chore: bump qs, js-yaml, glob

[ethanpschoen]

Description of this change

Bumps dependencies

Why is this change being made?

• Chore (non-functional changes)
• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

How was this tested? How can the reviewer verify your testing?

Related issues

Checklist

• I have added tests to cover my changes.
• All new and existing tests passed.
• I have evaluated the security impact of this change, and OWASP Secure Coding Practices have been observed.
• I have informed stakeholders of my changes.

---

Note

Updates dependency resolution policy in the example app.

• Adds an overrides block in example/package.json to force versions: qs@^6.14.1, js-yaml@^4.1.1, and glob@^10.5.0
• No application code changes; only dependency management adjustments

^{Written by Cursor Bugbot for commit 452ce36. Configure here.}

[cursor]

Comment @cursor review or bugbot run to trigger another review on this PR

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​@​babel/​helper-simple-access@​7.25.9 ⏵ 7.27.1
	npm/​@​babel/​preset-env@​7.28.0 ⏵ 7.28.5
	npm/​@​types/​react@​19.1.9 ⏵ 19.2.7
	npm/​@​babel/​runtime@​7.27.0 ⏵ 7.28.4	+1
	npm/​@​babel/​core@​7.28.0 ⏵ 7.28.5	+1
	npm/​@​react-native-async-storage/​async-storage@​2.1.2 ⏵ 2.2.0
	npm/​react-native-device-info@​14.0.4 ⏵ 14.1.1	+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Potential vulnerability: npm node-gyp with risk level "medium" Location: Package overview From: ? → npm/babel-jest@29.7.0 → npm/jest@29.7.0 → npm/node-gyp@12.1.0 ℹ Read more on: This package | This alert | Navigating potential vulnerabilities Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: It is advisable to proceed with caution. Engage in a review of the package's security aspects and consider reaching out to the package maintainer for the latest information or patches. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-gyp@12.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report