Skip to content

Commit

Permalink
feat: upgrade to body-parser@1.20.3 (#5926)
Browse files Browse the repository at this point in the history
PR-URL: #5926
  • Loading branch information
UlisesGascon committed Sep 10, 2024
1 parent 54271f6 commit ec4a01b
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 4 deletions.
5 changes: 4 additions & 1 deletion History.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
unreleased
==========

* deps: body-parser@0.6.0
* add `depth` option to customize the depth level in the parser
* IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
* Remove link renderization in html while using `res.redirect`
* deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
"dependencies": {
"accepts": "~1.3.8",
"array-flatten": "1.1.1",
"body-parser": "1.20.2",
"body-parser": "1.20.3",
"content-disposition": "0.5.4",
"content-type": "~1.0.4",
"cookie": "0.6.0",
Expand Down
4 changes: 2 additions & 2 deletions test/express.urlencoded.js
Original file line number Diff line number Diff line change
Expand Up @@ -212,7 +212,7 @@ describe('express.urlencoded()', function () {
it('should parse deep object', function (done) {
var str = 'foo'

for (var i = 0; i < 500; i++) {
for (var i = 0; i < 32; i++) {
str += '[p]'
}

Expand All @@ -230,7 +230,7 @@ describe('express.urlencoded()', function () {
var depth = 0
var ref = obj.foo
while ((ref = ref.p)) { depth++ }
assert.strictEqual(depth, 500)
assert.strictEqual(depth, 32)
})
.expect(200, done)
})
Expand Down

4 comments on commit ec4a01b

@NewEraCracker
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@UlisesGascon Please sync "qs": "6.11.0", to the actual version "body-parser": "1.20.3", is using which is "qs": "6.13.0",

@wesleytodd
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@NewEraCracker can you open an issue for this? A PR would be best, but with an issue we can make sure it gets done asap.

@NewEraCracker
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See also:
4c9ddc1#commitcomment-146501448

I am hardcoding the packages on my package.json resolutions & overrides while this is not solved.

    "qs": "6.13.0",
    "send": "0.19.0",

@wesleytodd
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please move these into issues. Thanks!

Please # to comment.