1.20.4

What's Changed

• Remove redundant depth check by @blakeembrey in #538
• ci: add support for Node.js v23 by @Phillip9587 in #553
• ci: restore CI for 1.x branch by @bjohansebas in #665
• deps: qs@^6.14.0 by @bjohansebas in #664
• deps: use tilde notation and update certain dependencies by @Phillip9587 in #668
• chore: remove SECURITY.md by @Phillip9587 in #669
• ci: add CodeQL (SAST) by @Phillip9587 in #670
• Release: 1.20.4 by @UlisesGascon in #672

Full Changelog: 1.20.3...1.20.4

v2.2.1

Important: Security

• Security fix for CVE-2025-13466 (GHSA-wqch-xfxh-vrr4)

What's Changed

• ci: add dependabot by @Phillip9587 in #593
• ci: use full SHAs for github action versions by @Phillip9587 in #594
• deps: type-is@^2.0.1 by @Phillip9587 in #599
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in #609
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by @dependabot[bot] in #610
• build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by @dependabot[bot] in #611
• build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by @dependabot[bot] in #613
• build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by @dependabot[bot] in #612
• ci: add codeql github workflows scanning by @Phillip9587 in #614
• ci: update CodeQL config to ignore the test directory by @Phillip9587 in #615
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in #620
• build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in #619
• chore(deps): unpin devDependencies by @Phillip9587 in #616
• ci: add node.js 24 to test matrix by @Phillip9587 in #621
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @dependabot[bot] in #623
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in #624
• chore: add funding to package.json by @Phillip9587 in #617
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @dependabot[bot] in #625
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @dependabot[bot] in #630
• refactor: move common request validation to read function by @Phillip9587 in #600
• deps: bump iconv-lite by @bjohansebas in #631
• doc: pull beta changelog forward into 2.0.0 by @jonchurch in #629
• refactor: optimize raw and text parsers with shared passthrough function by @Phillip9587 in #634
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #640
• build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in #639
• build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in #636
• build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in #637
• build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by @dependabot[bot] in #638
• deps: raw-body@^3.0.1 by @Phillip9587 in #641
• deps: debug@^4.4.3 by @Phillip9587 in #642
• docs: add iconv-lite 0.7.0 changes to history entry by @Phillip9587 in #645
• ci: add node.js 25 to test matrix by @Phillip9587 in #650
• perf: move read options outside parser middlewares by @Phillip9587 in #648
• test(json): add RFC 7159 whitespace edge cases by @Ayoub-Mabrouk in #653
• test: add test for urlencoded invalid defaultCharset by @Phillip9587 in #643
• build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #657
• build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by @dependabot[bot] in #656
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #655
• build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] in #654
• ci: also test on first supported node.js version by @Phillip9587 in #646
• chore: switch badges from badgen.net to shields.io by @Phillip9587 in #661
• Remove history.md from being packaged on publish by @bjohansebas in #660
• Release: 2.2.1 by @UlisesGascon in #659

New Contributors

• @dependabot[bot] made their first contribution in #609
• @jonchurch made their first contribution in #629
• @Ayoub-Mabrouk made their first contribution in #653

Full Changelog: v2.2.0...v2.2.1

v2.2.0

What's Changed

• test: remove --bail from test script by @Phillip9587 in #583
• ci: separate lint step by @Phillip9587 in #582
• fix: remove skip of test by @bjohansebas in #589
• ci: use lcovonly reporter for the test-ci script by @Phillip9587 in #584
• docs: remove security file by @bjohansebas in #590
• fix(docs): replace var with let or const in ReadMe by @Binilkks in #581
• chore: update test dependencies by @Phillip9587 in #585
• dep: upgrade iconv-lite to ^0.6.3 by @aqeelat in #588
• Refactor parameterCount to optimize performance by @wojtekmaj in #591
• refactor: normalize common options for all parsers by @Phillip9587 in #551
• refactor: cleanup parser options by @Phillip9587 in #596
• Release 2.2.0 by @UlisesGascon in #597

New Contributors

• @Binilkks made their first contribution in #581
• @aqeelat made their first contribution in #588
• @wojtekmaj made their first contribution in #591

Full Changelog: v2.1.0...v2.2.0

v2.1.0

What's Changed

• fix: update package.json engines field to reflect minimum supported node version by @Phillip9587 in #541
• fix: remove brotli support check by @Phillip9587 in #542
• fix: remove unpipe package and use native unpipe method by @Phillip9587 in #543
• Remove unused devDependency methods by @Phillip9587 in #548
• ci: updated github actions ci workflow by @Phillip9587 in #546
• Remove devDependency safe-buffer by @Phillip9587 in #547
• test: remove AsyncLocalStorage check by @Phillip9587 in #549
• perf: use the node require cache instead of custom caching by @Phillip9587 in #562
• ci: disable fail-fast in CI workflow by @Phillip9587 in #565
• chore(deps): update type-is to v2.0.0 by @Phillip9587 in #571
• refactor: prefix built-in node module imports by @Phillip9587 in #573
• fix: remove obsolete dependency destroy by @Phillip9587 in #570
• cleanup: remove obsolete test env file by @Phillip9587 in #569
• Refactor decompression stream creation to remove code duplication by @Phillip9587 in #564
• Add caret for body-parser dependencies by @wesleytodd in #577
• ci: add CodeQL (SAST) by @bjohansebas in #559
• chore(deps): update debug to ^4.4.0 by @Phillip9587 in #579
• Release v2.1.0 by @wesleytodd in #578

Full Changelog: 2.0.1...v2.1.0

2.0.2

What's Changed

• fix: update package.json engines field to reflect minimum supported node version by @Phillip9587 in #541
• fix: remove brotli support check by @Phillip9587 in #542
• fix: remove unpipe package and use native unpipe method by @Phillip9587 in #543
• Remove unused devDependency methods by @Phillip9587 in #548
• ci: updated github actions ci workflow by @Phillip9587 in #546

New Contributors

• @Phillip9587 made their first contribution in #541

Full Changelog: 2.0.1...2.0.2

2.0.1

What's Changed

• Fix defaulting to extended url parsing by @blakeembrey in #536
• Release: 2.0.1 by @UlisesGascon in #537

New Contributors

• @blakeembrey made their first contribution in #536

Full Changelog: 2.0.0...2.0.1

2.0.0

What's Changed

Important

• add brotli support #406
• Breaking Change: Node.js 18 is the minimum supported version

Details

• chore: add support for OSSF scorecard reporting by @inigomarquinez in #522
• ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in #523
• fix: pin to [email protected] by @wesleytodd in #527
• deps: [email protected] by @melikhov-dev in #521
• Drop support for less than LTS node versions in v2 by @wesleytodd in #528
• Also use the qs module for the simple parser by @papandreou in #387
• raw-body@3 by @wesleytodd in #529
• urlencoded: Support iso-8859-1, utf8 sentinel, and numeric entities by @papandreou in #326
• Added support for brotli ('br') content-encoding by @danielgindi in #406
• Add OSSF Scorecard badge by @bjohansebas in #531
• Linter by @UlisesGascon in #534
• Release: 1.20.3 by @UlisesGascon in #535

New Contributors

• @inigomarquinez made their first contribution in #522
• @wesleytodd made their first contribution in #527
• @melikhov-dev made their first contribution in #521
• @papandreou made their first contribution in #387
• @danielgindi made their first contribution in #406
• @bjohansebas made their first contribution in #531
• @UlisesGascon made their first contribution in #534

Full Changelog: 1.20.2...2.0.0

1.20.3

What's Changed

Important

• deps: [email protected]
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @inigomarquinez in #522
• ci: fix errors in ci github action for node 8 and 9 by @inigomarquinez in #523
• fix: pin to [email protected] by @wesleytodd in #527
• deps: [email protected] by @melikhov-dev in #521
• Add OSSF Scorecard badge by @bjohansebas in #531
• Linter by @UlisesGascon in #534
• Release: 1.20.3 by @UlisesGascon in #535

New Contributors

• @inigomarquinez made their first contribution in #522
• @melikhov-dev made their first contribution in #521
• @bjohansebas made their first contribution in #531
• @UlisesGascon made their first contribution in #534

Full Changelog: 1.20.2...1.20.3

2.0.0-beta.2

This incorporates all changes after 1.19.1 up to 1.20.2.

• Remove deprecated bodyParser() combination middleware
• deps: [email protected]
  • Add DEBUG_HIDE_DATE environment variable
  • Change timer to per-namespace instead of global
  • Change non-TTY date format
  • Remove DEBUG_FD environment variable support
  • Support 256 namespace colors
• deps: [email protected]
  • Add encoding cp720
  • Add encoding UTF-32
• deps: [email protected]

1.20.2

• Fix strict json error message on Node.js 19+
• deps: content-type@~1.0.5
  • perf: skip value escaping when unnecessary
• deps: [email protected]