Skip to content

chore(deps): update dependency body-parser to v1.20.3 [security]#350

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-body-parser-vulnerability
Open

chore(deps): update dependency body-parser to v1.20.3 [security]#350
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/npm-body-parser-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Sep 21, 2024

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
body-parser 1.20.21.20.3 age confidence

body-parser vulnerable to denial of service when url encoding is enabled

CVE-2024-45590 / GHSA-qwcr-r2fm-qrc7

More information

Details

Impact

body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.

Patches

this issue is patched in 1.20.3

References

Severity

  • CVSS Score: 8.7 / 10 (High)
  • Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

expressjs/body-parser (body-parser)

v1.20.3

Compare Source

===================

  • deps: qs@​6.13.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 5e4b6cc to 771a745 Compare January 24, 2025 03:51
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 771a745 to 6d50c17 Compare February 9, 2025 12:23
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 6d50c17 to 45be4c6 Compare March 3, 2025 17:57
@renovate renovate Bot changed the title fix(deps): update dependency body-parser to v1.20.3 [security] chore(deps): update dependency body-parser to v1.20.3 [security] Sep 26, 2025
@renovate renovate Bot changed the title chore(deps): update dependency body-parser to v1.20.3 [security] fix(deps): update dependency body-parser to v2 [security] Nov 25, 2025
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 45be4c6 to 593f7ac Compare November 25, 2025 17:57
@renovate renovate Bot changed the title fix(deps): update dependency body-parser to v2 [security] chore(deps): update dependency body-parser to v1.20.3 [security] Nov 25, 2025
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 593f7ac to e8ca115 Compare November 25, 2025 21:04
@traycerai traycerai Bot mentioned this pull request Dec 20, 2025
31 tasks
@renovate renovate Bot changed the title chore(deps): update dependency body-parser to v1.20.3 [security] chore(deps): update dependency body-parser to v1.20.3 [security] - autoclosed Feb 18, 2026
@renovate renovate Bot closed this Feb 18, 2026
@renovate renovate Bot deleted the renovate/npm-body-parser-vulnerability branch February 18, 2026 15:04
@renovate renovate Bot changed the title chore(deps): update dependency body-parser to v1.20.3 [security] - autoclosed chore(deps): update dependency body-parser to v1.20.3 [security] Feb 18, 2026
@renovate renovate Bot reopened this Feb 18, 2026
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 2 times, most recently from e8ca115 to 2b5014b Compare February 18, 2026 19:34
@renovate renovate Bot changed the title chore(deps): update dependency body-parser to v1.20.3 [security] chore(deps): update dependency body-parser to v1.20.3 [security] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot changed the title chore(deps): update dependency body-parser to v1.20.3 [security] - autoclosed chore(deps): update dependency body-parser to v1.20.3 [security] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 2 times, most recently from 2b5014b to 7940a60 Compare March 30, 2026 21:51
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 7940a60 to f61e916 Compare April 8, 2026 19:01
@renovate renovate Bot changed the title chore(deps): update dependency body-parser to v1.20.3 [security] chore(deps): update dependency body-parser to v1.20.3 [security] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title chore(deps): update dependency body-parser to v1.20.3 [security] - autoclosed chore(deps): update dependency body-parser to v1.20.3 [security] Apr 28, 2026
@renovate renovate Bot reopened this Apr 28, 2026
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch 2 times, most recently from f61e916 to 5ace02f Compare April 28, 2026 04:39
@renovate renovate Bot force-pushed the renovate/npm-body-parser-vulnerability branch from 5ace02f to 16c407b Compare May 30, 2026 23:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants