fix(deps): update dependency body-parser to v1.20.3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
body-parser	1.20.2 → 1.20.3

---

body-parser vulnerable to denial of service when url encoding is enabled

CVE-2024-45590 / GHSA-qwcr-r2fm-qrc7

More information

Details

Impact

body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.

Patches

this issue is patched in 1.20.3

References

Severity

• CVSS Score: 8.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

• https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
• https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce
• https://nvd.nist.gov/vuln/detail/CVE-2024-45590
• https://github.com/advisories/GHSA-qwcr-r2fm-qrc7

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

expressjs/body-parser (body-parser)

v1.20.3

Compare Source

===================

• deps: qs@​6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.