node-red-contrib-web-worldmap 5.7.1 → 5.7.2

package/CHANGELOG.md

@@ -1,5 +1,6 @@
 ### Change Log for Node-RED Worldmap
 
+ - v5.7.2 - Bump express libs
  - v5.7.0 - Add events for openPopup and closePopup actions, small popup fixups. Add showdialog command.
  - v5.6.1 - Also call autoswitch on initial connect to ensure map in view.
  - v5.6.0 - Autoswitch pmtiles basemaps based on zoom and/or coverage.

package/README.md

@@ -10,6 +10,7 @@ A <a href="https://nodered.org" target="mapinfo">Node-RED</a> node to provide a
 
 ### Updates
 
+- v5.7.2 - Bump express libs
 - v5.7.0 - Add events for openPopup and closePopup, small popup fixups. Add showdialog command.
 - v5.6.1 - Also call autoswitch on initial connect to ensure map in view.
 - v5.6.0 - Autoswitch pmtiles basemaps based on zoom and/or coverage.

package/node_modules/es-object-atoms/CHANGELOG.md

@@ -5,33 +5,40 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [v1.1.1](https://github.com/ljharb/es-object-atoms/compare/v1.1.0...v1.1.1) - 2025-01-14
+## [v1.1.2](https://github.com/es-shims/es-object-atoms/compare/v1.1.1...v1.1.2) - 2026-05-22
 
 ### Commits
 
-- [types] `ToObject`: improve types [`cfe8c8a`](https://github.com/ljharb/es-object-atoms/commit/cfe8c8a105c44820cb22e26f62d12ef0ad9715c8)
+- [Dev Deps] update `@ljharb/eslint-config`, `@ljharb/tsconfig`, `auto-changelog`, `eslint`, `npmignore` [`41e3d94`](https://github.com/es-shims/es-object-atoms/commit/41e3d94f6b49237fa490ec598e068f170c8b161e)
+- [types] improve `isObject` type [`758edc2`](https://github.com/es-shims/es-object-atoms/commit/758edc2280fa6993a294a55957a43cee5951bf51)
 
-## [v1.1.0](https://github.com/ljharb/es-object-atoms/compare/v1.0.1...v1.1.0) - 2025-01-14
+## [v1.1.1](https://github.com/es-shims/es-object-atoms/compare/v1.1.0...v1.1.1) - 2025-01-14
 
 ### Commits
 
-- [New] add `isObject` [`51e4042`](https://github.com/ljharb/es-object-atoms/commit/51e4042df722eb3165f40dc5f4bf33d0197ecb07)
+- [types] `ToObject`: improve types [`cfe8c8a`](https://github.com/es-shims/es-object-atoms/commit/cfe8c8a105c44820cb22e26f62d12ef0ad9715c8)
 
-## [v1.0.1](https://github.com/ljharb/es-object-atoms/compare/v1.0.0...v1.0.1) - 2025-01-13
+## [v1.1.0](https://github.com/es-shims/es-object-atoms/compare/v1.0.1...v1.1.0) - 2025-01-14
 
 ### Commits
 
-- [Dev Deps] update `@ljharb/eslint-config`, `@ljharb/tsconfig`, `@types/tape`, `auto-changelog`, `tape` [`38ab9eb`](https://github.com/ljharb/es-object-atoms/commit/38ab9eb00b62c2f4668644f5e513d9b414ebd595)
-- [types] improve types [`7d1beb8`](https://github.com/ljharb/es-object-atoms/commit/7d1beb887958b78b6a728a210a1c8370ab7e2aa1)
-- [Tests] replace `aud` with `npm audit` [`25863ba`](https://github.com/ljharb/es-object-atoms/commit/25863baf99178f1d1ad33d1120498db28631907e)
-- [Dev Deps] add missing peer dep [`c012309`](https://github.com/ljharb/es-object-atoms/commit/c0123091287e6132d6f4240496340c427433df28)
+- [New] add `isObject` [`51e4042`](https://github.com/es-shims/es-object-atoms/commit/51e4042df722eb3165f40dc5f4bf33d0197ecb07)
+
+## [v1.0.1](https://github.com/es-shims/es-object-atoms/compare/v1.0.0...v1.0.1) - 2025-01-13
+
+### Commits
+
+- [Dev Deps] update `@ljharb/eslint-config`, `@ljharb/tsconfig`, `@types/tape`, `auto-changelog`, `tape` [`38ab9eb`](https://github.com/es-shims/es-object-atoms/commit/38ab9eb00b62c2f4668644f5e513d9b414ebd595)
+- [types] improve types [`7d1beb8`](https://github.com/es-shims/es-object-atoms/commit/7d1beb887958b78b6a728a210a1c8370ab7e2aa1)
+- [Tests] replace `aud` with `npm audit` [`25863ba`](https://github.com/es-shims/es-object-atoms/commit/25863baf99178f1d1ad33d1120498db28631907e)
+- [Dev Deps] add missing peer dep [`c012309`](https://github.com/es-shims/es-object-atoms/commit/c0123091287e6132d6f4240496340c427433df28)
 
 ## v1.0.0 - 2024-03-16
 
 ### Commits
 
-- Initial implementation, tests, readme, types [`f1499db`](https://github.com/ljharb/es-object-atoms/commit/f1499db7d3e1741e64979c61d645ab3137705e82)
-- Initial commit [`99eedc7`](https://github.com/ljharb/es-object-atoms/commit/99eedc7b5fde38a50a28d3c8b724706e3e4c5f6a)
-- [meta] rename repo [`fc851fa`](https://github.com/ljharb/es-object-atoms/commit/fc851fa70616d2d182aaf0bd02c2ed7084dea8fa)
-- npm init [`b909377`](https://github.com/ljharb/es-object-atoms/commit/b909377c50049bd0ec575562d20b0f9ebae8947f)
-- Only apps should have lockfiles [`7249edd`](https://github.com/ljharb/es-object-atoms/commit/7249edd2178c1b9ddfc66ffcc6d07fdf0d28efc1)
+- Initial implementation, tests, readme, types [`f1499db`](https://github.com/es-shims/es-object-atoms/commit/f1499db7d3e1741e64979c61d645ab3137705e82)
+- Initial commit [`99eedc7`](https://github.com/es-shims/es-object-atoms/commit/99eedc7b5fde38a50a28d3c8b724706e3e4c5f6a)
+- [meta] rename repo [`fc851fa`](https://github.com/es-shims/es-object-atoms/commit/fc851fa70616d2d182aaf0bd02c2ed7084dea8fa)
+- npm init [`b909377`](https://github.com/es-shims/es-object-atoms/commit/b909377c50049bd0ec575562d20b0f9ebae8947f)
+- Only apps should have lockfiles [`7249edd`](https://github.com/es-shims/es-object-atoms/commit/7249edd2178c1b9ddfc66ffcc6d07fdf0d28efc1)

package/node_modules/es-object-atoms/isObject.d.ts

@@ -1,3 +1,3 @@
-declare function isObject(x: unknown): x is object;
+declare function isObject<T>(x: T): x is T & object & Record<PropertyKey, unknown>;
 
 export = isObject;

package/node_modules/es-object-atoms/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "es-object-atoms",
-	"version": "1.1.1",
+	"version": "1.1.2",
 	"description": "ES Object-related atoms: Object, ToObject, RequireObjectCoercible",
 	"main": "index.js",
 	"exports": {
@@ -46,16 +46,15 @@
 		"es-errors": "^1.3.0"
 	},
 	"devDependencies": {
-		"@ljharb/eslint-config": "^21.1.1",
-		"@ljharb/tsconfig": "^0.2.3",
+		"@ljharb/eslint-config": "^22.2.3",
+		"@ljharb/tsconfig": "^0.3.2",
 		"@types/tape": "^5.8.1",
-		"auto-changelog": "^2.5.0",
+		"auto-changelog": "^2.5.1",
 		"eclint": "^2.8.1",
-		"encoding": "^0.1.13",
-		"eslint": "^8.8.0",
+		"eslint": "^8.57.1",
 		"evalmd": "^0.0.19",
 		"in-publish": "^2.0.1",
-		"npmignore": "^0.3.1",
+		"npmignore": "^0.3.5",
 		"nyc": "^10.3.2",
 		"safe-publish-latest": "^2.0.0",
 		"tape": "^5.9.0",

package/node_modules/es-object-atoms/tsconfig.json

@@ -2,5 +2,6 @@
 	"extends": "@ljharb/tsconfig",
 	"compilerOptions": {
 		"target": "es5",
+		"ignoreDeprecations": "6.0",
 	},
 }

package/node_modules/express/History.md

@@ -1,7 +1,16 @@
+4.22.2 / 2026-05-011
+==========
+
+* fix: restore >20 array parsing for `req.query` repeated keys ([`8d09bfe6`](https://github.com/expressjs/express/commit/8d09bfe6d88983da5c3e12cfdd54782c4dc675db))
+  * This also unifies array-cap behavior across notations. Indexed notation (`a[0]=...`) was historically capped at qs's default `arrayLimit` of 20 even in older qs versions; after this change it also allows up to 1000 items.
+* deps: qs@~6.15.1
+* deps: body-parser@~1.20.5
+
 4.22.1 / 2025-12-01
 ==========
 
