chore(deps): update dependency body-parser to v1.20.2 - autoclosed

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
body-parser	dependencies	minor	~1.12.0 -> ~1.20.2
body-parser	dependencies	minor	^1.12.4 -> ^1.20.2

This PR resolves the vulnerabilities described in Issue #271

---

Version 1.12.4

Risk Change	Critical	High	Medium	Low
N/A	0	3	2	0

Version 1.20.2

Risk Change	Critical	High	Medium	Low
-100%	0 (--)	0 (-3 )	0 (-2 )	0 (--)

Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.

This PR resolves the vulnerabilities described in Issue #271

---

Version 1.12.4

Risk Change	Critical	High	Medium	Low
N/A	0	3	2	0

Version 1.20.2

Risk Change	Critical	High	Medium	Low
-100%	0 (--)	0 (-3 )	0 (-2 )	0 (--)

Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.

This PR resolves the vulnerabilities described in Issue #271

---

Version 1.12.4

Risk Change	Critical	High	Medium	Low
N/A	0	3	2	0

Version 1.20.2

Risk Change	Critical	High	Medium	Low
-100%	0 (--)	0 (-3 )	0 (-2 )	0 (--)

Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.

---

Release Notes

expressjs/body-parser (body-parser)

v1.20.2

Compare Source

===================

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@2.5.2

v1.20.1

Compare Source

===================

• deps: qs@6.11.0
• perf: remove unnecessary object clone

v1.20.0

Compare Source

===================

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@2.0.0
  • deps: depd@2.0.0
  • deps: statuses@2.0.1
• deps: on-finished@2.4.1
• deps: qs@6.10.3
• deps: raw-body@2.5.1
  • deps: http-errors@2.0.0

v1.19.2

Compare Source

===================

• deps: bytes@3.1.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@2.4.3
  • deps: bytes@3.1.2

v1.19.1

Compare Source

===================

• deps: bytes@3.1.1
• deps: http-errors@1.8.1
  • deps: inherits@2.0.4
  • deps: toidentifier@1.0.1
  • deps: setprototypeof@1.2.0
• deps: qs@6.9.6
• deps: raw-body@2.4.2
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
• deps: safe-buffer@5.2.1
• deps: type-is@~1.6.18

v1.19.0

Compare Source

===================

• deps: bytes@3.1.0
  • Add petabyte (pb) support
• deps: http-errors@1.7.2
  • Set constructor name when possible
  • deps: setprototypeof@1.1.1
  • deps: statuses@'>= 1.5.0 < 2'
• deps: iconv-lite@0.4.24
  • Added encoding MIK
• deps: qs@6.7.0
  • Fix parsing array brackets after index
• deps: raw-body@2.4.0
  • deps: bytes@3.1.0
  • deps: http-errors@1.7.2
  • deps: iconv-lite@0.4.24
• deps: type-is@~1.6.17
  • deps: mime-types@~2.1.24
  • perf: prevent internal throw on invalid type

v1.18.3

Compare Source

===================

• Fix stack trace for strict json parse error
• deps: depd@~1.1.2
  • perf: remove argument reassignment
• deps: http-errors@~1.6.3
  • deps: depd@~1.1.2
  • deps: setprototypeof@1.1.0
  • deps: statuses@'>= 1.3.1 < 2'
• deps: iconv-lite@0.4.23
  • Fix loading encoding with year appended
  • Fix deprecation warnings on Node.js 10+
• deps: qs@6.5.2
• deps: raw-body@2.3.3
  • deps: http-errors@1.6.3
  • deps: iconv-lite@0.4.23
• deps: type-is@~1.6.16
  • deps: mime-types@~2.1.18

v1.18.2

Compare Source

===================

• deps: debug@2.6.9
• perf: remove argument reassignment

v1.18.1

Compare Source

===================

• deps: content-type@~1.0.4
  • perf: remove argument reassignment
  • perf: skip parameter parsing when no parameters
• deps: iconv-lite@0.4.19
  • Fix ISO-8859-1 regression
  • Update Windows-1255
• deps: qs@6.5.1
  • Fix parsing & compacting very deep objects
• deps: raw-body@2.3.2
  • deps: iconv-lite@0.4.19

v1.18.0

Compare Source

===================

• Fix JSON strict violation error to match native parse error
• Include the body property on verify errors
• Include the type property on all generated errors
• Use http-errors to set status code on errors
• deps: bytes@3.0.0
• deps: debug@2.6.8
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading
• deps: http-errors@~1.6.2
  • deps: depd@1.1.1
• deps: iconv-lite@0.4.18
  • Add support for React Native
  • Add a warning if not loaded as utf-8
  • Fix CESU-8 decoding in Node.js 8
  • Improve speed of ISO-8859-1 encoding
• deps: qs@6.5.0
• deps: raw-body@2.3.1
  • Use http-errors for standard emitted errors
  • deps: bytes@3.0.0
  • deps: iconv-lite@0.4.18
  • perf: skip buffer decoding on overage chunk
• perf: prevent internal throw when missing charset

v1.17.2

Compare Source

===================

• deps: debug@2.6.7
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: ms@2.0.0
• deps: type-is@~1.6.15
  • deps: mime-types@~2.1.15

v1.17.1

Compare Source

===================

• deps: qs@6.4.0
  • Fix regression parsing keys starting with [

v1.17.0

Compare Source

===================

• deps: http-errors@~1.6.1
  • Make message property enumerable for HttpErrors
  • deps: setprototypeof@1.0.3
• deps: qs@6.3.1
  • Fix compacting nested arrays

v1.16.1

Compare Source

===================

• deps: debug@2.6.1
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

v1.16.0

Compare Source

===================

• deps: debug@2.6.0
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable
  • Fix error when running under React Native
  • Use same color for same namespace
  • deps: ms@0.7.2
• deps: http-errors@~1.5.1
  • deps: inherits@2.0.3
  • deps: setprototypeof@1.0.2
  • deps: statuses@'>= 1.3.1 < 2'
• deps: iconv-lite@0.4.15
  • Added encoding MS-31J
  • Added encoding MS-932
  • Added encoding MS-936
  • Added encoding MS-949
  • Added encoding MS-950
  • Fix GBK/GB18030 handling of Euro character
• deps: qs@6.2.1
  • Fix array parsing from skipping empty values
• deps: raw-body@~2.2.0
  • deps: iconv-lite@0.4.15
• deps: type-is@~1.6.14
  • deps: mime-types@~2.1.13

v1.15.2

Compare Source

===================

• deps: bytes@2.4.0
• deps: content-type@~1.0.2
  • perf: enable strict mode
• deps: http-errors@~1.5.0
  • Use setprototypeof module to replace __proto__ setting
  • deps: statuses@'>= 1.3.0 < 2'
  • perf: enable strict mode
• deps: qs@6.2.0
• deps: raw-body@~2.1.7
  • deps: bytes@2.4.0
  • perf: remove double-cleanup on happy path
• deps: type-is@~1.6.13
  • deps: mime-types@~2.1.11

v1.15.1

Compare Source

===================

• deps: bytes@2.3.0
  • Drop partial bytes on all parsed units
  • Fix parsing byte string that looks like hex
• deps: raw-body@~2.1.6
  • deps: bytes@2.3.0
• deps: type-is@~1.6.12
  • deps: mime-types@~2.1.10

v1.15.0

Compare Source

===================

• deps: http-errors@~1.4.0
  • Add HttpError export, for err instanceof createError.HttpError
  • deps: inherits@2.0.1
  • deps: statuses@'>= 1.2.1 < 2'
• deps: qs@6.1.0
• deps: type-is@~1.6.11
  • deps: mime-types@~2.1.9

v1.14.2

Compare Source

===================

• deps: bytes@2.2.0
• deps: iconv-lite@0.4.13
• deps: qs@5.2.0
• deps: raw-body@~2.1.5
  • deps: bytes@2.2.0
  • deps: iconv-lite@0.4.13
• deps: type-is@~1.6.10
  • deps: mime-types@~2.1.8

