updated npm modules

node_modules/querystringify/index.js

@@ -7,11 +7,30 @@ var has = Object.prototype.hasOwnProperty
  * Decode a URI encoded string.
  *
  * @param {String} input The URI encoded string.
- * @returns {String} The decoded string.
+ * @returns {String|Null} The decoded string.
  * @api private
  */
 function decode(input) {
-  return decodeURIComponent(input.replace(/\+/g, ' '));
+  try {
+    return decodeURIComponent(input.replace(/\+/g, ' '));
+  } catch (e) {
+    return null;
+  }
+}
+
+/**
+ * Attempts to encode a given input.
+ *
+ * @param {String} input The string that needs to be encoded.
+ * @returns {String|Null} The encoded string.
+ * @api private
+ */
+function encode(input) {
+  try {
+    return encodeURIComponent(input);
+  } catch (e) {
+    return null;
+  }
 }
 
 /**
@@ -35,7 +54,10 @@ function querystring(query) {
     // methods like `toString` or __proto__ are not overriden by malicious
     // querystrings.
     //
-    if (key in result) continue;
+    // In the case if failed decoding, we want to omit the key/value pairs
+    // from the result.
+    //
+    if (key === null || value === null || key in result) continue;
     result[key] = value;
   }
 
@@ -74,7 +96,15 @@ function querystringify(obj, prefix) {
         value = '';
       }
 
-      pairs.push(encodeURIComponent(key) +'='+ encodeURIComponent(value));
+      key = encodeURIComponent(key);
+      value = encodeURIComponent(value);
+
+      //
+      // If we failed to encode the strings, we should bail out as we don't
+      // want to add invalid strings to the query.
+      //
+      if (key === null || value === null) continue;
+      pairs.push(key +'='+ value);
     }
   }
 

node_modules/querystringify/package.json

@@ -1,26 +1,26 @@
 {
-  "_from": "querystringify@^2.0.0",
-  "_id": "querystringify@2.1.0",
+  "_from": "querystringify@^2.1.1",
+  "_id": "querystringify@2.1.1",
   "_inBundle": false,
-  "_integrity": "sha512-sluvZZ1YiTLD5jsqZcDmFyV2EwToyXZBfpoVOmktMmW+VEnhgakFHnasVph65fOjGPTWN0Nw3+XQaSeMayr0kg==",
+  "_integrity": "sha512-w7fLxIRCRT7U8Qu53jQnJyPkYZIaR4n5151KMfcJlO/A9397Wxb1amJvROTK6TOnp7PfoAmg/qXiNHI+08jRfA==",
   "_location": "/querystringify",
   "_phantomChildren": {},
   "_requested": {
     "type": "range",
     "registry": true,
-    "raw": "querystringify@^2.0.0",
+    "raw": "querystringify@^2.1.1",
     "name": "querystringify",
     "escapedName": "querystringify",
-    "rawSpec": "^2.0.0",
+    "rawSpec": "^2.1.1",
     "saveSpec": null,
-    "fetchSpec": "^2.0.0"
+    "fetchSpec": "^2.1.1"
   },
   "_requiredBy": [
     "/url-parse"
   ],
-  "_resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.1.0.tgz",
-  "_shasum": "7ded8dfbf7879dcc60d0a644ac6754b283ad17ef",
-  "_spec": "querystringify@^2.0.0",
+  "_resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.1.1.tgz",
+  "_shasum": "60e5a5fd64a7f8bfa4d2ab2ed6fdf4c85bad154e",
+  "_spec": "querystringify@^2.1.1",
   "_where": "C:\\xampp\\htdocs\\w4rpservices\\node_modules\\url-parse",
   "author": {
     "name": "Arnout Kazemier"
@@ -62,5 +62,5 @@
     "test-travis": "istanbul cover _mocha --report lcovonly -- test.js",
     "watch": "mocha --watch test.js"
   },
-  "version": "2.1.0"
+  "version": "2.1.1"
 }