-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency body-parser to v1.20.3 [security] #6619
base: next
Are you sure you want to change the base?
Conversation
Hey there and thank you for opening this pull request! 👋 We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted. Your PR title is: Details: Unknown scope "deps" found in pull request title "fix(deps): update dependency body-parser to v1.20.3 [security]". Scope must match one of: root, api, dashboard, inbound-mail, web, webhook, widget, worker, ws, ee-auth, ee-billing, ee-dal, ee-shared-services, ee-translation, application-generic, automation, dal, design-system, embed, novui, testing, client, framework, headless, js, nest, nextjs, node, notification-center, novu, providers, react, react-native, shared, stateless, nestjs, nextjs. |
❌ Deploy Preview for novu-stg-vite-dashboard-poc failed. Why did it fail? →
|
bcc357c
to
2058c4a
Compare
2058c4a
to
f31e989
Compare
f31e989
to
3399da8
Compare
3399da8
to
b77b4c0
Compare
b77b4c0
to
de2152f
Compare
de2152f
to
1d26fb6
Compare
1d26fb6
to
f089ef5
Compare
0beb20c
to
c0e46c7
Compare
c0e46c7
to
ee84472
Compare
ee84472
to
0daccec
Compare
0daccec
to
995ef44
Compare
995ef44
to
8e29879
Compare
8e29879
to
267bd33
Compare
267bd33
to
0291d52
Compare
This PR contains the following updates:
1.20.2
->1.20.3
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2024-45590
Impact
body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.
Patches
this issue is patched in 1.20.3
References
Release Notes
expressjs/body-parser (body-parser)
v1.20.3
Compare Source
===================
depth
option to customize the depth level in the parserdepth
level for parsing URL-encoded data is now32
(previously wasInfinity
)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.