fix(deps): update dependency body-parser to v1.20.3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
body-parser	1.20.2 → 1.20.3

---

body-parser vulnerable to denial of service when url encoding is enabled

CVE-2024-45590 / GHSA-qwcr-r2fm-qrc7

More information

Details

Impact

body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.

Patches

this issue is patched in 1.20.3

References

Severity

• CVSS Score: 8.7 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References

• https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7
• https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce
• https://nvd.nist.gov/vuln/detail/CVE-2024-45590
• https://github.com/advisories/GHSA-qwcr-r2fm-qrc7

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

expressjs/body-parser (body-parser)

v1.20.3

Compare Source

===================

• deps: qs@​6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: http-proxy-middleware/yarn.lock

error SyntaxError: Invalid value type 3464:0 in /tmp/renovate/repos/github/dlminvestments/node-js-server/http-proxy-middleware/yarn.lock
    at Parser.unexpected (/opt/containerbase/tools/yarn-slim/1.22.22/24.15.0/node_modules/yarn/lib/cli.js:64026:11)
    at Parser.parse (/opt/containerbase/tools/yarn-slim/1.22.22/24.15.0/node_modules/yarn/lib/cli.js:64154:16)
    at parse (/opt/containerbase/tools/yarn-slim/1.22.22/24.15.0/node_modules/yarn/lib/cli.js:64231:21)
    at module.exports.exports.default (/opt/containerbase/tools/yarn-slim/1.22.22/24.15.0/node_modules/yarn/lib/cli.js:63793:96)
    at Lockfile.<anonymous> (/opt/containerbase/tools/yarn-slim/1.22.22/24.15.0/node_modules/yarn/lib/cli.js:3068:63)
    at Generator.next (<anonymous>)
    at step (/opt/containerbase/tools/yarn-slim/1.22.22/24.15.0/node_modules/yarn/lib/cli.js:310:30)
    at /opt/containerbase/tools/yarn-slim/1.22.22/24.15.0/node_modules/yarn/lib/cli.js:321:13

[cloudflare-workers-and-pages]

Deploying node-js-server with    Cloudflare Pages

Latest commit:	1f9d1b5
Status:	✅  Deploy successful!
Preview URL:	https://6aa76e6e.node-js-server.pages.dev
Branch Preview URL:	https://renovate-npm-body-parser-vul.node-js-server.pages.dev

View logs