Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.0.12 to 4.1.0. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
*Sourced from [The npm Advisory Database](https://npmjs.com/advisories/755).*
> **Prototype Pollusion**
> All versions of `handlebars` are vulnerable to Prototype Pollusion. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server.
>
> Affected versions: <=4.0.12
</details>
<details>
<summary>Changelog</summary>
*Sourced from [handlebars's changelog](https://github.com/wycats/handlebars.js/blob/v4.1.0/release-notes.md).*
> ## v4.1.0 - February 7th, 2019
> New Features
>
> - import TypeScript typings - 27ac1ee
>
> Security fixes:
>
> - disallow access to the constructor in templates to prevent RCE - 42841c4, [#1495](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1495)
>
> Housekeeping
>
> - chore: fix components/handlebars package.json and auto-update on release - bacd473
> - chore: Use node 10 to build handlebars - 78dd89c
> - chore/doc: Add more release docs - 6b87c21
>
> Compatibility notes:
>
> Access to class constructors (i.e. `({}).constructor`) is now prohibited to prevent
> Remote Code Execution. This means that following construct will no work anymore:
>
> ```
> class SomeClass {
> }
>
> SomeClass.staticProperty = 'static'
>
> var template = Handlebars.compile('{{constructor.staticProperty}}');
> document.getElementById('output').innerHTML = template(new SomeClass());
> // expected: 'static', but now this is empty.
> ```
>
> This kind of access is not the intended use of Handlebars and leads to the vulnerability described in [#1495](https://github-redirect.dependabot.com/wycats/handlebars.js/issues/1495). We will **not** increase the major version, because such use is not intended or documented, and because of the potential impact of the issue (we fear that most people won't use a new major version and the issue may not be resolved on many systems).
>
>
>
> [Commits](https://github.com/wycats/handlebars.js/compare/v4.0.12...v4.1.0)
</details>
<details>
<summary>Commits</summary>
- [`7caca94`](7caca944b1) v4.1.0
- [`7bd34fb`](7bd34fb466) Update release notes
- [`56fc676`](56fc6768d1) test: run appveyor tests in Node 10
- [`ee30222`](ee3022228b) chore: disable sauce-labs
- [`05e6293`](05e6293bb3) chore: bump version of grunt-saucelabs
- [`2db0d12`](2db0d123c8) chore: add .idea and yarn-error.log to .gitignore
- [`edc6220`](edc6220d51) fix: disallow access to the constructor in templates to prevent RCE
- [`bacd473`](bacd473fe6) chore: fix components/handlebars package.json and auto-update on release
- [`27ac1ee`](27ac1ee396) Feat: Import TypeScript typings
- [`78dd89c`](78dd89c13a) chore: Use node 10 to build handlebars
- Additional commits viewable in [compare view](https://github.com/wycats/handlebars.js/compare/v4.0.12...v4.1.0)
</details>
<br />
[](https://dependabot.com/compatibility-score.html?dependency-name=handlebars&package-manager=npm_and_yarn&previous-version=4.0.12&new-version=4.1.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
</details>
Bumps [aetna](https://github.com/pressbooks/aetna) from 1.0.0-alpha.22 to 1.0.0-alpha.24.
<details>
<summary>Commits</summary>
- See full diff in [compare view](https://github.com/pressbooks/aetna/commits)
</details>
<br />
[](https://dependabot.com/compatibility-score.html?dependency-name=aetna&package-manager=npm_and_yarn&previous-version=1.0.0-alpha.22&new-version=1.0.0-alpha.24)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
</details>
Bumps [atob](https://github.com/coolaj86/node-browser-compat) from 2.0.3 to 2.1.2. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/e391a58d-4a81-448b-8ffc-e19016807d73).*
> **CWE-125: Out-of-bounds Read**
> The software reads data past the end, or before the beginning, of the intended buffer.
>
> Affected versions: <=2.0.3
*Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/403.json).*
> **Out-of-bounds Read**
> `atob` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below
>
> Affected versions: <=2.0.3
</details>
<details>
<summary>Commits</summary>
- See full diff in [compare view](https://github.com/coolaj86/node-browser-compat/commits)
</details>
<br />
[](https://dependabot.com/compatibility-score.html?dependency-name=atob&package-manager=npm_and_yarn&previous-version=2.0.3&new-version=2.1.2)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
</details>
Bumps [marked](https://github.com/markedjs/marked) from 0.3.6 to 0.3.19. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/9ad1891d-443b-4ea0-b2f4-8fea2745533c).*
> **[CVE-2017-1000427] marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI...**
> marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
>
> Affected versions: <=0.3.6
*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/934cfc24-3eba-4ebb-8bac-b53b7ed08c59).*
> **CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')**
> The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
>
> Affected versions: <=0.3.6
*Sourced from The GitHub Security Advisory Database.*
> **High severity vulnerability that affects marked**
> The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
>
> Affected versions: <0.3.9
*Sourced from The GitHub Security Advisory Database.*
> **Moderate severity vulnerability that affects marked**
> A Regular expression Denial of Service (ReDoS) vulnerability in the file marked.js of the marked npm package (tested on version 0.3.7) allows a remote attacker to overload and crash a server by passing a maliciously crafted string.
>
> Affected versions: < 0.3.9
</details>
<details>
<summary>Release notes</summary>
*Sourced from [marked's releases](https://github.com/markedjs/marked/releases).*
> ## 0.3.18 minified required new release
> 0.3.18 did not have changes to min.
>
> ## Minor fixes and updated docs
> - Supported Markdown flavors: CommonMark 0.28 and GitHub Flavored Markdown 0.28
> - Updates to our CI pipeline; we're all green! [#1098](https://github-redirect.dependabot.com/markedjs/marked/issues/1098) with the caveat that there is a test that needs to get sorted (help us out [#1092](https://github-redirect.dependabot.com/markedjs/marked/issues/1092))
> - Start ordered lists using the initial numbers from markdown lists ([#1144](https://github-redirect.dependabot.com/markedjs/marked/issues/1144))
> - Added GitHub Pages site for documentation https://marked.js.org/ ([#1138](https://github-redirect.dependabot.com/markedjs/marked/issues/1138))
>
> ## Processes and tools
> - The elephant in the room: A security vulnerability was discovered and fixed. Please note, if something breaks due to these changes, it was not our intent, and please let us know by submitting a PR or issue to course correct (the nature of the zero-major release and having security as a number one priority) [#1083](https://github-redirect.dependabot.com/markedjs/marked/issues/1083)
> - The other elephant in the room: We missed publishing a 0.3.16 release to GitHub; so, trying to make up for that a bit.
> - Updates to the project documentation and operations, you should check it out, just start with the README and you should be good.
> - New release PR template available [#1076](https://github-redirect.dependabot.com/markedjs/marked/issues/1076)
> - Updates to default PR and Issue templates [#1076](https://github-redirect.dependabot.com/markedjs/marked/issues/1076)
> - Lint checks + tests + continuous integration using Travis [#1020](https://github-redirect.dependabot.com/markedjs/marked/issues/1020)
> - Updated testing output [#1085](https://github-redirect.dependabot.com/markedjs/marked/issues/1085) & [#1087](https://github-redirect.dependabot.com/markedjs/marked/issues/1087)
>
> ## Fix capturing parens
> Fixes unintended breaking change from v0.3.14
>
> ## New year, new home
> - Marked has a new home under the MarkedJS org! Other advances soon to come.
> - Updated minifier.
> - Various parser fixes
>
> ## New Year, new Marked!
> - Addresses issue where some users might not have been able to update due to missing `use strict` [#991](https://github-redirect.dependabot.com/markedjs/marked/issues/991)
> - Parser fix [#977](https://github-redirect.dependabot.com/markedjs/marked/issues/977)
> - New way to perform tests with options and running individual tests [#1002](https://github-redirect.dependabot.com/markedjs/marked/issues/1002)
> - Improved test cases
> - Improved links
>
> ## Merry XSSmas
> We think with this version we have addressed most, if not all, known security vulnerabilities. If you find more, please let us know.
>
> ## XSS
> Should fix XSS issue discovered.
