[Snyk] Upgrade body-parser from 1.9.0 to 1.20.3

[devopscast]

Snyk has created this PR to upgrade body-parser from 1.9.0 to 1.20.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 38 versions ahead of your current version.
• The recommended version was released a month ago, on 2024-09-09.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	624/1000 Why? Has a fix available, CVSS 8.2	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: body-parser

• 1.20.3 - 2024-09-09
  

  What's Changed

  Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

  Other changes

  • chore: add support for OSSF scorecard reporting by @ inigomarquinez in #522
  • ci: fix errors in ci github action for node 8 and 9 by @ inigomarquinez in #523
  • fix: pin to node@22.4.1 by @ wesleytodd in #527
  • deps: qs@6.12.3 by @ melikhov-dev in #521
  • Add OSSF Scorecard badge by @ bjohansebas in #531
  • Linter by @ UlisesGascon in #534
  • Release: 1.20.3 by @ UlisesGascon in #535

  New Contributors

  • @ inigomarquinez made their first contribution in #522
  • @ melikhov-dev made their first contribution in #521
  • @ bjohansebas made their first contribution in #531
  • @ UlisesGascon made their first contribution in #534

  Full Changelog: 1.20.2...1.20.3

• 1.20.2 - 2023-02-22
  
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2
• 1.20.1 - 2022-10-06
  
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• 1.20.0 - 2022-04-03
  
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@2.0.0
    • deps: depd@2.0.0
    • deps: statuses@2.0.1
  • deps: on-finished@2.4.1
  • deps: qs@6.10.3
  • deps: raw-body@2.5.1
    • deps: http-errors@2.0.0
• 1.19.2 - 2022-02-16
  
  • deps: bytes@3.1.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • deps: raw-body@2.4.3
    • deps: bytes@3.1.2
• 1.19.1 - 2021-12-10
  
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
    • deps: inherits@2.0.4
    • deps: toidentifier@1.0.1
    • deps: setprototypeof@1.2.0
  • deps: qs@6.9.6
  • deps: raw-body@2.4.2
    • deps: bytes@3.1.1
    • deps: http-errors@1.8.1
  • deps: safe-buffer@5.2.1
  • deps: type-is@~1.6.18
• 1.19.0 - 2019-04-26
• 1.18.3 - 2018-05-14
• 1.18.2 - 2017-09-22
• 1.18.1 - 2017-09-12
• 1.18.0 - 2017-09-09
• 1.17.2 - 2017-05-18
• 1.17.1 - 2017-03-06
• 1.17.0 - 2017-03-01
• 1.16.1 - 2017-02-11
• 1.16.0 - 2017-01-18
• 1.15.2 - 2016-06-20
• 1.15.1 - 2016-05-06
• 1.15.0 - 2016-02-11
• 1.14.2 - 2015-12-16
• 1.14.1 - 2015-09-28
• 1.14.0 - 2015-09-16
• 1.13.3 - 2015-07-31
• 1.13.2 - 2015-07-06
• 1.13.1 - 2015-06-16
• 1.13.0 - 2015-06-15
• 1.12.4 - 2015-05-11
• 1.12.3 - 2015-04-16
• 1.12.2 - 2015-03-17
• 1.12.1 - 2015-03-16
• 1.12.0 - 2015-02-14
• 1.11.0 - 2015-01-31
• 1.10.2 - 2015-01-21
• 1.10.1 - 2015-01-02
• 1.10.0 - 2014-12-03
• 1.9.3 - 2014-11-22
• 1.9.2 - 2014-10-28
• 1.9.1 - 2014-10-23
• 1.9.0 - 2014-09-24

from body-parser GitHub release notes

Commit messages

Package name: body-parser

• 1752951 1.20.3
• 39744cf chore: linter ([Snyk] Fix for 36 vulnerable dependencies snyk-labs/nodejs-goof#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme ([Snyk] Fix for 1 vulnerable dependencies snyk-labs/nodejs-goof#531)
• 99a1bd6 deps: qs@6.12.3 ([Snyk] Fix for 1 vulnerable dependencies snyk-labs/nodejs-goof#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 ([Snyk] Fix for 1 vulnerable dependencies snyk-labs/nodejs-goof#523)
• 9d4e212 chore: add support for OSSF scorecard reporting ([Snyk] Fix for 1 vulnerable dependencies snyk-labs/nodejs-goof#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• 0385872 deps: raw-body@2.5.2
• 2c35b41 build: eslint@8.34.0
• f0646c2 build: Node.js@18.14
• f345fb1 build: Node.js@14.21
• 6842efc deps: content-type@~1.0.5
• 5af7315 build: eslint-plugin-promise@6.1.1
• 8e605b3 build: supertest@6.3.3
• cba6e77 build: mocha@10.2.0
• 6a464ab build: eslint-plugin-import@2.27.5
• 7ebf276 build: eslint@8.32.0
• 69bb649 build: Node.js@16.19
• 8ff995f docs: switch badges to badgen
• 850832f build: Node.js@18.13
• dad8f34 build: actions/download-artifact@v3

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs