From abbdfc445f30e2f09c8c8ccc1f131c1345dfb6c0 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 16 Nov 2021 00:29:54 -0500 Subject: [PATCH 01/98] build: fix run names in Github Actions --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b307b27a..b06d22dc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,6 +27,9 @@ jobs: - Node.js 12.x - Node.js 13.x - Node.js 14.x + - Node.js 15.x + - Node.js 16.x + - Node.js 17.x include: - name: Node.js 0.8 From 7f84d4f8aa9cbc3944e8150abc10e0c31809d66d Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 17 Nov 2021 16:41:23 -0500 Subject: [PATCH 02/98] deps: raw-body@2.4.2 --- HISTORY.md | 5 +++-- package.json | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index b014200d..be0c9aaf 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -4,8 +4,9 @@ unreleased * deps: http-errors@1.7.3 - deps: inherits@2.0.4 * deps: qs@6.9.6 - * deps: raw-body@2.4.1 - - deps: http-errors@1.7.3 + * deps: raw-body@2.4.2 + - deps: bytes@3.1.1 + - deps: http-errors@1.8.1 * deps: safe-buffer@5.2.1 * deps: type-is@~1.6.18 diff --git a/package.json b/package.json index 1235d486..112eb24f 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "iconv-lite": "0.4.24", "on-finished": "~2.3.0", "qs": "6.9.6", - "raw-body": "2.4.1", + "raw-body": "2.4.2", "type-is": "~1.6.18" }, "devDependencies": { From aae94b253db1fae42366474d905511a59c6e227d Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 17 Nov 2021 16:43:12 -0500 Subject: [PATCH 03/98] deps: http-errors@1.8.1 --- HISTORY.md | 4 +++- package.json | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index be0c9aaf..53fccb84 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,8 +1,10 @@ unreleased ========== - * deps: http-errors@1.7.3 + * deps: http-errors@1.8.1 - deps: inherits@2.0.4 + - deps: toidentifier@1.0.1 + - deps: setprototypeof@1.2.0 * deps: qs@6.9.6 * deps: raw-body@2.4.2 - deps: bytes@3.1.1 diff --git a/package.json b/package.json index 112eb24f..8d5461e7 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "content-type": "~1.0.4", "debug": "2.6.9", "depd": "~1.1.2", - "http-errors": "1.7.3", + "http-errors": "1.8.1", "iconv-lite": "0.4.24", "on-finished": "~2.3.0", "qs": "6.9.6", From 8389b51d55416de91448d3847138d436d6720114 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 17 Nov 2021 16:43:35 -0500 Subject: [PATCH 04/98] deps: bytes@3.1.1 --- HISTORY.md | 1 + package.json | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 53fccb84..607de628 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,7 @@ unreleased ========== + * deps: bytes@3.1.1 * deps: http-errors@1.8.1 - deps: inherits@2.0.4 - deps: toidentifier@1.0.1 diff --git a/package.json b/package.json index 8d5461e7..b6265c72 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "license": "MIT", "repository": "expressjs/body-parser", "dependencies": { - "bytes": "3.1.0", + "bytes": "3.1.1", "content-type": "~1.0.4", "debug": "2.6.9", "depd": "~1.1.2", From 313ed6d3f5b791e9d8a92c4c91ca779155f37796 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 17 Nov 2021 16:45:02 -0500 Subject: [PATCH 05/98] build: eslint-plugin-promise@5.1.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b6265c72..999f2cf8 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "eslint-plugin-import": "2.25.2", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", - "eslint-plugin-promise": "4.3.1", + "eslint-plugin-promise": "5.1.1", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", "mocha": "9.1.3", From c6d43bdbd4bfcd508217f6f78f946ccbced89efa Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 17 Nov 2021 16:45:22 -0500 Subject: [PATCH 06/98] build: eslint-plugin-import@2.25.3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 999f2cf8..79e1b909 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "devDependencies": { "eslint": "7.32.0", "eslint-config-standard": "14.1.1", - "eslint-plugin-import": "2.25.2", + "eslint-plugin-import": "2.25.3", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "5.1.1", From c5e63cbf4144b4c01445239de4aba669807ef73c Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 9 Dec 2021 23:01:00 -0500 Subject: [PATCH 07/98] build: Node.js@17.2 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b06d22dc..b1805126 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,7 @@ jobs: node-version: "16.13" - name: Node.js 17.x - node-version: "17.1" + node-version: "17.2" steps: - uses: actions/checkout@v2 From fb172d4539274889293ddf13acaed78a113239a5 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 9 Dec 2021 23:03:00 -0500 Subject: [PATCH 08/98] build: eslint-plugin-promise@5.2.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 79e1b909..7ccfe651 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "eslint-plugin-import": "2.25.3", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", - "eslint-plugin-promise": "5.1.1", + "eslint-plugin-promise": "5.2.0", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", "mocha": "9.1.3", From d0a214b3beded8a9cd2dcb51d355f92c9ead81d4 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 10 Dec 2021 14:48:11 -0500 Subject: [PATCH 09/98] 1.19.1 --- HISTORY.md | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 607de628..34e0d4c0 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,5 +1,5 @@ -unreleased -========== +1.19.1 / 2021-12-10 +=================== * deps: bytes@3.1.1 * deps: http-errors@1.8.1 diff --git a/package.json b/package.json index 7ccfe651..374138e8 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "body-parser", "description": "Node.js body parsing middleware", - "version": "1.19.0", + "version": "1.19.1", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)" From 9eb206b62dd97efa7338114e2597268bbed42190 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 16 Sep 2014 00:27:08 -0700 Subject: [PATCH 10/98] Default urlencoded extended option to false --- HISTORY.md | 5 +++++ README.md | 8 +++----- lib/types/urlencoded.js | 8 +------- test/urlencoded.js | 4 ++-- 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 34e0d4c0..81928891 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,8 @@ +2.x +=== + + * `urlencoded` parser now defaults `extended` to `false` + 1.19.1 / 2021-12-10 =================== diff --git a/README.md b/README.md index 7d7fa882..6da044a0 100644 --- a/README.md +++ b/README.md @@ -237,9 +237,7 @@ encoded into the URL-encoded format, allowing for a JSON-like experience with URL-encoded. For more information, please [see the qs library](https://www.npmjs.org/package/qs#readme). -Defaults to `true`, but using the default has been deprecated. Please -research into the difference between `qs` and `querystring` and choose the -appropriate setting. +Defaults to `false`. ##### inflate @@ -380,7 +378,7 @@ var bodyParser = require('body-parser') var app = express() // parse application/x-www-form-urlencoded -app.use(bodyParser.urlencoded({ extended: false })) +app.use(bodyParser.urlencoded()) // parse application/json app.use(bodyParser.json()) @@ -408,7 +406,7 @@ var app = express() var jsonParser = bodyParser.json() // create application/x-www-form-urlencoded parser -var urlencodedParser = bodyParser.urlencoded({ extended: false }) +var urlencodedParser = bodyParser.urlencoded() // POST /login gets urlencoded bodies app.post('/login', urlencodedParser, function (req, res) { diff --git a/lib/types/urlencoded.js b/lib/types/urlencoded.js index b2ca8f16..c08e22cb 100644 --- a/lib/types/urlencoded.js +++ b/lib/types/urlencoded.js @@ -16,7 +16,6 @@ var bytes = require('bytes') var contentType = require('content-type') var createError = require('http-errors') var debug = require('debug')('body-parser:urlencoded') -var deprecate = require('depd')('body-parser') var read = require('../read') var typeis = require('type-is') @@ -43,12 +42,7 @@ var parsers = Object.create(null) function urlencoded (options) { var opts = options || {} - // notice because option default will flip in next major - if (opts.extended === undefined) { - deprecate('undefined extended: provide extended option') - } - - var extended = opts.extended !== false + var extended = Boolean(opts.extended) var inflate = opts.inflate !== false var limit = typeof opts.limit !== 'number' ? bytes.parse(opts.limit || '100kb') diff --git a/test/urlencoded.js b/test/urlencoded.js index e867c0f4..53fed84a 100644 --- a/test/urlencoded.js +++ b/test/urlencoded.js @@ -67,12 +67,12 @@ describe('bodyParser.urlencoded()', function () { .expect(200, '{"user":"tobi"}', done) }) - it('should parse extended syntax', function (done) { + it('should not parse extended syntax', function (done) { request(this.server) .post('/') .set('Content-Type', 'application/x-www-form-urlencoded') .send('user[name][first]=Tobi') - .expect(200, '{"user":{"name":{"first":"Tobi"}}}', done) + .expect(200, '{"user[name][first]":"Tobi"}', done) }) describe('with extended option', function () { From 08d95a426fdbb30950ace39d1a60b85abfc100d5 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 16 Sep 2014 00:34:46 -0700 Subject: [PATCH 11/98] Use on-finished to determine when body read --- HISTORY.md | 1 + lib/read.js | 3 --- lib/types/json.js | 3 ++- lib/types/raw.js | 3 ++- lib/types/text.js | 3 ++- lib/types/urlencoded.js | 3 ++- 6 files changed, 9 insertions(+), 7 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 81928891..a198c33f 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -2,6 +2,7 @@ === * `urlencoded` parser now defaults `extended` to `false` + * Use `on-finished` to determine when body read 1.19.1 / 2021-12-10 =================== diff --git a/lib/read.js b/lib/read.js index c1026095..e4599e02 100644 --- a/lib/read.js +++ b/lib/read.js @@ -40,9 +40,6 @@ function read (req, res, next, parse, debug, options) { var opts = options var stream - // flag as parsed - req._body = true - // read options var encoding = opts.encoding !== null ? opts.encoding diff --git a/lib/types/json.js b/lib/types/json.js index 2971dc14..3436a511 100644 --- a/lib/types/json.js +++ b/lib/types/json.js @@ -16,6 +16,7 @@ var bytes = require('bytes') var contentType = require('content-type') var createError = require('http-errors') var debug = require('debug')('body-parser:json') +var isFinished = require('on-finished').isFinished var read = require('../read') var typeis = require('type-is') @@ -96,7 +97,7 @@ function json (options) { } return function jsonParser (req, res, next) { - if (req._body) { + if (isFinished(req)) { debug('body already parsed') next() return diff --git a/lib/types/raw.js b/lib/types/raw.js index f5d1b674..62063e89 100644 --- a/lib/types/raw.js +++ b/lib/types/raw.js @@ -12,6 +12,7 @@ var bytes = require('bytes') var debug = require('debug')('body-parser:raw') +var isFinished = require('on-finished').isFinished var read = require('../read') var typeis = require('type-is') @@ -53,7 +54,7 @@ function raw (options) { } return function rawParser (req, res, next) { - if (req._body) { + if (isFinished(req)) { debug('body already parsed') next() return diff --git a/lib/types/text.js b/lib/types/text.js index 083a0090..fc478f7e 100644 --- a/lib/types/text.js +++ b/lib/types/text.js @@ -13,6 +13,7 @@ var bytes = require('bytes') var contentType = require('content-type') var debug = require('debug')('body-parser:text') +var isFinished = require('on-finished').isFinished var read = require('../read') var typeis = require('type-is') @@ -55,7 +56,7 @@ function text (options) { } return function textParser (req, res, next) { - if (req._body) { + if (isFinished(req)) { debug('body already parsed') next() return diff --git a/lib/types/urlencoded.js b/lib/types/urlencoded.js index c08e22cb..468757ad 100644 --- a/lib/types/urlencoded.js +++ b/lib/types/urlencoded.js @@ -16,6 +16,7 @@ var bytes = require('bytes') var contentType = require('content-type') var createError = require('http-errors') var debug = require('debug')('body-parser:urlencoded') +var isFinished = require('on-finished').isFinished var read = require('../read') var typeis = require('type-is') @@ -71,7 +72,7 @@ function urlencoded (options) { } return function urlencodedParser (req, res, next) { - if (req._body) { + if (isFinished(req)) { debug('body already parsed') next() return From 6cbc279dc875ba1801e9ee5849f3f64e5b42f6e1 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 15 Sep 2014 18:00:43 -0700 Subject: [PATCH 12/98] Remove req.body initialization to {} --- HISTORY.md | 2 ++ README.md | 4 +++- lib/types/json.js | 4 +++- lib/types/raw.js | 4 +++- lib/types/text.js | 4 +++- lib/types/urlencoded.js | 4 +++- test/body-parser.js | 6 +++--- test/json.js | 8 ++++---- test/raw.js | 6 +++--- test/text.js | 6 +++--- test/urlencoded.js | 6 +++--- 11 files changed, 33 insertions(+), 21 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index a198c33f..35f5009a 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,8 @@ 2.x === + * `req.body` is no longer always initialized to `{}` + - it is left `undefined` unless a body is parsed * `urlencoded` parser now defaults `extended` to `false` * Use `on-finished` to determine when body read diff --git a/README.md b/README.md index 6da044a0..6838eef1 100644 --- a/README.md +++ b/README.md @@ -386,7 +386,7 @@ app.use(bodyParser.json()) app.use(function (req, res) { res.setHeader('Content-Type', 'text/plain') res.write('you posted:\n') - res.end(JSON.stringify(req.body, null, 2)) + res.end(String(JSON.stringify(req.body, null, 2))) }) ``` @@ -410,11 +410,13 @@ var urlencodedParser = bodyParser.urlencoded() // POST /login gets urlencoded bodies app.post('/login', urlencodedParser, function (req, res) { + if (!req.body || !req.body.username) res.sendStatus(400) res.send('welcome, ' + req.body.username) }) // POST /api/users gets JSON bodies app.post('/api/users', jsonParser, function (req, res) { + if (!req.body) res.sendStatus(400) // create user in req.body }) ``` diff --git a/lib/types/json.js b/lib/types/json.js index 3436a511..72663efa 100644 --- a/lib/types/json.js +++ b/lib/types/json.js @@ -103,7 +103,9 @@ function json (options) { return } - req.body = req.body || {} + if (!('body' in req)) { + req.body = undefined + } // skip requests without bodies if (!typeis.hasBody(req)) { diff --git a/lib/types/raw.js b/lib/types/raw.js index 62063e89..bfe274cf 100644 --- a/lib/types/raw.js +++ b/lib/types/raw.js @@ -60,7 +60,9 @@ function raw (options) { return } - req.body = req.body || {} + if (!('body' in req)) { + req.body = undefined + } // skip requests without bodies if (!typeis.hasBody(req)) { diff --git a/lib/types/text.js b/lib/types/text.js index fc478f7e..b153931b 100644 --- a/lib/types/text.js +++ b/lib/types/text.js @@ -62,7 +62,9 @@ function text (options) { return } - req.body = req.body || {} + if (!('body' in req)) { + req.body = undefined + } // skip requests without bodies if (!typeis.hasBody(req)) { diff --git a/lib/types/urlencoded.js b/lib/types/urlencoded.js index 468757ad..f4ba2cd0 100644 --- a/lib/types/urlencoded.js +++ b/lib/types/urlencoded.js @@ -78,7 +78,9 @@ function urlencoded (options) { return } - req.body = req.body || {} + if (!('body' in req)) { + req.body = undefined + } // skip requests without bodies if (!typeis.hasBody(req)) { diff --git a/test/body-parser.js b/test/body-parser.js index e32cf94d..8b3fdd83 100644 --- a/test/body-parser.js +++ b/test/body-parser.js @@ -10,10 +10,10 @@ describe('bodyParser()', function () { this.server = createServer() }) - it('should default to {}', function (done) { + it('should default req.body to undefined', function (done) { request(this.server) .post('/') - .expect(200, '{}', done) + .expect(200, 'undefined', done) }) it('should parse JSON', function (done) { @@ -149,7 +149,7 @@ function createServer (opts) { return http.createServer(function (req, res) { _bodyParser(req, res, function (err) { res.statusCode = err ? (err.status || 500) : 200 - res.end(err ? err.message : JSON.stringify(req.body)) + res.end(err ? err.message : (JSON.stringify(req.body) || typeof req.body)) }) }) } diff --git a/test/json.js b/test/json.js index ae745712..13046a82 100644 --- a/test/json.js +++ b/test/json.js @@ -36,7 +36,7 @@ describe('bodyParser.json()', function () { .get('/') .set('Content-Type', 'application/json') .unset('Transfer-Encoding') - .expect(200, '{}', done) + .expect(200, 'undefined', done) }) it('should 400 when invalid content-length', function (done) { @@ -306,7 +306,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send('{"user":"tobi"}') - .expect(200, '{}', done) + .expect(200, 'undefined', done) }) }) @@ -338,7 +338,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/x-json') .send('{"user":"tobi"}') - .expect(200, '{}', done) + .expect(200, 'undefined', done) }) }) @@ -653,7 +653,7 @@ function createServer (opts) { res.end(err[req.headers['x-error-property'] || 'message']) } else { res.statusCode = 200 - res.end(JSON.stringify(req.body)) + res.end(JSON.stringify(req.body) || typeof req.body) } }) }) diff --git a/test/raw.js b/test/raw.js index 36dc1ef6..31bb51b7 100644 --- a/test/raw.js +++ b/test/raw.js @@ -168,7 +168,7 @@ describe('bodyParser.raw()', function () { var test = request(this.server).post('/') test.set('Content-Type', 'application/octet-stream') test.write(Buffer.from('000102', 'hex')) - test.expect(200, '{}', done) + test.expect(200, 'undefined', done) }) }) @@ -197,7 +197,7 @@ describe('bodyParser.raw()', function () { var test = request(this.server).post('/') test.set('Content-Type', 'application/x-foo') test.write(Buffer.from('000102', 'hex')) - test.expect(200, '{}', done) + test.expect(200, 'undefined', done) }) }) @@ -375,7 +375,7 @@ function createServer (opts) { return } - res.end(JSON.stringify(req.body)) + res.end(JSON.stringify(req.body) || typeof req.body) }) }) } diff --git a/test/text.js b/test/text.js index 01781d7f..bc359cad 100644 --- a/test/text.js +++ b/test/text.js @@ -189,7 +189,7 @@ describe('bodyParser.text()', function () { .post('/') .set('Content-Type', 'text/plain') .send('user is tobi') - .expect(200, '{}', done) + .expect(200, 'undefined', done) }) }) @@ -219,7 +219,7 @@ describe('bodyParser.text()', function () { .post('/') .set('Content-Type', 'text/xml') .send('tobi') - .expect(200, '{}', done) + .expect(200, 'undefined', done) }) }) @@ -433,7 +433,7 @@ function createServer (opts) { return http.createServer(function (req, res) { _bodyParser(req, res, function (err) { res.statusCode = err ? (err.status || 500) : 200 - res.end(err ? err.message : JSON.stringify(req.body)) + res.end(err ? err.message : (JSON.stringify(req.body) || typeof req.body)) }) }) } diff --git a/test/urlencoded.js b/test/urlencoded.js index 53fed84a..69ad7a1f 100644 --- a/test/urlencoded.js +++ b/test/urlencoded.js @@ -435,7 +435,7 @@ describe('bodyParser.urlencoded()', function () { .post('/') .set('Content-Type', 'application/x-www-form-urlencoded') .send('user=tobi') - .expect(200, '{}', done) + .expect(200, 'undefined', done) }) }) @@ -467,7 +467,7 @@ describe('bodyParser.urlencoded()', function () { .post('/') .set('Content-Type', 'application/x-foo') .send('user=tobi') - .expect(200, '{}', done) + .expect(200, 'undefined', done) }) }) @@ -728,7 +728,7 @@ function createServer (opts) { res.end(err[req.headers['x-error-property'] || 'message']) } else { res.statusCode = 200 - res.end(JSON.stringify(req.body)) + res.end(JSON.stringify(req.body) || typeof req.body) } }) }) From f26cd9d124f0c68f3027dba159d12beba4379eec Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 17 Dec 2021 22:40:45 -0500 Subject: [PATCH 13/98] Drop support for Node.js 0.8 --- .github/workflows/ci.yml | 16 ---------------- package.json | 2 +- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b1805126..fafcbb07 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,6 @@ jobs: strategy: matrix: name: - - Node.js 0.8 - Node.js 0.10 - Node.js 0.12 - io.js 1.x @@ -32,11 +31,6 @@ jobs: - Node.js 17.x include: - - name: Node.js 0.8 - node-version: "0.8" - npm-i: mocha@2.5.3 supertest@1.1.0 - npm-rm: nyc - - name: Node.js 0.10 node-version: "0.10" npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 @@ -114,21 +108,11 @@ jobs: shell: bash -eo pipefail -l {0} run: | nvm install --default ${{ matrix.node-version }} - if [[ "${{ matrix.node-version }}" == 0.* && "$(cut -d. -f2 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then - nvm install --alias=npm 0.10 - nvm use ${{ matrix.node-version }} - sed -i '1s;^.*$;'"$(printf '#!%q' "$(nvm which npm)")"';' "$(readlink -f "$(which npm)")" - npm config set strict-ssl false - fi dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH" - name: Configure npm run: npm config set shrinkwrap false - - name: Remove npm module(s) ${{ matrix.npm-rm }} - run: npm rm --silent --save-dev ${{ matrix.npm-rm }} - if: matrix.npm-rm != '' - - name: Install npm module(s) ${{ matrix.npm-i }} run: npm install --save-dev ${{ matrix.npm-i }} if: matrix.npm-i != '' diff --git a/package.json b/package.json index 374138e8..39067b09 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "index.js" ], "engines": { - "node": ">= 0.8" + "node": ">= 0.10" }, "scripts": { "lint": "eslint .", From fbd9664f3d6f41f02a05177215b1b2263ffd94d2 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 17 Dec 2021 22:49:12 -0500 Subject: [PATCH 14/98] 2.0.0-beta.1 --- HISTORY.md | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 35f5009a..6c091b1b 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,5 +1,5 @@ -2.x -=== +2.0.0-beta.1 / 2021-12-17 +========================= * `req.body` is no longer always initialized to `{}` - it is left `undefined` unless a body is parsed diff --git a/package.json b/package.json index 39067b09..ed8fb3db 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "body-parser", "description": "Node.js body parsing middleware", - "version": "1.19.1", + "version": "2.0.0-beta.1", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)" From 3c4dcb8cd3cb4b1ed05acb53c548e9e50f1b8c8c Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 2 Jan 2022 20:01:04 -0500 Subject: [PATCH 15/98] build: Node.js@17.3 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b1805126..74bd420c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,7 @@ jobs: node-version: "16.13" - name: Node.js 17.x - node-version: "17.2" + node-version: "17.3" steps: - uses: actions/checkout@v2 From c81a8e208d80bbca4b0afb55805890a7ec50a72e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 11 Jan 2022 20:40:52 -0500 Subject: [PATCH 16/98] build: eslint-plugin-import@2.25.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 374138e8..afe4fb96 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "devDependencies": { "eslint": "7.32.0", "eslint-config-standard": "14.1.1", - "eslint-plugin-import": "2.25.3", + "eslint-plugin-import": "2.25.4", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "5.2.0", From c631b588b717e1cdae4fb2dce57fc04e8cf7d55b Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 11 Jan 2022 20:46:00 -0500 Subject: [PATCH 17/98] build: supertest@6.2.1 --- .github/workflows/ci.yml | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74bd420c..7f2d6e97 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -67,11 +67,11 @@ jobs: - name: Node.js 6.x node-version: "6.17" - npm-i: mocha@6.2.2 nyc@14.1.1 + npm-i: mocha@6.2.2 nyc@14.1.1 supertest@6.1.6 - name: Node.js 7.x node-version: "7.10" - npm-i: mocha@6.2.2 nyc@14.1.1 + npm-i: mocha@6.2.2 nyc@14.1.1 supertest@6.1.6 - name: Node.js 8.x node-version: "8.17" diff --git a/package.json b/package.json index afe4fb96..09df7c3b 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "mocha": "9.1.3", "nyc": "15.1.0", "safe-buffer": "5.2.1", - "supertest": "6.1.6" + "supertest": "6.2.1" }, "files": [ "lib/", From b35675841fbe3994bb5c5c32c1544807132666d1 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 11 Jan 2022 21:05:24 -0500 Subject: [PATCH 18/98] deps: qs@6.9.7 --- HISTORY.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 34e0d4c0..d3403128 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,9 @@ +unreleased +========== + + * deps: qs@6.9.7 + * Fix handling of `__proto__` keys + 1.19.1 / 2021-12-10 =================== diff --git a/package.json b/package.json index 09df7c3b..e9003cfa 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "http-errors": "1.8.1", "iconv-lite": "0.4.24", "on-finished": "~2.3.0", - "qs": "6.9.6", + "qs": "6.9.7", "raw-body": "2.4.2", "type-is": "~1.6.18" }, From 82c8a7cc8b9b8faa579e3bfec0171e3594b2787e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 11 Jan 2022 22:50:54 -0500 Subject: [PATCH 19/98] tests: add limit + inflate tests --- test/json.js | 9 +++++++++ test/raw.js | 9 +++++++++ test/text.js | 9 +++++++++ test/urlencoded.js | 9 +++++++++ 4 files changed, 36 insertions(+) diff --git a/test/json.js b/test/json.js index ae745712..10f25d44 100644 --- a/test/json.js +++ b/test/json.js @@ -142,6 +142,15 @@ describe('bodyParser.json()', function () { test.expect(413, done) }) + it('should 413 when inflated body over limit', function (done) { + var server = createServer({ limit: '1kb' }) + var test = request(server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/json') + test.write(Buffer.from('1f8b080000000000000aab562a2e2952b252d21b05a360148c58a0540b0066f7ce1e0a040000', 'hex')) + test.expect(413, done) + }) + it('should accept number of bytes', function (done) { var buf = Buffer.alloc(1024, '.') request(createServer({ limit: 1024 })) diff --git a/test/raw.js b/test/raw.js index 36dc1ef6..bb53242b 100644 --- a/test/raw.js +++ b/test/raw.js @@ -87,6 +87,15 @@ describe('bodyParser.raw()', function () { test.expect(413, done) }) + it('should 413 when inflated body over limit', function (done) { + var server = createServer({ limit: '1kb' }) + var test = request(server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/octet-stream') + test.write(Buffer.from('1f8b080000000000000ad3d31b05a360148c64000087e5a14704040000', 'hex')) + test.expect(413, done) + }) + it('should accept number of bytes', function (done) { var buf = Buffer.alloc(1028, '.') var server = createServer({ limit: 1024 }) diff --git a/test/text.js b/test/text.js index 01781d7f..e3031998 100644 --- a/test/text.js +++ b/test/text.js @@ -105,6 +105,15 @@ describe('bodyParser.text()', function () { test.expect(413, done) }) + it('should 413 when inflated body over limit', function (done) { + var server = createServer({ limit: '1kb' }) + var test = request(server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'text/plain') + test.write(Buffer.from('1f8b080000000000000ad3d31b05a360148c64000087e5a14704040000', 'hex')) + test.expect(413, done) + }) + it('should accept number of bytes', function (done) { var buf = Buffer.alloc(1028, '.') request(createServer({ limit: 1024 })) diff --git a/test/urlencoded.js b/test/urlencoded.js index e867c0f4..b1dbfa99 100644 --- a/test/urlencoded.js +++ b/test/urlencoded.js @@ -251,6 +251,15 @@ describe('bodyParser.urlencoded()', function () { test.expect(413, done) }) + it('should 413 when inflated body over limit', function (done) { + var server = createServer({ limit: '1kb' }) + var test = request(server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/x-www-form-urlencoded') + test.write(Buffer.from('1f8b080000000000000a2b2e29b2d51b05a360148c580000a0351f9204040000', 'hex')) + test.expect(413, done) + }) + it('should accept number of bytes', function (done) { var buf = Buffer.alloc(1024, '.') request(createServer({ limit: 1024 })) From d5acb61cf9e95e2f46ca28a3a3bd8118908d730a Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 17 Jan 2022 18:05:37 -0500 Subject: [PATCH 20/98] build: mocha@9.1.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e9003cfa..304e1f82 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "eslint-plugin-promise": "5.2.0", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", - "mocha": "9.1.3", + "mocha": "9.1.4", "nyc": "15.1.0", "safe-buffer": "5.2.1", "supertest": "6.2.1" From 3b00678ee8546ff51fd478b9f32ce2c48a409b7a Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 28 Jan 2022 00:07:46 -0500 Subject: [PATCH 21/98] deps: bytes@3.1.2 --- HISTORY.md | 1 + package.json | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index d3403128..381022d5 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,7 @@ unreleased ========== + * deps: bytes@3.1.2 * deps: qs@6.9.7 * Fix handling of `__proto__` keys diff --git a/package.json b/package.json index 304e1f82..9db653ad 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ "license": "MIT", "repository": "expressjs/body-parser", "dependencies": { - "bytes": "3.1.1", + "bytes": "3.1.2", "content-type": "~1.0.4", "debug": "2.6.9", "depd": "~1.1.2", From 548a06faaffafab72c349adc671a2334b016b9a9 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 28 Jan 2022 00:09:26 -0500 Subject: [PATCH 22/98] build: supertest@6.2.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9db653ad..483e2a6c 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "mocha": "9.1.4", "nyc": "15.1.0", "safe-buffer": "5.2.1", - "supertest": "6.2.1" + "supertest": "6.2.2" }, "files": [ "lib/", From 70560b1d30ed4e1d4f3309a97534259571dffeee Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 28 Jan 2022 00:09:58 -0500 Subject: [PATCH 23/98] build: mocha@9.2.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 483e2a6c..fe1497b7 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "eslint-plugin-promise": "5.2.0", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", - "mocha": "9.1.4", + "mocha": "9.2.0", "nyc": "15.1.0", "safe-buffer": "5.2.1", "supertest": "6.2.2" From 96b448a15d02ec10c07ca1b8604fa9340d9e81c4 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 28 Jan 2022 00:13:41 -0500 Subject: [PATCH 24/98] build: Node.js@17.4 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7f2d6e97..518e9d8b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,7 @@ jobs: node-version: "16.13" - name: Node.js 17.x - node-version: "17.3" + node-version: "17.4" steps: - uses: actions/checkout@v2 From badd6b260efae2f0dd69f138a0f28d2b8e46f985 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 28 Jan 2022 00:18:42 -0500 Subject: [PATCH 25/98] build: fix code coverage aggregate upload --- .github/workflows/ci.yml | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 518e9d8b..7dcd12ed 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -162,6 +162,7 @@ jobs: run: | if npm -ps ls nyc | grep -q nyc; then npm run test-ci + cp coverage/lcov.info "coverage/${{ matrix.name }}.lcov" else npm test fi @@ -171,19 +172,43 @@ jobs: run: npm run lint - name: Collect code coverage - uses: coverallsapp/github-action@master + if: steps.list_env.outputs.nyc != '' + run: | + if [[ -d ./coverage ]]; then + mv ./coverage "./${{ matrix.name }}" + mkdir ./coverage + mv "./${{ matrix.name }}" "./coverage/${{ matrix.name }}" + fi + + - name: Upload code coverage + uses: actions/upload-artifact@v2 if: steps.list_env.outputs.nyc != '' with: - github-token: ${{ secrets.GITHUB_TOKEN }} - flag-name: run-${{ matrix.test_number }} - parallel: true + name: coverage + path: ./coverage + retention-days: 1 coverage: needs: test runs-on: ubuntu-latest steps: - - name: Uploade code coverage + - uses: actions/checkout@v2 + + - name: Install lcov + shell: bash + run: sudo apt-get -y install lcov + + - name: Collect coverage reports + uses: actions/download-artifact@v2 + with: + name: coverage + path: ./coverage + + - name: Merge coverage reports + shell: bash + run: find ./coverage -name lcov.info -exec printf '-a %q\n' {} \; | xargs lcov -o ./coverage/lcov.info + + - name: Upload coverage report uses: coverallsapp/github-action@master with: - github-token: ${{ secrets.github_token }} - parallel-finished: true + github-token: ${{ secrets.GITHUB_TOKEN }} From b6bfabd557c0235bb5a61286d97c6bd557cc8b08 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 12 Feb 2022 21:43:24 -0500 Subject: [PATCH 26/98] build: Node.js@17.5 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7dcd12ed..8c2d68de 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,7 @@ jobs: node-version: "16.13" - name: Node.js 17.x - node-version: "17.4" + node-version: "17.5" steps: - uses: actions/checkout@v2 From ecedf31c40c614828604f41a769ffbfdd52cb0b5 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 12 Feb 2022 21:45:20 -0500 Subject: [PATCH 27/98] build: Node.js@16.14 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8c2d68de..016f336a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -102,7 +102,7 @@ jobs: node-version: "15.14" - name: Node.js 16.x - node-version: "16.13" + node-version: "16.14" - name: Node.js 17.x node-version: "17.5" From 7a088eb74cbee94c8bf1e44b2f4cfb08ea915952 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 12 Feb 2022 21:49:05 -0500 Subject: [PATCH 28/98] build: Node.js@14.19 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 016f336a..3b6f4a39 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -96,7 +96,7 @@ jobs: node-version: "13.14" - name: Node.js 14.x - node-version: "14.18" + node-version: "14.19" - name: Node.js 15.x node-version: "15.14" From 11248a2919b033d309ac4045b9bbefdb8486b84c Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 14 Feb 2022 22:18:17 -0500 Subject: [PATCH 29/98] deps: raw-body@2.4.3 --- HISTORY.md | 2 ++ package.