Skip to content

chore(deps): bump body-parser from 1.20.4 to 2.3.0 in /test/crashtracker#140

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/test/crashtracker/body-parser-2.3.0
Open

chore(deps): bump body-parser from 1.20.4 to 2.3.0 in /test/crashtracker#140
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/test/crashtracker/body-parser-2.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps body-parser from 1.20.4 to 2.3.0.

Release notes

Sourced from body-parser's releases.

v2.3.0

What's Changed

New Contributors

Full Changelog: expressjs/body-parser@v2.2.2...v2.3.0

v2.2.2

What's Changed

... (truncated)

Changelog

Sourced from body-parser's changelog.

2.3.0 / 2026-06-15

  • fix: use static exports instead of lazy getters to improve ESM compatibility
  • feat: add subpath exports for individual parsers
  • fix: improve limit option validation (#698)
    • Invalid limit values (e.g. unparseable strings or NaN) now throw instead of being silently ignored, which previously disabled size limit enforcement
    • null and undefined fall back to the default 100kb limit
  • deps:
    • content-type@^2.0.0
    • http-errors@^2.0.1
    • iconv-lite^0.7.2
    • qs@^6.15.2
    • raw-body@^3.0.2
    • type-is@^2.1.0

2.2.2 / 2026-01-07

  • deps: qs@^6.14.1
  • refactor(json): simplify strict mode error string construction

2.2.1 / 2025-11-24

  • Security fix for GHSA-wqch-xfxh-vrr4
  • deps:
    • type-is@^2.0.1
    • iconv-lite@^0.7.0
      • Handle split surrogate pairs when encoding UTF-8
      • Avoid false positives in encodingExists by using prototype-less objects
    • raw-body@^3.0.1
    • debug@^4.4.3

2.2.0 / 2025-03-27

  • refactor: normalize common options for all parsers
  • deps:
    • iconv-lite@^0.6.3

2.1.0 / 2025-02-10

  • deps:
    • type-is@^2.0.0
    • debug@^4.4.0
    • Removed destroy
  • refactor: prefix built-in node module imports
  • use the node require cache instead of custom caching

... (truncated)

Commits
  • d0f2ace 2.3.0 (#735)
  • 7d03f2f chore: updated deps to latest (#733)
  • 8024ba7 build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#732)
  • 32b4ed4 build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 (#731)
  • ff0f6b9 docs: update outdated reference to MDN docs (#730)
  • 14d001a refactor: switch to const/let and enable eslint no-var rule (#729)
  • 37f36a2 deps: update content-type and type-is (#728)
  • e1c244b build(deps): bump github/codeql-action from 4.35.1 to 4.35.3 (#723)
  • e01087f build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#724)
  • a7698d3 build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#725)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump body-parser from 1.20.4 to 2.3.0 in /test/crashtracker
881daa1 
Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.4 to 2.3.0.
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.4...v2.3.0)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-version: 2.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file semver-patch labels Jun 22, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 22, 2026 19:20
@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependabot, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from a team as a code owner June 22, 2026 19:20
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file semver-patch labels Jun 22, 2026
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 22, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 881daa1035

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread test/crashtracker/yarn.lock
Comment on lines +25 to +28
body-parser@^2.3.0:
version "2.3.0"
resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-2.3.0.tgz#6d8662f4d8c336028b8ac9aa24251b0ca64ba437"
integrity sha512-2cGmJupaNgg+QUwVLAucDuWuoMZ6EX9iHDRswZ5lsNYEmwPaRknMPCLZz07yTzVq/83p4o/wzbDZbBrTvGGTIw==

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Update the transitive Yarn body-parser lock entry

Because the build workflow runs yarn install in test/crashtracker (.github/workflows/build.yml lines 16-18), this lockfile is what CI installs. This new direct 2.3.0 entry splits the previous combined lock entry, but body-parser@~1.20.3 for Express remains locked to 1.20.4 a few lines below, so Yarn installs still contain the old copy this bump is meant to remove while the npm lock already moved that transitive copy to 1.20.5. Please refresh the Yarn lock or add a resolution so no 1.20.4 copy remains.

Useful? React with 👍 / 👎.

@github-actions

github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown

Overall package size

Self size: 28.05 MB
Deduped: 28.05 MB
No deduping: 28.05 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------|

🤖 This report was automatically generated by heaviest-objects-in-the-universe

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file semver-patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants