Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

urlencoded: Support iso-8859-1, utf8 sentinel, and numeric entities #326

Merged
merged 27 commits into from
Jul 30, 2024
Merged

urlencoded: Support iso-8859-1, utf8 sentinel, and numeric entities #326

merged 27 commits into from
Jul 30, 2024

Conversation

papandreou
Copy link
Contributor

@papandreou papandreou commented Jul 31, 2018
edited
Loading

Fixes #194

Further elaborations here: ljharb/qs#268

Supports both the simple and extended parsers as outlined in ljharb/qs#268 (comment) -- and doesn't use the equivalent capabilities of the qs module.

Note: This will fail in node.js 0.8 and 0.10 as the capability to specify a custom decodeURIComponent implementation to use wasn't added until 0.12.

@papandreou papandreou mentioned this pull request Jul 31, 2018
Merged
@papandreou papandreou force-pushed the feature/iso-8859-1/take2 branch from c056515 to 5b39b86 Compare July 31, 2018 21:25
@dougwilson
Copy link
Contributor

Note: This will fail in node.js 0.8 and 0.10 as the capability to specify a custom decodeURIComponent implementation to use wasn't added until 0.12.

We can hold the PR for the 2.0 release, which will drop support for those versions 👍

@papandreou
Copy link
Contributor Author

@dougwilson, that sounds fair! Does it look good otherwise?

@Lurow
Copy link

Lurow commented Sep 10, 2018

Hi there,

Any news on v2.0 release date with the pr?

Cheers

@thopaw
Copy link

thopaw commented Jan 9, 2019

Any news to iso-8859-1 support?

@papandreou
Copy link
Contributor Author

Fixed conflict with master.

@dougwilson, this has been sitting for some time now 😅

I'm not really in a hurry, but how about getting this released soon? I can remove those ancient node versions from .travis.yml if that would be a help? (I guess it might be a nice occasion to drop more old versions)

@dougwilson
Copy link
Contributor

The reason it has been sitting is just because it cannot be merged into the 1.x line due to the incompatibility. Because this module is a part of express, it effectively inherits it's support policy. The 1.x series of this module won't end up out of support for some time, and the count down starts with the next express release.

In order to reduce the support burden by maintaining multiple major versions of this module, I am just waiting to make the 2.0 in coordination with express 5.

If this could be made to work in those node.js versions I would of course be happy to land right away.

@papandreou
Copy link
Contributor Author

papandreou commented Aug 15, 2019
edited
Loading

Okay, thanks for the update, that makes sense!

If this could be made to work in those node.js versions I would of course be happy to land right away.

Unfortunately I think this would involve us to stop relying on the built-in querystring module in simple mode. Either by copying in a newer implementation than the one in 0.10, or by figuring out a way to use the qs module in simple mode as well, disabling the advanced behaviors. That seems a bit far-reaching, unless you were already planning to go in that direction?

@ljharb
Copy link
Contributor

ljharb commented Aug 15, 2019

@papandreou if there's manageable changes i could make in qs that would allow body-parser to switch to it for everything, i'm willing to make those.

@dougwilson
Copy link
Contributor

And I would be happy to use qs for everything here as well. The downside to using querystring for the simple parser is that since it ships as part of Node.js core, the results of this module will vary by both the version of this module and the version of Node.js (vs only varying by the version of this module).

@ljharb
Copy link
Contributor

ljharb commented Aug 16, 2019

@dougwilson if you can save me a few minutes and link me to a branch that uses qs for the simple parser, but is failing tests, i can use npm link and see what options and changes it would take to get it working :-D 🙏

@dougwilson
Copy link
Contributor

@ljharb this is likely not even correct for params to qs (I passed depth: -1 since 0 is not the right behavior, but idk), but it's at least something that should help :)

Branch: https://github.com/expressjs/body-parser/tree/urlencoded-qs-simple
Test: npm i && npm test -- --grep=bodyParser.urlencoded

@ljharb
Copy link
Contributor

ljharb commented Aug 16, 2019

give me 48 hours, i'll see what i can do

@ljharb
Copy link
Contributor

ljharb commented Aug 16, 2019

body-parser tests on that branch now pass with ljharb/qs#326 (comment), and I can merge and release that in qs as soon as I've convinced myself what semver it is.

@dougwilson
Copy link
Contributor

Ah, yes, so depth: 0 was supposed to make sense after all :D . Yes, that is a hard decision. But if it helps at all, this module and Express do not directly expose the qs arguments, making whichever semver it is a non issue to us :)

@ljharb
Copy link
Contributor

ljharb commented Aug 16, 2019

What I'm probably leaning towards is releasing it as a minor, and if users report breakage, reverting the depth 0 part, but keeping the depth false part - so express thus should use depth false to ensure continuity.

@ljharb
Copy link
Contributor

ljharb commented Aug 17, 2019
edited
Loading

v6.8.0 of qs is published.

@wesleytodd wesleytodd merged commit 6cea6bd into expressjs:2.x Jul 30, 2024
4 checks passed
@ekmixon ekmixon mentioned this pull request Oct 1, 2024
Open
This was referenced Oct 1, 2024
Open
Open
Open
This was referenced Oct 1, 2024
Open
Open
@lholmquist lholmquist mentioned this pull request Oct 1, 2024
Merged
@undeadgrishnackh undeadgrishnackh mentioned this pull request Oct 1, 2024
Open
@hakatashi hakatashi mentioned this pull request Oct 1, 2024
Merged
@nishanthmahasamudram nishanthmahasamudram mentioned this pull request Oct 1, 2024
Merged
@Kingcrypto38 Kingcrypto38 mentioned this pull request Oct 1, 2024
Open
@skanda890 skanda890 mentioned this pull request Oct 1, 2024
Merged
This was referenced Oct 2, 2024
Open
Open
@Aroc902322 Aroc902322 mentioned this pull request Oct 2, 2024
Open
This was referenced Oct 2, 2024
Open
Open
@vutting4221 vutting4221 mentioned this pull request Oct 2, 2024
Open
@scottwad scottwad mentioned this pull request Oct 2, 2024
Open
@adamus1red adamus1red mentioned this pull request Oct 3, 2024
Merged
@AlexanderWiechert AlexanderWiechert mentioned this pull request Oct 31, 2024
Open
@skanda890 skanda890 mentioned this pull request Nov 1, 2024
Merged
@hakatashi hakatashi mentioned this pull request Nov 3, 2024
Merged
This was referenced Nov 4, 2024
Open
Open
@lholmquist lholmquist mentioned this pull request Nov 6, 2024
Merged
@AlexanderWiechert AlexanderWiechert mentioned this pull request Nov 6, 2024
Open
@parseplatformorg parseplatformorg mentioned this pull request Nov 10, 2024
Closed
mergify bot added a commit to reisene/HulajDusza-serwis that referenced this pull request Jan 23, 2025
@mergify
[Snyk] Upgrade body-parser from 1.20.3 to 2.0.1 (#262)
28b48d4 
![snyk-io[bot]](https://badgen.net/badge/icon/snyk-io%5Bbot%5D/green?label=)
[<img width="16" alt="Powered by Pull Request Badge"
src="https://user-images.githubusercontent.com/1393946/111216524-d2bb8e00-85d4-11eb-821b-ed4c00989c02.png">](https://pullrequestbadge.com/?utm_medium=github&utm_source=reisene&utm_campaign=badge_info)<!--
PR-BADGE: PLEASE DO NOT REMOVE THIS COMMENT -->


![snyk-top-banner](https://redirect.github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)


<h3>Snyk has created this PR to upgrade body-parser from 1.20.3 to
2.0.1.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.

<hr/>

⚠️ **Warning:** This PR contains major version upgrade(s), and may be a
breaking change.

- The recommended version is **4 versions** ahead of your current
version.

- The recommended version was released **4 months ago**.



