[Snyk] Upgrade body-parser from 1.19.0 to 1.20.3 #275
Conversation
Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.20.3. See this package in npm: body-parser See this project in Snyk: https://app.snyk.io/org/supportigedevteam.onmicrosoft.com/project/03e82df9-3c6a-4f34-adad-57840790f49d?utm_source=github&utm_medium=referral&page=upgrade-pr
Reviewer's Guide by SourceryThis pull request upgrades the Sequence diagram showing URL-encoded data parsing depth limitsequenceDiagram
participant C as Client
participant BP as body-parser
participant S as Server
Note over BP: v1.19.0: depth=Infinity
Note over BP: v1.20.3: depth=32
C->>BP: Send deeply nested URL-encoded data
alt depth <= 32
BP->>S: Parse and forward complete data
else depth > 32
BP-->>C: Reject data exceeding depth limit
end
Class diagram showing body-parser configuration changesclassDiagram
class BodyParserConfig {
+Number depth
+Boolean strict
+Number limit
+String type
}
class OldConfig {
+depth: Infinity
}
class NewConfig {
+depth: 32
}
OldConfig --|> BodyParserConfig
NewConfig --|> BodyParserConfig
note for OldConfig "v1.19.0 configuration"
note for NewConfig "v1.20.3 configuration"
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is a critical CVE?Contains a Critical Common Vulnerability and Exposure (CVE). Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.20.3.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 6 versions ahead of your current version.
The recommended version was released 4 months ago.
Release notes
Package name: body-parser
-
1.20.3 - 2024-09-09
- deps: [email protected]
- add
- IMPORTANT: The default
- chore: add support for OSSF scorecard reporting by @ inigomarquinez in #522
- ci: fix errors in ci github action for node 8 and 9 by @ inigomarquinez in #523
- fix: pin to [email protected] by @ wesleytodd in #527
- deps: [email protected] by @ melikhov-dev in #521
- Add OSSF Scorecard badge by @ bjohansebas in #531
- Linter by @ UlisesGascon in #534
- Release: 1.20.3 by @ UlisesGascon in #535
- @ inigomarquinez made their first contribution in #522
- @ melikhov-dev made their first contribution in #521
- @ bjohansebas made their first contribution in #531
- @ UlisesGascon made their first contribution in #534
-
1.20.2 - 2023-02-22
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- perf: skip value escaping when unnecessary
- deps: [email protected]
-
1.20.1 - 2022-10-06
- deps: [email protected]
- perf: remove unnecessary object clone
-
1.20.0 - 2022-04-03
- Fix error message for json parse whitespace in
- Fix internal error when inflated body exceeds limit
- Prevent loss of async hooks context
- Prevent hanging when request already read
- deps: [email protected]
- Replace internal
- Use instance methods on
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
-
1.19.2 - 2022-02-16
- deps: [email protected]
- deps: [email protected]
- Fix handling of
- deps: [email protected]
- deps: [email protected]
-
1.19.1 - 2021-12-10
-
1.19.0 - 2019-04-26
from body-parser GitHub release notesWhat's Changed
Important
depthoption to customize the depth level in the parserdepthlevel for parsing URL-encoded data is now32(previously wasInfinity). DocumentationOther changes
New Contributors
Full Changelog: 1.20.2...1.20.3
strictevalusage withFunctionconstructorprocessto check for listeners__proto__keysImportant
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Summary by Sourcery
Build: