Skip to content

Update dependency body-parser to v1.20.4#13

Open
mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/body-parser-1.x-lockfile
Open

Update dependency body-parser to v1.20.4#13
mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/body-parser-1.x-lockfile

Conversation

@mend-for-github-com
Copy link

@mend-for-github-com mend-for-github-com bot commented Sep 17, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
body-parser dependencies minor 1.19.01.20.4

By merging this PR, the issue #7 will be automatically resolved and closed:

Severity CVSS Score Vulnerability
High High 7.5 CVE-2022-24999
High High 7.5 CVE-2024-45590
High High 7.5 CVE-2025-15284

Release Notes

expressjs/body-parser (body-parser)

v1.20.4

Compare Source

===================

  • deps: qs@~6.14.0
  • deps: use tilde notation for dependencies
  • deps: http-errors@~2.0.1
  • deps: raw-body@~2.5.3

v1.20.3

Compare Source

===================

  • deps: qs@​6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

v1.20.2

Compare Source

===================

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: raw-body@​2.5.2

v1.20.1

Compare Source

===================

  • deps: qs@​6.11.0
  • perf: remove unnecessary object clone

v1.20.0

Compare Source

===================

  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: depd@​2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
  • deps: http-errors@​2.0.0
    • deps: depd@​2.0.0
    • deps: statuses@​2.0.1
  • deps: on-finished@​2.4.1
  • deps: qs@​6.10.3
  • deps: raw-body@​2.5.1
    • deps: http-errors@​2.0.0

v1.19.2

Compare Source

===================

  • deps: bytes@​3.1.2
  • deps: qs@​6.9.7
    • Fix handling of __proto__ keys
  • deps: raw-body@​2.4.3
    • deps: bytes@​3.1.2

v1.19.1

Compare Source

===================

  • deps: bytes@​3.1.1
  • deps: http-errors@​1.8.1
    • deps: inherits@​2.0.4
    • deps: toidentifier@​1.0.1
    • deps: setprototypeof@​1.2.0
  • deps: qs@​6.9.6
  • deps: raw-body@​2.4.2
    • deps: bytes@​3.1.1
    • deps: http-errors@​1.8.1
  • deps: safe-buffer@​5.2.1
  • deps: type-is@~1.6.18
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Sep 17, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from c174254 to 0f4e4e4 Compare November 9, 2024 07:16
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 5 times, most recently from 03b6a98 to 26aa93d Compare December 6, 2024 20:31
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 3 times, most recently from 1d36a12 to 7d3701c Compare December 16, 2024 07:33
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from 1cd7f5c to 449da8c Compare December 20, 2024 05:45
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 449da8c to 70f2098 Compare January 2, 2025 22:34
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from b6e26d7 to 0fd2e45 Compare January 15, 2025 06:05
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from 704906f to f645485 Compare February 13, 2025 07:53
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from f645485 to 4e3d93d Compare February 23, 2025 08:13
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 4e3d93d to 1b06eec Compare March 4, 2025 07:31
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from 4796964 to a2ace16 Compare October 1, 2025 09:47
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.20.3 Update dependency body-parser to v1.20.3 - autoclosed Nov 26, 2025
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/body-parser-1.x-lockfile branch November 26, 2025 01:34
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.20.3 - autoclosed Update dependency body-parser to v1.20.3 Dec 1, 2025
@mend-for-github-com mend-for-github-com bot reopened this Dec 1, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 2 times, most recently from a2ace16 to d39849d Compare December 1, 2025 08:08
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from d39849d to 76bd710 Compare January 30, 2026 07:47
@mend-for-github-com mend-for-github-com bot changed the title Update dependency body-parser to v1.20.3 Update dependency body-parser to v1.20.4 Jan 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants