From d65e9064627db166f215b19f8cc25b3e575a2aa8 Mon Sep 17 00:00:00 2001 From: Blake Embrey Date: Mon, 11 May 2026 14:54:20 -0700 Subject: [PATCH 1/5] Upgrade "content-type" --- lib/utils.js | 8 +++----- package.json | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/lib/utils.js b/lib/utils.js index 232e2e25..c71699bb 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -25,11 +25,9 @@ module.exports = { * @private */ function getCharset (req) { - try { - return (contentType.parse(req).parameters.charset || '').toLowerCase() - } catch { - return undefined - } + var header = req.headers['content-type'] + if (!header) return '' + return (contentType.parse(header).parameters.charset || '').toLowerCase() } /** diff --git a/package.json b/package.json index afb6ec5b..89e9c5a8 100644 --- a/package.json +++ b/package.json @@ -27,7 +27,7 @@ }, "dependencies": { "bytes": "^3.1.2", - "content-type": "^1.0.5", + "content-type": "^2.0.0", "debug": "^4.4.3", "http-errors": "^2.0.1", "iconv-lite": "^0.7.2", From 145883caf14d1109ffd172b416867ca3c892dadc Mon Sep 17 00:00:00 2001 From: Blake Embrey Date: Wed, 13 May 2026 08:33:14 -0700 Subject: [PATCH 2/5] Bump type-is --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 89e9c5a8..a608808c 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "on-finished": "^2.4.1", "qs": "^6.15.0", "raw-body": "^3.0.2", - "type-is": "^2.0.1" + "type-is": "^2.1.0" }, "devDependencies": { "eslint": "^8.57.1", From a82f9b5d4562e8a0c64045cfc7aebca83e951fc6 Mon Sep 17 00:00:00 2001 From: Blake Embrey Date: Wed, 13 May 2026 10:59:01 -0700 Subject: [PATCH 3/5] Update lib/utils.js Co-authored-by: Phillip Barta --- lib/utils.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/utils.js b/lib/utils.js index c71699bb..608f4976 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -26,7 +26,7 @@ module.exports = { */ function getCharset (req) { var header = req.headers['content-type'] - if (!header) return '' + if (!header) return undefined return (contentType.parse(header).parameters.charset || '').toLowerCase() } From e1105aa4b976b19477a21569e894b09d232e46fa Mon Sep 17 00:00:00 2001 From: Blake Embrey Date: Wed, 13 May 2026 10:59:10 -0700 Subject: [PATCH 4/5] Update lib/utils.js Co-authored-by: Phillip Barta --- lib/utils.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/utils.js b/lib/utils.js index 608f4976..67c7533b 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -27,7 +27,7 @@ module.exports = { function getCharset (req) { var header = req.headers['content-type'] if (!header) return undefined - return (contentType.parse(header).parameters.charset || '').toLowerCase() + return contentType.parse(header).parameters.charset?.toLowerCase() } /** From 035ce1b7e5d0b1b348c09f10ebd1a8f34fa75d7a Mon Sep 17 00:00:00 2001 From: Phillip Barta Date: Wed, 13 May 2026 20:04:30 +0200 Subject: [PATCH 5/5] update HISTORY.md --- HISTORY.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 5985b673..7fc2deb0 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -4,10 +4,12 @@ unreleased * fix: use static exports instead of lazy getters to improve ESM compatibility * feat: add subpath exports for individual parsers * deps: + * content-type@^2.0.0 * http-errors@^2.0.1 * iconv-lite^0.7.2 * qs@^6.15.0 * raw-body@^3.0.1 + * type-is@^2.1.0 2.2.2 / 2026-01-07 ========================= @@ -19,11 +21,11 @@ unreleased ========================= * Security fix for [GHSA-wqch-xfxh-vrr4](https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4) -* deps: +* deps: * type-is@^2.0.1 * iconv-lite@^0.7.0 * Handle split surrogate pairs when encoding UTF-8 - * Avoid false positives in `encodingExists` by using prototype-less objects + * Avoid false positives in `encodingExists` by using prototype-less objects * raw-body@^3.0.1 * debug@^4.4.3 @@ -117,7 +119,7 @@ This incorporates all changes after 1.19.1 up to 1.20.2. * deps: qs@6.13.0 * add `depth` option to customize the depth level in the parser * IMPORTANT: The default `depth` level for parsing URL-encoded data is now `32` (previously was `Infinity`) - + 1.20.2 / 2023-02-21 ===================