changeset-bot[bot]
commented
2 months ago π¦ Changeset detected
Latest commit: 843a4c27160f77840a88727252d831b2ef02b8c6
The changes in this PR will be included in the next version bump.
This PR includes changesets to release 2 packages
| Name | Type | | ------------------------------------ | ----- | | @sap-ux/fe-mockserver-core | Patch | | @sap-ux/ui5-middleware-fe-mockserver | Patch |Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
sonarcloud[bot]
This PR contains the following updates:
1.20.2->1.20.3GitHub Vulnerability Alerts
CVE-2024-45590
Impact
body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.
Patches
this issue is patched in 1.20.3
References
Release Notes
expressjs/body-parser (body-parser)
### [`v1.20.3`](https://redirect.github.com/expressjs/body-parser/blob/HEAD/HISTORY.md#1203--2024-09-10) [Compare Source](https://redirect.github.com/expressjs/body-parser/compare/1.20.2...1.20.3) \=================== - deps: qs@6.13.0 - add `depth` option to customize the depth level in the parser - IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)Configuration
π Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.