<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>body-parser</b></summary>
    <ul>
      <li>
<b>2.0.1</b> - <a
href="https://redirect.github.com/expressjs/body-parser/releases/tag/2.0.1">2024-09-10</a></br><h2>What's
Changed</h2>
<ul>
<li>Fix defaulting to extended url parsing by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/blakeembrey/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/blakeembrey">@ blakeembrey</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2515346637" data-permission-text="Title is private"
data-url="expressjs/body-parser#536"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/536/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/536">#536</a></li>
<li>Release: 2.0.1 by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/UlisesGascon/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2515354674" data-permission-text="Title is private"
data-url="expressjs/body-parser#537"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/537/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/537">#537</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/blakeembrey/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/blakeembrey">@ blakeembrey</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2515346637"
data-permission-text="Title is private"
data-url="expressjs/body-parser#536"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/536/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/536">#536</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://redirect.github.com/expressjs/body-parser/compare/2.0.0...2.0.1"><tt>2.0.0...2.0.1</tt></a></p>
      </li>
      <li>
<b>2.0.0</b> - <a
href="https://redirect.github.com/expressjs/body-parser/releases/tag/2.0.0">2024-09-10</a></br><h2>What's
Changed</h2>
<h3>Important</h3>
<ul>
<li>add brotli support <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="656076290"
data-permission-text="Title is private"
data-url="expressjs/body-parser#406"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/406/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/406">#406</a></li>
<li><strong>Breaking Change:</strong> Node.js 18 is the minimum
supported version</li>
</ul>
<h3>Details</h3>
<ul>
<li>chore: add support for OSSF scorecard reporting by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/inigomarquinez/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/inigomarquinez">@ inigomarquinez</a>
in <a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2279511270" data-permission-text="Title is private"
data-url="expressjs/body-parser#522"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/522/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/522">#522</a></li>
<li>ci: fix errors in ci github action for node 8 and 9 by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/inigomarquinez/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/inigomarquinez">@ inigomarquinez</a>
in <a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2279679714" data-permission-text="Title is private"
data-url="expressjs/body-parser#523"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/523/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/523">#523</a></li>
<li>fix: pin to [email protected] by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/wesleytodd/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/wesleytodd">@ wesleytodd</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2417531497" data-permission-text="Title is private"
data-url="expressjs/body-parser#527"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/527/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/527">#527</a></li>
<li>deps: [email protected] by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/melikhov-dev/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/melikhov-dev">@ melikhov-dev</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2243775909" data-permission-text="Title is private"
data-url="expressjs/body-parser#521"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/521/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/521">#521</a></li>
<li>Drop support for less than LTS node versions in v2 by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/wesleytodd/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/wesleytodd">@ wesleytodd</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2423856942" data-permission-text="Title is private"
data-url="expressjs/body-parser#528"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/528/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/528">#528</a></li>
<li>Also use the qs module for the simple parser by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/papandreou/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/papandreou">@ papandreou</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="562834397" data-permission-text="Title is private"
data-url="expressjs/body-parser#387"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/387/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/387">#387</a></li>
<li><code>raw-body@3</code> by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/wesleytodd/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/wesleytodd">@ wesleytodd</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2431088746" data-permission-text="Title is private"
data-url="expressjs/body-parser#529"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/529/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/529">#529</a></li>
<li>urlencoded: Support iso-8859-1, utf8 sentinel, and numeric entities
by <a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/papandreou/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/papandreou">@ papandreou</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="346357762" data-permission-text="Title is private"
data-url="expressjs/body-parser#326"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/326/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/326">#326</a></li>
<li>Added support for brotli ('br') content-encoding by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/danielgindi/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/danielgindi">@ danielgindi</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="656076290" data-permission-text="Title is private"
data-url="expressjs/body-parser#406"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/406/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/406">#406</a></li>
<li>Add OSSF Scorecard badge by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/bjohansebas/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/bjohansebas">@ bjohansebas</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2456555585" data-permission-text="Title is private"
data-url="expressjs/body-parser#531"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/531/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/531">#531</a></li>
<li>Linter by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/UlisesGascon/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2515064856" data-permission-text="Title is private"
data-url="expressjs/body-parser#534"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/534/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/534">#534</a></li>
<li>Release: 1.20.3 by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/UlisesGascon/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2515075091" data-permission-text="Title is private"
data-url="expressjs/body-parser#535"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/535/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/535">#535</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/inigomarquinez/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/inigomarquinez">@ inigomarquinez</a>
made their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2279511270"
data-permission-text="Title is private"
data-url="expressjs/body-parser#522"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/522/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/522">#522</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/wesleytodd/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/wesleytodd">@ wesleytodd</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2417531497"
data-permission-text="Title is private"
data-url="expressjs/body-parser#527"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/527/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/527">#527</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/melikhov-dev/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/melikhov-dev">@ melikhov-dev</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2243775909"
data-permission-text="Title is private"
data-url="expressjs/body-parser#521"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/521/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/521">#521</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/papandreou/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/papandreou">@ papandreou</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="562834397"
data-permission-text="Title is private"
data-url="expressjs/body-parser#387"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/387/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/387">#387</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/danielgindi/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/danielgindi">@ danielgindi</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="656076290"
data-permission-text="Title is private"
data-url="expressjs/body-parser#406"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/406/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/406">#406</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/bjohansebas/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/bjohansebas">@ bjohansebas</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2456555585"
data-permission-text="Title is private"
data-url="expressjs/body-parser#531"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/531/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/531">#531</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/UlisesGascon/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2515064856"
data-permission-text="Title is private"
data-url="expressjs/body-parser#534"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/534/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/534">#534</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://redirect.github.com/expressjs/body-parser/compare/1.20.2...2.0.0"><tt>1.20.2...2.0.0</tt></a></p>
      </li>
      <li>
<b>2.0.0-beta.2</b> - <a
href="https://redirect.github.com/expressjs/body-parser/releases/tag/v2.0.0-beta.2">2023-02-23</a></br><p>This
incorporates all changes after 1.19.1 up to 1.20.2.</p>
<ul>
<li>Remove deprecated <code>bodyParser()</code> combination
middleware</li>
<li>deps: [email protected]
<ul>
<li>Add <code>DEBUG_HIDE_DATE</code> environment variable</li>
<li>Change timer to per-namespace instead of global</li>
<li>Change non-TTY date format</li>
<li>Remove <code>DEBUG_FD</code> environment variable support</li>
<li>Support 256 namespace colors</li>
</ul>
</li>
<li>deps: [email protected]
<ul>
<li>Add encoding cp720</li>
<li>Add encoding UTF-32</li>
</ul>
</li>
<li>deps: [email protected]</li>
</ul>
      </li>
      <li>
<b>2.0.0-beta.1</b> - <a
href="https://redirect.github.com/expressjs/body-parser/releases/tag/v2.0.0-beta.1">2021-12-18</a></br><ul>
<li><code>req.body</code> is no longer always initialized to
<code>{}</code>
<ul>
<li>it is left <code>undefined</code> unless a body is parsed</li>
</ul>
</li>
<li><code>urlencoded</code> parser now defaults <code>extended</code> to
<code>false</code></li>
<li>Use <code>on-finished</code> to determine when body read</li>
</ul>
      </li>
      <li>
<b>1.20.3</b> - <a
href="https://redirect.github.com/expressjs/body-parser/releases/tag/1.20.3">2024-09-09</a></br><h2>What's
Changed</h2>
<h3>Important</h3>
<ul>
<li>deps: [email protected]</li>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li><strong>IMPORTANT:</strong> The default <code>depth</code> level for
parsing URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>). <a
href="https://redirect.github.com/expressjs/body-parser/blob/17529513673e39ba79886a7ce3363320cf1c0c50/README.md#depth">Documentation</a></li>
</ul>
<h3>Other changes</h3>
<ul>
<li>chore: add support for OSSF scorecard reporting by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/inigomarquinez/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/inigomarquinez">@ inigomarquinez</a>
in <a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2279511270" data-permission-text="Title is private"
data-url="expressjs/body-parser#522"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/522/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/522">#522</a></li>
<li>ci: fix errors in ci github action for node 8 and 9 by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/inigomarquinez/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/inigomarquinez">@ inigomarquinez</a>
in <a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2279679714" data-permission-text="Title is private"
data-url="expressjs/body-parser#523"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/523/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/523">#523</a></li>
<li>fix: pin to [email protected] by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/wesleytodd/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/wesleytodd">@ wesleytodd</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2417531497" data-permission-text="Title is private"
data-url="expressjs/body-parser#527"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/527/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/527">#527</a></li>
<li>deps: [email protected] by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/melikhov-dev/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/melikhov-dev">@ melikhov-dev</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2243775909" data-permission-text="Title is private"
data-url="expressjs/body-parser#521"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/521/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/521">#521</a></li>
<li>Add OSSF Scorecard badge by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/bjohansebas/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/bjohansebas">@ bjohansebas</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2456555585" data-permission-text="Title is private"
data-url="expressjs/body-parser#531"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/531/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/531">#531</a></li>
<li>Linter by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/UlisesGascon/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2515064856" data-permission-text="Title is private"
data-url="expressjs/body-parser#534"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/534/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/534">#534</a></li>
<li>Release: 1.20.3 by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/UlisesGascon/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2515075091" data-permission-text="Title is private"
data-url="expressjs/body-parser#535"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/535/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/535">#535</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/inigomarquinez/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/inigomarquinez">@ inigomarquinez</a>
made their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2279511270"
data-permission-text="Title is private"
data-url="expressjs/body-parser#522"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/522/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/522">#522</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/melikhov-dev/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/melikhov-dev">@ melikhov-dev</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2243775909"
data-permission-text="Title is private"
data-url="expressjs/body-parser#521"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/521/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/521">#521</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/bjohansebas/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/bjohansebas">@ bjohansebas</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2456555585"
data-permission-text="Title is private"
data-url="expressjs/body-parser#531"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/531/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/531">#531</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/UlisesGascon/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="2515064856"
data-permission-text="Title is private"
data-url="expressjs/body-parser#534"
data-hovercard-type="pull_request"
data-hovercard-url="/expressjs/body-parser/pull/534/hovercard"
href="https://redirect.github.com/expressjs/body-parser/pull/534">#534</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://redirect.github.com/expressjs/body-parser/compare/1.20.2...1.20.3"><tt>1.20.2...1.20.3</tt></a></p>
      </li>
    </ul>
from <a
href="https://redirect.github.com/expressjs/body-parser/releases">body-parser
GitHub release notes</a>
  </details>
</details>

