fix: [Vuln #9] upgrade body-parser 1.9.0 → 1.20.3 (CVE-2024-45590 - DoS)

[devin-ai-integration]

Summary

Upgrades body-parser from 1.9.0 to 1.20.3 to fix CVE-2024-45590 — a HIGH severity Asymmetric Resource Consumption (Amplification) / Denial of Service vulnerability.

Vulnerability details:

• CVE: CVE-2024-45590
• Severity: HIGH
• Type: Asymmetric Resource Consumption (Amplification) / DoS
• Affected versions: body-parser < 1.20.3
• Dependency type: Direct

Changes:

• package.json: Updated body-parser version from 1.9.0 to 1.20.3
• package-lock.json: Regenerated to reflect the updated dependency tree

Review & Testing Checklist for Human

• Verify npm ls body-parser shows body-parser@1.20.3
• Run the app locally (npm start) and confirm request body parsing still works (POST to create a todo item)
• Confirm no breaking changes in body-parser API usage in app.js (body-parser 1.20.3 is backward-compatible with 1.9.0 for standard json() and urlencoded() middleware)

Notes

• body-parser 1.20.3 is backward-compatible with 1.9.0 for the standard middleware APIs used in this app (bodyParser.json(), bodyParser.urlencoded())
• This is a direct dependency upgrade — no transitive dependency changes are expected to affect app behavior

Link to Devin session: https://app.devin.ai/sessions/da35fbbc691c4a13a9500675ebb14c69
Requested by: @jakejluo

---

Devin Review

Status	Commit
⚪ Not started	—

Run Devin Review

💡 Connect your GitHub account to enable automatic code reviews.

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment, CI, and merge conflict monitoring