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 381022d5..6bf852b6 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -4,6 +4,8 @@ unreleased * deps: bytes@3.1.2 * deps: qs@6.9.7 * Fix handling of `__proto__` keys + * deps: raw-body@2.4.3 + - deps: bytes@3.1.2 1.19.1 / 2021-12-10 =================== diff --git a/package.json b/package.json index fe1497b7..44e30ca0 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "iconv-lite": "0.4.24", "on-finished": "~2.3.0", "qs": "6.9.7", - "raw-body": "2.4.2", + "raw-body": "2.4.3", "type-is": "~1.6.18" }, "devDependencies": { From 424dadd312f519bdb320c6ee9463d6672782420c Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 15 Feb 2022 22:42:37 -0500 Subject: [PATCH 30/98] 1.19.2 --- HISTORY.md | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 6bf852b6..622f40c6 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,5 +1,5 @@ -unreleased -========== +1.19.2 / 2022-02-15 +=================== * deps: bytes@3.1.2 * deps: qs@6.9.7 diff --git a/package.json b/package.json index 44e30ca0..b418b45b 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "body-parser", "description": "Node.js body parsing middleware", - "version": "1.19.1", + "version": "1.19.2", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)" From 3f5e93e912dbc97af8edea3c94ae6d810287735a Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 18 Feb 2022 21:44:46 -0500 Subject: [PATCH 31/98] doc: fix req.body empty object note --- README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index 6838eef1..2aa210bd 100644 --- a/README.md +++ b/README.md @@ -55,9 +55,7 @@ var bodyParser = require('body-parser') The `bodyParser` object exposes various factories to create middlewares. All middlewares will populate the `req.body` property with the parsed body when -the `Content-Type` request header matches the `type` option, or an empty -object (`{}`) if there was no body to parse, the `Content-Type` was not matched, -or an error occurred. +the `Content-Type` request header matches the `type` option. The various errors returned by this module are described in the [errors section](#errors). From 6a557fd25a90a42081bee1805db6c958f15f8528 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 21 Feb 2022 16:12:11 -0500 Subject: [PATCH 32/98] tests: assert err.type on most tests --- test/body-parser.js | 6 +-- test/json.js | 92 ++++++++------------------------------------- test/raw.js | 10 ++--- test/text.js | 14 +++---- test/urlencoded.js | 54 +++++--------------------- 5 files changed, 41 insertions(+), 135 deletions(-) diff --git a/test/body-parser.js b/test/body-parser.js index e32cf94d..d46ea772 100644 --- a/test/body-parser.js +++ b/test/body-parser.js @@ -124,7 +124,7 @@ describe('bodyParser()', function () { .post('/') .set('Content-Type', 'application/json') .send(' {"user":"tobi"}') - .expect(403, 'no leading space', done) + .expect(403, '[entity.verify.failed] no leading space', done) }) it('should apply to urlencoded', function (done) { @@ -138,7 +138,7 @@ describe('bodyParser()', function () { .post('/') .set('Content-Type', 'application/x-www-form-urlencoded') .send(' user=tobi') - .expect(403, 'no leading space', done) + .expect(403, '[entity.verify.failed] no leading space', done) }) }) }) @@ -149,7 +149,7 @@ function createServer (opts) { return http.createServer(function (req, res) { _bodyParser(req, res, function (err) { res.statusCode = err ? (err.status || 500) : 200 - res.end(err ? err.message : JSON.stringify(req.body)) + res.end(err ? ('[' + err.type + '] ' + err.message) : JSON.stringify(req.body)) }) }) } diff --git a/test/json.js b/test/json.js index 10f25d44..bf7bc59b 100644 --- a/test/json.js +++ b/test/json.js @@ -79,7 +79,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send('{:') - .expect(400, parseError('{:'), done) + .expect(400, '[entity.parse.failed] ' + parseError('{:'), done) }) it('should 400 for incomplete', function (done) { @@ -87,16 +87,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send('{"user"') - .expect(400, parseError('{"user"'), done) - }) - - it('should error with type = "entity.parse.failed"', function (done) { - request(this.server) - .post('/') - .set('Content-Type', 'application/json') - .set('X-Error-Property', 'type') - .send(' {"user"') - .expect(400, 'entity.parse.failed', done) + .expect(400, '[entity.parse.failed] ' + parseError('{"user"'), done) }) it('should include original body on error object', function (done) { @@ -117,18 +108,7 @@ describe('bodyParser.json()', function () { .set('Content-Type', 'application/json') .set('Content-Length', '1034') .send(JSON.stringify({ str: buf.toString() })) - .expect(413, done) - }) - - it('should error with type = "entity.too.large"', function (done) { - var buf = Buffer.alloc(1024, '.') - request(createServer({ limit: '1kb' })) - .post('/') - .set('Content-Type', 'application/json') - .set('Content-Length', '1034') - .set('X-Error-Property', 'type') - .send(JSON.stringify({ str: buf.toString() })) - .expect(413, 'entity.too.large', done) + .expect(413, '[entity.too.large] request entity too large', done) }) it('should 413 when over limit with chunked encoding', function (done) { @@ -197,7 +177,7 @@ describe('bodyParser.json()', function () { test.set('Content-Encoding', 'gzip') test.set('Content-Type', 'application/json') test.write(Buffer.from('1f8b080000000000000bab56ca4bcc4d55b2527ab16e97522d00515be1cc0e000000', 'hex')) - test.expect(415, 'content encoding unsupported', done) + test.expect(415, '[encoding.unsupported] content encoding unsupported', done) }) }) @@ -227,7 +207,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send('true') - .expect(400, parseError('#rue').replace('#', 't'), done) + .expect(400, '[entity.parse.failed] ' + parseError('#rue').replace('#', 't'), done) }) }) @@ -255,7 +235,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send('true') - .expect(400, parseError('#rue').replace('#', 't'), done) + .expect(400, '[entity.parse.failed] ' + parseError('#rue').replace('#', 't'), done) }) it('should not parse primitives with leading whitespaces', function (done) { @@ -263,7 +243,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send(' true') - .expect(400, parseError(' #rue').replace('#', 't'), done) + .expect(400, '[entity.parse.failed] ' + parseError(' #rue').replace('#', 't'), done) }) it('should allow leading whitespaces in JSON', function (done) { @@ -274,15 +254,6 @@ describe('bodyParser.json()', function () { .expect(200, '{"user":"tobi"}', done) }) - it('should error with type = "entity.parse.failed"', function (done) { - request(this.server) - .post('/') - .set('Content-Type', 'application/json') - .set('X-Error-Property', 'type') - .send('true') - .expect(400, 'entity.parse.failed', done) - }) - it('should include correct message in stack trace', function (done) { request(this.server) .post('/') @@ -409,22 +380,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send('["tobi"]') - .expect(403, 'no arrays', done) - }) - - it('should error with type = "entity.verify.failed"', function (done) { - var server = createServer({ - verify: function (req, res, buf) { - if (buf[0] === 0x5b) throw new Error('no arrays') - } - }) - - request(server) - .post('/') - .set('Content-Type', 'application/json') - .set('X-Error-Property', 'type') - .send('["tobi"]') - .expect(403, 'entity.verify.failed', done) + .expect(403, '[entity.verify.failed] no arrays', done) }) it('should allow custom codes', function (done) { @@ -441,7 +397,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send('["tobi"]') - .expect(400, 'no arrays', done) + .expect(400, '[entity.verify.failed] no arrays', done) }) it('should allow custom type', function (done) { @@ -457,9 +413,8 @@ describe('bodyParser.json()', function () { request(server) .post('/') .set('Content-Type', 'application/json') - .set('X-Error-Property', 'type') .send('["tobi"]') - .expect(403, 'foo.bar', done) + .expect(403, '[foo.bar] no arrays', done) }) it('should include original body on error object', function (done) { @@ -514,7 +469,7 @@ describe('bodyParser.json()', function () { var test = request(server).post('/') test.set('Content-Type', 'application/json; charset=x-bogus') test.write(Buffer.from('00000000', 'hex')) - test.expect(415, 'unsupported charset "X-BOGUS"', done) + test.expect(415, '[charset.unsupported] unsupported charset "X-BOGUS"', done) }) }) @@ -556,15 +511,7 @@ describe('bodyParser.json()', function () { var test = request(this.server).post('/') test.set('Content-Type', 'application/json; charset=koi8-r') test.write(Buffer.from('7b226e616d65223a22cec5d4227d', 'hex')) - test.expect(415, 'unsupported charset "KOI8-R"', done) - }) - - it('should error with type = "charset.unsupported"', function (done) { - var test = request(this.server).post('/') - test.set('Content-Type', 'application/json; charset=koi8-r') - test.set('X-Error-Property', 'type') - test.write(Buffer.from('7b226e616d65223a22cec5d4227d', 'hex')) - test.expect(415, 'charset.unsupported', done) + test.expect(415, '[charset.unsupported] unsupported charset "KOI8-R"', done) }) }) @@ -617,16 +564,7 @@ describe('bodyParser.json()', function () { test.set('Content-Encoding', 'nulls') test.set('Content-Type', 'application/json') test.write(Buffer.from('000000000000', 'hex')) - test.expect(415, 'unsupported content encoding "nulls"', done) - }) - - it('should error with type = "encoding.unsupported"', function (done) { - var test = request(this.server).post('/') - test.set('Content-Encoding', 'nulls') - test.set('Content-Type', 'application/json') - test.set('X-Error-Property', 'type') - test.write(Buffer.from('000000000000', 'hex')) - test.expect(415, 'encoding.unsupported', done) + test.expect(415, '[encoding.unsupported] unsupported content encoding "nulls"', done) }) it('should 400 on malformed encoding', function (done) { @@ -659,7 +597,9 @@ function createServer (opts) { _bodyParser(req, res, function (err) { if (err) { res.statusCode = err.status || 500 - res.end(err[req.headers['x-error-property'] || 'message']) + res.end(req.headers['x-error-property'] + ? err[req.headers['x-error-property']] + : ('[' + err.type + '] ' + err.message)) } else { res.statusCode = 200 res.end(JSON.stringify(req.body)) diff --git a/test/raw.js b/test/raw.js index bb53242b..a0f7ac6f 100644 --- a/test/raw.js +++ b/test/raw.js @@ -141,7 +141,7 @@ describe('bodyParser.raw()', function () { test.set('Content-Encoding', 'gzip') test.set('Content-Type', 'application/octet-stream') test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad608000000', 'hex')) - test.expect(415, 'content encoding unsupported', done) + test.expect(415, '[encoding.unsupported] content encoding unsupported', done) }) }) @@ -266,7 +266,7 @@ describe('bodyParser.raw()', function () { var test = request(server).post('/') test.set('Content-Type', 'application/octet-stream') test.write(Buffer.from('000102', 'hex')) - test.expect(403, 'no leading null', done) + test.expect(403, '[entity.verify.failed] no leading null', done) }) it('should allow custom codes', function (done) { @@ -282,7 +282,7 @@ describe('bodyParser.raw()', function () { var test = request(server).post('/') test.set('Content-Type', 'application/octet-stream') test.write(Buffer.from('000102', 'hex')) - test.expect(400, 'no leading null', done) + test.expect(400, '[entity.verify.failed] no leading null', done) }) it('should allow pass-through', function (done) { @@ -361,7 +361,7 @@ describe('bodyParser.raw()', function () { test.set('Content-Encoding', 'nulls') test.set('Content-Type', 'application/octet-stream') test.write(Buffer.from('000000000000', 'hex')) - test.expect(415, 'unsupported content encoding "nulls"', done) + test.expect(415, '[encoding.unsupported] unsupported content encoding "nulls"', done) }) }) }) @@ -375,7 +375,7 @@ function createServer (opts) { _bodyParser(req, res, function (err) { if (err) { res.statusCode = err.status || 500 - res.end(err.message) + res.end('[' + err.type + '] ' + err.message) return } diff --git a/test/text.js b/test/text.js index e3031998..fb17c18c 100644 --- a/test/text.js +++ b/test/text.js @@ -160,7 +160,7 @@ describe('bodyParser.text()', function () { test.set('Content-Encoding', 'gzip') test.set('Content-Type', 'text/plain') test.write(Buffer.from('1f8b080000000000000bcb4bcc4d55c82c5678b16e170072b3e0200b000000', 'hex')) - test.expect(415, 'content encoding unsupported', done) + test.expect(415, '[encoding.unsupported] content encoding unsupported', done) }) }) @@ -290,7 +290,7 @@ describe('bodyParser.text()', function () { .post('/') .set('Content-Type', 'text/plain') .send(' user is tobi') - .expect(403, 'no leading space', done) + .expect(403, '[entity.verify.failed] no leading space', done) }) it('should allow custom codes', function (done) { @@ -307,7 +307,7 @@ describe('bodyParser.text()', function () { .post('/') .set('Content-Type', 'text/plain') .send(' user is tobi') - .expect(400, 'no leading space', done) + .expect(400, '[entity.verify.failed] no leading space', done) }) it('should allow pass-through', function (done) { @@ -334,7 +334,7 @@ describe('bodyParser.text()', function () { var test = request(server).post('/') test.set('Content-Type', 'text/plain; charset=x-bogus') test.write(Buffer.from('00000000', 'hex')) - test.expect(415, 'unsupported charset "X-BOGUS"', done) + test.expect(415, '[charset.unsupported] unsupported charset "X-BOGUS"', done) }) }) @@ -376,7 +376,7 @@ describe('bodyParser.text()', function () { var test = request(this.server).post('/') test.set('Content-Type', 'text/plain; charset=x-bogus') test.write(Buffer.from('00000000', 'hex')) - test.expect(415, 'unsupported charset "X-BOGUS"', done) + test.expect(415, '[charset.unsupported] unsupported charset "X-BOGUS"', done) }) }) @@ -429,7 +429,7 @@ describe('bodyParser.text()', function () { test.set('Content-Encoding', 'nulls') test.set('Content-Type', 'text/plain') test.write(Buffer.from('000000000000', 'hex')) - test.expect(415, 'unsupported content encoding "nulls"', done) + test.expect(415, '[encoding.unsupported] unsupported content encoding "nulls"', done) }) }) }) @@ -442,7 +442,7 @@ function createServer (opts) { return http.createServer(function (req, res) { _bodyParser(req, res, function (err) { res.statusCode = err ? (err.status || 500) : 200 - res.end(err ? err.message : JSON.stringify(req.body)) + res.end(err ? ('[' + err.type + '] ' + err.message) : JSON.stringify(req.body)) }) }) } diff --git a/test/urlencoded.js b/test/urlencoded.js index b1dbfa99..93f43483 100644 --- a/test/urlencoded.js +++ b/test/urlencoded.js @@ -210,7 +210,7 @@ describe('bodyParser.urlencoded()', function () { test.set('Content-Encoding', 'gzip') test.set('Content-Type', 'application/x-www-form-urlencoded') test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad608000000', 'hex')) - test.expect(415, 'content encoding unsupported', done) + test.expect(415, '[encoding.unsupported] content encoding unsupported', done) }) }) @@ -312,16 +312,7 @@ describe('bodyParser.urlencoded()', function () { .post('/') .set('Content-Type', 'application/x-www-form-urlencoded') .send(createManyParams(11)) - .expect(413, /too many parameters/, done) - }) - - it('should error with type = "parameters.too.many"', function (done) { - request(createServer({ extended: false, parameterLimit: 10 })) - .post('/') - .set('Content-Type', 'application/x-www-form-urlencoded') - .set('X-Error-Property', 'type') - .send(createManyParams(11)) - .expect(413, 'parameters.too.many', done) + .expect(413, '[parameters.too.many] too many parameters', done) }) it('should work when at the limit', function (done) { @@ -376,16 +367,7 @@ describe('bodyParser.urlencoded()', function () { .post('/') .set('Content-Type', 'application/x-www-form-urlencoded') .send(createManyParams(11)) - .expect(413, /too many parameters/, done) - }) - - it('should error with type = "parameters.too.many"', function (done) { - request(createServer({ extended: true, parameterLimit: 10 })) - .post('/') - .set('Content-Type', 'application/x-www-form-urlencoded') - .set('X-Error-Property', 'type') - .send(createManyParams(11)) - .expect(413, 'parameters.too.many', done) + .expect(413, '[parameters.too.many] too many parameters', done) }) it('should work when at the limit', function (done) { @@ -538,22 +520,7 @@ describe('bodyParser.urlencoded()', function () { .post('/') .set('Content-Type', 'application/x-www-form-urlencoded') .send(' user=tobi') - .expect(403, 'no leading space', done) - }) - - it('should error with type = "entity.verify.failed"', function (done) { - var server = createServer({ - verify: function (req, res, buf) { - if (buf[0] === 0x20) throw new Error('no leading space') - } - }) - - request(server) - .post('/') - .set('Content-Type', 'application/x-www-form-urlencoded') - .set('X-Error-Property', 'type') - .send(' user=tobi') - .expect(403, 'entity.verify.failed', done) + .expect(403, '[entity.verify.failed] no leading space', done) }) it('should allow custom codes', function (done) { @@ -570,7 +537,7 @@ describe('bodyParser.urlencoded()', function () { .post('/') .set('Content-Type', 'application/x-www-form-urlencoded') .send(' user=tobi') - .expect(400, 'no leading space', done) + .expect(400, '[entity.verify.failed] no leading space', done) }) it('should allow custom type', function (done) { @@ -586,9 +553,8 @@ describe('bodyParser.urlencoded()', function () { request(server) .post('/') .set('Content-Type', 'application/x-www-form-urlencoded') - .set('X-Error-Property', 'type') .send(' user=tobi') - .expect(403, 'foo.bar', done) + .expect(403, '[foo.bar] no leading space', done) }) it('should allow pass-through', function (done) { @@ -615,7 +581,7 @@ describe('bodyParser.urlencoded()', function () { var test = request(server).post('/') test.set('Content-Type', 'application/x-www-form-urlencoded; charset=x-bogus') test.write(Buffer.from('00000000', 'hex')) - test.expect(415, 'unsupported charset "X-BOGUS"', done) + test.expect(415, '[charset.unsupported] unsupported charset "X-BOGUS"', done) }) }) @@ -650,7 +616,7 @@ describe('bodyParser.urlencoded()', function () { var test = request(this.server).post('/') test.set('Content-Type', 'application/x-www-form-urlencoded; charset=koi8-r') test.write(Buffer.from('6e616d653dcec5d4', 'hex')) - test.expect(415, 'unsupported charset "KOI8-R"', done) + test.expect(415, '[charset.unsupported] unsupported charset "KOI8-R"', done) }) }) @@ -703,7 +669,7 @@ describe('bodyParser.urlencoded()', function () { test.set('Content-Encoding', 'nulls') test.set('Content-Type', 'application/x-www-form-urlencoded') test.write(Buffer.from('000000000000', 'hex')) - test.expect(415, 'unsupported content encoding "nulls"', done) + test.expect(415, '[encoding.unsupported] unsupported content encoding "nulls"', done) }) }) }) @@ -734,7 +700,7 @@ function createServer (opts) { _bodyParser(req, res, function (err) { if (err) { res.statusCode = err.status || 500 - res.end(err[req.headers['x-error-property'] || 'message']) + res.end('[' + err.type + '] ' + err.message) } else { res.statusCode = 200 res.end(JSON.stringify(req.body)) From 87c55afedc5062bfc4154ad881b152737b78d8b4 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 24 Feb 2022 21:09:45 -0500 Subject: [PATCH 33/98] build: Node.js@17.6 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3b6f4a39..483700de 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,7 @@ jobs: node-version: "16.14" - name: Node.js 17.x - node-version: "17.5" + node-version: "17.6" steps: - uses: actions/checkout@v2 From 0eb981a3d81d3636cd7bd2fb698b7669064d9bb7 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 25 Feb 2022 00:21:53 -0500 Subject: [PATCH 34/98] build: mocha@9.2.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b418b45b..e6d7863e 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "eslint-plugin-promise": "5.2.0", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", - "mocha": "9.2.0", + "mocha": "9.2.1", "nyc": "15.1.0", "safe-buffer": "5.2.1", "supertest": "6.2.2" From db3949f5c390e5a36e8d16de192915afa837f900 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 13 Mar 2022 23:41:14 -0400 Subject: [PATCH 35/98] deps: raw-body@2.5.1 --- HISTORY.md | 8 ++++ README.md | 8 ++++ package.json | 2 +- test/json.js | 105 +++++++++++++++++++++++++++++++++++++++++++++ test/raw.js | 95 ++++++++++++++++++++++++++++++++++++++++ test/text.js | 95 ++++++++++++++++++++++++++++++++++++++++ test/urlencoded.js | 95 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 407 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 622f40c6..4c1b2a5f 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,11 @@ +unreleased +========== + + * Prevent loss of async hooks context + * Prevent hanging when request already read + * deps: raw-body@2.5.1 + - deps: http-errors@2.0.0 + 1.19.2 / 2022-02-15 =================== diff --git a/README.md b/README.md index 7d7fa882..924c980e 100644 --- a/README.md +++ b/README.md @@ -342,6 +342,14 @@ to this middleware. This module operates directly on bytes only and you cannot call `req.setEncoding` when using this module. The `status` property is set to `500` and the `type` property is set to `'stream.encoding.set'`. +### stream is not readable + +This error will occur when the request is no longer readable when this middleware +attempts to read it. This typically means something other than a middleware from +this module read the reqest body already and the middleware was also configured to +read the same request. The `status` property is set to `500` and the `type` +property is set to `'stream.not.readable'`. + ### too many parameters This error will occur when the content of the request exceeds the configured diff --git a/package.json b/package.json index e6d7863e..7f04dc9a 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "iconv-lite": "0.4.24", "on-finished": "~2.3.0", "qs": "6.9.7", - "raw-body": "2.4.3", + "raw-body": "2.5.1", "type-is": "~1.6.18" }, "devDependencies": { diff --git a/test/json.js b/test/json.js index bf7bc59b..bda3879b 100644 --- a/test/json.js +++ b/test/json.js @@ -1,11 +1,16 @@ var assert = require('assert') +var asyncHooks = tryRequire('async_hooks') var Buffer = require('safe-buffer').Buffer var http = require('http') var request = require('supertest') var bodyParser = require('..') +var describeAsyncHooks = typeof asyncHooks.AsyncLocalStorage === 'function' + ? describe + : describe.skip + describe('bodyParser.json()', function () { it('should parse JSON', function (done) { request(createServer()) @@ -53,6 +58,22 @@ describe('bodyParser.json()', function () { .expect(400, /content length/, done) }) + it('should 500 if stream not readable', function (done) { + var jsonParser = bodyParser.json() + var server = createServer(function (req, res, next) { + req.on('end', function () { + jsonParser(req, res, next) + }) + req.resume() + }) + + request(server) + .post('/') + .set('Content-Type', 'application/json') + .send('{"user":"tobi"}') + .expect(500, '[stream.not.readable] stream is not readable', done) + }) + it('should handle duplicated middleware', function (done) { var jsonParser = bodyParser.json() var server = createServer(function (req, res, next) { @@ -473,6 +494,82 @@ describe('bodyParser.json()', function () { }) }) + describeAsyncHooks('async local storage', function () { + before(function () { + var jsonParser = bodyParser.json() + var store = { foo: 'bar' } + + this.server = createServer(function (req, res, next) { + var asyncLocalStorage = new asyncHooks.AsyncLocalStorage() + + asyncLocalStorage.run(store, function () { + jsonParser(req, res, function (err) { + var local = asyncLocalStorage.getStore() + + if (local) { + res.setHeader('x-store-foo', String(local.foo)) + } + + next(err) + }) + }) + }) + }) + + it('should presist store', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/json') + .send('{"user":"tobi"}') + .expect(200) + .expect('x-store-foo', 'bar') + .expect('{"user":"tobi"}') + .end(done) + }) + + it('should presist store when unmatched content-type', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/fizzbuzz') + .send('buzz') + .expect(200) + .expect('x-store-foo', 'bar') + .expect('{}') + .end(done) + }) + + it('should presist store when inflated', function (done) { + var test = request(this.server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/json') + test.write(Buffer.from('1f8b080000000000000bab56ca4bcc4d55b2527ab16e97522d00515be1cc0e000000', 'hex')) + test.expect(200) + test.expect('x-store-foo', 'bar') + test.expect('{"name":"论"}') + test.end(done) + }) + + it('should presist store when inflate error', function (done) { + var test = request(this.server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/json') + test.write(Buffer.from('1f8b080000000000000bab56cc4d55b2527ab16e97522d00515be1cc0e000000', 'hex')) + test.expect(400) + test.expect('x-store-foo', 'bar') + test.end(done) + }) + + it('should presist store when parse error', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/json') + .send('{"user":') + .expect(400) + .expect('x-store-foo', 'bar') + .end(done) + }) + }) + describe('charset', function () { before(function () { this.server = createServer() @@ -622,3 +719,11 @@ function shouldContainInBody (str) { 'expected \'' + res.text + '\' to contain \'' + str + '\'') } } + +function tryRequire (name) { + try { + return require(name) + } catch (e) { + return {} + } +} diff --git a/test/raw.js b/test/raw.js index a0f7ac6f..e5f9a8e7 100644 --- a/test/raw.js +++ b/test/raw.js @@ -1,11 +1,16 @@ var assert = require('assert') +var asyncHooks = tryRequire('async_hooks') var Buffer = require('safe-buffer').Buffer var http = require('http') var request = require('supertest') var bodyParser = require('..') +var describeAsyncHooks = typeof asyncHooks.AsyncLocalStorage === 'function' + ? describe + : describe.skip + describe('bodyParser.raw()', function () { before(function () { this.server = createServer() @@ -50,6 +55,22 @@ describe('bodyParser.raw()', function () { .expect(200, 'buf:', done) }) + it('should 500 if stream not readable', function (done) { + var rawParser = bodyParser.raw() + var server = createServer(function (req, res, next) { + req.on('end', function () { + rawParser(req, res, next) + }) + req.resume() + }) + + request(server) + .post('/') + .set('Content-Type', 'application/octet-stream') + .send('the user is tobi') + .expect(500, '[stream.not.readable] stream is not readable', done) + }) + it('should handle duplicated middleware', function (done) { var rawParser = bodyParser.raw() var server = createServer(function (req, res, next) { @@ -299,6 +320,72 @@ describe('bodyParser.raw()', function () { }) }) + describeAsyncHooks('async local storage', function () { + before(function () { + var rawParser = bodyParser.raw() + var store = { foo: 'bar' } + + this.server = createServer(function (req, res, next) { + var asyncLocalStorage = new asyncHooks.AsyncLocalStorage() + + asyncLocalStorage.run(store, function () { + rawParser(req, res, function (err) { + var local = asyncLocalStorage.getStore() + + if (local) { + res.setHeader('x-store-foo', String(local.foo)) + } + + next(err) + }) + }) + }) + }) + + it('should presist store', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/octet-stream') + .send('the user is tobi') + .expect(200) + .expect('x-store-foo', 'bar') + .expect('buf:746865207573657220697320746f6269') + .end(done) + }) + + it('should presist store when unmatched content-type', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/fizzbuzz') + .send('buzz') + .expect(200) + .expect('x-store-foo', 'bar') + .expect('{}') + .end(done) + }) + + it('should presist store when inflated', function (done) { + var test = request(this.server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/octet-stream') + test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad608000000', 'hex')) + test.expect(200) + test.expect('x-store-foo', 'bar') + test.expect('buf:6e616d653de8aeba') + test.end(done) + }) + + it('should presist store when inflate error', function (done) { + var test = request(this.server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/octet-stream') + test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad6080000', 'hex')) + test.expect(400) + test.expect('x-store-foo', 'bar') + test.end(done) + }) + }) + describe('charset', function () { before(function () { this.server = createServer() @@ -388,3 +475,11 @@ function createServer (opts) { }) }) } + +function tryRequire (name) { + try { + return require(name) + } catch (e) { + return {} + } +} diff --git a/test/text.js b/test/text.js index fb17c18c..357ad09f 100644 --- a/test/text.js +++ b/test/text.js @@ -1,11 +1,16 @@ var assert = require('assert') +var asyncHooks = tryRequire('async_hooks') var Buffer = require('safe-buffer').Buffer var http = require('http') var request = require('supertest') var bodyParser = require('..') +var describeAsyncHooks = typeof asyncHooks.AsyncLocalStorage === 'function' + ? describe + : describe.skip + describe('bodyParser.text()', function () { before(function () { this.server = createServer() @@ -50,6 +55,22 @@ describe('bodyParser.text()', function () { .expect(200, '""', done) }) + it('should 500 if stream not readable', function (done) { + var textParser = bodyParser.text() + var server = createServer(function (req, res, next) { + req.on('end', function () { + textParser(req, res, next) + }) + req.resume() + }) + + request(server) + .post('/') + .set('Content-Type', 'text/plain') + .send('user is tobi') + .expect(500, '[stream.not.readable] stream is not readable', done) + }) + it('should handle duplicated middleware', function (done) { var textParser = bodyParser.text() var server = createServer(function (req, res, next) { @@ -338,6 +359,72 @@ describe('bodyParser.text()', function () { }) }) + describeAsyncHooks('async local storage', function () { + before(function () { + var textParser = bodyParser.text() + var store = { foo: 'bar' } + + this.server = createServer(function (req, res, next) { + var asyncLocalStorage = new asyncHooks.AsyncLocalStorage() + + asyncLocalStorage.run(store, function () { + textParser(req, res, function (err) { + var local = asyncLocalStorage.getStore() + + if (local) { + res.setHeader('x-store-foo', String(local.foo)) + } + + next(err) + }) + }) + }) + }) + + it('should presist store', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'text/plain') + .send('user is tobi') + .expect(200) + .expect('x-store-foo', 'bar') + .expect('"user is tobi"') + .end(done) + }) + + it('should presist store when unmatched content-type', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/fizzbuzz') + .send('buzz') + .expect(200) + .expect('x-store-foo', 'bar') + .expect('{}') + .end(done) + }) + + it('should presist store when inflated', function (done) { + var test = request(this.server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'text/plain') + test.write(Buffer.from('1f8b080000000000000bcb4bcc4d55c82c5678b16e170072b3e0200b000000', 'hex')) + test.expect(200) + test.expect('x-store-foo', 'bar') + test.expect('"name is 论"') + test.end(done) + }) + + it('should presist store when inflate error', function (done) { + var test = request(this.server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'text/plain') + test.write(Buffer.from('1f8b080000000000000bcb4bcc4d55c82c5678b16e170072b3e0200b0000', 'hex')) + test.expect(400) + test.expect('x-store-foo', 'bar') + test.end(done) + }) + }) + describe('charset', function () { before(function () { this.server = createServer() @@ -446,3 +533,11 @@ function createServer (opts) { }) }) } + +function tryRequire (name) { + try { + return require(name) + } catch (e) { + return {} + } +} diff --git a/test/urlencoded.js b/test/urlencoded.js index 93f43483..91d86c8d 100644 --- a/test/urlencoded.js +++ b/test/urlencoded.js @@ -1,11 +1,16 @@ var assert = require('assert') +var asyncHooks = tryRequire('async_hooks') var Buffer = require('safe-buffer').Buffer var http = require('http') var request = require('supertest') var bodyParser = require('..') +var describeAsyncHooks = typeof asyncHooks.AsyncLocalStorage === 'function' + ? describe + : describe.skip + describe('bodyParser.urlencoded()', function () { before(function () { this.server = createServer() @@ -51,6 +56,22 @@ describe('bodyParser.urlencoded()', function () { .expect(200, '{}', done) }) + it('should 500 if stream not readable', function (done) { + var urlencodedParser = bodyParser.urlencoded() + var server = createServer(function (req, res, next) { + req.on('end', function () { + urlencodedParser(req, res, next) + }) + req.resume() + }) + + request(server) + .post('/') + .set('Content-Type', 'application/x-www-form-urlencoded') + .send('user=tobi') + .expect(500, '[stream.not.readable] stream is not readable', done) + }) + it('should handle duplicated middleware', function (done) { var urlencodedParser = bodyParser.urlencoded() var server = createServer(function (req, res, next) { @@ -585,6 +606,72 @@ describe('bodyParser.urlencoded()', function () { }) }) + describeAsyncHooks('async local storage', function () { + before(function () { + var urlencodedParser = bodyParser.urlencoded() + var store = { foo: 'bar' } + + this.server = createServer(function (req, res, next) { + var asyncLocalStorage = new asyncHooks.AsyncLocalStorage() + + asyncLocalStorage.run(store, function () { + urlencodedParser(req, res, function (err) { + var local = asyncLocalStorage.getStore() + + if (local) { + res.setHeader('x-store-foo', String(local.foo)) + } + + next(err) + }) + }) + }) + }) + + it('should presist store', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/x-www-form-urlencoded') + .send('user=tobi') + .expect(200) + .expect('x-store-foo', 'bar') + .expect('{"user":"tobi"}') + .end(done) + }) + + it('should presist store when unmatched content-type', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/fizzbuzz') + .send('buzz') + .expect(200) + .expect('x-store-foo', 'bar') + .expect('{}') + .end(done) + }) + + it('should presist store when inflated', function (done) { + var test = request(this.server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/x-www-form-urlencoded') + test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad608000000', 'hex')) + test.expect(200) + test.expect('x-store-foo', 'bar') + test.expect('{"name":"论"}') + test.end(done) + }) + + it('should presist store when inflate error', function (done) { + var test = request(this.server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/x-www-form-urlencoded') + test.write(Buffer.from('1f8b080000000000000bcb4bcc4db57db16e170099a4bad6080000', 'hex')) + test.expect(400) + test.expect('x-store-foo', 'bar') + test.end(done) + }) + }) + describe('charset', function () { before(function () { this.server = createServer() @@ -714,3 +801,11 @@ function expectKeyCount (count) { assert.strictEqual(Object.keys(JSON.parse(res.text)).length, count) } } + +function tryRequire (name) { + try { + return require(name) + } catch (e) { + return {} + } +} From b9f9acb67341dfaeaf5fdd326b76407d36223e82 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 13 Mar 2022 23:48:08 -0400 Subject: [PATCH 36/98] deps: on-finished@2.4.1 --- HISTORY.md | 1 + package.json | 2 +- test/json.js | 10 ++++++++++ test/raw.js | 10 ++++++++++ test/text.js | 10 ++++++++++ test/urlencoded.js | 10 ++++++++++ 6 files changed, 42 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 4c1b2a5f..eb3af25f 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -3,6 +3,7 @@ unreleased * Prevent loss of async hooks context * Prevent hanging when request already read + * deps: on-finished@2.4.1 * deps: raw-body@2.5.1 - deps: http-errors@2.0.0 diff --git a/package.json b/package.json index 7f04dc9a..1cdf1b02 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,7 @@ "depd": "~1.1.2", "http-errors": "1.8.1", "iconv-lite": "0.4.24", - "on-finished": "~2.3.0", + "on-finished": "2.4.1", "qs": "6.9.7", "raw-body": "2.5.1", "type-is": "~1.6.18" diff --git a/test/json.js b/test/json.js index bda3879b..01193dda 100644 --- a/test/json.js +++ b/test/json.js @@ -568,6 +568,16 @@ describe('bodyParser.json()', function () { .expect('x-store-foo', 'bar') .end(done) }) + + it('should presist store when limit exceeded', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/json') + .send('{"user":"' + Buffer.alloc(1024 * 100, '.').toString() + '"}') + .expect(413) + .expect('x-store-foo', 'bar') + .end(done) + }) }) describe('charset', function () { diff --git a/test/raw.js b/test/raw.js index e5f9a8e7..8e0b8523 100644 --- a/test/raw.js +++ b/test/raw.js @@ -384,6 +384,16 @@ describe('bodyParser.raw()', function () { test.expect('x-store-foo', 'bar') test.end(done) }) + + it('should presist store when limit exceeded', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/octet-stream') + .send('the user is ' + Buffer.alloc(1024 * 100, '.').toString()) + .expect(413) + .expect('x-store-foo', 'bar') + .end(done) + }) }) describe('charset', function () { diff --git a/test/text.js b/test/text.js index 357ad09f..3b33684d 100644 --- a/test/text.js +++ b/test/text.js @@ -423,6 +423,16 @@ describe('bodyParser.text()', function () { test.expect('x-store-foo', 'bar') test.end(done) }) + + it('should presist store when limit exceeded', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'text/plain') + .send('user is ' + Buffer.alloc(1024 * 100, '.').toString()) + .expect(413) + .expect('x-store-foo', 'bar') + .end(done) + }) }) describe('charset', function () { diff --git a/test/urlencoded.js b/test/urlencoded.js index 91d86c8d..b2345671 100644 --- a/test/urlencoded.js +++ b/test/urlencoded.js @@ -670,6 +670,16 @@ describe('bodyParser.urlencoded()', function () { test.expect('x-store-foo', 'bar') test.end(done) }) + + it('should presist store when limit exceeded', function (done) { + request(this.server) + .post('/') + .set('Content-Type', 'application/x-www-form-urlencoded') + .send('user=' + Buffer.alloc(1024 * 100, '.').toString()) + .expect(413) + .expect('x-store-foo', 'bar') + .end(done) + }) }) describe('charset', function () { From 1040c7e71b3c10a2dab1511c110462698ede25c5 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 14 Mar 2022 00:03:38 -0400 Subject: [PATCH 37/98] deps: http-errors@2.0.0 --- HISTORY.md | 3 +++ package.json | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index eb3af25f..79e0d08c 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -3,6 +3,9 @@ unreleased * Prevent loss of async hooks context * Prevent hanging when request already read + * deps: http-errors@2.0.0 + - deps: depd@2.0.0 + - deps: statuses@2.0.1 * deps: on-finished@2.4.1 * deps: raw-body@2.5.1 - deps: http-errors@2.0.0 diff --git a/package.json b/package.json index 1cdf1b02..6f10723b 100644 --- a/package.json +++ b/package.json @@ -13,7 +13,7 @@ "content-type": "~1.0.4", "debug": "2.6.9", "depd": "~1.1.2", - "http-errors": "1.8.1", + "http-errors": "2.0.0", "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.9.7", From 96df60f9d0d60c88cce33cd79c513e81d11c5162 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 14 Mar 2022 00:12:02 -0400 Subject: [PATCH 38/98] deps: depd@2.0.0 --- HISTORY.md | 3 +++ package.json | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 79e0d08c..1e3560e0 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -3,6 +3,9 @@ unreleased * Prevent loss of async hooks context * Prevent hanging when request already read + * deps: depd@2.0.0 + - Replace internal `eval` usage with `Function` constructor + - Use instance methods on `process` to check for listeners * deps: http-errors@2.0.0 - deps: depd@2.0.0 - deps: statuses@2.0.1 diff --git a/package.json b/package.json index 6f10723b..768137e2 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,7 @@ "bytes": "3.1.2", "content-type": "~1.0.4", "debug": "2.6.9", - "depd": "~1.1.2", + "depd": "2.0.0", "http-errors": "2.0.0", "iconv-lite": "0.4.24", "on-finished": "2.4.1", From bd702d2f007332dedcd4a1db0a7f21843ed537d7 Mon Sep 17 00:00:00 2001 From: Tobias Speicher Date: Thu, 17 Mar 2022 13:13:41 +0100 Subject: [PATCH 39/98] lint: remove deprecated String.prototype.substr closes #459 --- lib/types/json.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/types/json.js b/lib/types/json.js index 2971dc14..9349cbd6 100644 --- a/lib/types/json.js +++ b/lib/types/json.js @@ -122,7 +122,7 @@ function json (options) { // assert charset per RFC 7159 sec 8.1 var charset = getCharset(req) || 'utf-8' - if (charset.substr(0, 4) !== 'utf-') { + if (charset.slice(0, 4) !== 'utf-') { debug('invalid charset') next(createError(415, 'unsupported charset "' + charset.toUpperCase() + '"', { charset: charset, From 9db582d2af35936f0347572163a17aeaef290aaf Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 22 Mar 2022 23:57:02 -0400 Subject: [PATCH 40/98] Fix error message for json parse whitespace in strict --- HISTORY.md | 1 + lib/types/json.js | 12 +++++++++--- test/json.js | 8 ++++++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 1e3560e0..b432583a 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,7 @@ unreleased ========== + * Fix error message for json parse whitespace in `strict` * Prevent loss of async hooks context * Prevent hanging when request already read * deps: depd@2.0.0 diff --git a/lib/types/json.js b/lib/types/json.js index 9349cbd6..c2745be3 100644 --- a/lib/types/json.js +++ b/lib/types/json.js @@ -37,7 +37,7 @@ module.exports = json * %x0D ) ; Carriage return */ -var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*(.)/ // eslint-disable-line no-control-regex +var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex /** * Create a middleware to parse JSON bodies. @@ -152,7 +152,9 @@ function json (options) { function createStrictSyntaxError (str, char) { var index = str.indexOf(char) - var partial = str.substring(0, index) + '#' + var partial = index !== -1 + ? str.substring(0, index) + '#' + : '' try { JSON.parse(partial); /* istanbul ignore next */ throw new SyntaxError('strict violation') @@ -173,7 +175,11 @@ function createStrictSyntaxError (str, char) { */ function firstchar (str) { - return FIRST_CHAR_REGEXP.exec(str)[1] + var match = FIRST_CHAR_REGEXP.exec(str) + + return match + ? match[1] + : undefined } /** diff --git a/test/json.js b/test/json.js index 01193dda..57cbd7ae 100644 --- a/test/json.js +++ b/test/json.js @@ -44,6 +44,14 @@ describe('bodyParser.json()', function () { .expect(200, '{}', done) }) + it('should 400 when only whitespace', function (done) { + request(createServer()) + .post('/') + .set('Content-Type', 'application/json') + .send(' \n') + .expect(400, '[entity.parse.failed] ' + parseError(' '), done) + }) + it('should 400 when invalid content-length', function (done) { var jsonParser = bodyParser.json() var server = createServer(function (req, res, next) { From 2a2f47199b443c56b6ebb74cac7acdeb63fac61f Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 2 Apr 2022 20:47:37 -0400 Subject: [PATCH 41/98] Fix internal error when inflated body exceeds limit --- HISTORY.md | 1 + lib/read.js | 28 ++++++++++++++++++++++++++-- package.json | 4 +++- test/json.js | 9 +++++++++ test/raw.js | 9 +++++++++ test/text.js | 11 +++++++++++ test/urlencoded.js | 9 +++++++++ 7 files changed, 68 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index b432583a..b5299325 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -2,6 +2,7 @@ unreleased ========== * Fix error message for json parse whitespace in `strict` + * Fix internal error when inflated body exceeds limit * Prevent loss of async hooks context * Prevent hanging when request already read * deps: depd@2.0.0 diff --git a/lib/read.js b/lib/read.js index c1026095..fce6283f 100644 --- a/lib/read.js +++ b/lib/read.js @@ -12,9 +12,11 @@ */ var createError = require('http-errors') +var destroy = require('destroy') var getBody = require('raw-body') var iconv = require('iconv-lite') var onFinished = require('on-finished') +var unpipe = require('unpipe') var zlib = require('zlib') /** @@ -89,9 +91,14 @@ function read (req, res, next, parse, debug, options) { _error = createError(400, error) } + // unpipe from stream and destroy + if (stream !== req) { + unpipe(req) + destroy(stream, true) + } + // read off entire request - stream.resume() - onFinished(req, function onfinished () { + dump(req, function onfinished () { next(createError(400, _error)) }) return @@ -179,3 +186,20 @@ function contentstream (req, debug, inflate) { return stream } + +/** + * Dump the contents of a request. + * + * @param {object} req + * @param {function} callback + * @api private + */ + +function dump (req, callback) { + if (onFinished.isFinished(req)) { + callback(null) + } else { + onFinished(req, callback) + req.resume() + } +} diff --git a/package.json b/package.json index 768137e2..a0368bfa 100644 --- a/package.json +++ b/package.json @@ -13,12 +13,14 @@ "content-type": "~1.0.4", "debug": "2.6.9", "depd": "2.0.0", + "destroy": "1.2.0", "http-errors": "2.0.0", "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.9.7", "raw-body": "2.5.1", - "type-is": "~1.6.18" + "type-is": "~1.6.18", + "unpipe": "1.0.0" }, "devDependencies": { "eslint": "7.32.0", diff --git a/test/json.js b/test/json.js index 57cbd7ae..4d686763 100644 --- a/test/json.js +++ b/test/json.js @@ -193,6 +193,15 @@ describe('bodyParser.json()', function () { test.write(buf) test.expect(413, done) }) + + it('should not error when inflating', function (done) { + var server = createServer({ limit: '1kb' }) + var test = request(server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/json') + test.write(Buffer.from('1f8b080000000000000aab562a2e2952b252d21b05a360148c58a0540b0066f7ce1e0a0400', 'hex')) + test.expect(413, done) + }) }) describe('with inflate option', function () { diff --git a/test/raw.js b/test/raw.js index 8e0b8523..d2ab027f 100644 --- a/test/raw.js +++ b/test/raw.js @@ -149,6 +149,15 @@ describe('bodyParser.raw()', function () { test.write(buf) test.expect(413, done) }) + + it('should not error when inflating', function (done) { + var server = createServer({ limit: '1kb' }) + var test = request(server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/octet-stream') + test.write(Buffer.from('1f8b080000000000000ad3d31b05a360148c64000087e5a147040400', 'hex')) + test.expect(413, done) + }) }) describe('with inflate option', function () { diff --git a/test/text.js b/test/text.js index 3b33684d..c3c55180 100644 --- a/test/text.js +++ b/test/text.js @@ -168,6 +168,17 @@ describe('bodyParser.text()', function () { test.write(buf) test.expect(413, done) }) + + it('should not error when inflating', function (done) { + var server = createServer({ limit: '1kb' }) + var test = request(server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'text/plain') + test.write(Buffer.from('1f8b080000000000000ad3d31b05a360148c64000087e5a1470404', 'hex')) + setTimeout(function () { + test.expect(413, done) + }, 100) + }) }) describe('with inflate option', function () { diff --git a/test/urlencoded.js b/test/urlencoded.js index b2345671..10b8c4d4 100644 --- a/test/urlencoded.js +++ b/test/urlencoded.js @@ -314,6 +314,15 @@ describe('bodyParser.urlencoded()', function () { test.write(buf) test.expect(413, done) }) + + it('should not error when inflating', function (done) { + var server = createServer({ limit: '1kb' }) + var test = request(server).post('/') + test.set('Content-Encoding', 'gzip') + test.set('Content-Type', 'application/x-www-form-urlencoded') + test.write(Buffer.from('1f8b080000000000000a2b2e29b2d51b05a360148c580000a0351f92040400', 'hex')) + test.expect(413, done) + }) }) describe('with parameterLimit option', function () { From 86115397674d19449473f74206e4b168a51e245e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 2 Apr 2022 20:48:40 -0400 Subject: [PATCH 42/98] build: mocha@9.2.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index a0368bfa..10c75bb8 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "eslint-plugin-promise": "5.2.0", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", - "mocha": "9.2.1", + "mocha": "9.2.2", "nyc": "15.1.0", "safe-buffer": "5.2.1", "supertest": "6.2.2" From eac5f22952ce8e6ec33315a3a16226b102591764 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 2 Apr 2022 20:49:03 -0400 Subject: [PATCH 43/98] build: Node.js@17.8 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 483700de..ba8a508b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,7 @@ jobs: node-version: "16.14" - name: Node.js 17.x - node-version: "17.6" + node-version: "17.8" steps: - uses: actions/checkout@v2 From 77bcc0e44dd9be1b0a60b647fd23faac9b72c8be Mon Sep 17 00:00:00 2001 From: Jordan Harband Date: Mon, 8 Nov 2021 16:04:52 -0800 Subject: [PATCH 44/98] deps: qs@6.10.3 --- .github/workflows/ci.yml | 2 ++ HISTORY.md | 1 + package.json | 5 +++-- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba8a508b..35a7acdc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -119,6 +119,8 @@ jobs: nvm use ${{ matrix.node-version }} sed -i '1s;^.*$;'"$(printf '#!%q' "$(nvm which npm)")"';' "$(readlink -f "$(which npm)")" npm config set strict-ssl false + npm install -g --prefix "$(which node)/../.." npm@1.2.8000 + sed -i '1s;^.*$;'"$(printf '#!%q' "$(nvm which npm)")"';' "$(readlink -f "$(which npm)")" fi dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH" diff --git a/HISTORY.md b/HISTORY.md index b5299325..1569a8f3 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -12,6 +12,7 @@ unreleased - deps: depd@2.0.0 - deps: statuses@2.0.1 * deps: on-finished@2.4.1 + * deps: qs@6.10.3 * deps: raw-body@2.5.1 - deps: http-errors@2.0.0 diff --git a/package.json b/package.json index 10c75bb8..702723a4 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "http-errors": "2.0.0", "iconv-lite": "0.4.24", "on-finished": "2.4.1", - "qs": "6.9.7", + "qs": "6.10.3", "raw-body": "2.5.1", "type-is": "~1.6.18", "unpipe": "1.0.0" @@ -43,7 +43,8 @@ "index.js" ], "engines": { - "node": ">= 0.8" + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" }, "scripts": { "lint": "eslint .", From 601a076ddc66dc0b2cf909df14120b3adbaea91a Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 2 Apr 2022 20:59:59 -0400 Subject: [PATCH 45/98] docs: add security policy --- SECURITY.md | 25 +++++++++++++++++++++++++ package.json | 1 + 2 files changed, 26 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..9694d429 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security Policies and Procedures + +## Reporting a Bug + +The Express team and community take all security bugs seriously. Thank you +for improving the security of Express. We appreciate your efforts and +responsible disclosure and will make every effort to acknowledge your +contributions. + +Report security bugs by emailing the current owner(s) of `body-parser`. This +information can be found in the npm registry using the command +`npm owner ls body-parser`. +If unsure or unable to get the information from the above, open an issue +in the [project issue tracker](https://github.com/expressjs/body-parser/issues) +asking for the current contact information. + +To ensure the timely response to your report, please ensure that the entirety +of the report is contained within the email body and not solely behind a web +link or an attachment. + +At least one owner will acknowledge your email within 48 hours, and will send a +more detailed response within 48 hours indicating the next steps in handling +your report. After the initial reply to your report, the owners will +endeavor to keep you informed of the progress towards a fix and full +announcement, and may ask for additional information or guidance. diff --git a/package.json b/package.json index 702723a4..78a20ea3 100644 --- a/package.json +++ b/package.json @@ -40,6 +40,7 @@ "lib/", "LICENSE", "HISTORY.md", + "SECURITY.md", "index.js" ], "engines": { From 7861a0055df9f3171732adf99fb2814dcf6a36e2 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 2 Apr 2022 21:01:32 -0400 Subject: [PATCH 46/98] docs: update CI badge link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 924c980e..1149aff5 100644 --- a/README.md +++ b/README.md @@ -461,4 +461,4 @@ app.use(bodyParser.text({ type: 'text/html' })) [downloads-image]: https://img.shields.io/npm/dm/body-parser.svg [downloads-url]: https://npmjs.org/package/body-parser [github-actions-ci-image]: https://img.shields.io/github/workflow/status/expressjs/body-parser/ci/master?label=ci -[github-actions-ci-url]: https://github.com/expressjs/body-parser?query=workflow%3Aci +[github-actions-ci-url]: https://github.com/expressjs/body-parser/actions/workflows/ci.yml From 1f6f58e1f8dc222f2b6cfc7eb3a3bf5145ff2b56 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 2 Apr 2022 21:02:06 -0400 Subject: [PATCH 47/98] 1.20.0 --- HISTORY.md | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 1569a8f3..e114f6af 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,5 +1,5 @@ -unreleased -========== +1.20.0 / 2022-04-02 +=================== * Fix error message for json parse whitespace in `strict` * Fix internal error when inflated body exceeds limit diff --git a/package.json b/package.json index 78a20ea3..9a03357f 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "body-parser", "description": "Node.js body parsing middleware", - "version": "1.19.2", + "version": "1.20.0", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)" From 3d9269e9cacef74a110bb603f8e7ee565cef26a1 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 24 May 2022 19:33:19 -0400 Subject: [PATCH 48/98] build: support Node.js 18.x --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 35a7acdc..912dc865 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -30,6 +30,7 @@ jobs: - Node.js 15.x - Node.js 16.x - Node.js 17.x + - Node.js 18.x include: - name: Node.js 0.8 @@ -107,6 +108,9 @@ jobs: - name: Node.js 17.x node-version: "17.8" + - name: Node.js 18.x + node-version: "18.2" + steps: - uses: actions/checkout@v2 From 0936f44eb01fc24a9694ac5e79ba5a578f63d157 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 24 May 2022 19:35:09 -0400 Subject: [PATCH 49/98] build: Node.js@16.15 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 912dc865..6c477996 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -103,7 +103,7 @@ jobs: node-version: "15.14" - name: Node.js 16.x - node-version: "16.14" + node-version: "16.15" - name: Node.js 17.x node-version: "17.8" From 633a78a2eac04a4b04da1ed0f5c05cfc423eac41 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 24 May 2022 19:38:54 -0400 Subject: [PATCH 50/98] build: Node.js@17.9 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6c477996..2fd361ef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -106,7 +106,7 @@ jobs: node-version: "16.15" - name: Node.js 17.x - node-version: "17.8" + node-version: "17.9" - name: Node.js 18.x node-version: "18.2" From 44ffa97574e79d7d448cca11922e48cd85b75005 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 3 Jun 2022 22:01:43 -0400 Subject: [PATCH 51/98] build: mocha@10.0.0 --- .github/workflows/ci.yml | 2 ++ package.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2fd361ef..43ceeba4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -92,9 +92,11 @@ jobs: - name: Node.js 12.x node-version: "12.22" + npm-i: mocha@9.2.2 - name: Node.js 13.x node-version: "13.14" + npm-i: mocha@9.2.2 - name: Node.js 14.x node-version: "14.19" diff --git a/package.json b/package.json index 9a03357f..083d672d 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "eslint-plugin-promise": "5.2.0", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", - "mocha": "9.2.2", + "mocha": "10.0.0", "nyc": "15.1.0", "safe-buffer": "5.2.1", "supertest": "6.2.2" From b89bdc755735e2af78554b127b92685826bce779 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 31 Aug 2022 23:22:45 -0400 Subject: [PATCH 52/98] build: Node.js@14.20 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 43ceeba4..04d348df 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -99,7 +99,7 @@ jobs: npm-i: mocha@9.2.2 - name: Node.js 14.x - node-version: "14.19" + node-version: "14.20" - name: Node.js 15.x node-version: "15.14" From 9d02699377f53ad05b983ccbe8da8edc30cebe9c Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 31 Aug 2022 23:22:56 -0400 Subject: [PATCH 53/98] build: Node.js@16.16 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 04d348df..ba9f2665 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,7 @@ jobs: node-version: "15.14" - name: Node.js 16.x - node-version: "16.15" + node-version: "16.16" - name: Node.js 17.x node-version: "17.9" From 7013c29db6c3363360efc37aa2ba561720693635 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 31 Aug 2022 23:23:09 -0400 Subject: [PATCH 54/98] build: Node.js@18.8 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ba9f2665..8d2f2411 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -111,7 +111,7 @@ jobs: node-version: "17.9" - name: Node.js 18.x - node-version: "18.2" + node-version: "18.8" steps: - uses: actions/checkout@v2 From fe2f823dde4ab84261d721d972066dc9fa0559fa Mon Sep 17 00:00:00 2001 From: cha147 Date: Wed, 13 Jul 2022 16:28:51 -0700 Subject: [PATCH 55/98] docs: fix typo in readme closes #467 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1149aff5..c507cbb0 100644 --- a/README.md +++ b/README.md @@ -346,7 +346,7 @@ call `req.setEncoding` when using this module. The `status` property is set to This error will occur when the request is no longer readable when this middleware attempts to read it. This typically means something other than a middleware from -this module read the reqest body already and the middleware was also configured to +this module read the request body already and the middleware was also configured to read the same request. The `status` property is set to `500` and the `type` property is set to `'stream.not.readable'`. From eb6dd964d49a0300aff35f66dee3633d3a10f190 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 31 Aug 2022 23:50:48 -0400 Subject: [PATCH 56/98] build: eslint@8.23.0 --- .github/workflows/ci.yml | 4 ++-- package.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8d2f2411..1950f8a5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -145,8 +145,8 @@ jobs: shell: bash run: | # eslint for linting - # - remove on Node.js < 10 - if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then + # - remove on Node.js < 12 + if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 12 ]]; then node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \ grep -E '^eslint(-|$)' | \ sort -r | \ diff --git a/package.json b/package.json index 083d672d..09a31e0f 100644 --- a/package.json +++ b/package.json @@ -23,12 +23,12 @@ "unpipe": "1.0.0" }, "devDependencies": { - "eslint": "7.32.0", + "eslint": "8.23.0", "eslint-config-standard": "14.1.1", "eslint-plugin-import": "2.25.4", "eslint-plugin-markdown": "2.2.1", "eslint-plugin-node": "11.1.0", - "eslint-plugin-promise": "5.2.0", + "eslint-plugin-promise": "6.0.1", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", "mocha": "10.0.0", From b274dd928fd6c97e00ea1cbd8734ff75e544d454 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 31 Aug 2022 23:56:38 -0400 Subject: [PATCH 57/98] build: eslint-plugin-markdown@3.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 09a31e0f..dedf260b 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "eslint": "8.23.0", "eslint-config-standard": "14.1.1", "eslint-plugin-import": "2.25.4", - "eslint-plugin-markdown": "2.2.1", + "eslint-plugin-markdown": "3.0.0", "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "6.0.1", "eslint-plugin-standard": "4.1.0", From 4aa84b70c298354e902edfc4a85ddfdc9fa905c8 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 31 Aug 2022 23:57:18 -0400 Subject: [PATCH 58/98] build: supertest@6.2.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index dedf260b..0848404f 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "mocha": "10.0.0", "nyc": "15.1.0", "safe-buffer": "5.2.1", - "supertest": "6.2.2" + "supertest": "6.2.4" }, "files": [ "lib/", From 40c3fff30b0d88763e89f1a41ed76d2cf8aa1b14 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 1 Sep 2022 00:02:49 -0400 Subject: [PATCH 59/98] deps: qs@6.11.0 --- HISTORY.md | 5 +++++ package.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index e114f6af..3fceb4f8 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,8 @@ +unreleased +========== + + * deps: qs@6.11.0 + 1.20.0 / 2022-04-02 =================== diff --git a/package.json b/package.json index 0848404f..308c50fc 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "http-errors": "2.0.0", "iconv-lite": "0.4.24", "on-finished": "2.4.1", - "qs": "6.10.3", + "qs": "6.11.0", "raw-body": "2.5.1", "type-is": "~1.6.18", "unpipe": "1.0.0" From 477ff13b9c608800cc25331e0de6da6cd4970ee3 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 1 Sep 2022 00:04:39 -0400 Subject: [PATCH 60/98] build: eslint-plugin-import@2.26.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 308c50fc..11e2d2cf 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "devDependencies": { "eslint": "8.23.0", "eslint-config-standard": "14.1.1", - "eslint-plugin-import": "2.25.4", + "eslint-plugin-import": "2.26.0", "eslint-plugin-markdown": "3.0.0", "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "6.0.1", From de1e6c2b390244e486f235151d8e6b9646f2122f Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 1 Sep 2022 00:05:39 -0400 Subject: [PATCH 61/98] build: Node.js@16.17 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1950f8a5..1e4a8e54 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,7 @@ jobs: node-version: "15.14" - name: Node.js 16.x - node-version: "16.16" + node-version: "16.17" - name: Node.js 17.x node-version: "17.9" From 0123e12d6b6db1bdb66b271b2822b5070096dc32 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 13 Sep 2022 18:32:40 -0400 Subject: [PATCH 62/98] build: Node.js@18.9 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e4a8e54..f39238be 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -111,7 +111,7 @@ jobs: node-version: "17.9" - name: Node.js 18.x - node-version: "18.8" + node-version: "18.9" steps: - uses: actions/checkout@v2 From f199e94b115de00feae7ae5559638c0c52019b2e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 6 Oct 2022 09:48:28 -0400 Subject: [PATCH 63/98] perf: remove unnecessary object clone --- HISTORY.md | 1 + index.js | 17 ++++++++--------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 3fceb4f8..f1860a7d 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -2,6 +2,7 @@ unreleased ========== * deps: qs@6.11.0 + * perf: remove unnecessary object clone 1.20.0 / 2022-04-02 =================== diff --git a/index.js b/index.js index 93c3a1ff..bb24d739 100644 --- a/index.js +++ b/index.js @@ -91,16 +91,15 @@ Object.defineProperty(exports, 'urlencoded', { */ function bodyParser (options) { - var opts = {} - - // exclude type option - if (options) { - for (var prop in options) { - if (prop !== 'type') { - opts[prop] = options[prop] - } + // use default type for parsers + var opts = Object.create(options || null, { + type: { + configurable: true, + enumerable: true, + value: undefined, + writable: true } - } + }) var _urlencoded = exports.urlencoded(opts) var _json = exports.json(opts) From 2c611fcda0fe54043eb8c914f1fde412ba9432c0 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 6 Oct 2022 09:53:43 -0400 Subject: [PATCH 64/98] build: Node.js@18.10 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f39238be..a6256308 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -111,7 +111,7 @@ jobs: node-version: "17.9" - name: Node.js 18.x - node-version: "18.9" + node-version: "18.10" steps: - uses: actions/checkout@v2 From 03b93cf9f11c201631a8cefa09df08feb6f2bb00 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 6 Oct 2022 09:55:18 -0400 Subject: [PATCH 65/98] build: supertest@6.3.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 11e2d2cf..1823ad91 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "mocha": "10.0.0", "nyc": "15.1.0", "safe-buffer": "5.2.1", - "supertest": "6.2.4" + "supertest": "6.3.0" }, "files": [ "lib/", From ecad1ccf9eefe61a4ba5b8354d914e262eba7648 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 6 Oct 2022 09:55:48 -0400 Subject: [PATCH 66/98] build: eslint@8.24.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 1823ad91..c1239e03 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "unpipe": "1.0.0" }, "devDependencies": { - "eslint": "8.23.0", + "eslint": "8.24.0", "eslint-config-standard": "14.1.1", "eslint-plugin-import": "2.26.0", "eslint-plugin-markdown": "3.0.0", From 830bdfbee021d540a742de857dcbd43f40563a02 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 6 Oct 2022 09:57:05 -0400 Subject: [PATCH 67/98] 1.20.1 --- HISTORY.md | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index f1860a7d..fb212b36 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,5 +1,5 @@ -unreleased -========== +1.20.1 / 2022-10-06 +=================== * deps: qs@6.11.0 * perf: remove unnecessary object clone diff --git a/package.json b/package.json index c1239e03..9cd2ccbb 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "body-parser", "description": "Node.js body parsing middleware", - "version": "1.20.0", + "version": "1.20.1", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)" From 48e18ea00b40dfdd89d18320e368f7b7f138f654 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 18 Oct 2022 11:22:23 -0400 Subject: [PATCH 68/98] build: mocha@10.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9cd2ccbb..7da26116 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "eslint-plugin-promise": "6.0.1", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", - "mocha": "10.0.0", + "mocha": "10.1.0", "nyc": "15.1.0", "safe-buffer": "5.2.1", "supertest": "6.3.0" From 9f44f7b8b42261dd1b7c99137f1bb30954a1d0c8 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 19 Oct 2022 12:23:05 -0400 Subject: [PATCH 69/98] build: actions/checkout@v3 --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a6256308..05c8ed9e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -114,7 +114,7 @@ jobs: node-version: "18.10" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Install Node.js ${{ matrix.node-version }} shell: bash -eo pipefail -l {0} @@ -200,7 +200,7 @@ jobs: needs: test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Install lcov shell: bash From d22513a246fd50c593bd0783ee34082a13738365 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 19 Oct 2022 12:40:10 -0400 Subject: [PATCH 70/98] build: actions/upload-artifact@v3 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 05c8ed9e..0a442087 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -189,7 +189,7 @@ jobs: fi - name: Upload code coverage - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 if: steps.list_env.outputs.nyc != '' with: name: coverage From b17df320b7fc9203f88ea305626d3dd11c6d881d Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 19 Oct 2022 12:58:49 -0400 Subject: [PATCH 71/98] build: use $GITHUB_OUTPUT for environment list --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a442087..49737830 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -163,7 +163,7 @@ jobs: echo "node@$(node -v)" echo "npm@$(npm -v)" npm -s ls ||: - (npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print "::set-output name=" $2 "::" $3 }' + (npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print $2 "=" $3 }' >> "$GITHUB_OUTPUT" - name: Run tests shell: bash From dad8f345c7d8424cb71b18a6060198040ad5ec04 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 19 Oct 2022 13:01:34 -0400 Subject: [PATCH 72/98] build: actions/download-artifact@v3 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49737830..e8ffb2d4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -207,7 +207,7 @@ jobs: run: sudo apt-get -y install lcov - name: Collect coverage reports - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: coverage path: ./coverage From 850832feac26b963cc54941263cbf8a211e2de6d Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sat, 7 Jan 2023 20:03:42 -0500 Subject: [PATCH 73/98] build: Node.js@18.13 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e8ffb2d4..166a88a2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -111,7 +111,7 @@ jobs: node-version: "17.9" - name: Node.js 18.x - node-version: "18.10" + node-version: "18.13" steps: - uses: actions/checkout@v3 From 8ff995f9697afef32d89905e56cb48c379894880 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 8 Jan 2023 00:12:02 -0500 Subject: [PATCH 74/98] docs: switch badges to badgen --- README.