---

> [!IMPORTANT]
>
> - **Warning:** This PR contains a major version upgrade, and may be a
breaking change.
> - Check the changes in this PR to ensure they won't cause issues with
your project.
> - This PR was automatically created by Snyk using the credentials of a
real user.

---

**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs._

**For more information:** <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmY2NmMTA2MC1iZmM1LTRjOWItOGFlMS0xZjczODJhYjI4YjEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImZjY2YxMDYwLWJmYzUtNGM5Yi04YWUxLTFmNzM4MmFiMjhiMSJ9fQ=="
width="0" height="0"/>

> - 🧐 [View latest project
report](https://app.snyk.io/org/reisene/project/55e114f8-489e-4f14-b900-20574b041e59?utm_source&#x3D;github-cloud-app&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 📜 [Customise PR
templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template)
> - 🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/reisene/project/55e114f8-489e-4f14-b900-20574b041e59/settings/integration?utm_source&#x3D;github-cloud-app&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/reisene/project/55e114f8-489e-4f14-b900-20574b041e59/settings/integration?pkg&#x3D;body-parser&amp;utm_source&#x3D;github-cloud-app&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

[//]: #
'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"body-parser","from":"1.20.3","to":"2.0.1"}],"env":"prod","hasFixes":false,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[],"prId":"fccf1060-bfc5-4c9b-8ae1-1f7382ab28b1","prPublicId":"fccf1060-bfc5-4c9b-8ae1-1f7382ab28b1","packageManager":"npm","priorityScoreList":[],"projectPublicId":"55e114f8-489e-4f14-b900-20574b041e59","projectUrl":"https://app.snyk.io/org/reisene/project/55e114f8-489e-4f14-b900-20574b041e59?utm_source=github-cloud-app&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":4,"publishedDate":"2024-09-10T04:15:36.065Z"},"vulns":[]}'

## Podsumowanie przez Sourcery

Ulepszenia:
- Aktualizacja body-parser do wersji 2.0.1, która obejmuje:
  - Wsparcie dla kodowania Brotli
  - Rezygnację ze wsparcia dla starszych wersji Node.js
  - Domyślne ustawienie "extended" na "false" dla parsera urlencoded
- Zmianę domyślnego poziomu głębokości parsowania danych URL-encoded do
32

<details>
<summary>Original summary in English</summary>

## Summary by Sourcery

Enhancements:
- Upgrade body-parser to version 2.0.1, which includes support for
Brotli encoding, drops support for older Node.js versions, defaults
"extended" to "false" for urlencoded parser, and changes the default
depth level for parsing URL-encoded data to 32.

</details>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ljharb ljharb ljharb left review comments

Assignees
No one assigned
Labels
enhancement pr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

iso-8859-1/windows-1252 support?
8 participants
@papandreou @dougwilson @Lurow @thopaw @ljharb @filecage @DarkBitz @wesleytodd