Bump qs from 6.5.2 to 6.8.0

Bumps qs from 6.5.2 to 6.8.0.

Changelog

*Sourced from [qs's changelog](https://github.com/ljharb/qs/blob/master/CHANGELOG.md).* > ## **6.8.0** > - [New] add `depth=false` to preserve the original key; [Fix] `depth=0` should preserve the original key ([#326](https://github-redirect.dependabot.com/ljharb/qs/issues/326)) > - [New] [Fix] stringify symbols and bigints > - [Fix] ensure node 0.12 can stringify Symbols > - [Fix] fix for an impossible situation: when the formatter is called with a non-string value > - [Refactor] `formats`: tiny bit of cleanup. > - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `safe-publish-latest`, `iconv-lite`, `tape` > - [Tests] add tests for `depth=0` and `depth=false` behavior, both current and intuitive/intended ([#326](https://github-redirect.dependabot.com/ljharb/qs/issues/326)) > - [Tests] use `eclint` instead of `editorconfig-tools` > - [docs] readme: add security note > - [meta] add github sponsorship > - [meta] add FUNDING.yml > - [meta] Clean up license text so it’s properly detected as BSD-3-Clause > > ## **6.7.0** > - [New] `stringify`/`parse`: add `comma` as an `arrayFormat` option ([#276](https://github-redirect.dependabot.com/ljharb/qs/issues/276), [#219](https://github-redirect.dependabot.com/ljharb/qs/issues/219)) > - [Fix] correctly parse nested arrays ([#212](https://github-redirect.dependabot.com/ljharb/qs/issues/212)) > - [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source, also with an array source > - [Robustness] `stringify`: cache `Object.prototype.hasOwnProperty` > - [Refactor] `utils`: `isBuffer`: small tweak; add tests > - [Refactor] use cached `Array.isArray` > - [Refactor] `parse`/`stringify`: make a function to normalize the options > - [Refactor] `utils`: reduce observable [[Get]]s > - [Refactor] `stringify`/`utils`: cache `Array.isArray` > - [Tests] always use `String(x)` over `x.toString()` > - [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10 > - [Tests] temporarily allow coverage to fail > > ## **6.6.0** > - [New] Add support for iso-8859-1, utf8 "sentinel" and numeric entities ([#268](https://github-redirect.dependabot.com/ljharb/qs/issues/268)) > - [New] move two-value combine to a `utils` function ([#189](https://github-redirect.dependabot.com/ljharb/qs/issues/189)) > - [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` ([#279](https://github-redirect.dependabot.com/ljharb/qs/issues/279)) > - [Fix] when `parseArrays` is false, properly handle keys ending in `[]` ([#260](https://github-redirect.dependabot.com/ljharb/qs/issues/260)) > - [Fix] `stringify`: do not crash in an obscure combo of `interpretNumericEntities`, a bad custom `decoder`, & `iso-8859-1` > - [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided > - [refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance ([#269](https://github-redirect.dependabot.com/ljharb/qs/issues/269)) > - [Refactor] `parse`: only need to reassign the var once > - [Refactor] `parse`/`stringify`: clean up `charset` options checking; fix defaults > - [Refactor] add missing defaults > - [Refactor] `parse`: one less `concat` call > - [Refactor] `utils`: `compactQueue`: make it explicitly side-effecting > - [Dev Deps] update `browserify`, `eslint`, `@ljharb/eslint-config`, `iconv-lite`, `safe-publish-latest`, `tape` > - [Tests] up to `node` `v10.10`, `v9.11`, `v8.12`, `v6.14`, `v4.9`; pin included builds to LTS

Commits

- [`7ebe4ad`](https://github.com/ljharb/qs/commit/7ebe4ad78f6abc9fcc15bdfd0e5a9a771b855cf5) v6.8.0 - [`d1d06a6`](https://github.com/ljharb/qs/commit/d1d06a606b11111c8c301be7039bc46d5e541ddb) [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `safe-publ... - [`649f05f`](https://github.com/ljharb/qs/commit/649f05f0a9d3c8c51dc1255298b2ff8408b8ddd4) [New] add `depth=false` to preserve the original key; [Fix] `depth=0` should ... - [`a30e4b1`](https://github.com/ljharb/qs/commit/a30e4b1cdf8f77bf4f84b5f8c6ee4bbde9d95792) [Tests] add tests for `depth=0` and `depth=false` behavior, both current and ... - [`360ec16`](https://github.com/ljharb/qs/commit/360ec16dd5a36462096a8c5d583636e85c03992d) [Tests] use `eclint` instead of `editorconfig-tools` - [`b14b638`](https://github.com/ljharb/qs/commit/b14b63845c1b8884bfd6d374e3da020c2455f0d0) [Dev Deps] update `eslint`, `iconv-lite`, `browserify`, `tape` - [`82c4a5f`](https://github.com/ljharb/qs/commit/82c4a5f4fe7ea026ead2f217ce3d661980d246a1) add github sponsorship - [`4a1cf05`](https://github.com/ljharb/qs/commit/4a1cf056f25fa6e9acee500980767eb584d52936) readme: add security note - [`a07882f`](https://github.com/ljharb/qs/commit/a07882f1042a0ebe0e9f17437b9f9f50b69ae0bb) add FUNDING.yml - [`3b40167`](https://github.com/ljharb/qs/commit/3b40167e2f5333e62e7fb03944f5f65894bc6cac) [Fix] ensure node 0.12 can stringify Symbols - Additional commits viewable in [compare view](https://github.com/ljharb/qs/compare/v6.5.2...v6.8.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes a minor update to a production dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

dalen / puppetexplorer

Bump qs from 6.5.2 to 6.8.0 #609