Bump qs from 6.5.2 to 6.9.1

Bumps qs from 6.5.2 to 6.9.1.

Changelog

*Sourced from [qs's changelog](https://github.com/ljharb/qs/blob/master/CHANGELOG.md).* > ## **6.9.1** > - [Fix] `parse`: with comma true, handle field that holds an array of arrays ([#335](https://github-redirect.dependabot.com/ljharb/qs/issues/335)) > - [Fix] `parse`: with comma true, do not split non-string values ([#334](https://github-redirect.dependabot.com/ljharb/qs/issues/334)) > - [meta] add `funding` field > - [Dev Deps] update `eslint`, `@ljharb/eslint-config` > - [Tests] use shared travis-ci config > > ## **6.9.0** > - [New] `parse`/`stringify`: Pass extra key/value argument to `decoder` ([#333](https://github-redirect.dependabot.com/ljharb/qs/issues/333)) > - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `evalmd` > - [Tests] `parse`: add passing `arrayFormat` tests > - [Tests] add `posttest` using `npx aud` to run `npm audit` without a lockfile > - [Tests] up to `node` `v12.10`, `v11.15`, `v10.16`, `v8.16` > - [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray > > ## **6.8.0** > - [New] add `depth=false` to preserve the original key; [Fix] `depth=0` should preserve the original key ([#326](https://github-redirect.dependabot.com/ljharb/qs/issues/326)) > - [New] [Fix] stringify symbols and bigints > - [Fix] ensure node 0.12 can stringify Symbols > - [Fix] fix for an impossible situation: when the formatter is called with a non-string value > - [Refactor] `formats`: tiny bit of cleanup. > - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `safe-publish-latest`, `iconv-lite`, `tape` > - [Tests] add tests for `depth=0` and `depth=false` behavior, both current and intuitive/intended ([#326](https://github-redirect.dependabot.com/ljharb/qs/issues/326)) > - [Tests] use `eclint` instead of `editorconfig-tools` > - [docs] readme: add security note > - [meta] add github sponsorship > - [meta] add FUNDING.yml > - [meta] Clean up license text so it’s properly detected as BSD-3-Clause > > ## **6.7.0** > - [New] `stringify`/`parse`: add `comma` as an `arrayFormat` option ([#276](https://github-redirect.dependabot.com/ljharb/qs/issues/276), [#219](https://github-redirect.dependabot.com/ljharb/qs/issues/219)) > - [Fix] correctly parse nested arrays ([#212](https://github-redirect.dependabot.com/ljharb/qs/issues/212)) > - [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source, also with an array source > - [Robustness] `stringify`: cache `Object.prototype.hasOwnProperty` > - [Refactor] `utils`: `isBuffer`: small tweak; add tests > - [Refactor] use cached `Array.isArray` > - [Refactor] `parse`/`stringify`: make a function to normalize the options > - [Refactor] `utils`: reduce observable [[Get]]s > - [Refactor] `stringify`/`utils`: cache `Array.isArray` > - [Tests] always use `String(x)` over `x.toString()` > - [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10 > - [Tests] temporarily allow coverage to fail > > ## **6.6.0** > - [New] Add support for iso-8859-1, utf8 "sentinel" and numeric entities ([#268](https://github-redirect.dependabot.com/ljharb/qs/issues/268)) > - [New] move two-value combine to a `utils` function ([#189](https://github-redirect.dependabot.com/ljharb/qs/issues/189)) > - [Fix] `stringify`: fix a crash with `strictNullHandling` and a custom `filter`/`serializeDate` ([#279](https://github-redirect.dependabot.com/ljharb/qs/issues/279)) > - [Fix] when `parseArrays` is false, properly handle keys ending in `[]` ([#260](https://github-redirect.dependabot.com/ljharb/qs/issues/260)) > - [Fix] `stringify`: do not crash in an obscure combo of `interpretNumericEntities`, a bad custom `decoder`, & `iso-8859-1` > - [Fix] `utils`: `merge`: fix crash when `source` is a truthy primitive & no options are provided > ... (truncated)

Commits

- [`7b36800`](https://github.com/ljharb/qs/commit/7b368004723b8d11d4d237ff0479b9edcfb41449) v6.9.1 - [`6151be3`](https://github.com/ljharb/qs/commit/6151be3bc24d61d63500d904d5e3484524400d88) [Tests] use shared travis-ci config - [`b9a032f`](https://github.com/ljharb/qs/commit/b9a032fbe4baf3fe9fd3e7a86fe95b50ce41ee77) [meta] add `funding` field - [`1f35831`](https://github.com/ljharb/qs/commit/1f358315d91a895578d1a4832441fbcade3a895f) [Dev Deps] update `eslint`, `@ljharb/eslint-config` - [`f884e2d`](https://github.com/ljharb/qs/commit/f884e2d6274c51ad8455e1339a0ad9b12bd63e06) [Fix] `parse`: with comma true, handle field that holds an array of arrays - [`698b683`](https://github.com/ljharb/qs/commit/698b683d7382721c1c32c1cdcb97ca0b16917cf9) [fix] `parse`: with comma true, do not split non-string values - [`670254b`](https://github.com/ljharb/qs/commit/670254b63fc7770894eed9a0f020bc0b72698ce3) v6.9.0 - [`dadf9db`](https://github.com/ljharb/qs/commit/dadf9dbd97434ebaa20636d528a108287ca40bbc) [Tests] `parse`: add passing `arrayFormat` tests - [`df0cb44`](https://github.com/ljharb/qs/commit/df0cb440773e5540d926065f9d1a9e3d066173cd) [Dev Deps] update `eslint` - [`7f216ee`](https://github.com/ljharb/qs/commit/7f216eef99cb9eb0ebb3714411a044174c1448cd) [New] `parse`/`stringify`: Pass extra key/value argument to `decoder` - Additional commits viewable in [compare view](https://github.com/ljharb/qs/compare/v6.5.2...v6.9.1)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes a minor update to a production dependency.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)

dalen / puppetexplorer

Bump qs from 6.5.2 to 6.9.1 #621