fix: [Vuln #9] upgrade body-parser 1.9.0 → 1.20.3 (CVE-2024-45590 - DoS)

[devin-ai-integration]

Summary

Upgrades body-parser from 1.9.0 to 1.20.3 to resolve a high-severity Denial of Service vulnerability.

Severity	Package	CVE	Description
HIGH	body-parser	CVE-2024-45590	Asymmetric Resource Consumption (Amplification)

This is a direct dependency used for parsing JSON and URL-encoded request bodies.

Review & Testing Checklist for Human

• Verify the app starts (npm start) and todo list CRUD works at http://localhost:3001
• Test POST endpoints (create todo, login, account details) to verify body parsing still works
• Verify JSON and URL-encoded body parsing behave correctly

Notes

• Part of daily Snyk vulnerability report remediation (Vuln fix: Patch 3 L3-level security vulnerabilities — Devin API triage demo #9 of 10)
• Direct dependency — the app uses both bodyParser.json() and bodyParser.urlencoded()

Link to Devin session: https://app.devin.ai/sessions/53a15190735b484981990268967da278
Requested by: @jakejluo

---

Devin Review

Status	Commit
⚪ Not started	—

Run Devin Review

💡 Connect your GitHub account to enable automatic code reviews.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring