Bumps [stringstream](https://github.com/mhart/StringStream) from 0.0.5 to 0.0.6. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
*Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/422.json).*
> **Out-of-bounds Read**
> `stringstream` allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below
>
> Affected versions: <=0.0.5
*Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/422.json).*
> **Out-of-bounds Read**
> `stringstream` allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below
>
> Affected versions: <=0.0.5
</details>
<details>
<summary>Commits</summary>
- [`fee31c5`](fee31c5c4a) 0.0.6
- [`2f4a9d4`](2f4a9d496f) Merge pull request [#9](https://github-redirect.dependabot.com/mhart/StringStream/issues/9) from mhart/fix-buffer-constructor-vuln
- [`afbc744`](afbc744222) Ensure data is not a number in Buffer constructor
- See full diff in [compare view](https://github.com/mhart/StringStream/compare/v0.0.5...v0.0.6)
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=stringstream&package-manager=npm_and_yarn&previous-version=0.0.5&new-version=0.0.6)](https://dependabot.com/compatibility-score.html?dependency-name=stringstream&package-manager=npm_and_yarn&previous-version=0.0.5&new-version=0.0.6)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
</details>
Bumps [superagent](https://github.com/visionmedia/superagent) from 3.6.0 to 3.8.3. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
*Sourced from The GitHub Security Advisory Database.*
> **Low severity vulnerability that affects superagent**
> The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
>
> Affected versions: <3.7.0
*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/6b42d0b8-d68c-4f60-8815-a51f4a3efa29).*
> **CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)**
> The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
>
> Affected versions: <3.7.0
</details>
<details>
<summary>Release notes</summary>
*Sourced from [superagent's releases](https://github.com/visionmedia/superagent/releases).*
> ## v3.8.3
>
> * Add flags for 201 & 422 responses (Nikhil Fadnis)
> * Emit progress event while uploading Node `Buffer` via send method (Sergey Akhalkov)
> * Fixed setting correct cookies for redirects (Damien Clark)
> * Replace .catch with ['catch'] for IE9 Support (Miguel Stevens)
>
> ## v3.8.2
>
> * Fixed handling of exceptions thrown from callbacks
> * Stricter matching of `+json` MIME types.
>
> ## v3.8.1
>
> * Clear authorization header on cross-domain redirect
>
> ## v3.8.0
>
> * Added support for "globally" defined headers and event handlers via `superagent.agent()`. It now remembers default settings for all its requests.
> * Added optional callback to `.retry()` (Alexander Murphy)
> * Unified auth args handling in node/browser (Edmundo Alvarez)
> * Fixed error handling in zlib pipes (Kornel)
> * Documented that 3xx status codes are errors (Mickey Reiss)
>
> ## v3.7.0
>
> * Limit maximum response size. Prevents zip bombs (Kornel)
> * Catch and pass along errors in `.ok()` callback (Jeremy Ruppel)
> * Fixed parsing of XHR headers without a newline (nsf)
>
> ## v3.6.2
>
> * Upgrade MIME type dependency to a newer, secure version
> * Recognize PDF MIME as binary
> * Fix for error in subsequent require() calls (Steven de Salas)
</details>
<details>
<summary>Changelog</summary>
*Sourced from [superagent's changelog](https://github.com/visionmedia/superagent/blob/master/History.md).*
> # 3.8.3 (2018-04-29)
>
> * Add flags for 201 & 422 responses (Nikhil Fadnis)
> * Emit progress event while uploading Node `Buffer` via send method (Sergey Akhalkov)
> * Fixed setting correct cookies for redirects (Damien Clark)
> * Replace .catch with ['catch'] for IE9 Support (Miguel Stevens)
>
> # 3.8.2 (2017-12-09)
>
> * Fixed handling of exceptions thrown from callbacks
> * Stricter matching of `+json` MIME types.
>
> # 3.8.1 (2017-11-08)
>
> * Clear authorization header on cross-domain redirect
>
> # 3.8.0
>
> * Added support for "globally" defined headers and event handlers via `superagent.agent()`. It now remembers default settings for all its requests.
> * Added optional callback to `.retry()` (Alexander Murphy)
> * Unified auth args handling in node/browser (Edmundo Alvarez)
> * Fixed error handling in zlib pipes (Kornel)
> * Documented that 3xx status codes are errors (Mickey Reiss)
>
> # 3.7.0 (2017-10-17)
>
> * Limit maximum response size. Prevents zip bombs (Kornel)
> * Catch and pass along errors in `.ok()` callback (Jeremy Ruppel)
> * Fixed parsing of XHR headers without a newline (nsf)
>
> # 3.6.2 (2017-10-02)
>
> * Upgrade MIME type dependency to a newer, secure version
> * Recognize PDF MIME as binary
> * Fix for error in subsequent require() calls (Steven de Salas)
</details>
<details>
<summary>Commits</summary>
- [`295dfcd`](295dfcdace) Bump
- [`c2f65c6`](c2f65c665c) Lock marked version due to bug
- [`75d1ca0`](75d1ca0751) Fix [#1366](https://github-redirect.dependabot.com/visionmedia/superagent/issues/1366) docs
- [`bf1a87a`](bf1a87ab75) Merge pull request [#1360](https://github-redirect.dependabot.com/visionmedia/superagent/issues/1360) from itsfadnis/flags_for_201_and_422
- [`386f702`](386f7021e8) Add flags for 201 & 422 responses
- [`d70933c`](d70933ce58) Make GitHub happy
- [`b176c0e`](b176c0e953) Be super clear piping in superagent breaks everything else
- [`336b51e`](336b51e8f8) Merge pull request [#1351](https://github-redirect.dependabot.com/visionmedia/superagent/issues/1351) from jedwards1211/patch-2
- [`038bd46`](038bd464d8) file => field
- [`a6fc595`](a6fc5959c7) typo fix
- Additional commits viewable in [compare view](https://github.com/visionmedia/superagent/compare/v3.6.0...v3.8.3)
</details>
<br />
[![Dependabot compatibility score](https://api.dependabot.com/badges/compatibility_score?dependency-name=superagent&package-manager=npm_and_yarn&previous-version=3.6.0&new-version=3.8.3)](https://dependabot.com/compatibility-score.html?dependency-name=superagent&package-manager=npm_and_yarn&previous-version=3.6.0&new-version=3.8.3)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
</details>