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index c507cbb0..38553bf7 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # body-parser -[![NPM Version][npm-image]][npm-url] -[![NPM Downloads][downloads-image]][downloads-url] -[![Build Status][github-actions-ci-image]][github-actions-ci-url] +[![NPM Version][npm-version-image]][npm-url] +[![NPM Downloads][npm-downloads-image]][npm-url] +[![Build Status][ci-image]][ci-url] [![Test Coverage][coveralls-image]][coveralls-url] Node.js body parsing middleware. @@ -454,11 +454,12 @@ app.use(bodyParser.text({ type: 'text/html' })) [MIT](LICENSE) -[npm-image]: https://img.shields.io/npm/v/body-parser.svg -[npm-url]: https://npmjs.org/package/body-parser -[coveralls-image]: https://img.shields.io/coveralls/expressjs/body-parser/master.svg +[ci-image]: https://badgen.net/github/checks/expressjs/body-parser/master?label=ci +[ci-url]: https://github.com/expressjs/body-parser/actions/workflows/ci.yml +[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/body-parser/master [coveralls-url]: https://coveralls.io/r/expressjs/body-parser?branch=master -[downloads-image]: https://img.shields.io/npm/dm/body-parser.svg -[downloads-url]: https://npmjs.org/package/body-parser -[github-actions-ci-image]: https://img.shields.io/github/workflow/status/expressjs/body-parser/ci/master?label=ci -[github-actions-ci-url]: https://github.com/expressjs/body-parser/actions/workflows/ci.yml +[node-version-image]: https://badgen.net/npm/node/body-parser +[node-version-url]: https://nodejs.org/en/download +[npm-downloads-image]: https://badgen.net/npm/dm/body-parser +[npm-url]: https://npmjs.org/package/body-parser +[npm-version-image]: https://badgen.net/npm/v/body-parser From 69bb649e68ae7419094dc84cbca818c15ee6cfd3 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Sun, 8 Jan 2023 00:20:56 -0500 Subject: [PATCH 75/98] build: Node.js@16.19 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 166a88a2..e3f1849c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -105,7 +105,7 @@ jobs: node-version: "15.14" - name: Node.js 16.x - node-version: "16.17" + node-version: "16.19" - name: Node.js 17.x node-version: "17.9" From 7ebf276354c63d66fc4120b7f32821d88657d28e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 16 Jan 2023 21:54:19 -0500 Subject: [PATCH 76/98] build: eslint@8.32.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7da26116..d70f6853 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "unpipe": "1.0.0" }, "devDependencies": { - "eslint": "8.24.0", + "eslint": "8.32.0", "eslint-config-standard": "14.1.1", "eslint-plugin-import": "2.26.0", "eslint-plugin-markdown": "3.0.0", From 6a464ab7b8556a4d5743520f27da703cacc22997 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 16 Jan 2023 21:58:32 -0500 Subject: [PATCH 77/98] build: eslint-plugin-import@2.27.5 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d70f6853..e371a96a 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "devDependencies": { "eslint": "8.32.0", "eslint-config-standard": "14.1.1", - "eslint-plugin-import": "2.26.0", + "eslint-plugin-import": "2.27.5", "eslint-plugin-markdown": "3.0.0", "eslint-plugin-node": "11.1.0", "eslint-plugin-promise": "6.0.1", From cba6e770d5e5654e2015e532e20b44d0a37e522e Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 20 Jan 2023 19:55:40 -0500 Subject: [PATCH 78/98] build: mocha@10.2.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e371a96a..9f342661 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ "eslint-plugin-promise": "6.0.1", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", - "mocha": "10.1.0", + "mocha": "10.2.0", "nyc": "15.1.0", "safe-buffer": "5.2.1", "supertest": "6.3.0" From 8e605b3d9f3a1bc59793b20c3213f2ac4ff4f584 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 20 Jan 2023 19:58:25 -0500 Subject: [PATCH 79/98] build: supertest@6.3.3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9f342661..4a6aeb71 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "mocha": "10.2.0", "nyc": "15.1.0", "safe-buffer": "5.2.1", - "supertest": "6.3.0" + "supertest": "6.3.3" }, "files": [ "lib/", From 5af7315dd00c300be5ac4b12c023ff670e2c8d1a Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Fri, 20 Jan 2023 20:03:14 -0500 Subject: [PATCH 80/98] build: eslint-plugin-promise@6.1.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 4a6aeb71..dc408826 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "eslint-plugin-import": "2.27.5", "eslint-plugin-markdown": "3.0.0", "eslint-plugin-node": "11.1.0", - "eslint-plugin-promise": "6.0.1", + "eslint-plugin-promise": "6.1.1", "eslint-plugin-standard": "4.1.0", "methods": "1.1.2", "mocha": "10.2.0", From 6842efc2e68b986825d0072b7cf27e9921599044 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 31 Jan 2023 22:54:53 -0500 Subject: [PATCH 81/98] deps: content-type@~1.0.5 --- HISTORY.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index fb212b36..4b897014 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,9 @@ +unreleased +========== + + * deps: content-type@~1.0.5 + - perf: skip value escaping when unnecessary + 1.20.1 / 2022-10-06 =================== diff --git a/package.json b/package.json index dc408826..b6abc055 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "repository": "expressjs/body-parser", "dependencies": { "bytes": "3.1.2", - "content-type": "~1.0.4", + "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", From f345fb1ff2e74045010d83bce30ef99950a709c2 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 1 Feb 2023 23:09:43 -0500 Subject: [PATCH 82/98] build: Node.js@14.21 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e3f1849c..5b493b71 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -99,7 +99,7 @@ jobs: npm-i: mocha@9.2.2 - name: Node.js 14.x - node-version: "14.20" + node-version: "14.21" - name: Node.js 15.x node-version: "15.14" From f0646c2b13e85a1dec771bc7a1239f4e3a25c582 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 1 Feb 2023 23:12:33 -0500 Subject: [PATCH 83/98] build: Node.js@18.14 --- .github/workflows/ci.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b493b71..952f1252 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -111,7 +111,7 @@ jobs: node-version: "17.9" - name: Node.js 18.x - node-version: "18.13" + node-version: "18.14" steps: - uses: actions/checkout@v3 @@ -131,7 +131,12 @@ jobs: dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH" - name: Configure npm - run: npm config set shrinkwrap false + run: | + if [[ "$(npm config get package-lock)" == "true" ]]; then + npm config set package-lock false + else + npm config set shrinkwrap false + fi - name: Remove npm module(s) ${{ matrix.npm-rm }} run: npm rm --silent --save-dev ${{ matrix.npm-rm }} From 2c35b413c25dc9212aaf6486b2d0d6e0b8e2e6f9 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Mon, 20 Feb 2023 22:41:44 -0500 Subject: [PATCH 84/98] build: eslint@8.34.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index b6abc055..2c990b8a 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,7 @@ "unpipe": "1.0.0" }, "devDependencies": { - "eslint": "8.32.0", + "eslint": "8.34.0", "eslint-config-standard": "14.1.1", "eslint-plugin-import": "2.27.5", "eslint-plugin-markdown": "3.0.0", From 038587229c4409c7939d73df804c115da37fb3e8 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 21 Feb 2023 17:59:40 -0500 Subject: [PATCH 85/98] deps: raw-body@2.5.2 --- HISTORY.md | 1 + package.json | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 4b897014..e7ac6f56 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -3,6 +3,7 @@ unreleased * deps: content-type@~1.0.5 - perf: skip value escaping when unnecessary + * deps: raw-body@2.5.2 1.20.1 / 2022-10-06 =================== diff --git a/package.json b/package.json index 2c990b8a..c5ea0bfc 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.11.0", - "raw-body": "2.5.1", + "raw-body": "2.5.2", "type-is": "~1.6.18", "unpipe": "1.0.0" }, From 368a93a613a1ac6cbdec9694f4018e707b3c1f50 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 21 Feb 2023 18:21:59 -0500 Subject: [PATCH 86/98] Fix strict json error message on Node.js 19+ closes #475 --- .github/workflows/ci.yml | 4 ++++ HISTORY.md | 1 + lib/types/json.js | 19 +++++++++++++++---- test/json.js | 8 ++++---- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 952f1252..4304a344 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,6 +31,7 @@ jobs: - Node.js 16.x - Node.js 17.x - Node.js 18.x + - Node.js 19.x include: - name: Node.js 0.8 @@ -113,6 +114,9 @@ jobs: - name: Node.js 18.x node-version: "18.14" + - name: Node.js 19.x + node-version: "19.7" + steps: - uses: actions/checkout@v3 diff --git a/HISTORY.md b/HISTORY.md index e7ac6f56..cb375d3a 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,6 +1,7 @@ unreleased ========== + * Fix strict json error message on Node.js 19+ * deps: content-type@~1.0.5 - perf: skip value escaping when unnecessary * deps: raw-body@2.5.2 diff --git a/lib/types/json.js b/lib/types/json.js index c2745be3..59f3f7e2 100644 --- a/lib/types/json.js +++ b/lib/types/json.js @@ -39,6 +39,9 @@ module.exports = json var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex +var JSON_SYNTAX_CHAR = '#' +var JSON_SYNTAX_REGEXP = /#+/g + /** * Create a middleware to parse JSON bodies. * @@ -152,15 +155,23 @@ function json (options) { function createStrictSyntaxError (str, char) { var index = str.indexOf(char) - var partial = index !== -1 - ? str.substring(0, index) + '#' - : '' + var partial = '' + + if (index !== -1) { + partial = str.substring(0, index) + JSON_SYNTAX_CHAR + + for (var i = index + 1; i < str.length; i++) { + partial += JSON_SYNTAX_CHAR + } + } try { JSON.parse(partial); /* istanbul ignore next */ throw new SyntaxError('strict violation') } catch (e) { return normalizeJsonSyntaxError(e, { - message: e.message.replace('#', char), + message: e.message.replace(JSON_SYNTAX_REGEXP, function (placeholder) { + return str.substring(index, index + placeholder.length) + }), stack: e.stack }) } diff --git a/test/json.js b/test/json.js index 4d686763..c76ea138 100644 --- a/test/json.js +++ b/test/json.js @@ -245,7 +245,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send('true') - .expect(400, '[entity.parse.failed] ' + parseError('#rue').replace('#', 't'), done) + .expect(400, '[entity.parse.failed] ' + parseError('#rue').replace(/#/g, 't'), done) }) }) @@ -273,7 +273,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send('true') - .expect(400, '[entity.parse.failed] ' + parseError('#rue').replace('#', 't'), done) + .expect(400, '[entity.parse.failed] ' + parseError('#rue').replace(/#/g, 't'), done) }) it('should not parse primitives with leading whitespaces', function (done) { @@ -281,7 +281,7 @@ describe('bodyParser.json()', function () { .post('/') .set('Content-Type', 'application/json') .send(' true') - .expect(400, '[entity.parse.failed] ' + parseError(' #rue').replace('#', 't'), done) + .expect(400, '[entity.parse.failed] ' + parseError(' #rue').replace(/#/g, 't'), done) }) it('should allow leading whitespaces in JSON', function (done) { @@ -299,7 +299,7 @@ describe('bodyParser.json()', function () { .set('X-Error-Property', 'stack') .send('true') .expect(400) - .expect(shouldContainInBody(parseError('#rue').replace('#', 't'))) + .expect(shouldContainInBody(parseError('#rue').replace(/#/g, 't'))) .end(done) }) }) From ee91374eae1555af679550b1d2fb5697d9924109 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 21 Feb 2023 20:25:54 -0500 Subject: [PATCH 87/98] 1.20.2 --- HISTORY.md | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index cb375d3a..b8924919 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,5 +1,5 @@ -unreleased -========== +1.20.2 / 2023-02-21 +=================== * Fix strict json error message on Node.js 19+ * deps: content-type@~1.0.5 diff --git a/package.json b/package.json index c5ea0bfc..46373043 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "body-parser", "description": "Node.js body parsing middleware", - "version": "1.20.1", + "version": "1.20.2", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)" From 5287a442a91308c6bad5b6e3a83daa9c70eaa2d7 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 21 Feb 2023 21:11:11 -0500 Subject: [PATCH 88/98] deps: raw-body@3.0.0-beta.1 --- HISTORY.md | 3 +++ package.json | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index bf89141e..24208990 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -3,6 +3,9 @@ This incorporates all changes after 1.19.1 up to 1.20.2. + * deps: raw-body@3.0.0-beta.1 + - deps: iconv-lite@0.5.2 + 2.0.0-beta.1 / 2021-12-17 ========================= diff --git a/package.json b/package.json index 99f2b20d..ec41dc13 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,7 @@ "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.11.0", - "raw-body": "2.5.2", + "raw-body": "3.0.0-beta.1", "type-is": "~1.6.18", "unpipe": "1.0.0" }, From 28192d690d9b266f65a198ca660780921c981f98 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 21 Feb 2023 21:22:19 -0500 Subject: [PATCH 89/98] deps: iconv-lite@0.5.2 --- HISTORY.md | 4 +++- package.json | 2 +- test/json.js | 7 +++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 24208990..8ab9008c 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -3,8 +3,10 @@ This incorporates all changes after 1.19.1 up to 1.20.2. + * deps: iconv-lite@0.5.2 + - Add encoding cp720 + - Add encoding UTF-32 * deps: raw-body@3.0.0-beta.1 - - deps: iconv-lite@0.5.2 2.0.0-beta.1 / 2021-12-17 ========================= diff --git a/package.json b/package.json index ec41dc13..4ab4d26f 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,7 @@ "depd": "2.0.0", "destroy": "1.2.0", "http-errors": "2.0.0", - "iconv-lite": "0.4.24", + "iconv-lite": "0.5.2", "on-finished": "2.4.1", "qs": "6.11.0", "raw-body": "3.0.0-beta.1", diff --git a/test/json.js b/test/json.js index 44262edd..d591420d 100644 --- a/test/json.js +++ b/test/json.js @@ -616,6 +616,13 @@ describe('bodyParser.json()', function () { test.expect(200, '{"name":"论"}', done) }) + it('should parse utf-32', function (done) { + var test = request(this.server).post('/') + test.set('Content-Type', 'application/json; charset=utf-32') + test.write(Buffer.from('fffe00007b000000220000006e000000610000006d00000065000000220000003a00000022000000ba8b0000220000007d000000', 'hex')) + test.expect(200, '{"name":"论"}', done) + }) + it('should parse when content-length != char length', function (done) { var test = request(this.server).post('/') test.set('Content-Type', 'application/json; charset=utf-8') From f8424b1d994fef9ae8313bd5aefbfbca67e51844 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 21 Feb 2023 21:39:12 -0500 Subject: [PATCH 90/98] deps: debug@3.1.0 --- HISTORY.md | 6 ++++++ package.json | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/HISTORY.md b/HISTORY.md index 8ab9008c..6f5cbf1b 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -3,6 +3,12 @@ This incorporates all changes after 1.19.1 up to 1.20.2. + * deps: debug@3.1.0 + - Add `DEBUG_HIDE_DATE` environment variable + - Change timer to per-namespace instead of global + - Change non-TTY date format + - Remove `DEBUG_FD` environment variable support + - Support 256 namespace colors * deps: iconv-lite@0.5.2 - Add encoding cp720 - Add encoding UTF-32 diff --git a/package.json b/package.json index 4ab4d26f..8a252b0c 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "dependencies": { "bytes": "3.1.2", "content-type": "~1.0.5", - "debug": "2.6.9", + "debug": "3.1.0", "depd": "2.0.0", "destroy": "1.2.0", "http-errors": "2.0.0", From 42de1bf19e42c6d447dae1b3e8469b04264b9722 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Tue, 21 Feb 2023 22:25:33 -0500 Subject: [PATCH 91/98] build: remove conditional code coverage --- .github/workflows/ci.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c66c39ab..dd2e145b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -159,19 +159,14 @@ jobs: - name: Run tests shell: bash run: | - if npm -ps ls nyc | grep -q nyc; then - npm run test-ci - cp coverage/lcov.info "coverage/${{ matrix.name }}.lcov" - else - npm test - fi + npm run test-ci + cp coverage/lcov.info "coverage/${{ matrix.name }}.lcov" - name: Lint code if: steps.list_env.outputs.eslint != '' run: npm run lint - name: Collect code coverage - if: steps.list_env.outputs.nyc != '' run: | if [[ -d ./coverage ]]; then mv ./coverage "./${{ matrix.name }}" @@ -181,7 +176,6 @@ jobs: - name: Upload code coverage uses: actions/upload-artifact@v3 - if: steps.list_env.outputs.nyc != '' with: name: coverage path: ./coverage From 4d7b8211aaaf3a068759b3eea1581d873bf347d1 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 22 Feb 2023 00:14:14 -0500 Subject: [PATCH 92/98] Remove deprecated bodyParser() combination middleware --- HISTORY.md | 1 + index.js | 32 +-------- package.json | 1 - test/body-parser.js | 154 +------------------------------------------- 4 files changed, 7 insertions(+), 181 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 6f5cbf1b..ca596c6f 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -3,6 +3,7 @@ This incorporates all changes after 1.19.1 up to 1.20.2. + * Remove deprecated `bodyParser()` combination middleware * deps: debug@3.1.0 - Add `DEBUG_HIDE_DATE` environment variable - Change timer to per-namespace instead of global diff --git a/index.js b/index.js index bb24d739..81fb9046 100644 --- a/index.js +++ b/index.js @@ -6,13 +6,6 @@ 'use strict' -/** - * Module dependencies. - * @private - */ - -var deprecate = require('depd')('body-parser') - /** * Cache of loaded parsers. * @private @@ -34,8 +27,7 @@ var parsers = Object.create(null) * @type {Parsers} */ -exports = module.exports = deprecate.function(bodyParser, - 'bodyParser: use individual json/urlencoded middlewares') +exports = module.exports = bodyParser /** * JSON parser. @@ -90,26 +82,8 @@ Object.defineProperty(exports, 'urlencoded', { * @public */ -function bodyParser (options) { - // use default type for parsers - var opts = Object.create(options || null, { - type: { - configurable: true, - enumerable: true, - value: undefined, - writable: true - } - }) - - var _urlencoded = exports.urlencoded(opts) - var _json = exports.json(opts) - - return function bodyParser (req, res, next) { - _json(req, res, function (err) { - if (err) return next(err) - _urlencoded(req, res, next) - }) - } +function bodyParser () { + throw new Error('The bodyParser() generic has been split into individual middleware to use instead.') } /** diff --git a/package.json b/package.json index 8a252b0c..ed977c2c 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,6 @@ "bytes": "3.1.2", "content-type": "~1.0.5", "debug": "3.1.0", - "depd": "2.0.0", "destroy": "1.2.0", "http-errors": "2.0.0", "iconv-lite": "0.5.2", diff --git a/test/body-parser.js b/test/body-parser.js index 2fbd8ed0..ec3f6fb9 100644 --- a/test/body-parser.js +++ b/test/body-parser.js @@ -1,158 +1,10 @@ -var http = require('http') -var methods = require('methods') -var request = require('supertest') +var assert = require('assert') var bodyParser = require('..') describe('bodyParser()', function () { - before(function () { - this.server = createServer() - }) - - it('should default req.body to undefined', function (done) { - request(this.server) - .post('/') - .expect(200, 'undefined', done) - }) - - it('should parse JSON', function (done) { - request(this.server) - .post('/') - .set('Content-Type', 'application/json') - .send('{"user":"tobi"}') - .expect(200, '{"user":"tobi"}', done) - }) - - it('should parse x-www-form-urlencoded', function (done) { - request(this.server) - .post('/') - .set('Content-Type', 'application/x-www-form-urlencoded') - .send('user=tobi') - .expect(200, '{"user":"tobi"}', done) - }) - - it('should handle duplicated middleware', function (done) { - var _bodyParser = bodyParser() - var server = http.createServer(function (req, res) { - _bodyParser(req, res, function (err0) { - _bodyParser(req, res, function (err1) { - var err = err0 || err1 - res.statusCode = err ? (err.status || 500) : 200 - res.end(err ? err.message : JSON.stringify(req.body)) - }) - }) - }) - - request(server) - .post('/') - .set('Content-Type', 'application/json') - .send('{"user":"tobi"}') - .expect(200, '{"user":"tobi"}', done) - }) - - describe('http methods', function () { - before(function () { - var _bodyParser = bodyParser() - - this.server = http.createServer(function (req, res) { - _bodyParser(req, res, function (err) { - if (err) { - res.statusCode = 500 - res.end(err.message) - return - } - - res.statusCode = req.headers['x-expect-method'] === req.method - ? req.body.user === 'tobi' - ? 201 - : 400 - : 405 - res.end() - }) - }) - }) - - methods.slice().sort().forEach(function (method) { - if (method === 'connect') { - // except CONNECT - return - } - - it('should support ' + method.toUpperCase() + ' requests', function (done) { - request(this.server)[method]('/') - .set('Content-Type', 'application/json') - .set('Content-Length', '15') - .set('X-Expect-Method', method.toUpperCase()) - .send('{"user":"tobi"}') - .expect(201, done) - }) - }) - }) - - describe('with type option', function () { - before(function () { - this.server = createServer({ limit: '1mb', type: 'application/octet-stream' }) - }) - - it('should parse JSON', function (done) { - request(this.server) - .post('/') - .set('Content-Type', 'application/json') - .send('{"user":"tobi"}') - .expect(200, '{"user":"tobi"}', done) - }) - - it('should parse x-www-form-urlencoded', function (done) { - request(this.server) - .post('/') - .set('Content-Type', 'application/x-www-form-urlencoded') - .send('user=tobi') - .expect(200, '{"user":"tobi"}', done) - }) - }) - - describe('with verify option', function () { - it('should apply to json', function (done) { - var server = createServer({ - verify: function (req, res, buf) { - if (buf[0] === 0x20) throw new Error('no leading space') - } - }) - - request(server) - .post('/') - .set('Content-Type', 'application/json') - .send(' {"user":"tobi"}') - .expect(403, '[entity.verify.failed] no leading space', done) - }) - - it('should apply to urlencoded', function (done) { - var server = createServer({ - verify: function (req, res, buf) { - if (buf[0] === 0x20) throw new Error('no leading space') - } - }) - - request(server) - .post('/') - .set('Content-Type', 'application/x-www-form-urlencoded') - .send(' user=tobi') - .expect(403, '[entity.verify.failed] no leading space', done) - }) + it('should throw an error', function () { + assert.throws(bodyParser, /bodyParser\(\) generic has been split/) }) }) - -function createServer (opts) { - var _bodyParser = bodyParser(opts) - - return http.createServer(function (req, res) { - _bodyParser(req, res, function (err) { - res.statusCode = err ? (err.status || 500) : 200 - res.end(err - ? ('[' + err.type + '] ' + err.message) - : (JSON.stringify(req.body) || typeof req.body) - ) - }) - }) -} From 87e60af4cb11a699443e1511930a2714c67c4bc2 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Wed, 22 Feb 2023 18:40:33 -0500 Subject: [PATCH 93/98] tests: enable strict mode --- test/body-parser.js | 1 + test/json.js | 1 + test/raw.js | 1 + test/text.js | 1 + test/urlencoded.js | 1 + 5 files changed, 5 insertions(+) diff --git a/test/body-parser.js b/test/body-parser.js index ec3f6fb9..0297471c 100644 --- a/test/body-parser.js +++ b/test/body-parser.js @@ -1,3 +1,4 @@ +'use strict' var assert = require('assert') diff --git a/test/json.js b/test/json.js index d591420d..1040d56b 100644 --- a/test/json.js +++ b/test/json.js @@ -1,3 +1,4 @@ +'use strict' var assert = require('assert') var asyncHooks = tryRequire('async_hooks') diff --git a/test/raw.js b/test/raw.js index 34acc537..fd2f3326 100644 --- a/test/raw.js +++ b/test/raw.js @@ -1,3 +1,4 @@ +'use strict' var assert = require('assert') var asyncHooks = tryRequire('async_hooks') diff --git a/test/text.js b/test/text.js index 2d75f06b..ec35d9b4 100644 --- a/test/text.js +++ b/test/text.js @@ -1,3 +1,4 @@ +'use strict' var assert = require('assert') var asyncHooks = tryRequire('async_hooks') diff --git a/test/urlencoded.js b/test/urlencoded.js index 4e16aa8f..8be8a5a0 100644 --- a/test/urlencoded.js +++ b/test/urlencoded.js @@ -1,3 +1,4 @@ +'use strict' var assert = require('assert') var asyncHooks = tryRequire('async_hooks') From b53363c79edc01ebaf14f4e9f1dace62361b7d96 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 23 Feb 2023 16:42:32 -0500 Subject: [PATCH 94/98] docs: add missing history entry --- HISTORY.md | 1 + 1 file changed, 1 insertion(+) diff --git a/HISTORY.md b/HISTORY.md index ca596c6f..a85a55ae 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -18,6 +18,7 @@ This incorporates all changes after 1.19.1 up to 1.20.2. 2.0.0-beta.1 / 2021-12-17 ========================= + * Drop support for Node.js 0.8 * `req.body` is no longer always initialized to `{}` - it is left `undefined` unless a body is parsed * `urlencoded` parser now defaults `extended` to `false` From fccaf4879e960d5e8b105759d39d4fc5ecf2f4e4 Mon Sep 17 00:00:00 2001 From: Douglas Christopher Wilson Date: Thu, 23 Feb 2023 16:57:45 -0500 Subject: [PATCH 95/98] 2.0.0-beta.2 --- HISTORY.md | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index a85a55ae..ea0e0dae 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,5 +1,5 @@ -2.x -=== +2.0.0-beta.2 / 2023-02-23 +========================= This incorporates all changes after 1.19.1 up to 1.20.2. diff --git a/package.json b/package.json index ed977c2c..5201dea5 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "body-parser", "description": "Node.js body parsing middleware", - "version": "2.0.0-beta.1", + "version": "2.0.0-beta.2", "contributors": [ "Douglas Christopher Wilson ", "Jonathan Ong (http://jongleberry.com)" From ddf9b7546c54c6fd39f974083f13e515e79bf094 Mon Sep 17 00:00:00 2001 From: Wes Todd Date: Mon, 22 Jul 2024 15:12:15 -0700 Subject: [PATCH 96/98] feat!: remove node less than 18 from ci --- .github/workflows/ci.yml | 134 ++++++--------------------------------- 1 file changed, 19 insertions(+), 115 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dd2e145b..88c36557 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,8 +1,15 @@ name: ci on: -- pull_request -- push + push: + branches: + - master + - '2.x' + paths-ignore: + - '*.md' + pull_request: + paths-ignore: + - '*.md' jobs: test: @@ -10,109 +17,22 @@ jobs: strategy: matrix: name: - - Node.js 0.10 - - Node.js 0.12 - - io.js 1.x - - io.js 2.x - - io.js 3.x - - Node.js 4.x - - Node.js 5.x - - Node.js 6.x - - Node.js 7.x - - Node.js 8.x - - Node.js 9.x - - Node.js 10.x - - Node.js 11.x - - Node.js 12.x - - Node.js 13.x - - Node.js 14.x - - Node.js 15.x - - Node.js 16.x - - Node.js 17.x - Node.js 18.x - - Node.js 19.x + - Node.js 20.x + - Node.js 22.x include: - - name: Node.js 0.10 - node-version: "0.10" - npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - - - name: Node.js 0.12 - node-version: "0.12" - npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - - - name: io.js 1.x - node-version: "1.8" - npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - - - name: io.js 2.x - node-version: "2.5" - npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - - - name: io.js 3.x - node-version: "3.3" - npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0 - - - name: Node.js 4.x - node-version: "4.9" - npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2 - - - name: Node.js 5.x - node-version: "5.12" - npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2 - - - name: Node.js 6.x - node-version: "6.17" - npm-i: mocha@6.2.2 nyc@14.1.1 supertest@6.1.6 - - - name: Node.js 7.x - node-version: "7.10" - npm-i: mocha@6.2.2 nyc@14.1.1 supertest@6.1.6 - - - name: Node.js 8.x - node-version: "8.17" - npm-i: mocha@7.2.0 - - - name: Node.js 9.x - node-version: "9.11" - npm-i: mocha@7.2.0 - - - name: Node.js 10.x - node-version: "10.24" - npm-i: mocha@8.4.0 - - - name: Node.js 11.x - node-version: "11.15" - npm-i: mocha@8.4.0 - - - name: Node.js 12.x - node-version: "12.22" - npm-i: mocha@9.2.2 - - - name: Node.js 13.x - node-version: "13.14" - npm-i: mocha@9.2.2 - - - name: Node.js 14.x - node-version: "14.21" - - - name: Node.js 15.x - node-version: "15.14" - - - name: Node.js 16.x - node-version: "16.19" - - - name: Node.js 17.x - node-version: "17.9" - - name: Node.js 18.x - node-version: "18.14" + node-version: "18" - - name: Node.js 19.x - node-version: "19.7" + - name: Node.js 20.x + node-version: "20" + + - name: Node.js 22.x + node-version: "22" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Node.js ${{ matrix.node-version }} shell: bash -eo pipefail -l {0} @@ -128,22 +48,6 @@ jobs: npm config set shrinkwrap false fi - - name: Install npm module(s) ${{ matrix.npm-i }} - run: npm install --save-dev ${{ matrix.npm-i }} - if: matrix.npm-i != '' - - - name: Setup Node.js version-specific dependencies - shell: bash - run: | - # eslint for linting - # - remove on Node.js < 12 - if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 12 ]]; then - node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \ - grep -E '^eslint(-|$)' | \ - sort -r | \ - xargs -n1 npm rm --silent --save-dev - fi - - name: Install Node.js dependencies run: npm install @@ -185,7 +89,7 @@ jobs: needs: test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install lcov shell: bash From 7eb00cdc9b3c3a73ce51aefba899afab67bc8abc Mon Sep 17 00:00:00 2001 From: Andreas Lind Date: Thu, 25 Jul 2024 01:38:43 +0200 Subject: [PATCH 97/98] Also use the qs module for the simple parser (#387) * Always use the qs module, even in simple mode https://github.com/expressjs/body-parser/pull/326#issuecomment-521823039 * Create the simple and extended parser with the same function, reducing duplication * Don't mention the querystring module in the README * Fix lint --- README.md | 10 ++--- lib/types/urlencoded.js | 91 +++++------------------------------------ 2 files changed, 14 insertions(+), 87 deletions(-) diff --git a/README.md b/README.md index c9cbf023..c67f27e9 100644 --- a/README.md +++ b/README.md @@ -228,12 +228,10 @@ any of the following keys: ##### extended -The `extended` option allows to choose between parsing the URL-encoded data -with the `querystring` library (when `false`) or the `qs` library (when -`true`). The "extended" syntax allows for rich objects and arrays to be -encoded into the URL-encoded format, allowing for a JSON-like experience -with URL-encoded. For more information, please -[see the qs library](https://www.npmjs.org/package/qs#readme). +The "extended" syntax allows for rich objects and arrays to be encoded into the +URL-encoded format, allowing for a JSON-like experience with URL-encoded. For +more information, please [see the qs +library](https://www.npmjs.org/package/qs#readme). Defaults to `false`. diff --git a/lib/types/urlencoded.js b/lib/types/urlencoded.js index f4ba2cd0..6bef1141 100644 --- a/lib/types/urlencoded.js +++ b/lib/types/urlencoded.js @@ -19,6 +19,7 @@ var debug = require('debug')('body-parser:urlencoded') var isFinished = require('on-finished').isFinished var read = require('../read') var typeis = require('type-is') +var qs = require('qs') /** * Module exports. @@ -26,12 +27,6 @@ var typeis = require('type-is') module.exports = urlencoded -/** - * Cache of parser modules. - */ - -var parsers = Object.create(null) - /** * Create a middleware to parse urlencoded bodies. * @@ -56,9 +51,7 @@ function urlencoded (options) { } // create the appropriate query parser - var queryparse = extended - ? extendedparser(opts) - : simpleparser(opts) + var queryparse = createQueryParser(opts, extended) // create the appropriate type checking function var shouldParse = typeof type !== 'function' @@ -126,11 +119,10 @@ function urlencoded (options) { * @param {object} options */ -function extendedparser (options) { +function createQueryParser (options, extended) { var parameterLimit = options.parameterLimit !== undefined ? options.parameterLimit : 1000 - var parse = parser('qs') if (isNaN(parameterLimit) || parameterLimit < 1) { throw new TypeError('option parameterLimit must be a positive number') @@ -140,6 +132,8 @@ function extendedparser (options) { parameterLimit = parameterLimit | 0 } + var depth = extended ? Infinity : 0 + return function queryparse (body) { var paramCount = parameterCount(body, parameterLimit) @@ -150,13 +144,14 @@ function extendedparser (options) { }) } - var arrayLimit = Math.max(100, paramCount) + var arrayLimit = extended ? Math.max(100, paramCount) : 0 + + debug('parse ' + (extended ? 'extended ' : '') + 'urlencoding') - debug('parse extended urlencoding') - return parse(body, { + return qs.parse(body, { allowPrototypes: true, arrayLimit: arrayLimit, - depth: Infinity, + depth: depth, parameterLimit: parameterLimit }) } @@ -201,72 +196,6 @@ function parameterCount (body, limit) { return count } -/** - * Get parser for module name dynamically. - * - * @param {string} name - * @return {function} - * @api private - */ - -function parser (name) { - var mod = parsers[name] - - if (mod !== undefined) { - return mod.parse - } - - // this uses a switch for static require analysis - switch (name) { - case 'qs': - mod = require('qs') - break - case 'querystring': - mod = require('querystring') - break - } - - // store to prevent invoking require() - parsers[name] = mod - - return mod.parse -} - -/** - * Get the simple query parser. - * - * @param {object} options - */ - -function simpleparser (options) { - var parameterLimit = options.parameterLimit !== undefined - ? options.parameterLimit - : 1000 - var parse = parser('querystring') - - if (isNaN(parameterLimit) || parameterLimit < 1) { - throw new TypeError('option parameterLimit must be a positive number') - } - - if (isFinite(parameterLimit)) { - parameterLimit = parameterLimit | 0 - } - - return function queryparse (body) { - var paramCount = parameterCount(body, parameterLimit) - - if (paramCount === undefined) { - debug('too many parameters') - throw createError(413, 'too many parameters', { - type: 'parameters.too.many' - }) - } - - debug('parse urlencoding') - return parse(body, undefined, undefined, { maxKeys: parameterLimit }) - } -} - /** * Get the simple type checker. * From 35b50b5562020225f3c40471cfdbd34d760be1a8 Mon Sep 17 00:00:00 2001 From: Wes Todd Date: Thu, 25 Jul 2024 15:48:08 -0700 Subject: [PATCH 98/98] fix(deps): raw-body@^3.0.0 (#529) --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 5201dea5..91615585 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "iconv-lite": "0.5.2", "on-finished": "2.4.1", "qs": "6.11.0", - "raw-body": "3.0.0-beta.1", + "raw-body": "^3.0.0", "type-is": "~1.6.18", "unpipe": "1.0.0" },