node-red-contrib-web-worldmap 5.5.6 → 5.5.7

package/CHANGELOG.md

@@ -1,5 +1,6 @@
 ### Change Log for Node-RED Worldmap
 
+ - v5.5.7 - Fix COG handling for built in icons, bump various libs for CVEs
  - v5.5.4 - slight tweak to geojson property display as table
  - v5.5.3 - ensure SOG gets picked up earlier in chain
  - v5.5.2 - Slight improvement for on/offline choice of map

package/README.md

@@ -10,6 +10,7 @@ A <a href="https://nodered.org" target="mapinfo">Node-RED</a> node to provide a
 
 ### Updates
 
+- v5.5.7 - Fix COG handling for built in icons, bump various libs for CVEs
 - v5.5.4 - slight tweak to geojson property display as table
 - v5.5.3 - ensure SOG gets picked up earlier in chain
 - v5.5.2 - Slight improvement for on/offline choice of map

package/node_modules/@turf/bezier-spline/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@turf/bezier-spline",
-  "version": "7.3.2",
+  "version": "7.3.4",
   "description": "Smooths a line into a curve using Bézier splines, great for visualizing routes.",
   "author": "Turf Authors",
   "license": "MIT",
@@ -63,10 +63,10 @@
     "write-json-file": "^6.0.0"
   },
   "dependencies": {
-    "@turf/helpers": "7.3.2",
-    "@turf/invariant": "7.3.2",
+    "@turf/helpers": "7.3.4",
+    "@turf/invariant": "7.3.4",
     "@types/geojson": "^7946.0.10",
     "tslib": "^2.8.1"
   },
-  "gitHead": "099d9915467bacf45d554be4533fa9998c4efc88"
+  "gitHead": "a0878648b801443f342aae692c60ab95a1da61a9"
 }

package/node_modules/@turf/helpers/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@turf/helpers",
-  "version": "7.3.2",
+  "version": "7.3.4",
   "description": "Provides helper functions to create GeoJSON features, like points, lines, or areas on a map.",
   "author": "Turf Authors",
   "contributors": [
@@ -70,5 +70,5 @@
     "@types/geojson": "^7946.0.10",
     "tslib": "^2.8.1"
   },
-  "gitHead": "099d9915467bacf45d554be4533fa9998c4efc88"
+  "gitHead": "a0878648b801443f342aae692c60ab95a1da61a9"
 }

package/node_modules/@turf/invariant/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@turf/invariant",
-  "version": "7.3.2",
+  "version": "7.3.4",
   "description": "Lightweight utility for input validation and data extraction in Turf.js. Ensures GeoJSON inputs are in the correct format and extracts specific components like coordinates or geometries.",
   "author": "Turf Authors",
   "contributors": [
@@ -64,9 +64,9 @@
     "typescript": "^5.8.3"
   },
   "dependencies": {
-    "@turf/helpers": "7.3.2",
+    "@turf/helpers": "7.3.4",
     "@types/geojson": "^7946.0.10",
     "tslib": "^2.8.1"
   },
-  "gitHead": "099d9915467bacf45d554be4533fa9998c4efc88"
+  "gitHead": "a0878648b801443f342aae692c60ab95a1da61a9"
 }

package/node_modules/body-parser/HISTORY.md

@@ -1,3 +1,11 @@
+1.20.4 / 2025-12-01
+===================
+
+  * deps: qs@~6.14.0
+  * deps: use tilde notation for dependencies
+  * deps: http-errors@~2.0.1
+  * deps: raw-body@~2.5.3
+
 1.20.3 / 2024-09-10
 ===================
 

package/node_modules/body-parser/lib/types/urlencoded.js

@@ -55,9 +55,6 @@ function urlencoded (options) {
     : opts.limit
   var type = opts.type || 'application/x-www-form-urlencoded'
   var verify = opts.verify || false
-  var depth = typeof opts.depth !== 'number'
-    ? Number(opts.depth || 32)
-    : opts.depth
 
   if (verify !== false && typeof verify !== 'function') {
     throw new TypeError('option verify must be function')
@@ -121,8 +118,7 @@ function urlencoded (options) {
       encoding: charset,
       inflate: inflate,
       limit: limit,
-      verify: verify,
-      depth: depth
+      verify: verify
     })
   }
 }
@@ -137,10 +133,7 @@ function extendedparser (options) {
   var parameterLimit = options.parameterLimit !== undefined
     ? options.parameterLimit
     : 1000
-
-  var depth = typeof options.depth !== 'number'
-    ? Number(options.depth || 32)
-    : options.depth
+  var depth = options.depth !== undefined ? options.depth : 32
   var parse = parser('qs')
 
