microsoft / react-native-test-app

react-native-test-app provides an app for all supported platforms as a package
MIT License
595 stars 91 forks source link

chore(deps): update dependency body-parser to v1.20.3 [security] #2219

Closed renovate[bot] closed 1 month ago

renovate[bot] commented 1 month ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
body-parser 1.20.2 -> 1.20.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-45590

Impact

body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.

Patches

this issue is patched in 1.20.3

References


Release Notes

expressjs/body-parser (body-parser) ### [`v1.20.3`](https://redirect.github.com/expressjs/body-parser/blob/HEAD/HISTORY.md#1203--2024-09-10) [Compare Source](https://redirect.github.com/expressjs/body-parser/compare/1.20.2...1.20.3) \=================== - deps: qs@6.13.0 - add `depth` option to customize the depth level in the parser - IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.

renovate[bot] commented 1 month ago

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.