The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.
This PR contains the following updates:
1.18.3
->1.19.2
This PR resolves the vulnerabilities described in Issue #31
Version 1.18.3
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | N/A | 0 | 1 | 0 | 0 |Version 1.19.2
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -100% | 0 (--) | 0 (-1 ) | 0 (--) | 0 (--) |Version 1.20.2
| Risk Change | Critical | High | Medium | Low | | --- | --- | --- | --- | --- | | -100% | 0 (--) | 0 (-1 ) | 0 (--) | 0 (--) |Mend ensures you have the greatest risk reduction ("Recommended Fix"-highlighted in green) by removing as many vulnerabilities as possible. Click to see how we calculate risk reduction.
Release Notes
expressjs/body-parser
### [`v1.19.2`](https://togithub.com/expressjs/body-parser/blob/HEAD/HISTORY.md#1192--2022-02-15) [Compare Source](https://togithub.com/expressjs/body-parser/compare/1.19.1...1.19.2) \=================== - deps: bytes@3.1.2 - deps: qs@6.9.7 - Fix handling of `__proto__` keys - deps: raw-body@2.4.3 - deps: bytes@3.1.2 ### [`v1.19.1`](https://togithub.com/expressjs/body-parser/blob/HEAD/HISTORY.md#1191--2021-12-10) [Compare Source](https://togithub.com/expressjs/body-parser/compare/1.19.0...1.19.1) \=================== - deps: bytes@3.1.1 - deps: http-errors@1.8.1 - deps: inherits@2.0.4 - deps: toidentifier@1.0.1 - deps: setprototypeof@1.2.0 - deps: qs@6.9.6 - deps: raw-body@2.4.2 - deps: bytes@3.1.1 - deps: http-errors@1.8.1 - deps: safe-buffer@5.2.1 - deps: type-is@~1.6.18 ### [`v1.19.0`](https://togithub.com/expressjs/body-parser/blob/HEAD/HISTORY.md#1190--2019-04-25) [Compare Source](https://togithub.com/expressjs/body-parser/compare/1.18.3...1.19.0) \=================== - deps: bytes@3.1.0 - Add petabyte (`pb`) support - deps: http-errors@1.7.2 - Set constructor name when possible - deps: setprototypeof@1.1.1 - deps: statuses@'>= 1.5.0 < 2' - deps: iconv-lite@0.4.24 - Added encoding MIK - deps: qs@6.7.0 - Fix parsing array brackets after index - deps: raw-body@2.4.0 - deps: bytes@3.1.0 - deps: http-errors@1.7.2 - deps: iconv-lite@0.4.24 - deps: type-is@~1.6.17 - deps: mime-types@~2.1.24 - perf: prevent internal `throw` on invalid type