body-parser
Advanced tools
body-parser - npm Package Compare versions
Comparing version 1.19.2 to 1.20.0
@@ -0,1 +1,19 @@ | ||
| 1.20.0 / 2022-04-02 | ||
| =================== | ||
| * Fix error message for json parse whitespace in `strict` | ||
| * Fix internal error when inflated body exceeds limit | ||
| * Prevent loss of async hooks context | ||
| * Prevent hanging when request already read | ||
| * deps: depd@2.0.0 | ||
| - Replace internal `eval` usage with `Function` constructor | ||
| - Use instance methods on `process` to check for listeners | ||
| * deps: http-errors@2.0.0 | ||
| - deps: depd@2.0.0 | ||
| - deps: statuses@2.0.1 | ||
| * deps: on-finished@2.4.1 | ||
| * deps: qs@6.10.3 | ||
| * deps: raw-body@2.5.1 | ||
| - deps: http-errors@2.0.0 | ||
| 1.19.2 / 2022-02-15 | ||
@@ -2,0 +20,0 @@ =================== |
@@ -15,5 +15,7 @@ /*! | ||
| var createError = require('http-errors') | ||
| var destroy = require('destroy') | ||
| var getBody = require('raw-body') | ||
| var iconv = require('iconv-lite') | ||
| var onFinished = require('on-finished') | ||
| var unpipe = require('unpipe') | ||
| var zlib = require('zlib') | ||
@@ -93,5 +95,10 @@ | ||
| // unpipe from stream and destroy | ||
| if (stream !== req) { | ||
| unpipe(req) | ||
| destroy(stream, true) | ||
| } | ||
| // read off entire request | ||
| stream.resume() | ||
| onFinished(req, function onfinished () { | ||
| dump(req, function onfinished () { | ||
| next(createError(400, _error)) | ||
@@ -184,1 +191,18 @@ }) | ||
| } | ||
| /** | ||
| * Dump the contents of a request. | ||
| * | ||
| * @param {object} req | ||
| * @param {function} callback | ||
| * @api private | ||
| */ | ||
| function dump (req, callback) { | ||
| if (onFinished.isFinished(req)) { | ||
| callback(null) | ||
| } else { | ||
| onFinished(req, callback) | ||
| req.resume() | ||
| } | ||
| } |
@@ -40,3 +40,3 @@ /*! | ||
| var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*(.)/ // eslint-disable-line no-control-regex | ||
| var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex | ||
@@ -126,3 +126,3 @@ /** | ||
| var charset = getCharset(req) || 'utf-8' | ||
| if (charset.substr(0, 4) !== 'utf-') { | ||
| if (charset.slice(0, 4) !== 'utf-') { | ||
| debug('invalid charset') | ||
@@ -157,3 +157,5 @@ next(createError(415, 'unsupported charset "' + charset.toUpperCase() + '"', { | ||
| var index = str.indexOf(char) | ||
| var partial = str.substring(0, index) + '#' | ||
| var partial = index !== -1 | ||
| ? str.substring(0, index) + '#' | ||
| : '' | ||
@@ -179,3 +181,7 @@ try { | ||
| function firstchar (str) { | ||
| return FIRST_CHAR_REGEXP.exec(str)[1] | ||
| var match = FIRST_CHAR_REGEXP.exec(str) | ||
| return match | ||
| ? match[1] | ||
| : undefined | ||
| } | ||
@@ -182,0 +188,0 @@ |
| { | ||
| "name": "body-parser", | ||
| "description": "Node.js body parsing middleware", | ||
| "version": "1.19.2", | ||
| "version": "1.20.0", | ||
| "contributors": [ | ||
@@ -15,9 +15,11 @@ "Douglas Christopher Wilson <doug@somethingdoug.com>", | ||
| "debug": "2.6.9", | ||
