Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade body-parser from 1.18.2 to 1.20.3 #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade body-parser from 1.18.2 to 1.20.3 #3

wants to merge 1 commit into from

Conversation

devarmenchik1408
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade body-parser from 1.18.2 to 1.20.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 8 versions ahead of your current version.

  • The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
npm:extend:20180424		 646 No Known Exploit
high severity Prototype Pollution
SNYK-JS-AJV-584908		 646 No Known Exploit
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 646 No Known Exploit
high severity Prototype Pollution
SNYK-JS-LODASH-450202		 646 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-567746		 646 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HAWK-2808852		 646 No Known Exploit
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922		 646 No Known Exploit
high severity Code Injection
SNYK-JS-LODASH-1040724		 646 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-608086		 646 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-6139239		 646 Proof of Concept
high severity Prototype Pollution
SNYK-JS-LODASH-73638		 646 Proof of Concept
high severity Prototype Poisoning
SNYK-JS-QS-3153490		 646 Proof of Concept
medium severity Uninitialized Memory Exposure
npm:stringstream:20180511		 646 Mature
medium severity Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 646 No Known Exploit
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 646 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 646 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905		 646 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639		 646 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHTOREGEXP-7925106		 646 Proof of Concept
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		 646 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 646 No Known Exploit
critical severity Authentication Bypass
SNYK-JS-HAWK-6969142		 646 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764		 646 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795		 646 Proof of Concept
Release notes
Package name: body-parser
  • 1.20.3 - 2024-09-09

    What's Changed

    Important

    • deps: qs@6.13.0
    • add depth option to customize the depth level in the parser
    • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

    Other changes

    New Contributors

    Full Changelog: 1.20.2...1.20.3

  • 1.20.2 - 2023-02-22
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
      • perf: skip value escaping when unnecessary
    • deps: raw-body@2.5.2
  • 1.20.1 - 2022-10-06
    • deps: qs@6.11.0
    • perf: remove unnecessary object clone
  • 1.20.0 - 2022-04-03
    • Fix error message for json parse whitespace in strict
    • Fix internal error when inflated body exceeds limit
    • Prevent loss of async hooks context
    • Prevent hanging when request already read
    • deps: depd@2.0.0
      • Replace internal eval usage with Function constructor
      • Use instance methods on process to check for listeners
    • deps: http-errors@2.0.0
      • deps: depd@2.0.0
      • deps: statuses@2.0.1
    • deps: on-finished@2.4.1
    • deps: qs@6.10.3
    • deps: raw-body@2.5.1
      • deps: http-errors@2.0.0
  • 1.19.2 - 2022-02-16
    • deps: bytes@3.1.2
    • deps: qs@6.9.7
      • Fix handling of __proto__ keys
    • deps: raw-body@2.4.3
      • deps: bytes@3.1.2
  • 1.19.1 - 2021-12-10
  • 1.19.0 - 2019-04-26
  • 1.18.3 - 2018-05-14
  • 1.18.2 - 2017-09-22
from body-parser GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade body-parser from 1.18.2 to 1.20.3
0e8e247 
Snyk has created this PR to upgrade body-parser from 1.18.2 to 1.20.3.

See this package in npm:
body-parser

See this project in Snyk:
https://app.snyk.io/org/devarmenchik1408/project/8a3a9736-bf85-4c8c-91e4-63ef28e9e68b?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@devarmenchik1408 @snyk-bot