Update dependency body-parser to ~1.20.4

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
body-parser	dependencies	minor	~1.13.2 → ~1.20.4

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
High	7.5	CVE-2024-45590
Low	3.7	CVE-2026-2391

---

Release Notes

expressjs/body-parser (body-parser)

v1.20.4

Compare Source

===================

• deps: qs@~6.14.0
• deps: use tilde notation for dependencies
• deps: http-errors@~2.0.1
• deps: raw-body@~2.5.3

v1.20.3

Compare Source

===================

• deps: qs@​6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

v1.20.2

Compare Source

===================

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: raw-body@​2.5.2

v1.20.1

Compare Source

===================

• deps: qs@​6.11.0
• perf: remove unnecessary object clone

v1.20.0

Compare Source

===================

• Fix error message for json parse whitespace in strict
• Fix internal error when inflated body exceeds limit
• Prevent loss of async hooks context
• Prevent hanging when request already read
• deps: depd@​2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: http-errors@​2.0.0
  • deps: depd@​2.0.0
  • deps: statuses@​2.0.1
• deps: on-finished@​2.4.1
• deps: qs@​6.10.3
• deps: raw-body@​2.5.1
  • deps: http-errors@​2.0.0

v1.19.2

Compare Source

===================

• deps: bytes@​3.1.2
• deps: qs@​6.9.7
  • Fix handling of __proto__ keys
• deps: raw-body@​2.4.3
  • deps: bytes@​3.1.2

v1.19.1

Compare Source

===================

• deps: bytes@​3.1.1
• deps: http-errors@​1.8.1
  • deps: inherits@​2.0.4
  • deps: toidentifier@​1.0.1
  • deps: setprototypeof@​1.2.0
• deps: qs@​6.9.6
• deps: raw-body@​2.4.2
  • deps: bytes@​3.1.1
  • deps: http-errors@​1.8.1
• deps: safe-buffer@​5.2.1
• deps: type-is@~1.6.18

v1.19.0

Compare Source

===================

• deps: bytes@​3.1.0
  • Add petabyte (pb) support
• deps: http-errors@​1.7.2
  • Set constructor name when possible
  • deps: setprototypeof@​1.1.1
  • deps: statuses@'>= 1.5.0 < 2'
• deps: iconv-lite@​0.4.24
  • Added encoding MIK
• deps: qs@​6.7.0
  • Fix parsing array brackets after index
• deps: raw-body@​2.4.0
  • deps: bytes@​3.1.0
  • deps: http-errors@​1.7.2
  • deps: iconv-lite@​0.4.24
• deps: type-is@~1.6.17
  • deps: mime-types@~2.1.24
  • perf: prevent internal throw on invalid type

v1.18.3

Compare Source

===================

• Fix stack trace for strict json parse error
• deps: depd@~1.1.2
  • perf: remove argument reassignment
• deps: http-errors@~1.6.3
  • deps: depd@~1.1.2
  • deps: setprototypeof@​1.1.0
  • deps: statuses@'>= 1.3.1 < 2'
• deps: iconv-lite@​0.4.23
  • Fix loading encoding with year appended
  • Fix deprecation warnings on Node.js 10+
• deps: qs@​6.5.2
• deps: raw-body@​2.3.3
  • deps: http-errors@​1.6.3
  • deps: iconv-lite@​0.4.23
• deps: type-is@~1.6.16
  • deps: mime-types@~2.1.18

v1.18.2

Compare Source

===================

• deps: debug@​2.6.9
• perf: remove argument reassignment

v1.18.1

Compare Source

===================

• deps: content-type@~1.0.4
  • perf: remove argument reassignment
  • perf: skip parameter parsing when no parameters
• deps: iconv-lite@​0.4.19
  • Fix ISO-8859-1 regression
  • Update Windows-1255
• deps: qs@​6.5.1
  • Fix parsing & compacting very deep objects
• deps: raw-body@​2.3.2
  • deps: iconv-lite@​0.4.19

v1.18.0

Compare Source

===================

• Fix JSON strict violation error to match native parse error
• Include the body property on verify errors
• Include the type property on all generated errors
• Use http-errors to set status code on errors
• deps: bytes@​3.0.0
• deps: debug@​2.6.8
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading
• deps: http-errors@~1.6.2
  • deps: depd@​1.1.1
• deps: iconv-lite@​0.4.18
  • Add support for React Native
  • Add a warning if not loaded as utf-8
  • Fix CESU-8 decoding in Node.js 8
  • Improve speed of ISO-8859-1 encoding
• deps: qs@​6.5.0
• deps: raw-body@​2.3.1
  • Use http-errors for standard emitted errors
  • deps: bytes@​3.0.0
  • deps: iconv-lite@​0.4.18
  • perf: skip buffer decoding on overage chunk
• perf: prevent internal throw when missing charset

v1.17.2

Compare Source

===================

• deps: debug@​2.6.7
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: ms@​2.0.0
• deps: type-is@~1.6.15
  • deps: mime-types@~2.1.15

v1.17.1

Compare Source

===================

• deps: qs@​6.4.0
  • Fix regression parsing keys starting with [

v1.17.0

Compare Source

===================

• deps: http-errors@~1.6.1
  • Make message property enumerable for HttpErrors
  • deps: setprototypeof@​1.0.3
• deps: qs@​6.3.1
  • Fix compacting nested arrays

v1.16.1

Compare Source

===================

• deps: debug@​2.6.1
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

v1.16.0

Compare Source

===================

• deps: debug@​2.6.0
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable
  • Fix error when running under React Native
  • Use same color for same namespace
  • deps: ms@​0.7.2
• deps: http-errors@~1.5.1
  • deps: inherits@​2.0.3
  • deps: setprototypeof@​1.0.2
  • deps: statuses@'>= 1.3.1 < 2'
• deps: iconv-lite@​0.4.15
  • Added encoding MS-31J
  • Added encoding MS-932
  • Added encoding MS-936
  • Added encoding MS-949
  • Added encoding MS-950
  • Fix GBK/GB18030 handling of Euro character
• deps: qs@​6.2.1
  • Fix array parsing from skipping empty values
• deps: raw-body@~2.2.0
  • deps: iconv-lite@​0.4.15
• deps: type-is@~1.6.14
  • deps: mime-types@~2.1.13

v1.15.2

Compare Source

===================

• deps: bytes@​2.4.0
• deps: content-type@~1.0.2
  • perf: enable strict mode
• deps: http-errors@~1.5.0
  • Use setprototypeof module to replace __proto__ setting
  • deps: statuses@'>= 1.3.0 < 2'
  • perf: enable strict mode
• deps: qs@​6.2.0
• deps: raw-body@~2.1.7
  • deps: bytes@​2.4.0
  • perf: remove double-cleanup on happy path
• deps: type-is@~1.6.13
  • deps: mime-types@~2.1.11

v1.15.1

Compare Source

===================

• deps: bytes@​2.3.0
  • Drop partial bytes on all parsed units
  • Fix parsing byte string that looks like hex
• deps: raw-body@~2.1.6
  • deps: bytes@​2.3.0
• deps: type-is@~1.6.12
  • deps: mime-types@~2.1.10

v1.15.0

Compare Source

===================

• deps: http-errors@~1.4.0
  • Add HttpError export, for err instanceof createError.HttpError
  • deps: inherits@​2.0.1
  • deps: statuses@'>= 1.2.1 < 2'
• deps: qs@​6.1.0
• deps: type-is@~1.6.11
  • deps: mime-types@~2.1.9

v1.14.2

Compare Source

===================

• deps: bytes@​2.2.0
• deps: iconv-lite@​0.4.13
• deps: qs@​5.2.0
• deps: raw-body@~2.1.5
  • deps: bytes@​2.2.0
  • deps: iconv-lite@​0.4.13
• deps: type-is@~1.6.10
  • deps: mime-types@~2.1.8

v1.14.1

Compare Source

===================

• Fix issue where invalid charset results in 400 when verify used
• deps: iconv-lite@​0.4.12
  • Fix CESU-8 decoding in Node.js 4.x
• deps: raw-body@~2.1.4
  • Fix masking critical errors from iconv-lite
  • deps: iconv-lite@​0.4.12
• deps: type-is@~1.6.9
  • deps: mime-types@~2.1.7

v1.14.0

Compare Source

===================

• Fix JSON strict parse error to match syntax errors
• Provide static require analysis in urlencoded parser
• deps: depd@~1.1.0
  • Support web browser loading
• deps: qs@​5.1.0
• deps: raw-body@~2.1.3
  • Fix sync callback when attaching data listener causes sync read
• deps: type-is@~1.6.8
  • Fix type error when given invalid type to match against
  • deps: mime-types@~2.1.6

v1.13.3

Compare Source

===================

• deps: type-is@~1.6.6
  • deps: mime-types@~2.1.4

---

• If you want to rebase/retry this PR, check this box