[Snyk] Fix for 1 vulnerabilities

[cdobru]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-15268416	590

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[cdobru]

This upgrade includes a significant breaking change in body-parser and a potentially breaking behavioral change in express.

body-parser: 1.9.0 → 1.20.4 (High Risk)

This is a major upgrade that requires code modifications. The generic bodyParser() middleware, which was common in version 1.9.0, has been removed in favor of individual, type-specific middleware.

Action Required:

• Replace app.use(bodyParser()) with specific parsers for the content types your application handles.

Example Migration:

// Before:  
const bodyParser = require('body-parser');  
app.use(bodyParser());  
  
// After:  
const bodyParser = require('body-parser');  
app.use(bodyParser.json());  
app.use(bodyParser.urlencoded({ extended: true }));  

express: 4.12.4 → 4.22.0 (Medium Risk)

While this upgrade is within the same major version, it introduces a behavioral change that could impact applications processing complex form data.

• URL-Encoded Parser Change: Starting with version 4.20.0, the default depth for parsing nested objects in URL-encoded data has been changed from Infinity to 32. Applications that rely on parsing deeply nested objects may encounter issues.
• Node.js Support: Newer versions of Express 4.x have officially added support for more recent Node.js versions (10, 12, 14) and may have dropped support for older, end-of-life Node versions.

Recommendation:

• For body-parser, you must update your code to use the new type-specific middleware (.json(), .urlencoded(), etc.) as shown above.
• For express, verify if your application processes deeply nested URL-encoded data. If so, you may need to explicitly configure the depth option in the urlencoded middleware.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[cdobru]

⛔ Snyk checks have failed. 13 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (13)
⛔	Open Source Security	0	5	8	0	13 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[cdobru]

⛔ Snyk checks have failed. 13 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (13)
⛔	Open Source Security	0	5	8	0	13 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.