Update dependency body-parser to v1.20.3 [SECURITY] #6

renovate · 2024-09-19T11:58:51Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
body-parser	`1.20.2` -> `1.20.3`

GitHub Vulnerability Alerts

CVE-2024-45590

Impact

body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.

Patches

this issue is patched in 1.20.3

References

Release Notes

expressjs/body-parser (body-parser)

`v1.20.3`

Compare Source

===================

deps: qs@6.13.0
add depth option to customize the depth level in the parser
IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Update dependency body-parser to v1.20.3 [SECURITY]

bc3f330

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency body-parser to v1.20.3 [SECURITY] #6

Update dependency body-parser to v1.20.3 [SECURITY] #6

renovate bot commented Sep 19, 2024

Update dependency body-parser to v1.20.3 [SECURITY] #6

Are you sure you want to change the base?

Update dependency body-parser to v1.20.3 [SECURITY] #6

Conversation

renovate bot commented Sep 19, 2024

GitHub Vulnerability Alerts

CVE-2024-45590

Impact

Patches

References

Release Notes

v1.20.3

Configuration

`v1.20.3`