   if (isNaN(parameterLimit) || parameterLimit < 1) {

package/node_modules/body-parser/package.json

@@ -1,7 +1,7 @@
 {
   "name": "body-parser",
   "description": "Node.js body parsing middleware",
-  "version": "1.20.3",
+  "version": "1.20.4",
   "contributors": [
     "Douglas Christopher Wilson <doug@somethingdoug.com>",
     "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
@@ -9,18 +9,18 @@
   "license": "MIT",
   "repository": "expressjs/body-parser",
   "dependencies": {
-    "bytes": "3.1.2",
+    "bytes": "~3.1.2",
     "content-type": "~1.0.5",
     "debug": "2.6.9",
     "depd": "2.0.0",
-    "destroy": "1.2.0",
-    "http-errors": "2.0.0",
-    "iconv-lite": "0.4.24",
-    "on-finished": "2.4.1",
-    "qs": "6.13.0",
-    "raw-body": "2.5.2",
+    "destroy": "~1.2.0",
+    "http-errors": "~2.0.1",
+    "iconv-lite": "~0.4.24",
+    "on-finished": "~2.4.1",
+    "qs": "~6.14.0",
+    "raw-body": "~2.5.3",
     "type-is": "~1.6.18",
-    "unpipe": "1.0.0"
+    "unpipe": "~1.0.0"
   },
   "devDependencies": {
     "eslint": "8.34.0",
@@ -40,7 +40,6 @@
     "lib/",
     "LICENSE",
     "HISTORY.md",
-    "SECURITY.md",
     "index.js"
   ],
   "engines": {

package/node_modules/cookie/index.js

@@ -21,6 +21,7 @@ exports.serialize = serialize;
  */
 
 var __toString = Object.prototype.toString
+var __hasOwnProperty = Object.prototype.hasOwnProperty
 
 /**
  * RegExp to match cookie-name in RFC 6265 sec 4.1.1
@@ -130,7 +131,7 @@ function parse(str, opt) {
     var key = str.slice(keyStartIdx, keyEndIdx);
 
     // only assign once
-    if (!obj.hasOwnProperty(key)) {
+    if (!__hasOwnProperty.call(obj, key)) {
       var valStartIdx = startIndex(str, eqIdx + 1, endIdx);
       var valEndIdx = endIndex(str, endIdx, valStartIdx);
 

package/node_modules/cookie/package.json

@@ -1,7 +1,7 @@
 {
   "name": "cookie",
   "description": "HTTP server cookie parsing and serialization",
-  "version": "0.7.1",
+  "version": "0.7.2",
   "author": "Roman Shtylman <shtylman@gmail.com>",
   "contributors": [
     "Douglas Christopher Wilson <doug@somethingdoug.com>"

package/node_modules/cookie-signature/History.md

@@ -1,10 +1,14 @@
+1.0.7 / 2023-04-12
+==================
+
+* backport the buffer support from the 1.2.x release branch (thanks @FadhiliNjagi!)
+
 1.0.6 / 2015-02-03
 ==================
 
 * use `npm test` instead of `make test` to run tests
 * clearer assertion messages when checking input
 
-
 1.0.5 / 2014-09-05
 ==================
 

package/node_modules/cookie-signature/index.js

@@ -8,14 +8,14 @@ var crypto = require('crypto');
  * Sign the given `val` with `secret`.
  *
  * @param {String} val
- * @param {String} secret
+ * @param {String|NodeJS.ArrayBufferView|crypto.KeyObject} secret
  * @return {String}
  * @api private
  */
 
 exports.sign = function(val, secret){
-  if ('string' != typeof val) throw new TypeError("Cookie value must be provided as a string.");
-  if ('string' != typeof secret) throw new TypeError("Secret string must be provided.");
+  if ('string' !== typeof val) throw new TypeError("Cookie value must be provided as a string.");
+  if (null == secret) throw new TypeError("Secret key must be provided.");
   return val + '.' + crypto
     .createHmac('sha256', secret)
     .update(val)
@@ -28,14 +28,14 @@ exports.sign = function(val, secret){
  * returning `false` if the signature is invalid.
  *
  * @param {String} val
- * @param {String} secret
+ * @param {String|NodeJS.ArrayBufferView|crypto.KeyObject} secret
  * @return {String|Boolean}
  * @api private
  */
 
 exports.unsign = function(val, secret){
-  if ('string' != typeof val) throw new TypeError("Signed cookie string must be provided.");
-  if ('string' != typeof secret) throw new TypeError("Secret string must be provided.");
+  if ('string' !== typeof val) throw new TypeError("Signed cookie string must be provided.");
+  if (null == secret) throw new TypeError("Secret key must be provided.");
   var str = val.slice(0, val.lastIndexOf('.'))
     , mac = exports.sign(str, secret);
   

package/node_modules/cookie-signature/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cookie-signature",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "Sign and unsign cookies",
   "keywords": ["cookie", "sign", "unsign"],
   "author": "TJ Holowaychuk <tj@learnboost.com>",
@@ -15,4 +15,4 @@
     "test": "mocha --require should --reporter spec"
   },
   "main": "index"
-}
+}

package/node_modules/finalhandler/HISTORY.md

@@ -1,3 +1,9 @@
+v1.3.2 / 2025-12-01
+==================
+
+  * deps: use tilde notation for dependencies
+  * deps: statuses@~2.0.2
+
 v1.3.1 / 2024-09-11
 ==================
 

package/node_modules/finalhandler/package.json

@@ -1,7 +1,7 @@
 {
   "name": "finalhandler",
   "description": "Node.js final http responder",
-  "version": "1.3.1",
+  "version": "1.3.2",
   "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
   "license": "MIT",
   "repository": "pillarjs/finalhandler",
@@ -9,9 +9,9 @@
     "debug": "2.6.9",
     "encodeurl": "~2.0.0",
     "escape-html": "~1.0.3",
-    "on-finished": "2.4.1",
+    "on-finished": "~2.4.1",
     "parseurl": "~1.3.3",
-    "statuses": "2.0.1",
+    "statuses": "~2.0.2",
     "unpipe": "~1.0.0"
   },
   "devDependencies": {

package/node_modules/http-errors/HISTORY.md

@@ -1,3 +1,9 @@
+2.0.1 / 2025-11-20
+==================
+
+  * deps: use tilde notation for dependencies
+  * deps: update statuses to 2.0.2
+
 2.0.0 / 2021-12-17
 ==================
 

package/node_modules/http-errors/index.js

@@ -279,11 +279,12 @@ function populateConstructorExports (exports, codes, HttpError) {
 
 /**
  * Get a class name from a name identifier.
+ *
+ * @param {string} name
+ * @returns {string}
  * @private
  */
 
 function toClassName (name) {
-  return name.substr(-5) !== 'Error'
-    ? name + 'Error'
-    : name
+  return name.slice(-5) === 'Error' ? name : name + 'Error'
 }

package/node_modules/http-errors/package.json

@@ -1,7 +1,7 @@
 {
   "name": "http-errors",
   "description": "Create HTTP error objects",
-  "version": "2.0.0",
+  "version": "2.0.1",
   "author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
   "contributors": [
     "Alan Plum <me@pluma.io>",
@@ -9,17 +9,21 @@
   ],
   "license": "MIT",
   "repository": "jshttp/http-errors",
+  "funding": {
+    "type": "opencollective",
+    "url": "https://opencollective.com/express"
+  },
   "dependencies": {
-    "depd": "2.0.0",
-    "inherits": "2.0.4",
-    "setprototypeof": "1.2.0",
-    "statuses": "2.0.1",
-    "toidentifier": "1.0.1"
+    "depd": "~2.0.0",
+    "inherits": "~2.0.4",
+    "setprototypeof": "~1.2.0",
+    "statuses": "~2.0.2",
+    "toidentifier": "~1.0.1"
   },
   "devDependencies": {
     "eslint": "7.32.0",
     "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.25.3",
+    "eslint-plugin-import": "2.32.0",
     "eslint-plugin-markdown": "2.2.1",
     "eslint-plugin-node": "11.1.0",
     "eslint-plugin-promise": "5.2.0",
@@ -32,7 +36,7 @@
   },
   "scripts": {
     "lint": "eslint . && node ./scripts/lint-readme-list.js",
-    "test": "mocha --reporter spec --bail",
+    "test": "mocha --reporter spec",
     "test-ci": "nyc --reporter=lcov --reporter=text npm test",
     "test-cov": "nyc --reporter=html --reporter=text npm test",
     "version": "node scripts/version-history.js && git add HISTORY.md"

package/node_modules/raw-body/package.json

@@ -1,7 +1,7 @@
 {
   "name": "raw-body",
   "description": "Get and validate the raw body of a readable stream.",
-  "version": "2.5.2",
+  "version": "2.5.3",
   "author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
   "contributors": [
     "Douglas Christopher Wilson <doug@somethingdoug.com>",
@@ -10,10 +10,10 @@
   "license": "MIT",
   "repository": "stream-utils/raw-body",
   "dependencies": {
-    "bytes": "3.1.2",
-    "http-errors": "2.0.0",
-    "iconv-lite": "0.4.24",
-    "unpipe": "1.0.0"
+    "bytes": "~3.1.2",
+    "http-errors": "~2.0.1",
+    "iconv-lite": "~0.4.24",
+    "unpipe": "~1.0.0"
   },
   "devDependencies": {
     "bluebird": "3.7.2",
@@ -33,10 +33,8 @@
     "node": ">= 0.8"
   },
   "files": [
-    "HISTORY.md",
     "LICENSE",
     "README.md",
-    "SECURITY.md",
     "index.d.ts",
     "index.js"
   ],

package/node_modules/send/HISTORY.md

@@ -1,3 +1,15 @@
+0.19.2 / 2025-12-15
+===================
+
+* deps: use tilde notation for dependencies
+* deps: http-errors@~2.0.1
+* deps: statuses@~2.0.2
+
+0.19.1 / 2024-10-09
+===================
+
+* deps: encodeurl@~2.0.0
+
 0.19.0 / 2024-09-10
 ===================
 
@@ -485,37 +497,37 @@
 
  * update range-parser and fresh
 
-0.1.4 / 2013-08-11 
+0.1.4 / 2013-08-11
 ==================
 
  * update fresh
 
-0.1.3 / 2013-07-08 
+0.1.3 / 2013-07-08
 ==================
 
  * Revert "Fix fd leak"
 
-0.1.2 / 2013-07-03 
+0.1.2 / 2013-07-03
 ==================
 
  * Fix fd leak
 
-0.1.0 / 2012-08-25 
+0.1.0 / 2012-08-25
 ==================
 
   * add options parameter to send() that is passed to fs.createReadStream() [kanongil]
 
-0.0.4 / 2012-08-16 
+0.0.4 / 2012-08-16
 ==================
 
   * allow custom "Accept-Ranges" definition
 
-0.0.3 / 2012-07-16 
+0.0.3 / 2012-07-16
 ==================
 
   * fix normalization of the root directory. Closes #3
 
-0.0.2 / 2012-07-09 
+0.0.2 / 2012-07-09
 ==================
 
   * add passing of req explicitly for now (YUCK)

package/node_modules/send/package.json

@@ -1,7 +1,7 @@
 {
   "name": "send",
   "description": "Better streaming static file server with Range and conditional-GET support",
-  "version": "0.19.0",
+  "version": "0.19.2",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
   "contributors": [
     "Douglas Christopher Wilson <doug@somethingdoug.com>",
@@ -19,16 +19,16 @@
     "debug": "2.6.9",
     "depd": "2.0.0",
     "destroy": "1.2.0",
-    "encodeurl": "~1.0.2",
+    "encodeurl": "~2.0.0",
     "escape-html": "~1.0.3",
     "etag": "~1.8.1",
-    "fresh": "0.5.2",
-    "http-errors": "2.0.0",
+    "fresh": "~0.5.2",
+    "http-errors": "~2.0.1",
     "mime": "1.6.0",
     "ms": "2.1.3",
-    "on-finished": "2.4.1",
+    "on-finished": "~2.4.1",
     "range-parser": "~1.2.1",
-    "statuses": "2.0.1"
+    "statuses": "~2.0.2"
   },
   "devDependencies": {
     "after": "0.8.2",

package/node_modules/serve-static/HISTORY.md

@@ -1,3 +1,9 @@
+1.16.3 / 2024-12-15
+===================
+
+* deps: send@~0.19.1
+  - deps: encodeurl@~2.0.0 
+
 1.16.2 / 2024-09-11
 ===================
 

package/node_modules/serve-static/package.json

@@ -1,7 +1,7 @@
 {
   "name": "serve-static",
   "description": "Serve static files",
-  "version": "1.16.2",
+  "version": "1.16.3",
   "author": "Douglas Christopher Wilson <doug@somethingdoug.com>",
   "license": "MIT",
   "repository": "expressjs/serve-static",
@@ -9,7 +9,7 @@
     "encodeurl": "~2.0.0",
     "escape-html": "~1.0.3",
     "parseurl": "~1.3.3",
-    "send": "0.19.0"
+    "send": "~0.19.1"
   },
   "devDependencies": {
     "eslint": "7.32.0",

package/node_modules/statuses/HISTORY.md

@@ -1,3 +1,8 @@
+2.0.2 / 2025-06-06
+==================
+
+  * Migrate to `String.prototype.slice()`
+
 2.0.1 / 2021-01-03
 ==================
 

package/node_modules/statuses/README.md

@@ -5,6 +5,7 @@
 [![Node.js Version][node-version-image]][node-version-url]
 [![Build Status][ci-image]][ci-url]
 [![Test Coverage][coveralls-image]][coveralls-url]
+[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
 
 HTTP status utility for node.
 
@@ -134,3 +135,5 @@ status.retry[503] // => true
 [npm-downloads-image]: https://badgen.net/npm/dm/statuses
 [npm-url]: https://npmjs.org/package/statuses
 [npm-version-image]: https://badgen.net/npm/v/statuses
+[ossf-scorecard-badge]: https://api.securityscorecards.dev/projects/github.com/jshttp/statuses/badge
+[ossf-scorecard-visualizer]: https://kooltheba.github.io/openssf-scorecard-api-visualizer/#/projects/github.com/jshttp/statuses

package/node_modules/statuses/package.json

@@ -1,7 +1,7 @@
 {
   "name": "statuses",
   "description": "HTTP status utility",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "contributors": [
     "Douglas Christopher Wilson <doug@somethingdoug.com>",
     "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
@@ -20,17 +20,17 @@
     "LICENSE"
   ],
   "devDependencies": {
-    "csv-parse": "4.14.2",
-    "eslint": "7.17.0",
+    "csv-parse": "4.16.3",
+    "eslint": "7.19.0",
     "eslint-config-standard": "14.1.1",
-    "eslint-plugin-import": "2.22.1",
+    "eslint-plugin-import": "2.31.0",
     "eslint-plugin-markdown": "1.0.2",
     "eslint-plugin-node": "11.1.0",
-    "eslint-plugin-promise": "4.2.1",
+    "eslint-plugin-promise": "4.3.1",
     "eslint-plugin-standard": "4.1.0",
-    "mocha": "8.2.1",
+    "mocha": "8.4.0",
     "nyc": "15.1.0",
-    "raw-body": "2.4.1",
+    "raw-body": "2.5.2",
     "stream-to-array": "2.3.0"
   },
   "engines": {

package/package.json

@@ -1,9 +1,9 @@
 {
     "name": "node-red-contrib-web-worldmap",
-    "version": "5.5.6",
+    "version": "5.5.7",
     "description": "A Node-RED node to provide a web page of a world map for plotting things on.",
     "dependencies": {
-        "@turf/bezier-spline": "~7.3.2",
+        "@turf/bezier-spline": "~7.3.4",
         "cgi": "0.3.1",
         "compression": "^1.8.1",
         "express": "^4.22.1",

package/worldmap/worldmap.js

@@ -1833,7 +1833,7 @@ function setMarker(data) {
     if (data.SOG) { data.speed = data.SOG * 0.514444; data.SOG = data.SOG + " kt"; } // SOG is in knots
 
     if (data.hasOwnProperty("icon")) {
-        var dir = parseFloat(data.track ?? data.hdg ?? data.heading ?? data.bearing ?? "0") + map.getBearing();
+        var dir = parseFloat(data.track ?? data.hdg ?? data.heading ?? data.bearing ?? data.COG ?? data.cog ??"0") + map.getBearing();
         var siz = 32;
         var sizc = 16;
         if (data?.iconSize && !isNaN(data.iconSize)) {

package/node_modules/body-parser/SECURITY.md

@@ -1,25 +0,0 @@
-# Security Policies and Procedures
-
-## Reporting a Bug
-
-The Express team and community take all security bugs seriously. Thank you
-for improving the security of Express. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
-
-Report security bugs by emailing the current owner(s) of `body-parser`. This
-information can be found in the npm registry using the command
-`npm owner ls body-parser`.
-If unsure or unable to get the information from the above, open an issue
-in the [project issue tracker](https://github.com/expressjs/body-parser/issues)
-asking for the current contact information.
-
-To ensure the timely response to your report, please ensure that the entirety
-of the report is contained within the email body and not solely behind a web
-link or an attachment.
-
-At least one owner will acknowledge your email within 48 hours, and will send a
-more detailed response within 48 hours indicating the next steps in handling
-your report. After the initial reply to your report, the owners will
-endeavor to keep you informed of the progress towards a fix and full
-announcement, and may ask for additional information or guidance.

