chore(security): patch 4 Dependabot alerts

[PMerlet]

👋 First-level support: see Handling automated security PRs for how to triage and merge this PR.

Summary

4 fixed, 1 ignored, 6 deferred, 1 resolution added, 0 resolutions removed. | label: 🔒 security applied

Fixed

Done	Alert	Package	Ecosystem	From → To	Severity	What was bumped
- [ ]	#369	axios	npm	1.15.2 → 1.17.0	low	Direct: bumped axios ^1.15.0 → ^1.16.0 in packages/forest-cloud/package.json; added root resolution axios: ">=1.16.0" to cover the still-vulnerable lerna > nx > axios@1.15.2 transitive copy.
- [ ]	#367	qs	npm	6.15.1 → 6.15.2	medium	Updated root resolution qs ">=6.14.1" → ">=6.15.2" (the previous pin was inside the vulnerable range).
- [ ]	#366	uuid	npm	10.0.0 → 11.1.1	medium	Updated root resolution uuid "^10.0.0" → "^11.1.1". Repo only uses v1, v4, and validate — none of the buffer-bounds-affected v3/v5/v6 paths.
- [ ]	#368	tmp	npm	0.2.1 → 0.2.7	high	Added root resolution tmp: ">=0.2.6". Lifts both transitive copies (lerna's tree and inquirer > external-editor's tmp@0.0.33); the tmp.fileSync({ prefix, ... }) API used downstream is preserved across 0.0.x → 0.2.x.

The axios bump also lifts the still-deferred axios alerts (#372, #373, #374, #375, #376) to a patched version as a side effect — they share the same patched version (axios 1.16.0). They remain listed in Deferred because they were opened < 7 days ago; Dependabot will close them automatically once this merges.

Ignored

Dismissed	Alert	Package	Reason
- [ ]	#365	@tootallnate/once	Dev/tooling only and the exploit requires untrusted input at runtime. Pulled in via three paths, all dev/build-time: (1) _example > tedious > @azure/identity > … > http-proxy-agent — _example/ is not shipped to production; (2) _example > sqlite3 > node-gyp > make-fetch-happen > http-proxy-agent — build-time only when downloading prebuilt binaries; (3) @forestadmin/agent (devDependency) > sqlite3 > node-gyp > … — sqlite3 is a devDependency in packages/agent, used only by tests. No source code in the repo imports @tootallnate/once directly. A >=2.0.1 resolution is not viable here because the deep chains pin major 1.x (incompatible API across the 1.x → 2.x boundary).

Deferred (opened < 7 days ago)

Alert	Package	Severity	Opened
#372	axios	high	2026-06-08
#373	axios	high	2026-06-08
#374	axios	medium	2026-06-09
#375	axios	high	2026-06-09
#376	axios	high	2026-06-09
#377	shell-quote	critical	2026-06-10

Resolutions added

Alert	Package + pin	Parent chain tried	Why a parent bump wasn't viable	File	Form
#368	tmp >=0.2.6	lerna > nx > tmp@0.2.1, lerna > @nx/devkit > tmp@0.2.1, inquirer > external-editor > tmp@0.0.33	Bumping lerna major would not lift its pinned transitive tmp minor; external-editor@3.1.0 still pins tmp ^0.0.33 upstream, so a parent bump cannot reach >=0.2.6 without upstream changes outside our control. The tmp.fileSync({ prefix, postfix, ... }) API used downstream is stable across the 0.0 → 0.2 jump.	package.json (root)	Unconditional root entry — multiple unrelated chains share the vulnerability.
#367	qs >=6.15.2	Many parents (body-parser, express, superagent, co-body, …) across multiple workspaces	A resolution already existed at ">=6.14.1" for the same reason; the new advisory bumped the vulnerable range to <=6.15.1. Updating the existing pin is strictly the same form as before.	package.json (root)	Unconditional root entry (updated in place).
#366	uuid ^11.1.1	Many parents (sequelize, @langchain/langgraph, excel4node, forest-cli, …)	Existing resolution was ^10.0.0; the advisory affects all < 11.1.1. Updating the existing pin is strictly the same form as before.	package.json (root)	Unconditional root entry (updated in place).
#369	axios >=1.16.0	lerna > nx > axios@1.15.2	Bumping lerna to its current latest still resolves to the same nx > axios@1.15.2. A direct bump in packages/forest-cloud/package.json lifts the user-facing copy but does not reach the lerna/nx subtree.	package.json (root)	Unconditional root entry — narrower scoped form not needed since axios is also a direct dep.

Risks

• axios 1.15 → 1.17: minor bump line. Notable changes are MITM hardening around proxy config and stricter NO_PROXY/IPv6 handling — exactly the surface area we're trying to patch. No public API removals in 1.16/1.17 vs 1.15; forest-cli's axios usage is plain GETs/POSTs with bearer auth, unaffected.
• qs 6.15.1 → 6.15.2: patch release fixing a qs.stringify crash on null/undefined in comma-format arrays. No API changes.
• uuid 10 → 11: major bump. v11 drops Node 14 support (we're on Node 22), and tightens parse() to require Uint8Array. Our usage is v1, v4, and validate only — unaffected.
• tmp 0.2.1 → 0.2.7 (and effectively 0.0.33 → 0.2.7 under external-editor): patch path for the lerna-side copy; the external-editor jump skips the 0.1.x line. fileSync({ prefix, postfix }) + removeCallback() signature is preserved across all versions in scope.

Manual testing

Covered by CI. forest-cli (the only direct axios consumer in scope) and the workflow-executor / mcp-server packages exercise the upgraded paths via Jest suites.

Validation

✅ CI green

[qltysh]

Coverage Impact

This PR will not change total coverage.

🚦 See full report on Qlty Cloud »

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.