v1.14.1

Compare Source

===================

• Fix issue where invalid charset results in 400 when verify used
• deps: iconv-lite@0.4.12
  • Fix CESU-8 decoding in Node.js 4.x
• deps: raw-body@~2.1.4
  • Fix masking critical errors from iconv-lite
  • deps: iconv-lite@0.4.12
• deps: type-is@~1.6.9
  • deps: mime-types@~2.1.7

v1.14.0

Compare Source

===================

• Fix JSON strict parse error to match syntax errors
• Provide static require analysis in urlencoded parser
• deps: depd@~1.1.0
  • Support web browser loading
• deps: qs@5.1.0
• deps: raw-body@~2.1.3
  • Fix sync callback when attaching data listener causes sync read
• deps: type-is@~1.6.8
  • Fix type error when given invalid type to match against
  • deps: mime-types@~2.1.6

v1.13.3

Compare Source

===================

• deps: type-is@~1.6.6
  • deps: mime-types@~2.1.4

v1.13.2

Compare Source

===================

• deps: iconv-lite@0.4.11
• deps: qs@4.0.0
  • Fix dropping parameters like hasOwnProperty
  • Fix user-visible incompatibilities from 3.1.0
  • Fix various parsing edge cases
• deps: raw-body@~2.1.2
  • Fix error stack traces to skip makeError
  • deps: iconv-lite@0.4.11
• deps: type-is@~1.6.4
  • deps: mime-types@~2.1.2
  • perf: enable strict mode
  • perf: remove argument reassignment

v1.13.1

Compare Source

===================

• deps: qs@2.4.2
  • Downgraded from 3.1.0 because of user-visible incompatibilities

v1.13.0

Compare Source

===================

• Add statusCode property on Errors, in addition to status
• Change type default to application/json for JSON parser
• Change type default to application/x-www-form-urlencoded for urlencoded parser
• Provide static require analysis
• Use the http-errors module to generate errors
• deps: bytes@2.1.0
  • Slight optimizations
• deps: iconv-lite@0.4.10
  • The encoding UTF-16 without BOM now defaults to UTF-16LE when detection fails
  • Leading BOM is now removed when decoding
• deps: on-finished@~2.3.0
  • Add defined behavior for HTTP CONNECT requests
  • Add defined behavior for HTTP Upgrade requests
  • deps: ee-first@1.1.1
• deps: qs@3.1.0
  • Fix dropping parameters like hasOwnProperty
  • Fix various parsing edge cases
  • Parsed object now has null prototype
• deps: raw-body@~2.1.1
  • Use unpipe module for unpiping requests
  • deps: iconv-lite@0.4.10
• deps: type-is@~1.6.3
  • deps: mime-types@~2.1.1
  • perf: reduce try block size
  • perf: remove bitwise operations
• perf: enable strict mode
• perf: remove argument reassignment
• perf: remove delete call

v1.12.4

Compare Source

===================

• deps: debug@~2.2.0
• deps: qs@2.4.2
  • Fix allowing parameters like constructor
• deps: on-finished@~2.2.1
• deps: raw-body@~2.0.1
  • Fix a false-positive when unpiping in Node.js 0.8
  • deps: bytes@2.0.1
• deps: type-is@~1.6.2
  • deps: mime-types@~2.0.11

v1.12.3

Compare Source

===================

• Slight efficiency improvement when not debugging
• deps: depd@~1.0.1
• deps: iconv-lite@0.4.8
  • Add encoding alias UNICODE-1-1-UTF-7
• deps: raw-body@1.3.4
  • Fix hanging callback if request aborts during read
  • deps: iconv-lite@0.4.8

v1.12.2

Compare Source

===================

• deps: qs@2.4.1
  • Fix error when parameter hasOwnProperty is present

v1.12.1

Compare Source

===================

• deps: debug@~2.1.3
  • Fix high intensity foreground color for bold
  • deps: ms@0.7.0
• deps: type-is@~1.6.1
  • deps: mime-types@~2.0.10

---

• If you want to rebase/retry this PR, check this box

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.5%. Comparing base (111be34) to head (78345bc).
Report is 10 commits behind head on main.

Additional details and impacted files

see 4 files with indirect coverage changes