[Snyk] Upgrade body-parser from 1.9.0 to 1.19.0 #1

snyk-bot · 2021-09-09T21:49:14Z

Snyk has created this PR to upgrade body-parser from 1.9.0 to 1.19.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 32 versions ahead of your current version.
The recommended version was released 2 years ago, on 2019-04-26.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary Code Execution SNYK-JS-ISMYJSONVALID-597167	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMYJSONVALID-597165	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) npm:brace-expansion:20170302	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-JSONPOINTER-598804	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-469063	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-174183	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-173692	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-567742	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-HANDLEBARS-534988	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Timing Attack SNYK-JS-ELLIPTIC-511941	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: body-parser

1.19.0 - 2019-04-26
- deps: [email protected]
  - Add petabyte (pb) support
- deps: [email protected]
  - Set constructor name when possible
  - deps: [email protected]
  - deps: statuses@'>= 1.5.0 < 2'
- deps: [email protected]
  - Added encoding MIK
- deps: [email protected]
  - Fix parsing array brackets after index
- deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
- deps: type-is@~1.6.17
  - deps: mime-types@~2.1.24
  - perf: prevent internal throw on invalid type
1.18.3 - 2018-05-14
- Fix stack trace for strict json parse error
- deps: depd@~1.1.2
  - perf: remove argument reassignment
- deps: http-errors@~1.6.3
  - deps: depd@~1.1.2
  - deps: [email protected]
  - deps: statuses@'>= 1.3.1 < 2'
- deps: [email protected]
  - Fix loading encoding with year appended
  - Fix deprecation warnings on Node.js 10+
- deps: [email protected]
- deps: [email protected]
  - deps: [email protected]
  - deps: [email protected]
- deps: type-is@~1.6.16
  - deps: mime-types@~2.1.18
1.18.2 - 2017-09-22
- deps: [email protected]
- perf: remove argument reassignment
1.18.1 - 2017-09-12
- deps: content-type@~1.0.4
  - perf: remove argument reassignment
  - perf: skip parameter parsing when no parameters
- deps: [email protected]
  - Fix ISO-8859-1 regression
  - Update Windows-1255
- deps: [email protected]
  - Fix parsing & compacting very deep objects
- deps: [email protected]
  - deps: [email protected]
1.18.0 - 2017-09-09
- Fix JSON strict violation error to match native parse error
- Include the body property on verify errors
- Include the type property on all generated errors
- Use http-errors to set status code on errors
- deps: [email protected]
- deps: [email protected]
- deps: depd@~1.1.1
  - Remove unnecessary Buffer loading
- deps: http-errors@~1.6.2
  - deps: [email protected]
- deps: [email protected]
  - Add support for React Native
  - Add a warning if not loaded as utf-8
  - Fix CESU-8 decoding in Node.js 8
  - Improve speed of ISO-8859-1 encoding
- deps: [email protected]
- deps: [email protected]
  - Use http-errors for standard emitted errors
  - deps: [email protected]
  - deps: [email protected]
  - perf: skip buffer decoding on overage chunk
- perf: prevent internal throw when missing charset
1.17.2 - 2017-05-18
- deps: [email protected]
  - Fix DEBUG_MAX_ARRAY_LENGTH
  - deps: [email protected]
- deps: type-is@~1.6.15
  - deps: mime-types@~2.1.15
1.17.1 - 2017-03-06
- deps: [email protected]
  - Fix regression parsing keys starting with [
1.17.0 - 2017-03-01
- deps: http-errors@~1.6.1
  - Make message property enumerable for HttpErrors
  - deps: [email protected]
- deps: [email protected]
  - Fix compacting nested arrays
1.16.1 - 2017-02-11
- deps: [email protected]
  - Fix deprecation messages in WebStorm and other editors
  - Undeprecate DEBUG_FD set to 1 or 2
1.16.0 - 2017-01-18
- deps: [email protected]
  - Allow colors in workers
  - Deprecated DEBUG_FD environment variable
  - Fix error when running under React Native
  - Use same color for same namespace
  - deps: [email protected]
- deps: http-errors@~1.5.1
  - deps: [email protected]
  - deps: [email protected]
  - deps: statuses@'>= 1.3.1 < 2'
- deps: [email protected]
  - Added encoding MS-31J
  - Added encoding MS-932
  - Added encoding MS-936
  - Added encoding MS-949
  - Added encoding MS-950
  - Fix GBK/GB18030 handling of Euro character
- deps: [email protected]
  - Fix array parsing from skipping empty values
- deps: raw-body@~2.2.0
  - deps: [email protected]
- deps: type-is@~1.6.14
  - deps: mime-types@~2.1.13
1.15.2 - 2016-06-20
1.15.1 - 2016-05-06
1.15.0 - 2016-02-11
1.14.2 - 2015-12-16
1.14.1 - 2015-09-28
1.14.0 - 2015-09-16
1.13.3 - 2015-07-31
1.13.2 - 2015-07-06
1.13.1 - 2015-06-16
1.13.0 - 2015-06-15
1.12.4 - 2015-05-11
1.12.3 - 2015-04-16
1.12.2 - 2015-03-17
1.12.1 - 2015-03-16
1.12.0 - 2015-02-14
1.11.0 - 2015-01-31
1.10.2 - 2015-01-21
1.10.1 - 2015-01-02
1.10.0 - 2014-12-03
1.9.3 - 2014-11-22
1.9.2 - 2014-10-28
1.9.1 - 2014-10-23
1.9.0 - 2014-09-24

from body-parser GitHub release notes

Commit messages

Package name: body-parser

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade body-parser from 1.9.0 to 1.19.0. See this package in npm: https://www.npmjs.com/package/body-parser See this project in Snyk: https://app.snyk.io/org/kleddy17/project/155f1c5f-37b9-4d78-945e-e2c5b3a41014?utm_source=github&utm_medium=upgrade-pr

This was referenced Oct 5, 2022

[Snyk] Fix for 60 vulnerabilities #18

Open

[Snyk] Fix for 60 vulnerabilities #19

Open

kleddy17 mentioned this pull request Dec 19, 2023

[Snyk] Fix for 27 vulnerabilities #25

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade body-parser from 1.9.0 to 1.19.0 #1

[Snyk] Upgrade body-parser from 1.9.0 to 1.19.0 #1

Uh oh!

snyk-bot commented Sep 9, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[Snyk] Upgrade body-parser from 1.9.0 to 1.19.0 #1

Are you sure you want to change the base?

[Snyk] Upgrade body-parser from 1.9.0 to 1.19.0 #1

Uh oh!

Conversation

snyk-bot commented Sep 9, 2021

Snyk has created this PR to upgrade body-parser from 1.9.0 to 1.19.0.

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants