Update dependency body-parser to v1.20.4 by dev-mend-for-github-com[bot] · Pull Request #27 · amaybaum-dev/spectrum

dev-mend-for-github-com · 2026-03-01T11:59:21Z

This PR contains the following updates:

Package	Type	Update	Change
body-parser	dependencies	minor	`1.19.0` → `1.20.4`

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
Low	3.7	CVE-2026-2391

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
High	7.5	CVE-2024-45590

Release Notes

expressjs/body-parser (body-parser)

`v1.20.4`

Compare Source

===================

deps: qs@~6.14.0
deps: use tilde notation for dependencies
deps: http-errors@~2.0.1
deps: raw-body@~2.5.3

`v1.20.3`

Compare Source

===================

deps: qs@6.13.0
add depth option to customize the depth level in the parser
IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

`v1.20.2`

Compare Source

===================

Fix strict json error message on Node.js 19+
deps: content-type@~1.0.5
- perf: skip value escaping when unnecessary
deps: raw-body@2.5.2

`v1.20.1`

Compare Source

===================

deps: qs@6.11.0
perf: remove unnecessary object clone

`v1.20.0`

Compare Source

===================

Fix error message for json parse whitespace in strict
Fix internal error when inflated body exceeds limit
Prevent loss of async hooks context
Prevent hanging when request already read
deps: depd@2.0.0
- Replace internal eval usage with Function constructor
- Use instance methods on process to check for listeners
deps: http-errors@2.0.0
- deps: depd@2.0.0
- deps: statuses@2.0.1
deps: on-finished@2.4.1
deps: qs@6.10.3
deps: raw-body@2.5.1
- deps: http-errors@2.0.0

`v1.19.2`

Compare Source

===================

deps: bytes@3.1.2
deps: qs@6.9.7
- Fix handling of __proto__ keys
deps: raw-body@2.4.3
- deps: bytes@3.1.2

`v1.19.1`

Compare Source

===================

deps: bytes@3.1.1
deps: http-errors@1.8.1
- deps: inherits@2.0.4
- deps: toidentifier@1.0.1
- deps: setprototypeof@1.2.0
deps: qs@6.9.6
deps: raw-body@2.4.2
- deps: bytes@3.1.1
- deps: http-errors@1.8.1
deps: safe-buffer@5.2.1
deps: type-is@~1.6.18

If you want to rebase/retry this PR, check this box

dev-mend-for-github-com bot added the security fix Security fix generated by Mend label Mar 1, 2026

dev-mend-for-github-com bot changed the title ~~Update dependency body-parser~~ Update dependency body-parser to v1.20.4 Mar 30, 2026

Update dependency body-parser to v1.20.4

f42aa7e

dev-mend-for-github-com bot force-pushed the whitesource-remediate/body-parser-1.x-lockfile branch from cbc1b08 to f42aa7e Compare April 8, 2026 17:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update dependency body-parser to v1.20.4#27

Update dependency body-parser to v1.20.4#27
dev-mend-for-github-com[bot] wants to merge 1 commit intoalphafrom
whitesource-remediate/body-parser-1.x-lockfile

dev-mend-for-github-com bot commented Mar 1, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dev-mend-for-github-com bot commented Mar 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.2

v1.19.1

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dev-mend-for-github-com bot commented Mar 1, 2026 •

edited

Loading

`v1.20.4`

`v1.20.3`

`v1.20.2`

`v1.20.1`

`v1.20.0`

`v1.19.2`

`v1.19.1`