Update QS as it vulnerable

[Delagen]

https://snyk.io/vuln/npm:qs:20170213

[dougwilson]

We don't use the part of the qs module that has the vulnerability, so it is not necessary to update for any protection. We will however release an update regardless.

[dougwilson]

I thought I released this last week, but from that link:

March 6th, 2017 - Final fix released in version 6.4.0.

What the fuck. It's basically impossible not to play release a new version with an updated qs game.

[Delagen]

We don't use the part of the qs module that has the vulnerability, so it is not necessary to update for any protection. We will however release an update regardless.

May use another module with more specific functionality?

[dougwilson]

If you know one, please let me know and I'd be happy to switch :) I'm not aware of any so we will completely drop the qs module and thus extended urlencoded parsing in 2.0

[dougwilson]

haha, of course Coveralls.io decides to change the way it reports coverage...

[dougwilson]

Published to npm as 1.17.1

[Delagen]

Express also related to this module, updated to 4.15.2. Thanks.

[dougwilson]

No problem. Express is also not actually affected either, as it also does not use the vulnerable functionality from Qs.