package/node_modules/cookie-signature/.npmignore

@@ -1,4 +0,0 @@
-support
-test
-examples
-*.sock

package/node_modules/raw-body/HISTORY.md

@@ -1,308 +0,0 @@
-2.5.2 / 2023-02-21
-==================
-
-  * Fix error message for non-stream argument
-
-2.5.1 / 2022-02-28
-==================
-
-  * Fix error on early async hooks implementations
-
-2.5.0 / 2022-02-21
-==================
-
-  * Prevent loss of async hooks context
-  * Prevent hanging when stream is not readable
-  * deps: http-errors@2.0.0
-    - deps: depd@2.0.0
-    - deps: statuses@2.0.1
-
-2.4.3 / 2022-02-14
-==================
-
-  * deps: bytes@3.1.2
-
-2.4.2 / 2021-11-16
-==================
-
-  * deps: bytes@3.1.1
-  * deps: http-errors@1.8.1
-    - deps: setprototypeof@1.2.0
-    - deps: toidentifier@1.0.1
-
-2.4.1 / 2019-06-25
-==================
-
-  * deps: http-errors@1.7.3
-    - deps: inherits@2.0.4
-
-2.4.0 / 2019-04-17
-==================
-
-  * deps: bytes@3.1.0
-    - Add petabyte (`pb`) support
-  * deps: http-errors@1.7.2
-    - Set constructor name when possible
-    - deps: setprototypeof@1.1.1
-    - deps: statuses@'>= 1.5.0 < 2'
-  * deps: iconv-lite@0.4.24
-    - Added encoding MIK
-
-2.3.3 / 2018-05-08
-==================
-
-  * deps: http-errors@1.6.3
-    - deps: depd@~1.1.2
-    - deps: setprototypeof@1.1.0
-    - deps: statuses@'>= 1.3.1 < 2'
-  * deps: iconv-lite@0.4.23
-    - Fix loading encoding with year appended
-    - Fix deprecation warnings on Node.js 10+
-
-2.3.2 / 2017-09-09
-==================
-
-  * deps: iconv-lite@0.4.19
-    - Fix ISO-8859-1 regression
-    - Update Windows-1255
-
-2.3.1 / 2017-09-07
-==================
-
-  * deps: bytes@3.0.0
-  * deps: http-errors@1.6.2
-    - deps: depd@1.1.1
-  * perf: skip buffer decoding on overage chunk
-
-2.3.0 / 2017-08-04
-==================
-
-  * Add TypeScript definitions
-  * Use `http-errors` for standard emitted errors
-  * deps: bytes@2.5.0
-  * deps: iconv-lite@0.4.18
-    - Add support for React Native
-    - Add a warning if not loaded as utf-8
-    - Fix CESU-8 decoding in Node.js 8
-    - Improve speed of ISO-8859-1 encoding
-
-2.2.0 / 2017-01-02
-==================
-
-  * deps: iconv-lite@0.4.15
-    - Added encoding MS-31J
-    - Added encoding MS-932
-    - Added encoding MS-936
-    - Added encoding MS-949
-    - Added encoding MS-950
-    - Fix GBK/GB18030 handling of Euro character
-
-2.1.7 / 2016-06-19
-==================
-
-  * deps: bytes@2.4.0
-  * perf: remove double-cleanup on happy path
-
-2.1.6 / 2016-03-07
-==================
-
-  * deps: bytes@2.3.0
-    - Drop partial bytes on all parsed units
-    - Fix parsing byte string that looks like hex
-
-2.1.5 / 2015-11-30
-==================
-
-  * deps: bytes@2.2.0
-  * deps: iconv-lite@0.4.13
-
-2.1.4 / 2015-09-27
-==================
-
-  * Fix masking critical errors from `iconv-lite`
-  * deps: iconv-lite@0.4.12
-    - Fix CESU-8 decoding in Node.js 4.x
-
-2.1.3 / 2015-09-12
-==================
-
-  * Fix sync callback when attaching data listener causes sync read
-    - Node.js 0.10 compatibility issue
-
-2.1.2 / 2015-07-05
-==================
-
-  * Fix error stack traces to skip `makeError`
-  * deps: iconv-lite@0.4.11
-    - Add encoding CESU-8
-
-2.1.1 / 2015-06-14
-==================
-
-  * Use `unpipe` module for unpiping requests
-
-2.1.0 / 2015-05-28
-==================
-
-  * deps: iconv-lite@0.4.10
-    - Improved UTF-16 endianness detection
-    - Leading BOM is now removed when decoding
-    - The encoding UTF-16 without BOM now defaults to UTF-16LE when detection fails
-
-2.0.2 / 2015-05-21
-==================
-
-  * deps: bytes@2.1.0
-    - Slight optimizations
-
-2.0.1 / 2015-05-10
-==================
-
-  * Fix a false-positive when unpiping in Node.js 0.8
-
-2.0.0 / 2015-05-08
-==================
-
-  * Return a promise without callback instead of thunk
-  * deps: bytes@2.0.1
-    - units no longer case sensitive when parsing
-
-1.3.4 / 2015-04-15
-==================
-
-  * Fix hanging callback if request aborts during read
-  * deps: iconv-lite@0.4.8
-    - Add encoding alias UNICODE-1-1-UTF-7
-
-1.3.3 / 2015-02-08
-==================
-
-  * deps: iconv-lite@0.4.7
-    - Gracefully support enumerables on `Object.prototype`
-
-1.3.2 / 2015-01-20
-==================
-
-  * deps: iconv-lite@0.4.6
-    - Fix rare aliases of single-byte encodings
-
-1.3.1 / 2014-11-21
-==================
-
-  * deps: iconv-lite@0.4.5
-    - Fix Windows-31J and X-SJIS encoding support
-
-1.3.0 / 2014-07-20
-==================
-
-  * Fully unpipe the stream on error
-    - Fixes `Cannot switch to old mode now` error on Node.js 0.10+
-
-1.2.3 / 2014-07-20
-==================
-
-  * deps: iconv-lite@0.4.4
-    - Added encoding UTF-7
-
-1.2.2 / 2014-06-19
-==================
-
-  * Send invalid encoding error to callback
-
-1.2.1 / 2014-06-15
-==================
-
-  * deps: iconv-lite@0.4.3
-    - Added encodings UTF-16BE and UTF-16 with BOM
-
-1.2.0 / 2014-06-13
-==================
-
-  * Passing string as `options` interpreted as encoding
-  * Support all encodings from `iconv-lite`
-
-1.1.7 / 2014-06-12
-==================
-
-  * use `string_decoder` module from npm
-
-1.1.6 / 2014-05-27
-==================
-
-  * check encoding for old streams1
-  * support node.js < 0.10.6
-
-1.1.5 / 2014-05-14
-==================
-
-  * bump bytes
-
-1.1.4 / 2014-04-19
-==================
-
-  * allow true as an option
-  * bump bytes
-
-1.1.3 / 2014-03-02
-==================
-
-  * fix case when length=null
-
-1.1.2 / 2013-12-01
-==================
-
-  * be less strict on state.encoding check
-
-1.1.1 / 2013-11-27
-==================
-
-  * add engines
-
-1.1.0 / 2013-11-27
-==================
-
-  * add err.statusCode and err.type
-  * allow for encoding option to be true
-  * pause the stream instead of dumping on error
-  * throw if the stream's encoding is set
-
-1.0.1 / 2013-11-19
-==================
-
-  * dont support streams1, throw if dev set encoding
-
-1.0.0 / 2013-11-17
-==================
-
-  * rename `expected` option to `length`
-
-0.2.0 / 2013-11-15
-==================
-
-  * republish
-
-0.1.1 / 2013-11-15
-==================
-
-  * use bytes
-
-0.1.0 / 2013-11-11
-==================
-
-  * generator support
-
-0.0.3 / 2013-10-10
-==================
-
-  * update repo
-
-0.0.2 / 2013-09-14
-==================
-
-  * dump stream on bad headers
-  * listen to events after defining received and buffers
-
-0.0.1 / 2013-09-14
-==================
-
-  * Initial release