   * Revert security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))
+    * The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.
 
 4.22.0 / 2025-12-01
 ==========

package/node_modules/express/lib/utils.js

@@ -287,7 +287,8 @@ function createETagGenerator (options) {
 
 function parseExtendedQueryString(str) {
   return qs.parse(str, {
-    allowPrototypes: true
+    allowPrototypes: true,
+    arrayLimit: 1000
   });
 }
 

package/node_modules/express/package.json

@@ -1,7 +1,7 @@
 {
   "name": "express",
   "description": "Fast, unopinionated, minimalist web framework",
-  "version": "4.22.1",
+  "version": "4.22.2",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
   "contributors": [
     "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
@@ -34,7 +34,7 @@
   "dependencies": {
     "accepts": "~1.3.8",
     "array-flatten": "1.1.1",
-    "body-parser": "~1.20.3",
+    "body-parser": "~1.20.5",
     "content-disposition": "~0.5.4",
     "content-type": "~1.0.4",
     "cookie": "~0.7.1",
@@ -53,7 +53,7 @@
     "parseurl": "~1.3.3",
     "path-to-regexp": "~0.1.12",
     "proxy-addr": "~2.0.7",
-    "qs": "~6.14.0",
+    "qs": "~6.15.1",
     "range-parser": "~1.2.1",
     "safe-buffer": "5.2.1",
     "send": "~0.19.0",

package/node_modules/qs/CHANGELOG.md

@@ -1,3 +1,23 @@
+## **6.15.2**
+- [Fix] `stringify`: skip null/undefined entries in `arrayFormat: 'comma'` + `encodeValuesOnly` instead of crashing in `encoder`
+- [Fix] `stringify`: use configured `delimiter` after `charsetSentinel` (#555)
+- [Fix] `stringify`: apply `formatter` to encoded key under `strictNullHandling` (#554)
+- [Fix] `stringify`: skip null/undefined filter-array entries instead of crashing in `encoder` (#551)
+- [Fix] `parse`: handle nested bracket groups and add regression tests (#530)
+- [readme] fix grammar (#550)
+- [Dev Deps] update `@ljharb/eslint-config`
+- [Tests] add regression tests for keys containing percent-encoded bracket text
+
+## **6.15.1**
+- [Fix] `parse`: `parameterLimit: Infinity` with `throwOnLimitExceeded: true` silently drops all parameters
+- [Deps] update `@ljharb/eslint-config`
+- [Dev Deps] update `@ljharb/eslint-config`, `iconv-lite`
+- [Tests] increase coverage
+
+## **6.15.0**
+- [New] `parse`: add `strictMerge` option to wrap object/primitive conflicts in an array (#425, #122)
+- [Fix] `duplicates` option should not apply to bracket notation keys (#514)
+
 ## **6.14.2**
 - [Fix] `parse`: mark overflow objects for indexed notation exceeding `arrayLimit` (#546)
 - [Fix] `arrayLimit` means max count, not max index, in `combine`/`merge`/`parseArrayValue`
@@ -30,6 +50,17 @@
 - [Dev Deps] update `es-value-fixtures`, `has-bigints`, `has-proto`, `has-symbols`
 - [Tests] increase coverage
 
+## **6.13.3**
+[Fix] fix regressions from robustness refactor
+[actions] update reusable workflows
+
+## **6.13.2**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.13.1**
 - [Fix] `stringify`: avoid a crash when a `filter` key is `null`
 - [Fix] `utils.merge`: functions should not be stringified into keys
@@ -46,6 +77,17 @@
 - [New] `parse`: add `strictDepth` option (#511)
 - [Tests] use `npm audit` instead of `aud`
 
