[Snyk] Fix for 4 vulnerabilities

[Exnadella]

User description

Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/polyserve/package.json
• packages/polyserve/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	696
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	541
	Cross-site Scripting SNYK-JS-SEND-7926862	391
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	391

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

---

PR Type

enhancement, bug fix

---

Description

• Upgraded express dependency to version ^4.20.0 to address vulnerabilities.
• Upgraded send dependency to version ^0.19.0 to address vulnerabilities.
• Updated package-lock.json to reflect the changes in package.json.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Upgrade dependencies to fix vulnerabilities                            packages/polyserve/package.json Updated express dependency version from ^4.8.5 to ^4.20.0. Updated send dependency version from ^0.16.2 to ^0.19.0. +2/-2      package-lock.json Update package-lock.json for dependency upgrades                  packages/polyserve/package-lock.json Updated lock file to reflect new dependency versions. +5492/-5429
Additional files (token-limit)	package-lock.json ...                                                                                                            packages/polyserve/package-lock.json ... +5492/-5429

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[qodo-merge-pro]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ No key issues to review

[qodo-merge-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Dependency update	Update the Express dependency to the latest stable version Consider updating the express dependency to the latest stable version (currently 4.18.x) instead of 4.20.0, which doesn't exist yet. This ensures you're using the most recent stable release with bug fixes and security updates. packages/polyserve/package.json [50] -"express": "^4.20.0", +"express": "^4.18.2", Apply this suggestion Suggestion importance[1-10]: 8 Why: The suggestion correctly identifies that version 4.20.0 of Express does not exist and recommends updating to the latest stable version, 4.18.2, which is a valid and important update for stability and security.	8
	Update the Send dependency to the latest stable version Consider updating the send dependency to the latest stable version (currently 0.18.x) instead of 0.19.0, which doesn't exist yet. This ensures you're using the most recent stable release with bug fixes and security updates. packages/polyserve/package.json [62] -"send": "^0.19.0", +"send": "^0.18.0", Apply this suggestion Suggestion importance[1-10]: 8 Why: The suggestion correctly points out that version 0.19.0 of Send does not exist and advises updating to the latest stable version, 0.18.0, ensuring the use of a valid and stable release with potential bug fixes and security updates.	8

[qodo-merge-pro]

CI Failure Feedback 🧐

(Checks updated until commit 249778b)

Action: test (ubuntu-latest)

Failed stage: Run npm run bootstrap [❌]

Failed test name: ""

Failure summary: The action failed due to an error during the execution of the npm ci command in the 'wct-mocha' package. The command exited with code 1, indicating a failure. Several deprecated packages were identified, which might be contributing to the failure.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 553: npm WARN deprecated har-validator@5.1.3: this library is no longer supported 554: npm WARN deprecated glob@7.1.4: Glob versions prior to v9 are no longer supported 555: npm WARN deprecated fs-write-stream-atomic@1.0.10: This package is no longer supported. 556: npm WARN deprecated figgy-pudding@3.5.1: This module is no longer supported. 557: npm WARN deprecated gauge@2.7.4: This package is no longer supported. 558: npm WARN deprecated debuglog@1.0.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 559: npm WARN deprecated copy-concurrently@1.0.5: This package is no longer supported. 560: npm WARN deprecated are-we-there-yet@1.1.5: This package is no longer supported. 561: npm WARN deprecated @lerna/validation-error@3.13.0: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. ... 737: npm ERR! [-ws|--workspaces] [--include-workspace-root] [--install-links] 738: npm ERR! 739: npm ERR! aliases: clean-install, ic, install-clean, isntall-clean 740: npm ERR! 741: npm ERR! Run "npm help ci" for more info 742: npm ERR! A complete log of this run can be found in: 743: npm ERR! /home/runner/.npm/_logs/2024-09-11T20_09_07_623Z-debug-0.log 744: lerna ERR! npm ci exited 1 in 'wct-mocha' 745: ##[error]Process completed with exit code 1.

---

✨ CI feedback usage guide:

---

The CI feedback tool (/checks) automatically triggers when a PR has a failed check.
The tool analyzes the failed checks and provides several feedbacks:

• Failed stage
• Failed test name
• Failure summary
• Relevant error logs

In addition to being automatically triggered, the tool can also be invoked manually by commenting on a PR:

/checks "https://github.com/{repo_name}/actions/runs/{run_number}/job/{job_number}"

where {repo_name} is the name of the repository, {run_number} is the run number of the failed check, and {job_number} is the job number of the failed check.

Configuration options

• enable_auto_checks_feedback - if set to true, the tool will automatically provide feedback when a check is failed. Default is true.
• excluded_checks_list - a list of checks to exclude from the feedback, for example: ["check1", "check2"]. Default is an empty list.
• enable_help_text - if set to true, the tool will provide a help message with the feedback. Default is true.
• persistent_comment - if set to true, the tool will overwrite a previous checks comment with the new feedback. Default is true.
• final_update_message - if persistent_comment is true and updating a previous checks message, the tool will also create a new message: "Persistent checks updated to latest commit". Default is true.

See more information about the checks tool in the docs.