package/node_modules/raw-body/SECURITY.md

@@ -1,24 +0,0 @@
-# Security Policies and Procedures
-
-## Reporting a Bug
-
-The `raw-body` team and community take all security bugs seriously. Thank you
-for improving the security of Express. We appreciate your efforts and
-responsible disclosure and will make every effort to acknowledge your
-contributions.
-
-Report security bugs by emailing the current owners of `raw-body`. This information
-can be found in the npm registry using the command `npm owner ls raw-body`.
-If unsure or unable to get the information from the above, open an issue
-in the [project issue tracker](https://github.com/stream-utils/raw-body/issues)
-asking for the current contact information.
-
-To ensure the timely response to your report, please ensure that the entirety
-of the report is contained within the email body and not solely behind a web
-link or an attachment.
-
-At least one owner will acknowledge your email within 48 hours, and will send a
-more detailed response within 48 hours indicating the next steps in handling
-your report. After the initial reply to your report, the owners will
-endeavor to keep you informed of the progress towards a fix and full
-announcement, and may ask for additional information or guidance.

package/node_modules/send/node_modules/encodeurl/HISTORY.md

@@ -1,14 +0,0 @@
-1.0.2 / 2018-01-21
-==================
-
-  * Fix encoding `%` as last character
-
-1.0.1 / 2016-06-09
-==================
-
-  * Fix encoding unpaired surrogates at start/end of string
-
-1.0.0 / 2016-06-08
-==================
-
-  * Initial release

package/node_modules/send/node_modules/encodeurl/LICENSE

@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2016 Douglas Christopher Wilson
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/node_modules/send/node_modules/encodeurl/README.md

@@ -1,128 +0,0 @@
-# encodeurl
-
-[![NPM Version][npm-image]][npm-url]
-[![NPM Downloads][downloads-image]][downloads-url]
-[![Node.js Version][node-version-image]][node-version-url]
-[![Build Status][travis-image]][travis-url]
-[![Test Coverage][coveralls-image]][coveralls-url]
-
-Encode a URL to a percent-encoded form, excluding already-encoded sequences
-
-## Installation
-
-This is a [Node.js](https://nodejs.org/en/) module available through the
-[npm registry](https://www.npmjs.com/). Installation is done using the
-[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
-
-```sh
-$ npm install encodeurl
-```
-
-## API
-
-```js
-var encodeUrl = require('encodeurl')
-```
-
-### encodeUrl(url)
-
-Encode a URL to a percent-encoded form, excluding already-encoded sequences.
-
-This function will take an already-encoded URL and encode all the non-URL
-code points (as UTF-8 byte sequences). This function will not encode the
-"%" character unless it is not part of a valid sequence (`%20` will be
-left as-is, but `%foo` will be encoded as `%25foo`).
-
-This encode is meant to be "safe" and does not throw errors. It will try as
-hard as it can to properly encode the given URL, including replacing any raw,
-unpaired surrogate pairs with the Unicode replacement character prior to
-encoding.
-
-This function is _similar_ to the intrinsic function `encodeURI`, except it
-will not encode the `%` character if that is part of a valid sequence, will
-not encode `[` and `]` (for IPv6 hostnames) and will replace raw, unpaired
-surrogate pairs with the Unicode replacement character (instead of throwing).
-
-## Examples
-
-### Encode a URL containing user-controled data
-
-```js
-var encodeUrl = require('encodeurl')
-var escapeHtml = require('escape-html')
-
-http.createServer(function onRequest (req, res) {
-  // get encoded form of inbound url
-  var url = encodeUrl(req.url)
-
-  // create html message
-  var body = '<p>Location ' + escapeHtml(url) + ' not found</p>'
-
-  // send a 404
-  res.statusCode = 404
-  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
-  res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
-  res.end(body, 'utf-8')
-})
-```
-
-### Encode a URL for use in a header field
-
-```js
-var encodeUrl = require('encodeurl')
-var escapeHtml = require('escape-html')
-var url = require('url')
-
-http.createServer(function onRequest (req, res) {
-  // parse inbound url
-  var href = url.parse(req)
-
-  // set new host for redirect
-  href.host = 'localhost'
-  href.protocol = 'https:'
-  href.slashes = true
-
-  // create location header
-  var location = encodeUrl(url.format(href))
-
-  // create html message
-  var body = '<p>Redirecting to new site: ' + escapeHtml(location) + '</p>'
-
-  // send a 301
-  res.statusCode = 301
-  res.setHeader('Content-Type', 'text/html; charset=UTF-8')
-  res.setHeader('Content-Length', String(Buffer.byteLength(body, 'utf-8')))
-  res.setHeader('Location', location)
-  res.end(body, 'utf-8')
-})
-```
-
-## Testing
-
-```sh
-$ npm test
-$ npm run lint
-```
-
-## References
-
-- [RFC 3986: Uniform Resource Identifier (URI): Generic Syntax][rfc-3986]
-- [WHATWG URL Living Standard][whatwg-url]
-
-[rfc-3986]: https://tools.ietf.org/html/rfc3986
-[whatwg-url]: https://url.spec.whatwg.org/
-
-## License
-
-[MIT](LICENSE)
-
-[npm-image]: https://img.shields.io/npm/v/encodeurl.svg
-[npm-url]: https://npmjs.org/package/encodeurl
-[node-version-image]: https://img.shields.io/node/v/encodeurl.svg
-[node-version-url]: https://nodejs.org/en/download
-[travis-image]: https://img.shields.io/travis/pillarjs/encodeurl.svg
-[travis-url]: https://travis-ci.org/pillarjs/encodeurl
-[coveralls-image]: https://img.shields.io/coveralls/pillarjs/encodeurl.svg
-[coveralls-url]: https://coveralls.io/r/pillarjs/encodeurl?branch=master
-[downloads-image]: https://img.shields.io/npm/dm/encodeurl.svg
-[downloads-url]: https://npmjs.org/package/encodeurl

