opentok-node icon indicating copy to clipboard operation
opentok-node copied to clipboard

Published 20 hours ago verified publisher icon opentok

chore(deps): update dependency body-parser to v1.20.2

Open mend-for-github-com[bot] opened this issue 1 year ago • 1 comments

This PR contains the following updates:

Package Type Update Change
body-parser dependencies minor ~1.12.0 -> ~1.20.2
body-parser dependencies minor ^1.12.4 -> ^1.20.2

This PR resolves the vulnerabilities described in Issue #271

Version 1.12.4
Risk Change Critical High Medium Low
N/A 0 3 2 0
Version 1.20.2
Risk Change Critical High Medium Low
-100% 0 (--) 0 (-3 ) 0 (-2 ) 0 (--)

Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.

Release Notes

expressjs/body-parser (body-parser)

v1.20.2

Compare Source

===================

  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
    • perf: skip value escaping when unnecessary
  • deps: [email protected]

v1.20.1

Compare Source

===================

v1.20.0

Compare Source

===================

v1.19.2

Compare Source

===================

v1.19.1

Compare Source

===================

v1.19.0

Compare Source

===================

v1.18.3

Compare Source

===================

v1.18.2

Compare Source

===================

v1.18.1

Compare Source

===================

v1.18.0

Compare Source

===================

  • Fix JSON strict violation error to match native parse error
  • Include the body property on verify errors
  • Include the type property on all generated errors
  • Use http-errors to set status code on errors
  • deps: [email protected]
  • deps: [email protected]
  • deps: depd@~1.1.1
    • Remove unnecessary Buffer loading
  • deps: http-errors@~1.6.2
  • deps: [email protected]
    • Add support for React Native
    • Add a warning if not loaded as utf-8
    • Fix CESU-8 decoding in Node.js 8
    • Improve speed of ISO-8859-1 encoding
  • deps: [email protected]
  • deps: [email protected]
  • perf: prevent internal throw when missing charset

v1.17.2

Compare Source

===================

v1.17.1

Compare Source

===================

v1.17.0

Compare Source

===================

v1.16.1

Compare Source

===================

  • deps: [email protected]
    • Fix deprecation messages in WebStorm and other editors
    • Undeprecate DEBUG_FD set to 1 or 2

v1.16.0

Compare Source

===================

  • deps: [email protected]
    • Allow colors in workers
    • Deprecated DEBUG_FD environment variable
    • Fix error when running under React Native
    • Use same color for same namespace
    • deps: [email protected]
  • deps: http-errors@~1.5.1
  • deps: [email protected]
    • Added encoding MS-31J
    • Added encoding MS-932
    • Added encoding MS-936
    • Added encoding MS-949
    • Added encoding MS-950
    • Fix GBK/GB18030 handling of Euro character
  • deps: [email protected]
    • Fix array parsing from skipping empty values
  • deps: raw-body@~2.2.0
  • deps: type-is@~1.6.14
    • deps: mime-types@~2.1.13

v1.15.2

Compare Source

===================

  • deps: [email protected]
  • deps: content-type@~1.0.2
    • perf: enable strict mode
  • deps: http-errors@~1.5.0
    • Use setprototypeof module to replace __proto__ setting
    • deps: statuses@'>= 1.3.0 < 2'
    • perf: enable strict mode
  • deps: [email protected]
  • deps: raw-body@~2.1.7
  • deps: type-is@~1.6.13
    • deps: mime-types@~2.1.11

v1.15.1

Compare Source

===================

  • deps: [email protected]
    • Drop partial bytes on all parsed units
    • Fix parsing byte string that looks like hex
  • deps: raw-body@~2.1.6
  • deps: type-is@~1.6.12
    • deps: mime-types@~2.1.10

v1.15.0

Compare Source

===================

  • deps: http-errors@~1.4.0
    • Add HttpError export, for err instanceof createError.HttpError
    • deps: [email protected]
    • deps: statuses@'>= 1.2.1 < 2'
  • deps: [email protected]
  • deps: type-is@~1.6.11
    • deps: mime-types@~2.1.9

v1.14.2

Compare Source

===================

v1.14.1

Compare Source

===================

  • Fix issue where invalid charset results in 400 when verify used
  • deps: [email protected]
    • Fix CESU-8 decoding in Node.js 4.x
  • deps: raw-body@~2.1.4
  • deps: type-is@~1.6.9
    • deps: mime-types@~2.1.7

v1.14.0

Compare Source

===================

  • Fix JSON strict parse error to match syntax errors
  • Provide static require analysis in urlencoded parser
  • deps: depd@~1.1.0
    • Support web browser loading
  • deps: [email protected]
  • deps: raw-body@~2.1.3
    • Fix sync callback when attaching data listener causes sync read
  • deps: type-is@~1.6.8
    • Fix type error when given invalid type to match against
    • deps: mime-types@~2.1.6

v1.13.3

Compare Source

===================

  • deps: type-is@~1.6.6
    • deps: mime-types@~2.1.4

v1.13.2

Compare Source

===================

  • deps: [email protected]
  • deps: [email protected]
    • Fix dropping parameters like hasOwnProperty
    • Fix user-visible incompatibilities from 3.1.0
    • Fix various parsing edge cases
  • deps: raw-body@~2.1.2
  • deps: type-is@~1.6.4
    • deps: mime-types@~2.1.2
    • perf: enable strict mode
    • perf: remove argument reassignment

v1.13.1

Compare Source

===================

  • deps: [email protected]
    • Downgraded from 3.1.0 because of user-visible incompatibilities

v1.13.0

Compare Source

===================

  • Add statusCode property on Errors, in addition to status
  • Change type default to application/json for JSON parser
  • Change type default to application/x-www-form-urlencoded for urlencoded parser
  • Provide static require analysis
  • Use the http-errors module to generate errors
  • deps: [email protected]
    • Slight optimizations
  • deps: [email protected]
    • The encoding UTF-16 without BOM now defaults to UTF-16LE when detection fails
    • Leading BOM is now removed when decoding
  • deps: on-finished@~2.3.0
    • Add defined behavior for HTTP CONNECT requests
    • Add defined behavior for HTTP Upgrade requests
    • deps: [email protected]
  • deps: [email protected]
    • Fix dropping parameters like hasOwnProperty
    • Fix various parsing edge cases
    • Parsed object now has null prototype
  • deps: raw-body@~2.1.1
  • deps: type-is@~1.6.3
    • deps: mime-types@~2.1.1
    • perf: reduce try block size
    • perf: remove bitwise operations
  • perf: enable strict mode
  • perf: remove argument reassignment
  • perf: remove delete call

v1.12.4

Compare Source

===================

  • deps: debug@~2.2.0
  • deps: [email protected]
    • Fix allowing parameters like constructor
  • deps: on-finished@~2.2.1
  • deps: raw-body@~2.0.1
  • deps: type-is@~1.6.2
    • deps: mime-types@~2.0.11

v1.12.3

Compare Source

===================

v1.12.2

Compare Source

===================

v1.12.1

Compare Source

===================

  • deps: debug@~2.1.3
  • deps: type-is@~1.6.1
    • deps: mime-types@~2.0.10
  • [ ] If you want to rebase/retry this PR, check this box

mend-for-github-com[bot] avatar Feb 20 '24 04:02 mend-for-github-com[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 81.5%. Comparing base (111be34) to head (78345bc). Report is 10 commits behind head on main.

Additional details and impacted files

see 4 files with indirect coverage changes

codecov[bot] avatar Feb 29 '24 17:02 codecov[bot]