chore: fix for 1 vulnerabilities

[anxolin]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253	828

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

Summary by CodeRabbit

• Chores
  • Updated a core dependency to the latest stable version to improve stability and performance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
cowfi	Ready	Preview	Jan 6, 2026 10:48am
explorer-dev	Ready	Preview	Jan 6, 2026 10:48am
swap-dev	Ready	Preview	Jan 6, 2026 10:48am
widget-configurator	Ready	Preview	Jan 6, 2026 10:48am

2 Skipped Deployments

Project	Deployment	Review	Updated (UTC)
cosmos	Ignored		Jan 6, 2026 10:48am
sdk-tools	Ignored	Preview	Jan 6, 2026 10:48am

[coderabbitai]

Walkthrough

This pull request updates the "qs" dependency from version ^6.12.1 to ^6.14.1 in package.json. No changes to exported APIs, control flow, or public entity signatures are introduced.

Changes

Cohort / File(s)	Summary
Dependency Version Bump package.json	Updated "qs" dependency to ^6.14.1 (from ^6.12.1)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

• limitofzero

Poem

🐰 A nibble here, a version there,
Dependencies bloom in the code we care,
From six point twelve to fourteen's grace,
The qs library finds its place! ✨

Pre-merge checks

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description deviates significantly from the template, using Snyk's auto-generated format instead of the required structure.	Reformat description to follow the template: add Summary section with issue number and high-level description, and Testing section with verification steps.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: updating dependencies to fix a vulnerability.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

1 out of 2 committers have signed the CLA.
✅ (kernelwhisperer)[https://github.com/kernelwhisperer]
❌ @snyk-bot
_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.}

[crutch12]

@safe-global/protocol-kit is going to be updated (removed and migrated) here: #6775

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI Agents

In @package.json:
- Line 204: The package.json bump for "qs" to ^6.14.1 addresses a security issue
but you must regenerate and commit yarn.lock so installs pick up the patched
version; run `yarn install` or `yarn upgrade qs@^6.14.1` to update yarn.lock,
verify yarn.lock now references 6.14.1, commit the updated yarn.lock alongside
package.json, then run the test suite and smoke tests on critical flows to
confirm no regressions.

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6dce7aa and 8fb0637.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Setup
• GitHub Check: Cypress