fix(security): update qs to >=6.14.1 to patch CVE-2025-15284

[cswkim]

Description

Adds a pnpm override to force qs to >=6.14.1 to patch CVE-2025-15284. qs < 6.14.1 has a DoS vulnerability: arrayLimit is bypassed for bracket notation (a[]=1&a[]=2), allowing memory exhaustion. This affects transitive dependencies (@modelcontextprotocol/sdk and fastmcp), so the override ensures all packages use the patched version.

Checklist

• It's useful if your PR references an issue where it is discussed ahead of time
• Adhere to semantic messaging and prefix your PR title with feat:, fix:, chore:, docs:, etc.
• I’ve added tests if needed
• I’ve updated documentation if applicable
• I’ve tested this locally
• Add a changeset (pnpm changeset) if necessary

Tests and linting

• Run the tests with pnpm test.
• Run the lint check with pnpm lint.
• Run the code formatting (prettier) check with pnpm format.

[changeset-bot]

🦋 Changeset detected

Latest commit: 42f974e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
discogs-mcp-server	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR