Skip to content

chore(deps): bump body-parser from 1.20.1 to 2.3.0#586

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/body-parser-2.3.0
Open

chore(deps): bump body-parser from 1.20.1 to 2.3.0#586
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/body-parser-2.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown

Bumps body-parser from 1.20.1 to 2.3.0.

Release notes

Sourced from body-parser's releases.

v2.3.0

Important: Security

What's Changed

New Contributors

Full Changelog: expressjs/body-parser@v2.2.2...v2.3.0

v2.2.2

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.3.0 / 2026-06-15

  • Security fix for GHSA-v422-hmwv-36x6
  • fix: use static exports instead of lazy getters to improve ESM compatibility
  • feat: add subpath exports for individual parsers
  • fix: improve limit option validation (#698)
    • Invalid limit values (e.g. unparseable strings or NaN) now throw instead of being silently ignored, which previously disabled size limit enforcement
    • null and undefined fall back to the default 100kb limit
  • deps:
    • content-type@^2.0.0
    • http-errors@^2.0.1
    • iconv-lite^0.7.2
    • qs@^6.15.2
    • raw-body@^3.0.2
    • type-is@^2.1.0

2.2.2 / 2026-01-07

  • deps: qs@^6.14.1
  • refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

  • Security fix for GHSA-wqch-xfxh-vrr4
  • deps:
    • type-is@^2.0.1
    • iconv-lite@^0.7.0
      • Handle split surrogate pairs when encoding UTF-8
      • Avoid false positives in encodingExists by using prototype-less objects
    • raw-body@^3.0.1
    • debug@^4.4.3

2.2.0 / 2025-03-27

  • refactor: normalize common options for all parsers
  • deps:
    • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

  • deps:
    • type-is@^2.0.0
    • debug@^4.4.0
    • Removed destroy
  • refactor: prefix built-in node module imports

... (truncated)

Commits
  • d0f2ace 2.3.0 (#735)
  • 7d03f2f chore: updated deps to latest (#733)
  • 8024ba7 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#732)
  • 32b4ed4 build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 (#731)
  • ff0f6b9 docs: update outdated reference to MDN docs (#730)
  • 14d001a refactor: switch to const/let and enable eslint no-var rule (#729)
  • 37f36a2 deps: update content-type and type-is (#728)
  • e1c244b build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 (#723)
  • e01087f build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#724)
  • a7698d3 build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#725)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.1 to 2.3.0.
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.1...v2.3.0)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@mergeable

mergeable Bot commented Jul 17, 2026

Copy link
Copy Markdown

Thanks for creating a pull request! A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant