[Security] Bump qs from 6.3.0 to 6.3.2

[dependabot-preview[bot]]

Bumps qs from 6.3.0 to 6.3.2. This update includes security fixes.

Vulnerabilities fixed

*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/f57acfe9-36e7-427e-8f4a-d6bdfdc02024).* > **[CVE-2017-1000048] Improper Input Validation** > the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash. > > Affected versions: 1.0.0; 1.0.1; 1.0.2; 1.1.0; 1.2.0; 1.2.1; 2.3.1; 2.3.2; 2.3.3; 2.4.0; 2.4.1; 2.4.2; 3.0.0; 3.1.0; 4.0.0; 5.0.0; 5.1.0; 5.2.0; 5.2.1; 6.0.0; 6.0.1; 6.0.2; 6.0.3; 6.1.0; 6.1.1; 6.2.0; 6.2.1; 6.2.2; 6.3.0; 6.3.1

Changelog

*Sourced from [qs's changelog](https://github.com/ljharb/qs/blob/master/CHANGELOG.md).* > ## **6.3.2** > - [Fix] follow `allowPrototypes` option during merge ([#201](https://github-redirect.dependabot.com/ljharb/qs/issues/201), [#200](https://github-redirect.dependabot.com/ljharb/qs/issues/200)) > - [Dev Deps] update `eslint` > - [Fix] chmod a-x > - [Fix] support keys starting with brackets ([#202](https://github-redirect.dependabot.com/ljharb/qs/issues/202), [#200](https://github-redirect.dependabot.com/ljharb/qs/issues/200)) > - [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds > > ## **6.3.1** > - [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.prototype properties (thanks, [**snyk**](https://github.com/snyk)!) > - [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify`, `iconv-lite`, `qs-iconv`, `tape` > - [Tests] on all node minors; improve test matrix > - [Docs] document stringify option `allowDots` ([#195](https://github-redirect.dependabot.com/ljharb/qs/issues/195)) > - [Docs] add empty object and array values example ([#195](https://github-redirect.dependabot.com/ljharb/qs/issues/195)) > - [Docs] Fix minor inconsistency/typo ([#192](https://github-redirect.dependabot.com/ljharb/qs/issues/192)) > - [Docs] document stringify option `sort` ([#191](https://github-redirect.dependabot.com/ljharb/qs/issues/191)) > - [Refactor] `stringify`: throw faster with an invalid encoder > - [Refactor] remove unnecessary escapes ([#184](https://github-redirect.dependabot.com/ljharb/qs/issues/184)) > - Remove contributing.md, since `qs` is no longer part of `hapi` ([#183](https://github-redirect.dependabot.com/ljharb/qs/issues/183))

Commits

- [`9ee5612`](https://github.com/ljharb/qs/commit/9ee56121311dac6b6014bfe56b3df0ebbf4ed048) v6.3.2 - [`0a63fc8`](https://github.com/ljharb/qs/commit/0a63fc8686bcc89d939522913762d1c6b1c4faa5) [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they b... - [`8e1f3e7`](https://github.com/ljharb/qs/commit/8e1f3e743e81df157ccffea20b461ab6e499a795) [Fix] support keys starting with brackets. - [`febe81a`](https://github.com/ljharb/qs/commit/febe81ad7e9120fab8db1897ec98c92297249a7c) [Fix] chmod a-x - [`e54c5ec`](https://github.com/ljharb/qs/commit/e54c5ec8e20e3beacddff4d775d1a29bcaa47dc1) [Dev Deps] update `eslint` - [`8e2af08`](https://github.com/ljharb/qs/commit/8e2af085b448eeb0b8068f4c7828e6a68c910058) [Fix] follow `allowPrototypes` option during merge - [`153ce84`](https://github.com/ljharb/qs/commit/153ce84948845330d90178cbad982fc7371df538) v6.3.1 - [`d73b7a6`](https://github.com/ljharb/qs/commit/d73b7a6cb2f0b2cfb0e73a6aeefde8cdcb521a98) [Dev Deps] update `eslint`, `@ljharb/eslint-config`, `browserify` - [`beade02`](https://github.com/ljharb/qs/commit/beade029171b8cef9cee0d03ebe577e2dd84976d) [Fix] ensure that `allowPrototypes: false` does not ever shadow Object.protot... - [`8bd4c6c`](https://github.com/ljharb/qs/commit/8bd4c6cf12898f469838980317fec92007e5112a) Document allowDots option for stringify - Additional commits viewable in [compare view](https://github.com/ljharb/qs/compare/v6.3.0...v6.3.2)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.