Bump qs from 6.5.2 to 6.9.0

Bumps qs from 6.5.2 to 6.9.0.

Changelog

*Sourced from [qs's changelog](https://github.com/ljharb/qs/blob/master/CHANGELOG.md).* > ## **6.9.0** > - [New] `parse`/`stringify`: Pass extra key/value argument to `decoder` ([#333](https://github-redirect.dependabot.com/ljharb/qs/issues/333)) > - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `evalmd` > - [Tests] `parse`: add passing `arrayFormat` tests > - [Tests] add `posttest` using `npx aud` to run `npm audit` without a lockfile > - [Tests] up to `node` `v12.10`, `v11.15`, `v10.16`, `v8.16` > - [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray > > ## **6.8.0** > - [New] add `depth=false` to preserve the original key; [Fix] `depth=0` should preserve the original key ([#326](https://github-redirect.dependabot.com/ljharb/qs/issues/326)) > - [New] [Fix] stringify symbols and bigints > - [Fix] ensure node 0.12 can stringify Symbols > - [Fix] fix for an impossible situation: when the formatter is called with a non-string value > - [Refactor] `formats`: tiny bit of cleanup. > - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `safe-publish-latest`, `iconv-lite`, `tape` > - [Tests] add tests for `depth=0` and `depth=false` behavior, both current and intuitive/intended ([#326](https://github-redirect.dependabot.com/ljharb/qs/issues/326)) > - [Tests] use `eclint` instead of `editorconfig-tools` > - [docs] readme: add security note > - [meta] add github sponsorship > - [meta] add FUNDING.yml > - [meta] Clean up license text so it’s properly detected as BSD-3-Clause > > ## **6.7.0** > - [New] `stringify`/`parse`: add `comma` as an `arrayFormat` option ([#276](https://github-redirect.dependabot.com/ljharb/qs/issues/276), [#219](https://github-redirect.dependabot.com/ljharb/qs/issues/219)) > - [Fix] correctly parse nested arrays ([#212](https://github-redirect.dependabot.com/ljharb/qs/issues/212)) > - [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source, also with an array source > - [Robustness] `stringify`: cache `Object.prototype.hasOwnProperty` > - [Refactor] `utils`: `isBuffer`: small tweak; add tests > - [Refactor] use cached `Array.isArray` > - [Refactor] `parse`/`stringify`: make a function to normalize the options > - [Refactor] `utils`: reduce observable [[Get]]s > - [Refactor] `stringify`/`utils`: cache `Array.isArray` > - [Tests] always use `String(x)` over `x.toString()` > - [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10 > - [Tests] temporarily allow coverage to fail > > ## **6.6.0** > - [New] Add support for iso-8859-1, utf8 "sentinel" and numeric entities ([#268](https://github-redirect.dependabot.com/ljharb/qs/issues/268)) > - [New] move two-value combine to a `utils` function ([#189](https://github-redirect.dependabot.com/ljharb/qs/issues/189)) > - [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` ([#279](https://github-redirect.dependabot.com/ljharb/qs/issues/279)) > - [Fix] when `parseArrays` is false, properly handle keys ending in `[]` ([#260](https://github-redirect.dependabot.com/ljharb/qs/issues/260)) > - [Fix] `stringify`: do not crash in an obscure combo of `interpretNumericEntities`, a bad custom `decoder`, & `iso-8859-1` > - [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided > - [refactor] `stringify`: Avoid arr = arr.concat(...), push to the existing instance ([#269](https://github-redirect.dependabot.com/ljharb/qs/issues/269)) > - [Refactor] `parse`: only need to reassign the var once > - [Refactor] `parse`/`stringify`: clean up `charset` options checking; fix defaults > - [Refactor] add missing defaults > - [Refactor] `parse`: one less `concat` call > - [Refactor] `utils`: `compactQueue`: make it explicitly side-effecting > - [Dev Deps] update `browserify`, `eslint`, `@ljharb/eslint-config`, `iconv-lite`, `safe-publish-latest`, `tape` > ... (truncated)

Commits

- [`670254b`](https://github.com/ljharb/qs/commit/670254b63fc7770894eed9a0f020bc0b72698ce3) v6.9.0 - [`dadf9db`](https://github.com/ljharb/qs/commit/dadf9dbd97434ebaa20636d528a108287ca40bbc) [Tests] `parse`: add passing `arrayFormat` tests - [`df0cb44`](https://github.com/ljharb/qs/commit/df0cb440773e5540d926065f9d1a9e3d066173cd) [Dev Deps] update `eslint` - [`7f216ee`](https://github.com/ljharb/qs/commit/7f216eef99cb9eb0ebb3714411a044174c1448cd) [New] `parse`/`stringify`: Pass extra key/value argument to `decoder` - [`4019179`](https://github.com/ljharb/qs/commit/40191798d07d51403add5fb15014db3d87a05ae3) [Tests] add `posttest` using `npx aud` to run `npm audit` without a lockfile - [`97154a6`](https://github.com/ljharb/qs/commit/97154a653e73dcf461024d5ab77a17841caab4f5) [Tests] up to `node` `v12.10`, `v11.15`, `v10.16`, `v8.16` - [`760a670`](https://github.com/ljharb/qs/commit/760a6702ce3d7d0adb356dc89207da8c1eebad0b) [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `evalmd` - [`e39c235`](https://github.com/ljharb/qs/commit/e39c235760b58dfaf3a8b5b18b8ff85331e9ddd0) [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray - [`7ebe4ad`](https://github.com/ljharb/qs/commit/7ebe4ad78f6abc9fcc15bdfd0e5a9a771b855cf5) v6.8.0 - [`d1d06a6`](https://github.com/ljharb/qs/commit/d1d06a606b11111c8c301be7039bc46d5e541ddb) [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `safe-publ... - Additional commits viewable in [compare view](https://github.com/ljharb/qs/compare/v6.5.2...v6.9.0)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes a minor update to a production dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

dalen / puppetexplorer

Bump qs from 6.5.2 to 6.9.0 #612