Update dependency body-parser to v2.2.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
body-parser	2.2.1 → 2.2.2

---

Release Notes

expressjs/body-parser (body-parser)

v2.2.2

Compare Source

=========================

• deps: qs@^6.14.1
• refactor(json): simplify strict mode error string construction

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

body-parser v2.2.1 → v2.2.2 Changes:

• Dependency Update: qs package bumped from ^6.14.0 to ^6.14.1
  • Fixes custom decoder null handling in query string parsing
  • Ensures arrayLength option applies consistently to both dot notation and bracket notation
• Code Refactoring: Simplified strict mode error string construction in JSON parser (internal improvement, no API changes)
• Documentation: Updated JSDoc tags, clarified ISO-8859-1 encoding support in URL-encoded parser

qs v6.14.0 → v6.14.1 Changes:

• Bug Fix: Parse function now properly ignores keys when custom decoder returns null
• Bug Fix: Array length validation now consistent across notation styles
• No breaking changes identified

Breaking Changes: None

Security Fixes: No explicit security patches mentioned, but dependency updates may include stability improvements

🎯 Impact Scope Investigation

Usage Location Analysis:

• Primary usage: /home/runner/work/piston/piston/api/src/index.js:67-68
  • body_parser.urlencoded({ extended: true }) - Uses qs dependency for parsing URL-encoded bodies
  • body_parser.json() - Parses JSON request bodies
• Dependency: Only used in the API server component
• API surface: Standard body-parser middleware functions, no custom options beyond extended: true

Impact Assessment:

• The update only affects api/package.json and api/package-lock.json
• No changes required to application code
• Piston uses basic body-parser functionality (.json() and .urlencoded()) with standard options
• The extended: true option benefits from the qs bug fixes for more consistent array parsing
• No other packages in the codebase depend on body-parser directly

Express Compatibility:

• Express v4.22.1 (used by Piston) bundles body-parser v1.20.4, but Piston explicitly uses v2.2.x as a direct dependency
• No conflicts detected

💡 Recommended Actions

Immediate Action:

• ✅ Safe to merge - This is a patch version update with bug fixes and no breaking changes

Post-Merge Verification:

• Run existing test suite to verify API endpoints continue functioning correctly
• Test JSON body parsing: POST /api/v2/execute with JSON payload
• Test URL-encoded parsing if applicable to API routes
• Monitor production logs for any parsing-related errors after deployment

No Code Changes Required:

• The update is backward-compatible
• Existing API calls using body_parser.json() and body_parser.urlencoded() will continue working identically
• Internal improvements to error handling and qs parsing logic are transparent to consumers

🔗 Reference Links

• body-parser v2.2.2 Release Notes
• body-parser v2.2.1...v2.2.2 Comparison
• qs v6.14.0...v6.14.1 Comparison
• Renovate Dependency Diff

Generated by koki-develop/claude-renovate-review