Bump qs, node-red, body-parser and express

[dependabot[bot]]

Bumps qs to 6.10.3 and updates ancestor dependencies qs, qs, node-red, body-parser and express. These dependencies need to be updated together.

Updates qs from 6.5.2 to 6.10.3

Changelog

Sourced from qs's changelog.

6.10.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [actions] reuse common workflows
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

• [Fix] stringify: actually fix cyclic references (#426)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [actions] update codecov uploader
• [actions] update workflows
• [Tests] clean up stringify tests slightly
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

• [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

• [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
• [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
• [meta] fix README.md (#399)
• [meta] only run npm run dist in publish, not install
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
• [Tests] fix tests on node v0.6
• [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
• [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [Tests] clean up stringify tests slightly
• [meta] fix README.md (#399)
• Revert "[meta] ignore eclint transitive audit warning"
• [actions] backport actions from main
• [Dev Deps] backport updates from main

6.9.6

• [Fix] restore dist dir; mistakenly removed in d4f6c32

6.9.5

• [Fix] stringify: do not encode parens for RFC1738
• [Fix] stringify: fix arrayFormat comma with empty array/objects (#350)
• [Refactor] format: remove util.assign call
• [meta] add "Allow Edits" workflow; update rebase workflow
• [actions] switch Automatic Rebase workflow to pull_request_target event

... (truncated)

Commits

• f92ddb5 v6.10.3
• d9e9529 [Dev Deps] update eslint
• 8b4cc14 [Fix] parse: ignore __proto__ keys
• ad63d36 [actions] reuse common workflows
• c028385 [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape
• 0a1d3e8 [Robustness] stringify: avoid relying on a global undefined
• 408ff95 v6.10.2
• 3cea04d [Dev Deps] update @ljharb/eslint-config
• 28fba8f [Dev Deps] update eslint, @ljharb/eslint-config, tape
• 9aee773 [Fix] stringify: actually fix cyclic references
• Additional commits viewable in compare view

Updates qs from 6.7.0 to 6.10.3

Changelog

Sourced from qs's changelog.

6.10.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [actions] reuse common workflows
• [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

• [Fix] stringify: actually fix cyclic references (#426)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [actions] update codecov uploader
• [actions] update workflows
• [Tests] clean up stringify tests slightly
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

• [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

• [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
• [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
• [meta] fix README.md (#399)
• [meta] only run npm run dist in publish, not install
• [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
• [Tests] fix tests on node v0.6
• [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
• [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] add note and links for coercing primitive values (#408)
• [Tests] clean up stringify tests slightly
• [meta] fix README.md (#399)
• Revert "[meta] ignore eclint transitive audit warning"
• [actions] backport actions from main
• [Dev Deps] backport updates from main

6.9.6

• [Fix] restore dist dir; mistakenly removed in d4f6c32

6.9.5

• [Fix] stringify: do not encode parens for RFC1738
• [Fix] stringify: fix arrayFormat comma with empty array/objects (#350)
• [Refactor] format: remove util.assign call
• [meta] add "Allow Edits" workflow; update rebase workflow
• [actions] switch Automatic Rebase workflow to pull_request_target event

... (truncated)

Commits

• f92ddb5 v6.10.3
• d9e9529 [Dev Deps] update eslint
• 8b4cc14 [Fix] parse: ignore __proto__ keys
• ad63d36 [actions] reuse common workflows
• c028385 [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape
• 0a1d3e8 [Robustness] stringify: avoid relying on a global undefined
• 408ff95 v6.10.2
• 3cea04d [Dev Deps] update @ljharb/eslint-config
• 28fba8f [Dev Deps] update eslint, @ljharb/eslint-config, tape
• 9aee773 [Fix] stringify: actually fix cyclic references
• Additional commits viewable in compare view

Updates node-red from 1.0.2 to 3.0.2

Release notes

Sourced from node-red's releases.

