fix(deps): update version lib qs

package.json

@@ -52,7 +52,7 @@
     "once": "^1.4.0",
     "parseurl": "^1.3.3",
     "proxy-addr": "^2.0.7",
-    "qs": "^6.14.0",
+    "qs": "^6.14.1",
     "range-parser": "^1.2.1",
     "router": "^2.2.0",
     "send": "^1.1.0",

test/req.query.js

@@ -3,6 +3,7 @@
 var assert = require('node:assert')
 var express = require('../')
   , request = require('supertest');
+var qs = require('qs');
 
 describe('req', function(){
   describe('.query', function(){
@@ -88,6 +89,42 @@ describe('req', function(){
           /unknown value.*query parser/)
       });
     });
+
+    describe('when "query parser" enforces arrayLimit on bracket notation', function () {
+      it('should returns 500 when throwOnLimitExceeded is enabled and limit is surpassed', function (done) {
+        var app = createApp(
+          function (str) {
+            return qs.parse(str, { allowPrototypes: true, arrayLimit: 2, throwOnLimitExceeded: true } );
+          }
+        );
+
+        request(app)
+          .get('/?a[]=1&a[]=2&a[]=3')
+          .expect(function (res) {
+            if (Array.isArray(res.body.a) && res.body.a.length > 2) {
+              throw new Error('arrayLimit ignored for bracket notation');
+            }
+          })
+          .expect(500, done);
+      });
+
+      it('allows arrays up to the arrayLimit without error', function (done) {
+        var app = createApp(
+          function (str) {
+            return qs.parse(str, { allowPrototypes: true, arrayLimit: 2 } );
+          }
+        );
+
+        request(app)
+          .get('/?a[]=1&a[]=2&a[]=3')
+          .expect(function (res) {
+            if (Array.isArray(res.body.a) && res.body.a.length > 2) {
+              throw new Error('arrayLimit ignored for bracket notation');
+            }
+          })
+          .expect(200, done);
+      });
+    });
   })
 })