[Snyk] Security upgrade express from 4.18.1 to 4.21.0

[andrewmkrug]

Snyk has created this PR to fix 4 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json
• yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	696
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	541
	Cross-site Scripting SNYK-JS-SEND-7926862	391
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	391

---

[!IMPORTANT]

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report 📜 Customise PR templates 🛠 Adjust project settings 📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

[github-actions[bot]]

Hi andrewmkrug! Thank you for contributing to Dashy! ✨

When updating dependencies, take a moment to verify that there are not security issues associated with any added or modified packages. If adding a new dependency, ensure that it is totally necessary, and check the packages size is not too large, as this will increase overall bundle size.

---

I'm a bot, and this is an automated comment 🤖

[github-actions[bot]]

yarn.lock changes

Summary

Status	Count
	7
	18

Click to toggle table visibility

| Name | Status | Previous | Current | | :- | :-: | :-: | :-: | | `body-parser` | [](#) | 1.20.0 | 1.20.3 | | `call-bind` | [](#) | 1.0.2 | 1.0.7 | | `content-type` | [](#) | 1.0.4 | 1.0.5 | | `cookie` | [](#) | 0.5.0 | 0.6.0 | | `define-data-property` | [](#) | - | 1.1.4 | | `encodeurl` | [](#) | 1.0.2 | 2.0.0 | | `es-define-property` | [](#) | - | 1.0.0 | | `es-errors` | [](#) | - | 1.3.0 | | `express` | [](#) | 4.18.1 | 4.21.0 | | `finalhandler` | [](#) | 1.2.0 | 1.3.1 | | `function-bind` | [](#) | 1.1.1 | 1.1.2 | | `get-intrinsic` | [](#) | 1.1.1 | 1.2.4 | | `gopd` | [](#) | - | 1.0.1 | | `has-property-descriptors` | [](#) | 1.0.0 | 1.0.2 | | `has-proto` | [](#) | - | 1.0.3 | | `hasown` | [](#) | - | 2.0.2 | | `merge-descriptors` | [](#) | 1.0.1 | 1.0.3 | | `object-inspect` | [](#) | 1.12.2 | 1.13.2 | | `path-to-regexp` | [](#) | 0.1.7 | 0.1.10 | | `qs` | [](#) | 6.10.3 | 6.13.0 | | `raw-body` | [](#) | 2.5.1 | 2.5.2 | | `send` | [](#) | 0.18.0 | 0.19.0 | | `serve-static` | [](#) | 1.15.0 | 1.16.2 | | `set-function-length` | [](#) | - | 1.2.2 | | `side-channel` | [](#) | 1.0.4 | 1.0.6 |

[netlify[bot]]

✅ Deploy Preview for peppy-choux-edbc1e ready!

Name	Link
🔨 Latest commit	5005089ede86048825be029b066ff6b443fe9126
🔍 Latest deploy log	https://app.netlify.com/sites/peppy-choux-edbc1e/deploys/66e2bcac0f89eb0008d025cb
😎 Deploy Preview	https://deploy-preview-185--peppy-choux-edbc1e.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/body-parser@1.20.3	network	0	62.6 kB	ulisesgascon
npm/call-bind@1.0.7	None	0	22.1 kB	ljharb
npm/content-type@1.0.5	None	0	10.5 kB	dougwilson
npm/cookie@0.6.0	None	0	23.7 kB	dougwilson
npm/define-data-property@1.1.4	None	0	30.9 kB	ljharb
npm/encodeurl@2.0.0	None	0	6.98 kB	blakeembrey
npm/es-define-property@1.0.0	None	0	11.8 kB	ljharb
npm/es-errors@1.3.0	None	0	12.3 kB	ljharb
npm/express@4.21.0	environment, filesystem, network	0	221 kB	wesleytodd
npm/finalhandler@1.3.1	environment	0	19 kB	dougwilson, wesleytodd
npm/function-bind@1.1.2	None	0	31.4 kB	ljharb
npm/get-intrinsic@1.2.4	eval	0	41.6 kB	ljharb
npm/gopd@1.0.1	None	0	7.7 kB	ljharb
npm/has-property-descriptors@1.0.2	None	0	10.9 kB	ljharb
npm/has-proto@1.0.3	None	0	12 kB	ljharb
npm/hasown@2.0.2	None	0	8.77 kB	ljharb
npm/merge-descriptors@1.0.3	None	0	5.08 kB	sindresorhus
npm/object-inspect@1.13.2	None	0	99.1 kB	ljharb
npm/path-to-regexp@0.1.10	None	0	6.38 kB	blakeembrey
npm/qs@6.13.0	None	0	254 kB	ljharb
npm/raw-body@2.5.2	network, unsafe	0	25.8 kB	dougwilson
npm/send@0.19.0	filesystem, network	0	50.2 kB	ulisesgascon
npm/serve-static@1.16.2	None	0	25.4 kB	wesleytodd
npm/set-function-length@1.2.2	None	0	14.7 kB	ljharb
npm/side-channel@1.0.6	None	0	23.2 kB	ljharb

🚮 Removed packages: npm/body-parser@1.20.0, npm/call-bind@1.0.2, npm/content-type@1.0.4, npm/cookie@0.5.0, npm/encodeurl@1.0.2, npm/express@4.18.1, npm/finalhandler@1.2.0, npm/function-bind@1.1.1, npm/get-intrinsic@1.1.1, npm/has-property-descriptors@1.0.0, npm/is-path-cwd@2.2.0, npm/is-path-in-cwd@2.1.0, npm/merge-descriptors@1.0.1, npm/node-forge@0.10.0, npm/object-inspect@1.12.2, npm/on-headers@1.0.2, npm/p-map@2.1.0, npm/path-to-regexp@0.1.7, npm/qs@6.10.3, npm/raw-body@2.5.1, npm/resolve-cwd@2.0.0, npm/retry@0.12.0, npm/send@0.18.0, npm/serve-static@1.15.0, npm/side-channel@1.0.4

View full report↗︎

[github-actions[bot]]

This PR is stale because it has been open 6 weeks with no activity. Either remove the stale label or comment below with a short update, otherwise this PR will be closed in 5 days.

[github-actions[bot]]

This pull request was automatically closed because it has been stalled for over 6 weeks with no activity.