fix(deps): update dependency superagent to v3.7.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
superagent	3.5.1 -> 3.7.0

GitHub Vulnerability Alerts

CVE-2017-16129

Affected versions of superagent do not check the post-decompression size of ZIP compressed HTTP responses prior to decompressing. This results in the package being vulnerable to a ZIP bomb attack, where an extremely small ZIP file becomes many orders of magnitude larger when decompressed.

This may result in unrestrained CPU/Memory/Disk consumption, causing a denial of service condition.

Recommendation

Update to version 3.7.0 or later.

---

Release Notes

ladjs/superagent (superagent)

v3.7.0

Compare Source

• Limit maximum response size. Prevents zip bombs (Kornel)
• Catch and pass along errors in .ok() callback (Jeremy Ruppel)
• Fixed parsing of XHR headers without a newline (nsf)

v3.6.3

Compare Source

v3.6.2

Compare Source

• Upgrade MIME type dependency to a newer, secure version
• Recognize PDF MIME as binary
• Fix for error in subsequent require() calls (Steven de Salas)

v3.6.1

Compare Source

v3.6.0

Compare Source

• Support disabling TCP_NODELAY option (#​1240) (xiamengyu)
• Send payload in query string for GET and HEAD shorthand API (Peter Lyons)
• Support passphrase with pfx certificate (Paul Westerdale (ABRS Limited))
• Documentation improvements (Peter Lyons)
• Fixed duplicated query string params (#​1200) (Kornel)

v3.5.2

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit