[Snyk] Upgrade body-parser from 1.20.1 to 1.20.4

[nejidevelops]

Snyk has created this PR to upgrade body-parser from 1.20.1 to 1.20.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: body-parser

• 1.20.4 - 2025-12-01
  

  What's Changed

  • Remove redundant depth check by @ blakeembrey in #538
  • ci: add support for Node.js v23 by @ Phillip9587 in #553
  • ci: restore CI for 1.x branch by @ bjohansebas in #665
  • deps: qs@^6.14.0 by @ bjohansebas in #664
  • deps: use tilde notation and update certain dependencies by @ Phillip9587 in #668
  • chore: remove SECURITY.md by @ Phillip9587 in #669
  • ci: add CodeQL (SAST) by @ Phillip9587 in #670
  • Release: 1.20.4 by @ UlisesGascon in #672

  Full Changelog: 1.20.3...1.20.4

• 1.20.3 - 2024-09-09
  

  What's Changed

  Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

  Other changes

  • chore: add support for OSSF scorecard reporting by @ inigomarquinez in #522
  • ci: fix errors in ci github action for node 8 and 9 by @ inigomarquinez in #523
  • fix: pin to node@22.4.1 by @ wesleytodd in #527
  • deps: qs@6.12.3 by @ melikhov-dev in #521
  • Add OSSF Scorecard badge by @ bjohansebas in #531
  • Linter by @ UlisesGascon in #534
  • Release: 1.20.3 by @ UlisesGascon in #535

  New Contributors

  • @ inigomarquinez made their first contribution in #522
  • @ melikhov-dev made their first contribution in #521
  • @ bjohansebas made their first contribution in #531
  • @ UlisesGascon made their first contribution in #534

  Full Changelog: 1.20.2...1.20.3

• 1.20.2 - 2023-02-22
  
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2
• 1.20.1 - 2022-10-06

from body-parser GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Summary of Changes

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a routine but important update of the body-parser Node.js module from version 1.20.1 to 1.20.4. This upgrade, automatically generated by Snyk, ensures the project benefits from the latest bug fixes, performance improvements, and dependency updates, including a notable change to the default parsing depth for URL-encoded data.

Highlights

• Dependency Upgrade: The body-parser library has been upgraded from version 1.20.1 to 1.20.4 to incorporate the latest fixes and improvements.
• Parsing Depth Limit Change: An important change in body-parser 1.20.3 introduces a default depth limit of 32 for URL-encoded data parsing, which was previously Infinity. This could affect how deeply nested objects are parsed.
• Internal Dependency Updates and CI Improvements: The upgrade includes various internal dependency updates (e.g., qs, content-type, raw-body), CI enhancements (Node.js v23 support, CodeQL SAST), and general maintenance fixes across versions 1.20.2, 1.20.3, and 1.20.4.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request, automatically generated by Snyk, upgrades the body-parser dependency to version 1.20.4. This is a beneficial update for keeping dependencies current. My review highlights a significant change in an intermediate version (1.20.3) concerning the default parsing depth. While it doesn't appear to impact your current implementation, it's an important detail to be aware of for future development.

[gemini-code-assist]

This upgrade to body-parser@1.20.4 includes a potentially breaking change introduced in version 1.20.3. The default depth for parsing URL-encoded bodies has been changed from Infinity to 32.

While your current usage in app.js seems unaffected as it only handles flat objects, it's important to be aware of this change. If you plan to handle deeply nested objects (more than 32 levels) in the future, you will need to explicitly configure the depth option in bodyParser.urlencoded().

For example, to restore the previous behavior of unlimited depth, you would configure it like this:

app.use(bodyParser.urlencoded({ extended: true, depth: Infinity }));