Skip to content

Comments

Update dependency body-parser to v1.20.4#21

Open
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/body-parser-1.x-lockfile
Open

Update dependency body-parser to v1.20.4#21
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/body-parser-1.x-lockfile

Conversation

@mend-for-github-com
Copy link
Contributor

@mend-for-github-com mend-for-github-com bot commented Nov 14, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
body-parser 1.18.31.20.4 age adoption passing confidence

By merging this PR, the issue #20 will be automatically resolved and closed:

Severity CVSS Score Vulnerability Reachability
High High 7.5 CVE-2022-24999

Reachable
High High 7.5 CVE-2024-45590
Low Low 3.7 CVE-2025-15284
Low Low 3.7 CVE-2026-2391

Release Notes

expressjs/body-parser (body-parser)

v1.20.4

Compare Source

===================

  • deps: qs@~6.14.0
  • deps: use tilde notation for dependencies
  • deps: http-errors@~2.0.1
  • deps: raw-body@~2.5.3

v1.20.3

Compare Source

===================

  • deps: qs@​6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

v1.20.2

Compare Source

===================

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@​2.5.2

v1.20.1

Compare Source

===================

  • deps: qs@​6.11.0
  • perf: remove unnecessary object clone

v1.20.0

Compare Source

===================

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@​2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@​2.0.0
    • deps: depd@​2.0.0
    • deps: statuses@​2.0.1
  • deps: on-finished@​2.4.1
  • deps: qs@​6.10.3
  • deps: raw-body@​2.5.1
    • deps: http-errors@​2.0.0

v1.19.2

Compare Source

===================

  • deps: bytes@​3.1.2
  • deps: qs@​6.9.7
    • Fix handling of __proto__ keys
  • deps: raw-body@​2.4.3
    • deps: bytes@​3.1.2

v1.19.1

Compare Source

===================

  • deps: bytes@​3.1.1
  • deps: http-errors@​1.8.1
    • deps: inherits@​2.0.4
    • deps: toidentifier@​1.0.1
    • deps: setprototypeof@​1.2.0
  • deps: qs@​6.9.6
  • deps: raw-body@​2.4.2
    • deps: bytes@​3.1.1
    • deps: http-errors@​1.8.1
  • deps: safe-buffer@​5.2.1
  • deps: type-is@~1.6.18

v1.19.0

Compare Source

===================

  • deps: bytes@​3.1.0
    • Add petabyte (pb) support
  • deps: http-errors@​1.7.2
    • Set constructor name when possible
    • deps: setprototypeof@​1.1.1
    • deps: statuses@'>= 1.5.0 < 2'
  • deps: iconv-lite@​0.4.24
    • Added encoding MIK
  • deps: qs@​6.7.0
    • Fix parsing array brackets after index
  • deps: raw-body@​2.4.0
    • deps: bytes@​3.1.0
    • deps: http-errors@​1.7.2
    • deps: iconv-lite@​0.4.24
  • deps: type-is@~1.6.17
    • deps: mime-types@~2.1.24
    • perf: prevent internal throw on invalid type
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 14, 2023
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.19.0 Update dependency body-parser to v1.20.2 Nov 22, 2023
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from a00e56b to 9b8045f Compare November 22, 2023 00:02
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 9b8045f to b9caccc Compare November 29, 2023 08:36
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from b9caccc to c7c7e86 Compare January 2, 2024 06:59
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from c7c7e86 to 4edc5be Compare January 15, 2024 06:09
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 3 times, most recently from 423dd5d to 2f4e869 Compare February 7, 2024 06:52
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 3 times, most recently from fa12ca6 to 3b2dfbe Compare February 14, 2024 05:43
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 3b2dfbe to 9c97532 Compare February 20, 2024 06:35
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from 78b57e7 to 016b9b5 Compare March 5, 2024 02:41
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from c2f755b to 86e5afa Compare March 11, 2024 04:18
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 86e5afa to c9e1171 Compare June 22, 2024 06:23
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from c9e1171 to 02beafc Compare September 10, 2024 09:15
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.20.2 Update dependency body-parser to v1.20.3 Sep 10, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 02beafc to dcf4b82 Compare November 9, 2024 10:01
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 6 times, most recently from 4747b5d to 31be327 Compare December 6, 2024 19:34
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 3 times, most recently from 7095bc1 to a959aa0 Compare December 12, 2024 07:45
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 3 times, most recently from 33a3ce3 to c165aab Compare December 19, 2024 06:12
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from c165aab to eb9af77 Compare January 3, 2025 03:56
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from bda851c to 1233b67 Compare January 15, 2025 08:51
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 1233b67 to 7930fa6 Compare February 5, 2025 02:41
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 7930fa6 to d01ebab Compare February 13, 2025 11:05
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from 897d47d to ee8f890 Compare February 23, 2025 11:23
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from ee8f890 to be75768 Compare March 4, 2025 09:35
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.20.3 Update dependency body-parser to v1.20.3 - autoclosed Mar 22, 2025
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/body-parser-1.x-lockfile branch March 22, 2025 01:25
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.20.3 - autoclosed Update dependency body-parser to v1.20.3 Mar 24, 2025
@mend-for-github-com mend-for-github-com bot reopened this Mar 24, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 5954102 to be75768 Compare March 24, 2025 06:41
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from 520e127 to b4c2908 Compare October 1, 2025 13:13
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.20.3 Update dependency body-parser to v1.20.3 - autoclosed Nov 25, 2025
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.20.3 - autoclosed Update dependency body-parser to v1.20.3 Dec 1, 2025
@mend-for-github-com mend-for-github-com bot reopened this Dec 1, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from b4c2908 to ec9bf85 Compare December 1, 2025 11:04
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.20.3 Update dependency body-parser to v1.20.4 Dec 30, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from ec9bf85 to d76cc8f Compare December 30, 2025 13:23
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from d76cc8f to 8d1249a Compare February 12, 2026 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants