-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update dependency body-parser to v1.20.3 [security] #6619
Conversation
Hey there and thank you for opening this pull request! 👋 We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted. Your PR title is: Details: Unknown scope "deps" found in pull request title "fix(deps): update dependency body-parser to v1.20.3 [security]". Scope must match one of: root, api, dashboard, inbound-mail, web, webhook, widget, worker, ws, ee-auth, ee-billing, ee-dal, ee-shared-services, ee-translation, application-generic, automation, dal, design-system, embed, notifications, novui, testing, client, framework, headless, js, nest, nextjs, node, notification-center, novu, providers, react, react-native, shared, stateless, nestjs, nextjs. |
✅ Deploy Preview for novu-stg-vite-dashboard-poc ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
bcc357c
to
2058c4a
Compare
2058c4a
to
f31e989
Compare
f31e989
to
3399da8
Compare
3399da8
to
b77b4c0
Compare
b77b4c0
to
de2152f
Compare
de2152f
to
1d26fb6
Compare
1d26fb6
to
f089ef5
Compare
14e28b8
to
0af714b
Compare
0af714b
to
e7c0518
Compare
e7c0518
to
ba24b99
Compare
ba24b99
to
24fe671
Compare
24fe671
to
c93e480
Compare
c93e480
to
f4a207e
Compare
f4a207e
to
fce3418
Compare
This PR contains the following updates:
1.20.2
->1.20.3
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2024-45590
Impact
body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.
Patches
this issue is patched in 1.20.3
References
Release Notes
expressjs/body-parser (body-parser)
v1.20.3
Compare Source
===================
depth
option to customize the depth level in the parserdepth
level for parsing URL-encoded data is now32
(previously wasInfinity
)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.