</details>
<details>
<summary>Commits</summary>
- [`5d1baa4`](5d1baa4d7c) Merge pull request [#1157](https://github-redirect.dependabot.com/markedjs/marked/issues/1157) from markedjs/release-0.3.19
- [`a089991`](a089991fe3) Merge pull request [#64](https://github-redirect.dependabot.com/markedjs/marked/issues/64) from fidian/master
- [`ad6c7f9`](ad6c7f9125) Merge pull request [#1156](https://github-redirect.dependabot.com/markedjs/marked/issues/1156) from UziTech/docs-navigation
- [`03e015c`](03e015ca91) 0.3.19
- [`cf2def0`](cf2def076f) minify
- [`29f4190`](29f4190117) Ignore DS_Store on macos
- [`f29bceb`](f29bceb025) Update publishing template ([#1154](https://github-redirect.dependabot.com/markedjs/marked/issues/1154))
- [`210eed7`](210eed715b) Update badge template ([#1155](https://github-redirect.dependabot.com/markedjs/marked/issues/1155))
- [`9c01b83`](9c01b83370) link to README.md
- [`fd9f444`](fd9f444133) add github ribbon
- Additional commits viewable in [compare view](https://github.com/markedjs/marked/compare/v0.3.6...v0.3.19)
</details>
<br />
[](https://dependabot.com/compatibility-score.html?dependency-name=marked&package-manager=npm_and_yarn&previous-version=0.3.6&new-version=0.3.19)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
</details>
Bumps [stringstream](https://github.com/mhart/StringStream) from 0.0.5 to 0.0.6. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
*Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/422.json).*
> **Out-of-bounds Read**
> `stringstream` allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below
>
> Affected versions: <=0.0.5
*Sourced from [The Node Security Working Group](https://github.com/nodejs/security-wg/blob/master/vuln/npm/422.json).*
> **Out-of-bounds Read**
> `stringstream` allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below
>
> Affected versions: <=0.0.5
</details>
<details>
<summary>Commits</summary>
- [`fee31c5`](fee31c5c4a) 0.0.6
- [`2f4a9d4`](2f4a9d496f) Merge pull request [#9](https://github-redirect.dependabot.com/mhart/StringStream/issues/9) from mhart/fix-buffer-constructor-vuln
- [`afbc744`](afbc744222) Ensure data is not a number in Buffer constructor
- See full diff in [compare view](https://github.com/mhart/StringStream/compare/v0.0.5...v0.0.6)
</details>
<br />
[](https://dependabot.com/compatibility-score.html?dependency-name=stringstream&package-manager=npm_and_yarn&previous-version=0.0.5&new-version=0.0.6)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
</details>
Bumps [superagent](https://github.com/visionmedia/superagent) from 3.6.0 to 3.8.3. **This update includes security fixes.**
<details>
<summary>Vulnerabilities fixed</summary>
*Sourced from The GitHub Security Advisory Database.*
> **Low severity vulnerability that affects superagent**
> The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.
>
> Affected versions: <3.7.0
*Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/6b42d0b8-d68c-4f60-8815-a51f4a3efa29).*
> **CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)**
> The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
>
> Affected versions: <3.7.0
</details>
<details>
<summary>Release notes</summary>
*Sourced from [superagent's releases](https://github.com/visionmedia/superagent/releases).*
> ## v3.8.3
>
> * Add flags for 201 & 422 responses (Nikhil Fadnis)
> * Emit progress event while uploading Node `Buffer` via send method (Sergey Akhalkov)
> * Fixed setting correct cookies for redirects (Damien Clark)
> * Replace .catch with ['catch'] for IE9 Support (Miguel Stevens)
>
> ## v3.8.2
>
> * Fixed handling of exceptions thrown from callbacks
> * Stricter matching of `+json` MIME types.
>
> ## v3.8.1
>
> * Clear authorization header on cross-domain redirect
>
> ## v3.8.0
>
> * Added support for "globally" defined headers and event handlers via `superagent.agent()`. It now remembers default settings for all its requests.
> * Added optional callback to `.retry()` (Alexander Murphy)
> * Unified auth args handling in node/browser (Edmundo Alvarez)
> * Fixed error handling in zlib pipes (Kornel)
> * Documented that 3xx status codes are errors (Mickey Reiss)
>
> ## v3.7.0
>
> * Limit maximum response size. Prevents zip bombs (Kornel)
> * Catch and pass along errors in `.ok()` callback (Jeremy Ruppel)
> * Fixed parsing of XHR headers without a newline (nsf)
>
> ## v3.6.2
>
> * Upgrade MIME type dependency to a newer, secure version
> * Recognize PDF MIME as binary
> * Fix for error in subsequent require() calls (Steven de Salas)
</details>
<details>
<summary>Changelog</summary>
*Sourced from [superagent's changelog](https://github.com/visionmedia/superagent/blob/master/History.md).*
> # 3.8.3 (2018-04-29)
>
> * Add flags for 201 & 422 responses (Nikhil Fadnis)
> * Emit progress event while uploading Node `Buffer` via send method (Sergey Akhalkov)
> * Fixed setting correct cookies for redirects (Damien Clark)
> * Replace .catch with ['catch'] for IE9 Support (Miguel Stevens)
>
> # 3.8.2 (2017-12-09)
>
> * Fixed handling of exceptions thrown from callbacks
> * Stricter matching of `+json` MIME types.
>
> # 3.8.1 (2017-11-08)
>
> * Clear authorization header on cross-domain redirect
>
> # 3.8.0
>
> * Added support for "globally" defined headers and event handlers via `superagent.agent()`. It now remembers default settings for all its requests.
> * Added optional callback to `.retry()` (Alexander Murphy)
> * Unified auth args handling in node/browser (Edmundo Alvarez)
> * Fixed error handling in zlib pipes (Kornel)
> * Documented that 3xx status codes are errors (Mickey Reiss)
>
> # 3.7.0 (2017-10-17)
>
> * Limit maximum response size. Prevents zip bombs (Kornel)
> * Catch and pass along errors in `.ok()` callback (Jeremy Ruppel)
> * Fixed parsing of XHR headers without a newline (nsf)
>
> # 3.6.2 (2017-10-02)
>
> * Upgrade MIME type dependency to a newer, secure version
> * Recognize PDF MIME as binary
> * Fix for error in subsequent require() calls (Steven de Salas)
</details>
<details>
<summary>Commits</summary>
- [`295dfcd`](295dfcdace) Bump
- [`c2f65c6`](c2f65c665c) Lock marked version due to bug
- [`75d1ca0`](75d1ca0751) Fix [#1366](https://github-redirect.dependabot.com/visionmedia/superagent/issues/1366) docs
- [`bf1a87a`](bf1a87ab75) Merge pull request [#1360](https://github-redirect.dependabot.com/visionmedia/superagent/issues/1360) from itsfadnis/flags_for_201_and_422
- [`386f702`](386f7021e8) Add flags for 201 & 422 responses
- [`d70933c`](d70933ce58) Make GitHub happy
- [`b176c0e`](b176c0e953) Be super clear piping in superagent breaks everything else
- [`336b51e`](336b51e8f8) Merge pull request [#1351](https://github-redirect.dependabot.com/visionmedia/superagent/issues/1351) from jedwards1211/patch-2
- [`038bd46`](038bd464d8) file => field
- [`a6fc595`](a6fc5959c7) typo fix
- Additional commits viewable in [compare view](https://github.com/visionmedia/superagent/compare/v3.6.0...v3.8.3)
</details>
<br />
[](https://dependabot.com/compatibility-score.html?dependency-name=superagent&package-manager=npm_and_yarn&previous-version=3.6.0&new-version=3.8.3)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
</details>
Bumps [composer/installers](https://github.com/composer/installers) from 1.5.0 to 1.6.0.
<details>
<summary>Changelog</summary>
*Sourced from [composer/installers's changelog](https://github.com/composer/installers/blob/master/CHANGELOG.md).*
> # Change Log
>
> ## [Unreleased]
</details>
<details>
<summary>Commits</summary>
- [`cfcca6b`](cfcca6b1b6) Merge pull request [#397](https://github-redirect.dependabot.com/composer/installers/issues/397) from harmenjanssen/normalize-october-plugin
- [`8da283a`](8da283adf7) Normalise vendor directory containing hyphen
- [`5d15e4e`](5d15e4e9aa) Merge pull request [#376](https://github-redirect.dependabot.com/composer/installers/issues/376) from thomscode/disable-installers
- [`78eb8ca`](78eb8ca263) Add use statements in place of fully qualified namespaces
- [`4bff163`](4bff1637ea) Merge branch 'master' into disable-installers
- [`a118c5b`](a118c5bbb5) Merge pull request [#391](https://github-redirect.dependabot.com/composer/installers/issues/391) from davidbarratt/mediawiki-core
- [`2353998`](2353998d5a) Add MediaWiki Core
- [`c3c5297`](c3c5297a3b) Add false as an option to prevent installers from being disabled.
- [`3806135`](38061358f2) Update documentation to include false option
- [`1aa22c1`](1aa22c1756) Merge branch 'master' into disable-installers
- Additional commits viewable in [compare view](https://github.com/composer/installers/compare/v1.5.0...v1.6.0)
</details>
<br />
[](https://dependabot.com/compatibility-score.html?dependency-name=composer/installers&package-manager=composer&previous-version=1.5.0&new-version=1.6.0)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
---
**Note:** This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.
You can always request more updates by clicking `Bump now` in your [Dependabot dashboard](https://app.dependabot.com).
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
</details>
Dac Chartrand