body-parser dependency #5417
Description
Hey guys,
On the recent CVE-2025-15284 vulnerability affecting qs versions <=6.14.0, I noticed nodered forces the usage of body-parser version 1.20.3 which needs, has a fixed version, qs@6.13.0.
I was wondering if you even need body-parser as a dependency, because it seems to me it's only being used for test purposes.
Couldn't it just be a dev dependency instead?
Thanks