+## **6.12.5**
+- [Fix] fix regressions from robustness refactor
+- [actions] update reusable workflows
+
+## **6.12.4**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.12.3**
 - [Fix] `parse`: properly account for `strictNullHandling` when `allowEmptyArrays`
 - [meta] fix changelog indentation
@@ -83,6 +125,17 @@
 - [Dev Deps] pin `glob`, since v10.3.8+ requires a broken `jackspeak`
 - [Dev Deps] pin `jackspeak` since 2.1.2+ depends on npm aliases, which kill the install process in npm < 6
 
+## **6.11.4**
+- [Fix] fix regressions from robustness refactor
+- [actions] update reusable workflows
+
+## **6.11.3**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.11.2**
 - [Fix] `parse`: Fix parsing when the global Object prototype is frozen (#473)
 - [Tests] add passing test cases with empty keys (#473)
@@ -100,6 +153,17 @@
 - [New] [Fix] `stringify`: revert 0e903c0; add `commaRoundTrip` option (#442)
 - [readme] fix version badge
 
+## **6.10.7**
+- [Fix] fix regressions from robustness refactor
+- [actions] update reusable workflows
+
+## **6.10.6**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.10.5**
 - [Fix] `stringify`: with `arrayFormat: comma`, properly include an explicit `[]` on a single-item array (#434)
 
@@ -137,6 +201,18 @@
 - [Tests] use `ljharb/actions/node/install` instead of `ljharb/actions/node/run`
 - [Tests] Revert "[meta] ignore eclint transitive audit warning"
 
+## **6.9.9**
+- [Fix] fix regressions from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.9.8**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.9.7**
 - [Fix] `parse`: ignore `__proto__` keys (#428)
 - [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
@@ -197,6 +273,18 @@
 - [Tests] up to `node` `v12.10`, `v11.15`, `v10.16`, `v8.16`
 - [Tests] `Buffer.from` in node v5.0-v5.9 and v4.0-v4.4 requires a TypedArray
 
+## **6.8.5**
+- [Fix] fix regressions from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.8.4**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.8.3**
 - [Fix] `parse`: ignore `__proto__` keys (#428)
 - [Robustness] `stringify`: avoid relying on a global `undefined` (#427)
@@ -241,6 +329,18 @@
 - [meta] add FUNDING.yml
 - [meta] Clean up license text so it’s properly detected as BSD-3-Clause
 
+## **6.7.5**
+- [Fix] fix regressions from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.7.4**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.7.3**
 - [Fix] `parse`: ignore `__proto__` keys (#428)
 - [Fix] `stringify`: avoid encoding arrayformat comma when `encodeValuesOnly = true` (#424)
@@ -292,6 +392,18 @@
 - [Tests] fix Buffer tests to work in node < 4.5 and node < 5.10
 - [Tests] temporarily allow coverage to fail
 
+## **6.6.3**
+- [Fix] fix regressions from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.6.2**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.6.1**
 - [Fix] `parse`: ignore `__proto__` keys (#428)
 - [Fix] fix for an impossible situation: when the formatter is called with a non-string value
@@ -334,6 +446,18 @@
 - [Dev Deps] update `browserify`, `eslint`, `@ljharb/eslint-config`, `iconv-lite`, `safe-publish-latest`, `tape`
 - [Tests] up to `node` `v10.10`, `v9.11`, `v8.12`, `v6.14`, `v4.9`; pin included builds to LTS
 
+## **6.5.5**
+- [Fix] fix regressions from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.5.4**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] document that `addQueryPrefix` does not add `?` to empty output (#418)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.5.3**
 - [Fix] `parse`: ignore `__proto__` keys (#428)
 - [Fix] `utils.merge`: avoid a crash with a null target and a truthy non-array source
@@ -384,6 +508,18 @@
 - [Tests] up to `node` `v8.1`, `v7.10`, `v6.11`; npm v4.6 breaks on node < v1; npm v5+ breaks on node < v4
 - [Tests] add `editorconfig-tools`
 
+## **6.4.3**
+- [Fix] fix regressions from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.4.2**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] replace runkit CI badge with shields.io check-runs badge
+- [readme] replace travis CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.4.1**
 - [Fix] `parse`: ignore `__proto__` keys (#428)
 - [Fix] fix for an impossible situation: when the formatter is called with a non-string value
@@ -414,6 +550,17 @@
 - [Tests] up to `node` `v7.7`, `v6.10`,` v4.8`; disable osx builds since they block linux builds
 - [eslint] reduce warnings
 
