Replace useragent with useragent-ng and #13341

This should mitigate potential ReDoS vulnerability.

packages/webapp/package.js

@@ -13,13 +13,13 @@ Npm.depends({
   send: "1.1.0",
   "stream-to-string": "1.2.1",
   qs: "6.13.0",
-  useragent: "2.3.0",
+  "useragent-ng": "2.4.3",
   "@types/connect": "3.4.38",
 });
 
 Npm.strip({
   multiparty: ["test/"],
-  useragent: ["test/"],
+  "useragent-ng": ["test/"],
 });
 
 // whitelist plugin is now included in the core

packages/webapp/webapp_server.js

@@ -10,7 +10,7 @@ import compress from 'compression';
 import cookieParser from 'cookie-parser';
 import qs from 'qs';
 import parseRequest from 'parseurl';
-import { lookup as lookupUserAgent } from 'useragent';
+import { lookup as lookupUserAgent } from 'useragent-ng';
 import { isModern } from 'meteor/modern-browsers';
 import send from 'send';
 import {
@@ -123,7 +123,7 @@ var camelCase = function(name) {
 };
 
 var identifyBrowser = function(userAgentString) {
-  var userAgent = lookupUserAgent(userAgentString);
+  var userAgent = lookupUserAgent(userAgentString.substring(0, 150));
   return {
     name: camelCase(userAgent.family),
     major: +userAgent.major,