Skip to content

chore(deps): bump body-parser from 1.20.4 to 2.3.0 in /test/crashtracker#140

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/test/crashtracker/body-parser-2.3.0
Open

chore(deps): bump body-parser from 1.20.4 to 2.3.0 in /test/crashtracker#140
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/test/crashtracker/body-parser-2.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps body-parser from 1.20.4 to 2.3.0.

Release notes

Sourced from body-parser's releases.

v2.3.0

What's Changed

New Contributors

Full Changelog: expressjs/body-parser@v2.2.2...v2.3.0

v2.2.2

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.3.0 / 2026-06-15

  • fix: use static exports instead of lazy getters to improve ESM compatibility
  • feat: add subpath exports for individual parsers
  • fix: improve limit option validation (#698)
    • Invalid limit values (e.g. unparseable strings or NaN) now throw instead of being silently ignored, which previously disabled size limit enforcement
    • null and undefined fall back to the default 100kb limit
  • deps:
    • content-type@^2.0.0
    • http-errors@^2.0.1
    • iconv-lite^0.7.2
    • qs@^6.15.2
    • raw-body@^3.0.2
    • type-is@^2.1.0

2.2.2 / 2026-01-07

  • deps: qs@^6.14.1
  • refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

  • Security fix for GHSA-wqch-xfxh-vrr4
  • deps:
    • type-is@^2.0.1
    • iconv-lite@^0.7.0
      • Handle split surrogate pairs when encoding UTF-8
      • Avoid false positives in encodingExists by using prototype-less objects
    • raw-body@^3.0.1
    • debug@^4.4.3

2.2.0 / 2025-03-27

  • refactor: normalize common options for all parsers
  • deps:
    • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

  • deps:
    • type-is@^2.0.0
    • debug@^4.4.0
    • Removed destroy
  • refactor: prefix built-in node module imports
  • use the node require cache instead of custom caching

... (truncated)

Commits
  • d0f2ace 2.3.0 (#735)
  • 7d03f2f chore: updated deps to latest (#733)
  • 8024ba7 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#732)
  • 32b4ed4 build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 (#731)
  • ff0f6b9 docs: update outdated reference to MDN docs (#730)
  • 14d001a refactor: switch to const/let and enable eslint no-var rule (#729)
  • 37f36a2 deps: update content-type and type-is (#728)
  • e1c244b build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 (#723)
  • e01087f build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#724)
  • a7698d3 build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#725)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file semver-patch labels Jun 22, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 22, 2026 19:20
@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependabot, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from a team as a code owner June 22, 2026 19:20
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file semver-patch labels Jun 22, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 881daa1035

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread test/crashtracker/yarn.lock Outdated
Comment on lines +25 to +28
body-parser@^2.3.0:
version "2.3.0"
resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-2.3.0.tgz#6d8662f4d8c336028b8ac9aa24251b0ca64ba437"
integrity sha512-2cGmJupaNgg+QUwVLAucDuWuoMZ6EX9iHDRswZ5lsNYEmwPaRknMPCLZz07yTzVq/83p4o/wzbDZbBrTvGGTIw==

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Update the transitive Yarn body-parser lock entry

Because the build workflow runs yarn install in test/crashtracker (.github/workflows/build.yml lines 16-18), this lockfile is what CI installs. This new direct 2.3.0 entry splits the previous combined lock entry, but body-parser@~1.20.3 for Express remains locked to 1.20.4 a few lines below, so Yarn installs still contain the old copy this bump is meant to remove while the npm lock already moved that transitive copy to 1.20.5. Please refresh the Yarn lock or add a resolution so no 1.20.4 copy remains.

Useful? React with 👍 / 👎.

@github-actions

github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown

Overall package size

Self size: 30.05 MB
Deduped: 30.05 MB
No deduping: 30.05 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------|

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@szegedi

szegedi commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.4 to 2.3.0.
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.4...v2.3.0)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/test/crashtracker/body-parser-2.3.0 branch from 881daa1 to 1367bfe Compare July 3, 2026 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file semver-patch

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant