[Security] Bump mime from 1.3.4 to 1.6.0

[dependabot-preview]

Bumps mime from 1.3.4 to 1.6.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects mime
The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Affected versions: < 1.4.1

Release notes

Sourced from mime's releases.

v1.4.1

• Fix RegEx DoS issue

v1.4.0

• [closed] support for ac3 voc files #159
• [closed] Help understanding change from application/xml to text/xml #158
• [closed] no longer able to override mimetype #157
• [closed] application/vnd.adobe.photoshop #147
• [closed] Directories should appear as something other than application/octet-stream #135
• [closed] requested features #131
• [closed] Make types.json loading optional? #129
• [closed] Cannot find module './types.json' #120
• [V2] .wav files show up as "audio/x-wav" instead of "audio/x-wave" #118
• [closed] Don't be a pain in the ass for node community #108
• [closed] don't make default_type global #78
• [closed] mime.extension() fails if the content-type is parameterized #74

Changelog

Sourced from mime's changelog.

v1.6.0 (24/11/2017)

No changelog for this release.

---

v2.0.4 (24/11/2017)

• [closed] Switch to mime-score module for resolving extension contention issues. #182
• [closed] Update mime-db to 1.31.0 in v1.x branch #181

---

v1.5.0 (22/11/2017)

• [closed] need ES5 version ready in npm package #179
• [closed] mime-db no trace of iWork - pages / numbers / etc. #178
• [closed] How it works in brownser ? #176
• [closed] Missing ./Mime #175
• [closed] Vulnerable Regular Expression #167

---

v2.0.3 (25/09/2017)

No changelog for this release.

---

v1.4.1 (25/09/2017)

• [closed] Issue when bundling with webpack #172

---

v2.0.2 (15/09/2017)

• [V2] fs.readFileSync is not a function #165
• [closed] The extension for video/quicktime should map to .mov, not .qt #164
• [V2] [v2 Feedback request] Mime class API #163
• [V2] [v2 Feedback request] Resolving conflicts over extensions #162
• [V2] Allow callers to load module with official, full, or no defined types. #161
• [V2] Use "facets" to resolve extension conflicts #160
• [V2] Remove fs and path dependencies #152
• [V2] Default content-type should not be application/octet-stream #139
• [V2] reset mime-types #124
• [V2] Extensionless paths should return null or false #113

---

v2.0.1 (14/09/2017)

• [closed] Changelog for v2.0 does not mention breaking changes #171
• [closed] MIME breaking with 'class' declaration as it is without 'use strict mode' #170

---

... (truncated)

Commits

• 87b396e 1.6.0
• 4db5125 changelog
• 3668c6b Use mime-score module to resolve extension conflicts. Fixes #183
• 949b451 1.5.0
• 85672d3 application/font-woff -> font/woff
• 1f6281d chmod cli.js
• c0853d2 update to [email protected]
• 3004636 Generate CHANGELOG.md via github-release-notes
• eb24bae 1.4.1
• 855d0c4 Fix #167
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)