and devDependencies
package-lock.json Removed qs package and related dependencies (no longer needed by @workos-inc/node v8+), updated lockfile for new WorkOS SDK version

Last reviewed commit: f3b1550

greptile-apps[bot]
greptile-apps bot reviewed Feb 14, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

@GabrielBianconi
Copy link

GabrielBianconi commented Mar 10, 2026
edited
Loading

Hi @chaance & team - we'd love a release with @workos-inc/node@8+ so we can fix some transitive vulnerabilities downstream of @7 (in cookie). Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GabrielBianconi