Bump qs from 6.5.2 to 6.8.0

[dependabot-preview]

Bumps qs from 6.5.2 to 6.8.0.

Changelog

Sourced from qs's changelog.

6.8.0

• [New] add depth=false to preserve the original key; [Fix] depth=0 should preserve the original key (#326)
• [New] [Fix] stringify symbols and bigints
• [Fix] ensure node 0.12 can stringify Symbols
• [Fix] fix for an impossible situation: when the formatter is called with a non-string value
• [Refactor] formats: tiny bit of cleanup.
• [Dev Deps] update eslint, @ljharb/eslint-config, browserify, safe-publish-latest, iconv-lite, tape
• [Tests] add tests for depth=0 and depth=false behavior, both current and intuitive/intended (#326)
• [Tests] use eclint instead of editorconfig-tools
• [docs] readme: add security note
• [meta] add github sponsorship
• [meta] add FUNDING.yml
• [meta] Clean up license text so it’s properly detected as BSD-3-Clause

6.7.0

• [New] stringify/parse: add comma as an arrayFormat option (#276, #219)
• [Fix] correctly parse nested arrays (#212)
• [Fix] utils.merge: avoid a crash with a null target and a truthy non-array source, also with an array source
• [Robustness] stringify: cache Object.prototype.hasOwnProperty
• [Refactor] utils: isBuffer: small tweak; add tests
• [Refactor] use cached Array.isArray
• [Refactor] parse/stringify: make a function to normalize the options
• [Refactor] utils: reduce observable [[Get]]s
• [Refactor] stringify/utils: cache Array.isArray
• [Tests] always use String(x) over x.toString()
• [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
• [Tests] temporarily allow coverage to fail

6.6.0

• [New] Add support for iso-8859-1, utf8 "sentinel" and numeric entities (#268)
• [New] move two-value combine to a utils function (#189)
• [Fix] stringify: fix a crash with strictNullHandling and a custom filter/serializeDate (#279)
• [Fix] when parseArrays is false, properly handle keys ending in [] (#260)
• [Fix] stringify: do not crash in an obscure combo of interpretNumericEntities, a bad custom decoder, & iso-8859-1
• [Fix] utils: merge: fix crash when source is a truthy primitive & no options are provided
• [refactor] stringify: Avoid arr = arr.concat(...), push to the existing instance (#269)
• [Refactor] parse: only need to reassign the var once
• [Refactor] parse/stringify: clean up charset options checking; fix defaults
• [Refactor] add missing defaults
• [Refactor] parse: one less concat call
• [Refactor] utils: compactQueue: make it explicitly side-effecting
• [Dev Deps] update browserify, eslint, @ljharb/eslint-config, iconv-lite, safe-publish-latest, tape
• [Tests] up to node v10.10, v9.11, v8.12, v6.14, v4.9; pin included builds to LTS

Commits

• 7ebe4ad v6.8.0
• d1d06a6 [Dev Deps] update eslint, @ljharb/eslint-config, browserify, `safe-publ...
• 649f05f [New] add depth=false to preserve the original key; [Fix] depth=0 should ...
• a30e4b1 [Tests] add tests for depth=0 and depth=false behavior, both current and ...
• 360ec16 [Tests] use eclint instead of editorconfig-tools
• b14b638 [Dev Deps] update eslint, iconv-lite, browserify, tape
• 82c4a5f add github sponsorship
• 4a1cf05 readme: add security note
• a07882f add FUNDING.yml
• 3b40167 [Fix] ensure node 0.12 can stringify Symbols
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes a minor update to a production dependency.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

Superseded by #612.