chore: Bump qs, pouchdb-node, http-server, pouchdb-http, body-parser and request

[dependabot[bot]]

Bumps qs to 6.5.3 and updates ancestor dependencies qs, pouchdb-node, http-server, pouchdb-http, body-parser and request. These dependencies need to be updated together.

Updates qs from 0.6.5 to 6.5.3

Changelog

Sourced from qs's changelog.

6.5.3

• [Fix] parse: ignore __proto__ keys (#428)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source
• [Fix] correctly parse nested arrays
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [Fix] when parseArrays is false, properly handle keys ending in []
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Fix] utils.merge: avoid a crash with a null target and an array source
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] use cached Array.isArray
• [Refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Robustness] stringify: avoid relying on a global undefined (#427)
• [readme] remove travis badge; add github actions/codecov badges; update URLs
• [Docs] Clean up license text so it’s properly detected as BSD-3-Clause
• [Docs] Clarify the need for "arrayLimit" option
• [meta] fix README.md (#399)
• [meta] add FUNDING.yml
• [actions] backport actions from main
• [Tests] always use String(x) over x.toString()
• [Tests] remove nonexistent tape option
• [Dev Deps] backport from main

6.5.2

• [Fix] use safer-buffer instead of Buffer constructor
• [Refactor] utils: module.exports one thing, instead of mutating exports (#230)
• [Dev Deps] update browserify, eslint, iconv-lite, safer-buffer, tape, browserify

6.5.1

• [Fix] Fix parsing & compacting very deep objects (#224)
• [Refactor] name utils functions
• [Dev Deps] update eslint, @ljharb/eslint-config, tape
• [Tests] up to node v8.4; use nvm install-latest-npm so newer npm doesn’t break older node
• [Tests] Use precise dist for Node.js 0.6 runtime (#225)
• [Tests] make 0.6 required, now that it’s passing
• [Tests] on node v8.2; fix npm on node 0.6

6.5.0

• [New] add utils.assign
• [New] pass default encoder/decoder to custom encoder/decoder functions (#206)
• [New] parse/stringify: add ignoreQueryPrefix/addQueryPrefix options, respectively (#213)
• [Fix] Handle stringifying empty objects with addQueryPrefix (#217)
• [Fix] do not mutate options argument (#207)
• [Refactor] parse: cache index to reuse in else statement (#182)
• [Docs] add various badges to readme (#208)
• [Dev Deps] update eslint, browserify, iconv-lite, tape
• [Tests] up to node v8.1, v7.10, v6.11; npm v4.6 breaks on node < v1; npm v5+ breaks on node < v4
• [Tests] add editorconfig-tools

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for qs since your current version.

Updates pouchdb-node from 5.4.5 to 8.0.1

Release notes

Sourced from pouchdb-node's releases.

8.0.1

The first release of the year! This is a patch release, it fixes a bug we introduced during a refactor made in the last release and sets Node 14 in our CI. For a full changelog from 8.0.0 to 8.0.1, please see the releases page or view the latest commits.

Fix this of changesHandler

#8583 #8581 We introduced a bug in the #8450 refactor that has been fixed now.

Use Node 14

#8570 We were testing our CI in GHA against Node 12, which is EOL. Now we are testing against Node 14.

Changelog

Bugfixes

• da5069df (pouchdb#8581) - Fix this of changesHandler

Documentation

• 4dcaac82 docs: release post for 8.0.0
• 0bdb3423 feat: add mastodon verification link
• 40ac7a26 feat(site): faster website uploads, rsync skips files that are already on the server
• ae69d4fb fix(blog): title case
• 3728f020 Update 2022-12-14-pouchdb-8.0.0.md
• c90a0208 Update 2022-12-14-pouchdb-8.0.0.md
• e9bf059c docs: update to version 8.0.0
• 7484e245 docs: update 2022-12-14-pouchdb-8.0.0.md

Testing

• 06bfe891 (pouchdb#8581) - Fix test - Reorder for confirming equal(7)
• 2c81da46 (pouchdb#8581) - Fix test Fix format issues.
• 3d36d2d8 (pouchdb#8581) - Fix test - Rewrite the function to callback-style. - Fix for timings.
• 6a7fd466 (pouchdb#8581) - Fix test.
• ff81fa35 ci: use node 14

Get in touch

As always, we welcome feedback from the community. Please don't hesitate to file issues, open discussions or get in touch. And of course, a big thanks to all of our new and existing contributors!

8.0.0

We are thrilled to announce the release of PouchDB's new major version 8.0.0. For a full changelog from 7.3.1 to 8.0.0, please see the releases page or view the latest commits. Here are the highlights:

Embracing modern ES6+ JS syntax

We have started the process of moving to ES6+ syntax. We made refactors to use native JS classes instead of prototypes, deprecated some packages that implemented features that are now built in the language (inherits, argsarray), and started in packages such as pouchdb-abstract-mapreduce and pouchdb-adapter-http. We encourage you to embrace the syntax in your new contributions and, if you can, contribute to the refactoring effort.

This might mean a potentially breaking change, therefore we bump the major version. If you need to support ES5 we recommend you use a transpiler.

Add activeTasks

... (truncated)

Commits

• fde45b9 build 8.0.1
• dae3e38 Add or update repository field in package.jsons
• 30cc4c9 (#6999) - Fix version
• c6e73ce (#6999) - Update versions for release
• c6f6d32 (#6935) - 6.4 release version updates
• 200cc2f (#6819) - Update package version numbers
• d3e83b6 update versions to prerelease
• 9d962b7 (#6170) - don't expose src directory to npm
• 3e6b6db (#5948) - PouchDB 6.1.0 and blog post
• bdeb242 (#5626) - aggressively bundle pouchdb-browser/pouchdb-node
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by albaherreriasdev, a new releaser for pouchdb-node since your current version.

Updates http-server from 0.9.0 to 14.1.1

Release notes

Sourced from http-server's releases.

v14.1.1

• Patch CVE-2021-44906 @​dpassen (#803)

Other changes

• Bump follow-redirects from 1.14.4 to 1.14.8 @​dependabot (#794)

v14.1.0

This release contains an emergency fix which replaces colors.js with chalk. See #781 for more info and discussion, and Marak/colors.js#285 for broader discussion about colors.js.

• Switch from colors to chalk @​zbynek (#785)

v14.0.0

Breaking changes

• Add encoding charset sniffing @​boarwell (#736)
• Drop Node.js 10 support @​boarwell (#739)
  • Required to support charset sniffing

Features and enhancements

• add passphrase option @​chris--jones (#746)
• Make --ssl an alias for --tls @​thornjad (#747)
• add ability to pass proxyOptions @​yannickglt (#688)
• Replace mkdirp in tests with native JS @​thornjad (#743)
• Implement displaying last modified date in index @​owenl131 (#737)
• Adds version number to server startup output @​Innoveramera (#734)

Bug Fixes

• Don't crash when file path errors @​thornjad (#753)
• Fix CORS option detection @​thornjad (#748)
• fix crash on redirect with formfeed in URL @​thornjad (#749)
• Fixes --proxy without a protocol throwing an uncaught error @​Ratcoder (#742)
• Fix tests EACCESS by finding an open port every time @​thornjad (#741)
• Use relative paths in directory listing #661 @​boarwell (#732)

Other changes

• Add Contributing guide @​thornjad (#752)
• Eslint config - replace common-style with eslint-config-populist @​chris--jones (#744)
• Update some dependencies @​thornjad (#740)

Full Changelog: https://github.com/http-party/http-server/compare/v13.0.2...v14.0.0

v13.1.0

This release contains an emergency backport from v14.1.0 which replaces colors.js with chalk

• Switch from colors to chalk @​zbynek (#785)

... (truncated)

Commits

• af0ac3e 14.1.1
• e5301d3 update license year
• 318c55f Merge pull request #794 from http-party/dependabot/npm_and_yarn/follow-redire...
• 284a0b0 Merge pull request #803 from dpassen/patch-CVE-2021-44906
• 17cc8d6 Patch CVE-2021-44906
• dc2fcf0 Bump follow-redirects from 1.14.4 to 1.14.8
• 33a6639 Update SECURITY.md
• 251d4a1 Update support commitments for Jan 2022
• e16ed1d 14.1.0
• 56bdf6e Merge pull request #785 from zbynek/use-chalk
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by thornjad, a new releaser for http-server since your current version.

Updates pouchdb-http from 5.4.6 to 6.0.2

Commits

• See full diff in compare view

Updates body-parser from 1.19.0 to 1.20.2

Release notes

Sourced from body-parser's releases.

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

Changelog

Sourced from body-parser's changelog.

1.20.2 / 2023-02-21

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

1.20.1 / 2022-10-06

• deps: qs@6.11.0
• perf: remove unnecessary object clone

1.20.0 / 2022-04-02

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

1.19.2 / 2022-02-15

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

1.19.1 / 2021-12-10

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6

... (truncated)

Commits

• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• 0385872 deps: raw-body@2.5.2
• 2c35b41 build: eslint@8.34.0
• f0646c2 build: Node.js@18.14
• f345fb1 build: Node.js@14.21
• 6842efc deps: content-type@~1.0.5
• 5af7315 build: eslint-plugin-promise@6.1.1
• 8e605b3 build: supertest@6.3.3
• cba6e77 build: mocha@10.2.0
• Additional commits viewable in compare view

Updates request from 2.72.0 to 2.88.2

Changelog

Sourced from request's changelog.

Change Log

v2.88.0 (2018/08/10)

• #2996 fix(uuid): import versioned uuid (@​kwonoj)
• #2994 Update to oauth-sign 0.9.0 (@​dlecocq)
• #2993 Fix header tests (@​simov)
• #2904 #515, #2894 Strip port suffix from Host header if the protocol is known. (#2904) (@​paambaati)
• #2791 Improve AWS SigV4 support. (#2791) (@​vikhyat)
• #2977 Update test certificates (@​simov)

v2.87.0 (2018/05/21)

• #2943 Replace hawk dependency with a local implemenation (#2943) (@​hueniverse)

v2.86.0 (2018/05/15)

• #2885 Remove redundant code (for Node.js 0.9.4 and below) and dependency (@​ChALkeR)
• #2942 Make Test GREEN Again! (@​simov)
• #2923 Alterations for failing CI tests (@​gareth-robinson)

v2.85.0 (2018/03/12)

• #2880 Revert "Update hawk to 7.0.7 (#2880)" (@​simov)

v2.84.0 (2018/03/12)

• #2793 Fixed calculation of oauth_body_hash, issue #2792 (@​dvishniakov)
• #2880 Update hawk to 7.0.7 (#2880) (@​kornel-kedzierski)

v2.83.0 (2017/09/27)

• #2776 Updating tough-cookie due to security fix. (#2776) (@​karlnorling)

v2.82.0 (2017/09/19)

• #2703 Add Node.js v8 to Travis CI (@​ryysud)
• #2751 Update of hawk and qs to latest version (#2751) (@​Olivier-Moreau)
• #2658 Fixed some text in README.md (#2658) (@​Marketionist)
• #2635 chore(package): update aws-sign2 to version 0.7.0 (#2635) (@​greenkeeperio-bot)
• #2641 Update README to simplify & update convenience methods (#2641) (@​FredKSchott)
• #2541 Add convenience method for HTTP OPTIONS (#2541) (@​jamesseanwright)
• #2605 Add promise support section to README (#2605) (@​FredKSchott)
• #2579 refactor(lint): replace eslint with standard (#2579) (@​ahmadnassri)
• #2598 Update codecov to version 2.0.2 🚀 (@​greenkeeperio-bot)
• #2590 Adds test-timing keepAlive test (@​nicjansma)
• #2589 fix tabulation on request example README.MD (@​odykyi)
• #2594 chore(dependencies): har-validator to 5.x [removes babel dep] (@​ahmadnassri)

v2.81.0 (2017/03/09)

• #2584 Security issue: Upgrade qs to version 6.4.0 (@​sergejmueller)
• #2578 safe-buffer doesn't zero-fill by default, its just a polyfill. (#2578) (@​mikeal)
• #2566 Timings: Tracks 'lookup', adds 'wait' time, fixes connection re-use (#2566) (@​nicjansma)
• #2574 Migrating to safe-buffer for improved security. (@​mikeal)
• #2573 fixes #2572 (@​ahmadnassri)

v2.80.0 (2017/03/04)

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nolanlawson/html5workertest/network/alerts).