+## **6.3.5**
+- [Fix] fix regressions from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.3.4**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] replace travis CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.3.3**
 - [Fix] `parse`: ignore `__proto__` keys (#428)
 - [Fix] fix for an impossible situation: when the formatter is called with a non-string value
@@ -467,6 +614,17 @@
 - [Tests] skip Object.create tests when null objects are not available
 - [Tests] Turn on eslint for test files (#175)
 
+## **6.2.6**
+- [Fix] fix regression from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.2.5**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] replace travis CI badge with shields.io check-runs badge
+- [actions] fix rebase workflow permissions
+
 ## **6.2.4**
 - [Fix] `parse`: ignore `__proto__` keys (#428)
 - [Fix] `utils.merge`: avoid a crash with a null target and an array source
@@ -505,6 +663,16 @@
 - [New] add "encoder" and "decoder" options, for custom param encoding/decoding (#160)
 - [Fix] fix compacting of nested sparse arrays (#150)
 
+## **6.1.4**
+- [Fix] fix regression from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.1.3**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] replace travis CI badge with shields.io check-runs badge
+
 ## **6.1.2**
 - [Fix] follow `allowPrototypes` option during merge (#201, #200)
 - [Fix] chmod a-x
@@ -519,6 +687,16 @@
 - [Fix] "sort" option should work at a depth of 3 or more (#151)
 - [Fix] Restore `dist` directory; will be removed in v7 (#148)
 
+## **6.0.6**
+- [Fix] fix regression from robustness refactor
+- [meta] add `npmignore` to autogenerate an npmignore file
+- [actions] update reusable workflows
+
+## **6.0.5**
+- [Robustness] avoid `.push`, use `void`
+- [readme] clarify `parseArrays` and `arrayLimit` documentation (#543)
+- [readme] replace travis CI badge with shields.io check-runs badge
+
 ## **6.0.4**
 - [Fix] follow `allowPrototypes` option during merge (#201, #200)
 - [Fix] chmod a-x

package/node_modules/qs/README.md

@@ -183,7 +183,7 @@ var withDots = qs.parse('name%252Eobj.first=John&name%252Eobj.last=Doe', { decod
 assert.deepEqual(withDots, { 'name.obj': { first: 'John', last: 'Doe' }});
 ```
 
-Option `allowEmptyArrays` can be used to allowing empty array values in object
+Option `allowEmptyArrays` can be used to allow empty array values in an object
 ```javascript
 var withEmptyArrays = qs.parse('foo[]&bar=baz', { allowEmptyArrays: true });
 assert.deepEqual(withEmptyArrays, { foo: [], bar: 'baz' });
@@ -197,6 +197,11 @@ assert.deepEqual(qs.parse('foo=bar&foo=baz', { duplicates: 'first' }), { foo: 'b
 assert.deepEqual(qs.parse('foo=bar&foo=baz', { duplicates: 'last' }), { foo: 'baz' });
 ```
 
+Note that keys with bracket notation (`[]`) always combine into arrays, regardless of the `duplicates` setting:
+```javascript
+assert.deepEqual(qs.parse('a=1&a=2&b[]=1&b[]=2', { duplicates: 'last' }), { a: '2', b: ['1', '2'] });
+```
+
 If you have to deal with legacy browsers or services, there's also support for decoding percent-encoded octets as iso-8859-1:
 
 ```javascript
@@ -325,6 +330,19 @@ var mixedNotation = qs.parse('a[0]=b&a[b]=c');
 assert.deepEqual(mixedNotation, { a: { '0': 'b', b: 'c' } });
 ```
 
+When a key appears as both a plain value and an object, **qs** will by default wrap the conflicting values in an array (`strictMerge` defaults to `true`):
+
+```javascript
+assert.deepEqual(qs.parse('a[b]=c&a=d'), { a: [{ b: 'c' }, 'd'] });
+assert.deepEqual(qs.parse('a=d&a[b]=c'), { a: ['d', { b: 'c' }] });
+```
+
+To restore the legacy behavior (where the primitive is used as a key with value `true`), set `strictMerge` to `false`:
+
+```javascript
+assert.deepEqual(qs.parse('a[b]=c&a=d', { strictMerge: false }), { a: { b: 'c', d: true } });
+```
+
 You can also create arrays of objects:
 
 ```javascript