[Snyk] Upgrade body-parser from 1.19.2 to 2.2.1

[snyk-io]

Snyk has created this PR to upgrade body-parser from 1.19.2 to 2.2.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	172	No Known Exploit

Release notes

Package name: body-parser

• 2.2.1 - 2025-11-24
  

  Important: Security

  • Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

  What's Changed

  • ci: add dependabot by @ Phillip9587 in #593
  • ci: use full SHAs for github action versions by @ Phillip9587 in #594
  • deps: type-is@^2.0.1 by @ Phillip9587 in #599
  • build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @ dependabot[bot] in #609
  • build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @ dependabot[bot] in #610
  • build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @ dependabot[bot] in #611
  • build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @ dependabot[bot] in #613
  • build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @ dependabot[bot] in #612
  • ci: add codeql github workflows scanning by @ Phillip9587 in #614
  • ci: update CodeQL config to ignore the test directory by @ Phillip9587 in #615
  • build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @ dependabot[bot] in #620
  • build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @ dependabot[bot] in #619
  • chore(deps): unpin devDependencies by @ Phillip9587 in #616
  • ci: add node.js 24 to test matrix by @ Phillip9587 in #621
  • build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @ dependabot[bot] in #623
  • build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @ dependabot[bot] in #624
  • chore: add funding to package.json by @ Phillip9587 in #617
  • build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @ dependabot[bot] in #625
  • build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @ dependabot[bot] in #630
  • refactor: move common request validation to read function by @ Phillip9587 in #600
  • deps: bump iconv-lite by @ bjohansebas in #631
  • doc: pull beta changelog forward into 2.0.0 by @ jonchurch in #629
  • refactor: optimize raw and text parsers with shared passthrough function by @ Phillip9587 in #634
  • build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @ dependabot[bot] in #640
  • build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @ dependabot[bot] in #639
  • build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @ dependabot[bot] in #636
  • build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @ dependabot[bot] in #637
  • build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @ dependabot[bot] in #638
  • deps: raw-body@^3.0.1 by @ Phillip9587 in #641
  • deps: debug@^4.4.3 by @ Phillip9587 in #642
  • docs: add iconv-lite 0.7.0 changes to history entry by @ Phillip9587 in #645
  • ci: add node.js 25 to test matrix by @ Phillip9587 in #650
  • perf: move read options outside parser middlewares by @ Phillip9587 in #648
  • test(json): add RFC 7159 whitespace edge cases by @ Ayoub-Mabrouk in #653
  • test: add test for urlencoded invalid defaultCharset by @ Phillip9587 in #643
  • build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @ dependabot[bot] in #657
  • build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @ dependabot[bot] in #656
  • build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @ dependabot[bot] in #655
  • build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @ dependabot[bot] in #654
  • ci: also test on first supported node.js version by @ Phillip9587 in #646
  • chore: switch badges from badgen.net to shields.io by @ Phillip9587 in #661
  • Remove history.md from being packaged on publish by @ bjohansebas in #660
  • Release: 2.2.1 by @ UlisesGascon in #659

  New Contributors

  • @ dependabot[bot] made their first contribution in #609
  • @ jonchurch made their first contribution in #629
  • @ Ayoub-Mabrouk made their first contribution in #653

  Full Changelog: v2.2.0...v2.2.1

• 2.2.0 - 2025-03-27
  

  What's Changed

  • test: remove --bail from test script by @ Phillip9587 in #583
  • ci: separate lint step by @ Phillip9587 in #582
  • fix: remove skip of test by @ bjohansebas in #589
  • ci: use lcovonly reporter for the test-ci script by @ Phillip9587 in #584
  • docs: remove security file by @ bjohansebas in #590
  • fix(docs): replace var with let or const in ReadMe by @ Binilkks in #581
  • chore: update test dependencies by @ Phillip9587 in #585
  • dep: upgrade iconv-lite to ^0.6.3 by @ aqeelat in #588
  • Refactor parameterCount to optimize performance by @ wojtekmaj in #591
  • refactor: normalize common options for all parsers by @ Phillip9587 in #551
  • refactor: cleanup parser options by @ Phillip9587 in #596
  • Release 2.2.0 by @ UlisesGascon in #597

  New Contributors

  • @ Binilkks made their first contribution in #581
  • @ aqeelat made their first contribution in #588
  • @ wojtekmaj made their first contribution in #591

  Full Changelog: v2.1.0...v2.2.0

• 2.1.0 - 2025-02-10
  

  What's Changed

  • fix: update package.json engines field to reflect minimum supported node version by @ Phillip9587 in #541
  • fix: remove brotli support check by @ Phillip9587 in #542
  • fix: remove unpipe package and use native unpipe method by @ Phillip9587 in #543
  • Remove unused devDependency methods by @ Phillip9587 in #548
  • ci: updated github actions ci workflow by @ Phillip9587 in #546
  • Remove devDependency safe-buffer by @ Phillip9587 in #547
  • test: remove AsyncLocalStorage check by @ Phillip9587 in #549
  • perf: use the node require cache instead of custom caching by @ Phillip9587 in #562
  • ci: disable fail-fast in CI workflow by @ Phillip9587 in #565
  • chore(deps): update type-is to v2.0.0 by @ Phillip9587 in #571
  • refactor: prefix built-in node module imports by @ Phillip9587 in #573
  • fix: remove obsolete dependency destroy by @ Phillip9587 in #570
  • cleanup: remove obsolete test env file by @ Phillip9587 in #569
  • Refactor decompression stream creation to remove code duplication by @ Phillip9587 in #564
  • Add caret for body-parser dependencies by @ wesleytodd in #577
  • ci: add CodeQL (SAST) by @ bjohansebas in #559
  • chore(deps): update debug to ^4.4.0 by @ Phillip9587 in #579
  • Release v2.1.0 by @ wesleytodd in #578

  Full Changelog: 2.0.1...v2.1.0

• 2.0.2 - 2024-10-31
  

  What's Changed

  • fix: update package.json engines field to reflect minimum supported node version by @ Phillip9587 in #541
  • fix: remove brotli support check by @ Phillip9587 in #542
  • fix: remove unpipe package and use native unpipe method by @ Phillip9587 in #543
  • Remove unused devDependency methods by @ Phillip9587 in #548
  • ci: updated github actions ci workflow by @ Phillip9587 in #546

  New Contributors

  • @ Phillip9587 made their first contribution in #541

  Full Changelog: 2.0.1...2.0.2

• 2.0.1 - 2024-09-10
  

  What's Changed

  • Fix defaulting to extended url parsing by @ blakeembrey in #536
  • Release: 2.0.1 by @ UlisesGascon in #537

  New Contributors

  • @ blakeembrey made their first contribution in #536

  Full Changelog: 2.0.0...2.0.1

• 2.0.0 - 2024-09-10
  

  What's Changed

  Important

  • add brotli support #406
  • Breaking Change: Node.js 18 is the minimum supported version

  Details

  • chore: add support for OSSF scorecard reporting by @ inigomarquinez in #522
  • ci: fix errors in ci github action for node 8 and 9 by

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.