apollo-server icon indicating copy to clipboard operation
apollo-server copied to clipboard
verified publisher icon apollographql

Upgrade `body-parser` dep. to address `CVE-2025-13466`

Open ccjmne opened this issue 1 month ago • 3 comments

Resolves #8164

Ref: https://nvd.nist.gov/vuln/detail/CVE-2025-13466 Ref: GHSA-wqch-xfxh-vrr4 Ref: https://github.com/expressjs/body-parser/releases/tag/v2.2.1

ccjmne avatar Nov 25 '25 15:11 ccjmne

@ccjmne: Thank you for submitting a pull request! Before we can merge it, you'll need to sign the Apollo Contributor License Agreement here: https://contribute.apollographql.com/

apollo-cla avatar Nov 25 '25 15:11 apollo-cla

The CI fails for rates limit exceeded:

Error: 
   0: Failed to install tool: ubi:codecov/[email protected]

      ubi:codecov/[email protected]: 
         0: HTTP status client error (403 rate limit exceeded) for url (https://api.github.com/repos/codecov/codecov-cli/releases)

I double-checked the upstream body-parser, there should be no breaking changes in the version upgrade.

ccjmne avatar Nov 25 '25 15:11 ccjmne

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

codesandbox-ci[bot] avatar Nov 25 '25 15:11 codesandbox-ci[bot]