[Snyk] Upgrade body-parser from 1.20.1 to 1.20.4

[nejidevelops]

Snyk has created this PR to upgrade body-parser from 1.20.1 to 1.20.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.

• The recommended version was released 2 months ago.

Release notes

Package name: body-parser

• 1.20.4 - 2025-12-01
  

  What's Changed

  • Remove redundant depth check by @ blakeembrey in #538
  • ci: add support for Node.js v23 by @ Phillip9587 in #553
  • ci: restore CI for 1.x branch by @ bjohansebas in #665
  • deps: qs@^6.14.0 by @ bjohansebas in #664
  • deps: use tilde notation and update certain dependencies by @ Phillip9587 in #668
  • chore: remove SECURITY.md by @ Phillip9587 in #669
  • ci: add CodeQL (SAST) by @ Phillip9587 in #670
  • Release: 1.20.4 by @ UlisesGascon in #672

  Full Changelog: 1.20.3...1.20.4

• 1.20.3 - 2024-09-09
  

  What's Changed

  Important

  • deps: qs@6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

  Other changes

  • chore: add support for OSSF scorecard reporting by @ inigomarquinez in #522
  • ci: fix errors in ci github action for node 8 and 9 by @ inigomarquinez in #523
  • fix: pin to node@22.4.1 by @ wesleytodd in #527
  • deps: qs@6.12.3 by @ melikhov-dev in #521
  • Add OSSF Scorecard badge by @ bjohansebas in #531
  • Linter by @ UlisesGascon in #534
  • Release: 1.20.3 by @ UlisesGascon in #535

  New Contributors

  • @ inigomarquinez made their first contribution in #522
  • @ melikhov-dev made their first contribution in #521
  • @ bjohansebas made their first contribution in #531
  • @ UlisesGascon made their first contribution in #534

  Full Changelog: 1.20.2...1.20.3

• 1.20.2 - 2023-02-22
  
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@2.5.2
• 1.20.1 - 2022-10-06

from body-parser GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Summary of Changes

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, updates the body-parser dependency to its latest stable version, 1.20.4. This ensures the project benefits from the most recent bug fixes, performance improvements, and security patches within the body-parser library and its underlying transitive dependencies. The update also brings in important changes like a default depth limit for URL-encoded data parsing, enhancing the application's resilience against certain types of attacks.

Highlights

• Dependency Upgrade: The body-parser package has been upgraded from version 1.20.1 to 1.20.4 to ensure dependencies are up-to-date and to incorporate the latest fixes and features.
• Transitive Dependency Updates: This upgrade includes a cascade of updates to body-parser's internal dependencies, such as http-errors, qs, content-type, raw-body, and several utility packages like function-bind, get-intrinsic, and side-channel families, reflecting a more robust and modern dependency tree.
• Important Change in body-parser@1.20.3: A notable change in an intermediate version (1.20.3) was the introduction of a depth option for URL-encoded data parsing, with the default depth level changing from Infinity to 32. This is a security-related change to prevent potential denial-of-service attacks from deeply nested objects.
• CI/CD and Maintenance Improvements: Recent body-parser versions also include continuous integration enhancements, such as support for Node.js v23, restoration of CI for the 1.x branch, and the addition of CodeQL for static application security testing.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• Daily-Journal/package-lock.json
  • Updated body-parser from 1.20.1 to 1.20.4.
  • Updated body-parser's direct dependency content-type from ~1.0.4 to ~1.0.5.
  • Updated body-parser's direct dependency http-errors from 2.0.0 to ~2.0.1.
  • Updated body-parser's direct dependency qs from 6.11.0 to ~6.14.0.
  • Updated body-parser's direct dependency raw-body from 2.5.1 to ~2.5.3.
  • Added new transitive dependencies like call-bind-apply-helpers, call-bound, dunder-proto, es-define-property, es-errors, es-object-atoms, get-proto, gopd, hasown, math-intrinsics, side-channel-list, side-channel-map, and side-channel-weakmap.
• Daily-Journal/package.json
  • Updated the body-parser dependency from ^1.18.3 to ^1.20.4.

Activity

• This pull request was automatically created by Snyk to upgrade the body-parser dependency.
• Snyk identified that the current body-parser version (1.20.1) is 3 versions behind the recommended 1.20.4.
• The recommended version was released 2 months ago, indicating a timely update for maintenance and security.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request from Snyk upgrades the body-parser dependency from a version compatible with ^1.18.3 (resolved to 1.20.1) to ^1.20.4. This is a good update for security and maintenance. My review includes one comment on package.json to highlight a potentially breaking change introduced in body-parser@1.20.3 regarding the default parsing depth for URL-encoded data. While it's unlikely to affect the current application, it's an important consideration for future development.

[gemini-code-assist]

While upgrading body-parser is a good move, please be aware that version 1.20.3 (included in this upgrade) introduced a potentially breaking change. The default depth for parsing URL-encoded data has been changed from Infinity to 32 as a security measure against potential denial-of-service attacks. Based on the application code in app.js, your current implementation seems to handle simple, flat objects and should not be affected. However, it's important to keep this new default in mind for any future features that might involve more deeply nested form data. If you ever need to support deeper objects, you can explicitly configure this with the depth option in bodyParser.urlencoded().