fix: upgrade body-parser to >=1.20.3 to fix CVE-2024-45590 DoS attacks #3658

petermetz · 2024-11-28T18:05:12Z

Dependabot is not able to resolve this (seemingly) simple vulnerability
issue so we have to get in there and manually bump body-parser.

Fixes #3657

Signed-off-by: Peter Somogyvari [email protected]

Pull Request Requirements

Rebased onto upstream/main branch and squashed into single commit to help maintainers review it more efficient and to avoid spaghetti git commit graphs that obfuscate which commit did exactly what change, when and, why.
Have git sign off at the end of commit message to avoid being marked red. You can add -s flag when using git commit command. You may refer to this link for more information.
Follow the Commit Linting specification. You may refer to this link for more information.

Character Limit

Pull Request Title and Commit Subject must not exceed 72 characters (including spaces and special characters).
Commit Message per line must not exceed 80 characters (including spaces and special characters).

A Must Read for Beginners
For rebasing and squashing, here's a must read guide for beginners.

Dependabot is not able to resolve this (seemingly) simple vulnerability issue so we have to get in there and manually bump `body-parser`. https://github.com/hyperledger-cacti/cacti/security/dependabot/1218 CVE ID CVE-2024-45590 GHSA ID GHSA-qwcr-r2fm-qrc7 Fixes hyperledger-cacti#3657 Signed-off-by: Peter Somogyvari <[email protected]>

petermetz requested review from takeutak, izuru0, jagpreetsinghsasan, VRamakrishna, sandeepnRES and outSH as code owners November 28, 2024 18:05

outSH approved these changes Nov 29, 2024

View reviewed changes

Provide feedback