Skip to content

[Snyk] Security upgrade body-parser from 1.18.2 to 1.20.4#500

Open
acatl wants to merge 1 commit into
masterfrom
snyk-fix-5c335c3e7089484b99f4c15304089cc1
Open

[Snyk] Security upgrade body-parser from 1.18.2 to 1.20.4#500
acatl wants to merge 1 commit into
masterfrom
snyk-fix-5c335c3e7089484b99f4c15304089cc1

Conversation

@acatl

@acatl acatl commented Feb 12, 2026

Copy link
Copy Markdown
Collaborator

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • packages/data-point-express/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
medium severity Allocation of Resources Without Limits or Throttling
SNYK-JS-QS-15268416		   708  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

Copilot AI review requested due to automatic review settings February 12, 2026 18:30
Copilot AI reviewed Feb 12, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Upgrades body-parser in packages/data-point-express to address a Snyk-reported vulnerability in transitive dependencies (via qs).

Changes:

  • Bump body-parser from 1.18.2 to 1.20.4 in devDependencies.
  • Bump body-parser from 1.18.2 to 1.20.4 in dependencies.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread packages/data-point-express/package.json
},
"devDependencies": {
"body-parser": "1.18.2",
"body-parser": "1.20.4",

Copilot AI Feb 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

body-parser is declared in both devDependencies and dependencies (same version). Since it’s required at runtime (e.g., in lib/inspector-middleware.js), it should live only under dependencies to avoid future version drift/confusion; consider removing it from devDependencies.

Suggested change
"body-parser": "1.20.4",

Copilot uses AI. Check for mistakes.
Comment thread packages/data-point-express/package.json
Comment on lines 25 to 27
"dependencies": {
"body-parser": "1.18.2",
"body-parser": "1.20.4",
"data-point-service": "^4.4.0",

Copilot AI Feb 12, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR updates package.json but doesn’t update the repo’s yarn.lock. With Yarn workspaces, leaving the lockfile unchanged can keep installs pinned to the old body-parser resolution (or cause the lockfile to be regenerated locally). Please run Yarn install and commit the resulting yarn.lock changes.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@acatl @snyk-bot