package/node_modules/send/node_modules/encodeurl/index.js

@@ -1,60 +0,0 @@
-/*!
- * encodeurl
- * Copyright(c) 2016 Douglas Christopher Wilson
- * MIT Licensed
- */
-
-'use strict'
-
-/**
- * Module exports.
- * @public
- */
-
-module.exports = encodeUrl
-
-/**
- * RegExp to match non-URL code points, *after* encoding (i.e. not including "%")
- * and including invalid escape sequences.
- * @private
- */
-
-var ENCODE_CHARS_REGEXP = /(?:[^\x21\x25\x26-\x3B\x3D\x3F-\x5B\x5D\x5F\x61-\x7A\x7E]|%(?:[^0-9A-Fa-f]|[0-9A-Fa-f][^0-9A-Fa-f]|$))+/g
-
-/**
- * RegExp to match unmatched surrogate pair.
- * @private
- */
-
-var UNMATCHED_SURROGATE_PAIR_REGEXP = /(^|[^\uD800-\uDBFF])[\uDC00-\uDFFF]|[\uD800-\uDBFF]([^\uDC00-\uDFFF]|$)/g
-
-/**
- * String to replace unmatched surrogate pair with.
- * @private
- */
-
-var UNMATCHED_SURROGATE_PAIR_REPLACE = '$1\uFFFD$2'
-
-/**
- * Encode a URL to a percent-encoded form, excluding already-encoded sequences.
- *
- * This function will take an already-encoded URL and encode all the non-URL
- * code points. This function will not encode the "%" character unless it is
- * not part of a valid sequence (`%20` will be left as-is, but `%foo` will
- * be encoded as `%25foo`).
- *
- * This encode is meant to be "safe" and does not throw errors. It will try as
- * hard as it can to properly encode the given URL, including replacing any raw,
- * unpaired surrogate pairs with the Unicode replacement character prior to
- * encoding.
- *
- * @param {string} url
- * @return {string}
- * @public
- */
-
-function encodeUrl (url) {
-  return String(url)
-    .replace(UNMATCHED_SURROGATE_PAIR_REGEXP, UNMATCHED_SURROGATE_PAIR_REPLACE)
-    .replace(ENCODE_CHARS_REGEXP, encodeURI)
-}

package/node_modules/send/node_modules/encodeurl/package.json

@@ -1,40 +0,0 @@
-{
-  "name": "encodeurl",
-  "description": "Encode a URL to a percent-encoded form, excluding already-encoded sequences",
-  "version": "1.0.2",
-  "contributors": [
-    "Douglas Christopher Wilson <doug@somethingdoug.com>"
-  ],
-  "license": "MIT",
-  "keywords": [
-    "encode",
-    "encodeurl",
-    "url"
-  ],
-  "repository": "pillarjs/encodeurl",
-  "devDependencies": {
-    "eslint": "3.19.0",
-    "eslint-config-standard": "10.2.1",
-    "eslint-plugin-import": "2.8.0",
-    "eslint-plugin-node": "5.2.1",
-    "eslint-plugin-promise": "3.6.0",
-    "eslint-plugin-standard": "3.0.1",
-    "istanbul": "0.4.5",
-    "mocha": "2.5.3"
-  },
-  "files": [
-    "LICENSE",
-    "HISTORY.md",
-    "README.md",
-    "index.js"
-  ],
-  "engines": {
-    "node": ">= 0.8"
-  },
-  "scripts": {
-    "lint": "eslint .",
-    "test": "mocha --reporter spec --bail --check-leaks test/",
-    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --reporter dot --check-leaks test/",
-    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --reporter spec --check-leaks test/"
-  }
-}