build(server): Upgrade express to 4.21.0 and body-parser to 1.20.3

microsoft / FluidFramework

Library for building distributed, real-time collaborative web applications

https://fluidframework.com

MIT License

4.73k stars 532 forks source link

build(server): Upgrade express to 4.21.0 and body-parser to 1.20.3 #22480

Closed tylerbutler closed 1 month ago

tylerbutler commented 1 month ago

Upgrades the express and body-parser packages to address CVE-2024-45590. The package.json range for body-parser was "^1.17.1", but we were already resolved to 1.20.2 in our lockfile anyway, so this is really just a patch bump. The express upgrade is the bigger change.

Release notes for express 4.20.0 and 4.21.0
Release notes for body-parser 1.20.3

tylerbutler commented 1 month ago

Briefly chatted with @znewton about this and he was not concerned. Merging.