Agregado toping en los menus

2025-05-25 12:10:15 -05:00
parent c7aabd4d1f
commit 0b8549c63c
53 changed files with 3235 additions and 2916 deletions
--- a/node_modules/body-parser/HISTORY.md
+++ b/node_modules/body-parser/HISTORY.md
@@ -1,3 +1,10 @@
+1.20.3 / 2024-09-10
+===================
+
+  * deps: qs@6.13.0
+  * add `depth` option to customize the depth level in the parser
+  * IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`)
+
 1.20.2 / 2023-02-21
 ===================

--- a/node_modules/body-parser/README.md
+++ b/node_modules/body-parser/README.md
@@ -4,6 +4,7 @@
 [![NPM Downloads][npm-downloads-image]][npm-url]
 [![Build Status][ci-image]][ci-url]
 [![Test Coverage][coveralls-image]][coveralls-url]
+[![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]

 Node.js body parsing middleware.

@@ -277,6 +278,10 @@ The `verify` option, if supplied, is called as `verify(req, res, buf, encoding)`
 where `buf` is a `Buffer` of the raw request body and `encoding` is the
 encoding of the request. The parsing can be aborted by throwing an error.

+#### depth
+
+The `depth` option is used to configure the maximum depth of the `qs` library when `extended` is `true`. This allows you to limit the amount of keys that are parsed and can be useful to prevent certain types of abuse. Defaults to `32`. It is recommended to keep this value as low as possible.
+
 ## Errors

 The middlewares provided by this module create errors using the
@@ -373,6 +378,10 @@ as well as in the `encoding` property. The `status` property is set to `415`,
 the `type` property is set to `'encoding.unsupported'`, and the `encoding`
 property is set to the encoding that is unsupported.

+### The input exceeded the depth
+
+This error occurs when using `bodyParser.urlencoded` with the `extended` property set to `true` and the input exceeds the configured `depth` option. The `status` property is set to `400`. It is recommended to review the `depth` option and evaluate if it requires a higher value. When the `depth` option is set to `32` (default value), the error will not be thrown.
+
 ## Examples

 ### Express/Connect top-level generic
@@ -463,3 +472,5 @@ app.use(bodyParser.text({ type: 'text/html' }))
 [npm-downloads-image]: https://badgen.net/npm/dm/body-parser
 [npm-url]: https://npmjs.org/package/body-parser
 [npm-version-image]: https://badgen.net/npm/v/body-parser
+[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/body-parser/badge
+[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/body-parser
--- a/node_modules/body-parser/lib/types/urlencoded.js
+++ b/node_modules/body-parser/lib/types/urlencoded.js
@@ -55,6 +55,9 @@ function urlencoded (options) {
    : opts.limit
  var type = opts.type || 'application/x-www-form-urlencoded'
  var verify = opts.verify || false
+  var depth = typeof opts.depth !== 'number'
+    ? Number(opts.depth || 32)
+    : opts.depth

  if (verify !== false && typeof verify !== 'function') {
    throw new TypeError('option verify must be function')
@@ -118,7 +121,8 @@ function urlencoded (options) {
      encoding: charset,
      inflate: inflate,
      limit: limit,
-      verify: verify
+      verify: verify,
+      depth: depth
    })
  }
 }
@@ -133,12 +137,20 @@ function extendedparser (options) {
  var parameterLimit = options.parameterLimit !== undefined
    ? options.parameterLimit
    : 1000
+
+  var depth = typeof options.depth !== 'number'
+    ? Number(options.depth || 32)
+    : options.depth
  var parse = parser('qs')

  if (isNaN(parameterLimit) || parameterLimit < 1) {
    throw new TypeError('option parameterLimit must be a positive number')
  }

+  if (isNaN(depth) || depth < 0) {
+    throw new TypeError('option depth must be a zero or a positive number')
+  }
+
  if (isFinite(parameterLimit)) {
    parameterLimit = parameterLimit | 0
  }
@@ -156,12 +168,23 @@ function extendedparser (options) {
    var arrayLimit = Math.max(100, paramCount)

    debug('parse extended urlencoding')
-    return parse(body, {
-      allowPrototypes: true,
-      arrayLimit: arrayLimit,
-      depth: Infinity,
-      parameterLimit: parameterLimit
-    })
+    try {
+      return parse(body, {
+        allowPrototypes: true,
+        arrayLimit: arrayLimit,
+        depth: depth,
+        strictDepth: true,
+        parameterLimit: parameterLimit
+      })
+    } catch (err) {
+      if (err instanceof RangeError) {
+        throw createError(400, 'The input exceeded the depth', {
+          type: 'querystring.parse.rangeError'
+        })
+      } else {
+        throw err
+      }
+    }
  }
 }

--- a/node_modules/body-parser/package.json
+++ b/node_modules/body-parser/package.json
@@ -1,7 +1,7 @@
 {
  "name": "body-parser",
  "description": "Node.js body parsing middleware",
-  "version": "1.20.2",
+  "version": "1.20.3",
  "contributors": [
    "Douglas Christopher Wilson <doug@somethingdoug.com>",
    "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)"
@@ -17,7 +17,7 @@
    "http-errors": "2.0.0",
    "iconv-lite": "0.4.24",
    "on-finished": "2.4.1",
-    "qs": "6.11.0",
+    "qs": "6.13.0",
    "raw-body": "2.5.2",
    "type-is": "~1.6.18",
    "unpipe": "1.0.0"