Update dependency body-parser to v1.20.3 by dev-mend-for-github-com[bot] · Pull Request #38 · MuhammadAEws/VulnerableJs

dev-mend-for-github-com · 2026-02-11T08:24:51Z

This PR contains the following updates:

Package	Type	Update	Change
body-parser	dependencies	minor	`1.18.3` → `1.20.3`

By merging this PR, the issue #8 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
High	7.5	CVE-2024-45590

Release Notes

expressjs/body-parser (body-parser)

`v1.20.3`

Compare Source

===================

deps: qs@6.13.0
add depth option to customize the depth level in the parser
IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

`v1.20.2`

Compare Source

===================

Fix strict json error message on Node.js 19+
deps: content-type@~1.0.5
- perf: skip value escaping when unnecessary
deps: raw-body@2.5.2

`v1.20.1`

Compare Source

===================

deps: qs@6.11.0
perf: remove unnecessary object clone

`v1.20.0`

Compare Source

===================

Fix error message for json parse whitespace in strict
Fix internal error when inflated body exceeds limit
Prevent loss of async hooks context
Prevent hanging when request already read
deps: depd@2.0.0
- Replace internal eval usage with Function constructor
- Use instance methods on process to check for listeners
deps: http-errors@2.0.0
- deps: depd@2.0.0
- deps: statuses@2.0.1
deps: on-finished@2.4.1
deps: qs@6.10.3
deps: raw-body@2.5.1
- deps: http-errors@2.0.0

`v1.19.2`

Compare Source

===================

deps: bytes@3.1.2
deps: qs@6.9.7
- Fix handling of __proto__ keys
deps: raw-body@2.4.3
- deps: bytes@3.1.2

`v1.19.1`

Compare Source

===================

deps: bytes@3.1.1
deps: http-errors@1.8.1
- deps: inherits@2.0.4
- deps: toidentifier@1.0.1
- deps: setprototypeof@1.2.0
deps: qs@6.9.6
deps: raw-body@2.4.2
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
deps: safe-buffer@5.2.1
deps: type-is@~1.6.18

`v1.19.0`

Compare Source

===================

deps: bytes@3.1.0
- Add petabyte (pb) support
deps: http-errors@1.7.2
- Set constructor name when possible
- deps: setprototypeof@1.1.1
- deps: statuses@'>= 1.5.0 < 2'
deps: iconv-lite@0.4.24
- Added encoding MIK
deps: qs@6.7.0
- Fix parsing array brackets after index
deps: raw-body@2.4.0
- deps: bytes@3.1.0
- deps: http-errors@1.7.2
- deps: iconv-lite@0.4.24
deps: type-is@~1.6.17
- deps: mime-types@~2.1.24
- perf: prevent internal throw on invalid type

If you want to rebase/retry this PR, check this box

dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Feb 11, 2026

dev-mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch 3 times, most recently from 7690998 to 297d0b8 Compare February 15, 2026 09:04

Update dependency body-parser to v1.20.3

760238d

dev-mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from 297d0b8 to 760238d Compare February 15, 2026 09:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency body-parser to v1.20.3#38

Update dependency body-parser to v1.20.3#38
dev-mend-for-github-com[bot] wants to merge 1 commit intomainfrom
whitesource-remediate/body-parser-1.x-lockfile

dev-mend-for-github-com bot commented Feb 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dev-mend-for-github-com bot commented Feb 11, 2026

Release Notes

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.2

v1.19.1

v1.19.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`v1.20.3`

`v1.20.2`

`v1.20.1`

`v1.20.0`

`v1.19.2`

`v1.19.1`

`v1.19.0`