fix(express): Update body-parser to 1.20.4 for CVE-2025-15284 by Xilis · Pull Request #16178 · nestjs/nest (original) (raw)

Skip to content

Navigation Menu

• Pricing

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign up

Appearance settings

Conversation

Addresses #16157 (comment)

body-parser@1.20.3 depends on qs@6.13.0 which is still vulnerable.
body-parser@1.20.4 uses qs@~6.14.0.

Xilis mentioned this pull request

Jan 9, 2026

Xilis changed the base branch from 10.4.20 to 10.4.21

January 9, 2026 13:27

Xilis deleted the fix/body-parser-qs-cve branch

January 12, 2026 10:31

body-parser@1.20.4 seems to be backward incompatible change, reverting back to 1.20.3 fixes validation issue in our DTOs

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})