| "depd": "~1.1.2", | ||
| "http-errors": "1.8.1", | ||
| "depd": "2.0.0", | ||
| "destroy": "1.2.0", | ||
| "http-errors": "2.0.0", | ||
| "iconv-lite": "0.4.24", | ||
| "on-finished": "~2.3.0", | ||
| "qs": "6.9.7", | ||
| "raw-body": "2.4.3", | ||
| "type-is": "~1.6.18" | ||
| "on-finished": "2.4.1", | ||
| "qs": "6.10.3", | ||
| "raw-body": "2.5.1", | ||
| "type-is": "~1.6.18", | ||
| "unpipe": "1.0.0" | ||
| }, | ||
@@ -33,3 +35,3 @@ "devDependencies": { | ||
| "methods": "1.1.2", | ||
| "mocha": "9.2.0", | ||
| "mocha": "9.2.2", | ||
| "nyc": "15.1.0", | ||
@@ -43,6 +45,8 @@ "safe-buffer": "5.2.1", | ||
| "HISTORY.md", | ||
| "SECURITY.md", | ||
| "index.js" | ||
| ], | ||
| "engines": { | ||
| "node": ">= 0.8" | ||
| "node": ">= 0.8", | ||
| "npm": "1.2.8000 || >= 1.4.16" | ||
| }, | ||
@@ -49,0 +53,0 @@ "scripts": { |
@@ -345,2 +345,10 @@ # body-parser | ||
| ### stream is not readable | ||
| This error will occur when the request is no longer readable when this middleware | ||
| attempts to read it. This typically means something other than a middleware from | ||
| this module read the reqest body already and the middleware was also configured to | ||
| read the same request. The `status` property is set to `500` and the `type` | ||
| property is set to `'stream.not.readable'`. | ||
| ### too many parameters | ||
@@ -457,2 +465,2 @@ | ||
| [github-actions-ci-image]: https://img.shields.io/github/workflow/status/expressjs/body-parser/ci/master?label=ci | ||
| [github-actions-ci-url]: https://github.com/expressjs/body-parser?query=workflow%3Aci | ||
| [github-actions-ci-url]: https://github.com/expressjs/body-parser/actions/workflows/ci.yml |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.86%
60183
- Number of package files
- increased by10%
11
- Lines of code
- increased by2.91%
918
- Number of lines in readme file
- increased by1.75%
465
Worsened metrics
- Dependency count
- increased by20%
12
Dependency changes
+ Addeddestroy@1.2.0
+ Addedunpipe@1.0.0
+ Addedcall-bind@1.0.7(transitive)
+ Addeddefine-data-property@1.1.4(transitive)
+ Addeddepd@2.0.0(transitive)
+ Addeddestroy@1.2.0(transitive)
+ Addedes-define-property@1.0.0(transitive)
+ Addedes-errors@1.3.0(transitive)
+ Addedfunction-bind@1.1.2(transitive)
+ Addedget-intrinsic@1.2.4(transitive)
+ Addedgopd@1.0.1(transitive)
+ Addedhas-property-descriptors@1.0.2(transitive)
+ Addedhas-proto@1.0.3(transitive)
+ Addedhas-symbols@1.0.3(transitive)
+ Addedhasown@2.0.2(transitive)
+ Addedhttp-errors@2.0.0(transitive)
+ Addedobject-inspect@1.13.2(transitive)
+ Addedon-finished@2.4.1(transitive)
+ Addedqs@6.10.3(transitive)
+ Addedraw-body@2.5.1(transitive)
+ Addedset-function-length@1.2.2(transitive)
+ Addedside-channel@1.0.6(transitive)
+ Addedstatuses@2.0.1(transitive)
- Removeddepd@1.1.2(transitive)
- Removedhttp-errors@1.8.1(transitive)
- Removedon-finished@2.3.0(transitive)
- Removedqs@6.9.7(transitive)
- Removedraw-body@2.4.3(transitive)
- Removedstatuses@1.5.0(transitive)
Updateddepd@2.0.0
Updatedhttp-errors@2.0.0
Updatedon-finished@2.4.1
Updatedqs@6.10.3
Updatedraw-body@2.5.1