3.0.2: Maintenance Release

Editor

• Fix workspace chart bottom property (#3812) @​bonanitech
• Update german translation (#3802) @​Dennis14e
• Support color reset to the default in subflow and group (#3801) @​kazuhitoyokoi
• Allow generateNodeNames to handle names containing regex control chars (#3817) @​knolleary
• Hide scrollbars until they're needed (#3808) @​bonanitech
• Include junctions/groups when exporting subflows plus related fixes (#3816) @​knolleary
• remove console.log (#3820) @​Steve-Mcl

Runtime

• Register subflow module instance node with parent flow (#3818) @​knolleary

Nodes

• HTTP Request: Allow HTTP Headers not in spec (#3776) @​hardillb

3.0.1: Maintenance Release

Editor

• Allow codeEditor theme to be set even if codeEditor is not set in settings.js (#3794) @​Steve-Mcl
• Sys info (diagnostics report) amendments (#3793) @​Steve-Mcl
• Allow mode and title to be omitted in options argument for createEditor (#3791) @​Steve-Mcl
• Fix focus issues (#3789) @​Steve-Mcl
• Ensure all typedInput buttons have button type set (#3788) @​knolleary
• Do not flag hasUsers=false nodes as unused in search (#3787) @​knolleary
• Properly position quick-add dialog in all cases (#3786) @​knolleary
• Ensure quick-add dialog does not obscure ghost node when shifted (#3785) @​knolleary
• Remove use of Object.hasOwn (#3784) @​knolleary

3.0.0 Milestone Release

3.0.0: Milestone Release

Editor

• Use theme page and header values if settings.js values are not present (#3767) @​Steve-Mcl
• Focus editor for undo after some actions in menu (#3759) @​kazuhitoyokoi
• Ensure node icon shade has properly rounded corners (#3763) @​knolleary
• Fix storing subflow credential type when input has multiple types (#3762) @​knolleary
• Ensure global-config and flow-config have info in the hierarchy popover (#3752) @​Steve-Mcl
• Include dirty state in history event (#3748) @​Steve-Mcl
• Fix display direction of context sub-menu (#3746) @​knolleary
• Fix clear pinned paths of debug sidebar menu (#3745) @​HiroyasuNishiyama
• prevent exception generating tooltip for deleted nodes (#3742) @​Steve-Mcl
• Fix context menu issues ready for v3 beta.5 (#3741) @​Steve-Mcl
• Do not generate new node-ids when pasting a cut flow (#3729) @​knolleary
• Fix to prevent node from moving out of workspace (#3731) @​HiroyasuNishiyama
• Don't let themes change disabled config node background color (#3736) @​bonanitech

... (truncated)

Changelog

Sourced from node-red's changelog.

3.0.2: Maintenance Release

Editor

• Fix workspace chart bottom property (#3812) @​bonanitech
• Update german translation (#3802) @​Dennis14e
• Support color reset to the default in subflow and group (#3801) @​kazuhitoyokoi
• Allow generateNodeNames to handle names containing regex control chars (#3817) @​knolleary
• Hide scrollbars until they're needed (#3808) @​bonanitech
• Include junctions/groups when exporting subflows plus related fixes (#3816) @​knolleary
• remove console.log (#3820) @​Steve-Mcl

Runtime

• Register subflow module instance node with parent flow (#3818) @​knolleary

Nodes

• HTTP Request: Allow HTTP Headers not in spec (#3776) @​hardillb

3.0.1: Maintenance Release

Editor

• Allow codeEditor theme to be set even if codeEditor is not set in settings.js (#3794) @​Steve-Mcl
• Sys info (diagnostics report) amendments (#3793) @​Steve-Mcl
• Allow mode and title to be omitted in options argument for createEditor (#3791) @​Steve-Mcl
• Fix focus issues (#3789) @​Steve-Mcl
• Ensure all typedInput buttons have button type set (#3788) @​knolleary
• Do not flag hasUsers=false nodes as unused in search (#3787) @​knolleary
• Properly position quick-add dialog in all cases (#3786) @​knolleary
• Ensure quick-add dialog does not obscure ghost node when shifted (#3785) @​knolleary
• Remove use of Object.hasOwn (#3784) @​knolleary

3.0.0: Milestone Release

Editor

• Use theme page and header values if settings.js values are not present (#3767) @​Steve-Mcl
• Focus editor for undo after some actions in menu (#3759) @​kazuhitoyokoi
• Ensure node icon shade has properly rounded corners (#3763) @​knolleary
• Fix storing subflow credential type when input has multiple types (#3762) @​knolleary
• Ensure global-config and flow-config have info in the hierarchy popover (#3752) @​Steve-Mcl
• Include dirty state in history event (#3748) @​Steve-Mcl
• Fix display direction of context sub-menu (#3746) @​knolleary
• Fix clear pinned paths of debug sidebar menu (#3745) @​HiroyasuNishiyama
• prevent exception generating tooltip for deleted nodes (#3742) @​Steve-Mcl
• Fix context menu issues ready for v3 beta.5 (#3741) @​Steve-Mcl
• Do not generate new node-ids when pasting a cut flow (#3729) @​knolleary
• Fix to prevent node from moving out of workspace (#3731) @​HiroyasuNishiyama

... (truncated)

Commits

• 5365786 Merge pull request #3830 from node-red/release-302
• c9b0a7c Bump for 3.0.2
• 371d804 Merge pull request #3776 from hardillb/relaxed-http-req-headers
• be343cb Merge pull request #3812 from bonanitech/workspace-chart-bottom
• e9eabd6 Merge pull request #3802 from Dennis14e/patch-de-2
• abccdc7 Update packages/node_modules/@​node-red/nodes/locales/en-US/messages.json
• 4ae914f Merge pull request #3801 from kazuhitoyokoi/master-subflowcolor
• 86ac955 Merge pull request #3817 from node-red/fix-regex-name-handle
• 9734691 Merge pull request #3808 from bonanitech/overflow-auto
• d94f3a4 Merge pull request #3818 from node-red/fix-subflow-module-node-lookup
• Additional commits viewable in compare view

Updates body-parser from 1.19.0 to 1.20.0

Release notes

Sourced from body-parser's releases.

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

Changelog

Sourced from body-parser's changelog.

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

Commits

• 1f6f58e 1.20.0
• 7861a00 docs: update CI badge link
• 601a076 docs: add security policy
• 77bcc0e deps: qs@6.10.3
• eac5f22 build: Node.js@17.8
• 8611539 build: mocha@9.2.2
• 2a2f471 Fix internal error when inflated body exceeds limit
• 9db582d Fix error message for json parse whitespace in strict
• bd702d2 lint: remove deprecated String.prototype.substr
• 96df60f deps: depd@2.0.0
• Additional commits viewable in compare view

Updates express from 4.17.1 to 4.18.1

Release notes

Sourced from express's releases.

4.18.1

• Fix hanging on large stack of sync routes

4.18.0

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: body-parser@1.20.0
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
• deps: cookie@0.5.0
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: finalhandler@1.2.0
  • Remove set content headers that break response
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
  • Prevent loss of async hooks context
• deps: qs@6.10.3
• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: serve-static@1.15.0
  • deps: send@0.18.0
• deps: statuses@2.0.1
  • Remove code 306
  • Rename 425 Unordered Collection to standard 425 Too Early

... (truncated)

Changelog

Sourced from express's changelog.

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: body-parser@1.20.0
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
• deps: cookie@0.5.0
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: finalhandler@1.2.0
  • Remove set content headers that break response
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
  • Prevent loss of async hooks context
• deps: qs@6.10.3
• deps: send@0.18.0
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: depd@2.0.0
  • deps: destroy@1.2.0
  • deps: http-errors@2.0.0
  • deps: on-finished@2.4.1
  • deps: statuses@2.0.1
• deps: serve-static@1.15.0
  • deps: send@0.18.0

... (truncated)

Commits

• d854c43 4.18.1
• b02a95c build: Node.js@16.15
• 631ada0 Fix hanging on large stack of sync routes
• 75e0c7a bench: remove unused parameter
• e2482b7 build: ejs@3.1.7
• 2df96e3 build: supertest@6.2.3
• a38fae1 build: mocha@9.2.2
• 547fdd4 4.18.0
• 0b330ef bench: print latency and vary connections
• 158a170 build: support Node.js 18.x
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gmacario/learning-nodered/network/alerts).