[Snyk] Upgrade body-parser from 1.19.0 to 1.19.2

[snyk-bot]

Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.19.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-02-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Directory Traversal SNYK-JS-MOMENT-2440688	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: body-parser

• 1.19.2 - 2022-02-16
  
  • deps: bytes@3.1.2
  • deps: qs@6.9.7
    • Fix handling of __proto__ keys
  • deps: raw-body@2.4.3
    • deps: bytes@3.1.2
• 1.19.1 - 2021-12-10
  
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
    • deps: inherits@2.0.4
    • deps: toidentifier@1.0.1
    • deps: setprototypeof@1.2.0
  • deps: qs@6.9.6
  • deps: raw-body@2.4.2
    • deps: bytes@3.1.1
    • deps: http-errors@1.8.1
  • deps: safe-buffer@5.2.1
  • deps: type-is@~1.6.18
• 1.19.0 - 2019-04-26
  
  • deps: bytes@3.1.0
    • Add petabyte (pb) support
  • deps: http-errors@1.7.2
    • Set constructor name when possible
    • deps: setprototypeof@1.1.1
    • deps: statuses@'>= 1.5.0 < 2'
  • deps: iconv-lite@0.4.24
    • Added encoding MIK
  • deps: qs@6.7.0
    • Fix parsing array brackets after index
  • deps: raw-body@2.4.0
    • deps: bytes@3.1.0
    • deps: http-errors@1.7.2
    • deps: iconv-lite@0.4.24
  • deps: type-is@~1.6.17
    • deps: mime-types@~2.1.24
    • perf: prevent internal throw on invalid type

from body-parser GitHub release notes

Commit messages

Package name: body-parser

• 424dadd 1.19.2
• 11248a2 deps: raw-body@2.4.3
• 7a088eb build: Node.js@14.19
• ecedf31 build: Node.js@16.14
• b6bfabd build: Node.js@17.5
• badd6b2 build: fix code coverage aggregate upload
• 96b448a build: Node.js@17.4
• 70560b1 build: mocha@9.2.0
• 548a06f build: supertest@6.2.2
• 3b00678 deps: bytes@3.1.2
• d5acb61 build: mocha@9.1.4
• 82c8a7c tests: add limit + inflate tests
• b356758 deps: qs@6.9.7
• c631b58 build: supertest@6.2.1
• c81a8e2 build: eslint-plugin-import@2.25.4
• 3c4dcb8 build: Node.js@17.3
• d0a214b 1.19.1
• fb172d4 build: eslint-plugin-promise@5.2.0
• c5e63cb build: Node.js@17.2
• c6d43bd build: eslint-plugin-import@2.25.3
• 313ed6d build: eslint-plugin-promise@5.1.1
• 8389b51 deps: bytes@3.1.1
• aae94b2 deps: http-errors@1.8.1
• 7f84d4f deps: raw-body@2.4.2

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs