[Snyk] Security upgrade express from 4.18.2 to 4.21.1 #9

karencapiiro · 2024-10-09T02:07:25Z

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

development/fetchLicenses/package.json
development/fetchLicenses/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	44

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

…es/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060

socket-security · 2024-10-09T02:09:20Z

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/express@4.21.1	Transitive: environment, eval, filesystem, network, unsafe	`+62`	2.15 MB	blakeembrey, dougwilson, linusu, ...4 more

🚮 Removed packages: npm/express@4.18.2

View full report↗︎

rafikmojr · 2024-10-09T05:37:01Z

Checkmarx One – Scan Summary & Details – 77fd9418-be6d-4ca6-a0d3-6a86f4f2708d

New Issues

Issue	Source File / Package	Checkmarx Insight
Second_Order_SQL_Injection	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
CVE-2024-37890	Npm-ws-8.9.0	Vulnerable Package
CVE-2024-4068	Npm-braces-3.0.2	Vulnerable Package
Reflected_XSS	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavController.kt: 1809	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavController.kt: 1809	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavController.kt: 1335	Attack Vector
Reflected_XSS	/navigation/navigation-common/src/main/java/androidx/navigation/NavDeepLinkRequest.kt: 51	Attack Vector
Reflected_XSS	/navigation/navigation-common/src/main/java/androidx/navigation/NavDeepLinkRequest.kt: 51	Attack Vector
Reflected_XSS	/compose/foundation/foundation/src/commonMain/kotlin/androidx/compose/foundation/text/CoreTextField.kt: 243	Attack Vector
Reflected_XSS	/compose/ui/ui-text/src/commonMain/kotlin/androidx/compose/ui/text/input/VisualTransformation.kt: 30	Attack Vector
Reflected_XSS	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text/ComposeInputFieldMinMaxLines.kt: 140	Attack Vector
Reflected_XSS	/glance/glance-template/src/main/java/androidx/glance/template/GlanceTemplate.kt: 39	Attack Vector
Reflected_XSS	/glance/glance-template/src/main/java/androidx/glance/template/GlanceTemplate.kt: 39	Attack Vector
Reflected_XSS	/compose/foundation/foundation/src/androidInstrumentedTest/kotlin/androidx/compose/foundation/textfield/TextFieldSelectionTest.kt: 452	Attack Vector
Reflected_XSS	/window/window-demos/demo/src/main/java/androidx/window/demo/embedding/SplitDeviceStateActivityBase.kt: 100	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavDeepLinkBuilder.kt: 288	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavDeepLinkBuilder.kt: 277	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavDeepLinkBuilder.kt: 316	Attack Vector
Reflected_XSS	/compose/ui/ui-text/benchmark/src/androidTest/java/androidx/compose/ui/text/benchmark/input/EditProcessorBenchmark.kt: 96	Attack Vector
Reflected_XSS	/compose/ui/ui-text/benchmark/src/androidTest/java/androidx/compose/ui/text/benchmark/input/EditProcessorBenchmark.kt: 96	Attack Vector
Reflected_XSS	/compose/ui/ui-text/benchmark/src/androidTest/java/androidx/compose/ui/text/benchmark/input/EditProcessorBenchmark.kt: 96	Attack Vector
Reflected_XSS	/window/window-demos/demo/src/main/java/androidx/window/demo/embedding/SplitDeviceStateActivityBase.kt: 117	Attack Vector
Reflected_XSS	/compose/ui/ui-test/src/androidInstrumentedTest/kotlin/androidx/compose/ui/test/util/TestTextField.kt: 59	Attack Vector
Reflected_XSS	/paging/integration-tests/testapp/src/main/java/androidx/paging/integration/testapp/v3/Item.kt: 21	Attack Vector
Reflected_XSS	/paging/integration-tests/testapp/src/main/java/androidx/paging/integration/testapp/v3/Item.kt: 21	Attack Vector
Reflected_XSS	/paging/integration-tests/testapp/src/main/java/androidx/paging/integration/testapp/v3/Item.kt: 21	Attack Vector
Reflected_XSS	/paging/integration-tests/testapp/src/main/java/androidx/paging/integration/testapp/v3/Item.kt: 21	Attack Vector
Reflected_XSS	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text2/DecorationBoxDemos.kt: 85	Attack Vector
Reflected_XSS	/compose/material3/material3/src/commonMain/kotlin/androidx/compose/material3/TimePicker.kt: 1554	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavController.kt: 1317	Attack Vector
Reflected_XSS	/compose/ui/ui-graphics/src/commonMain/kotlin/androidx/compose/ui/graphics/colorspace/ColorSpace.kt: 458	Attack Vector
Reflected_XSS	/compose/ui/ui-graphics/src/commonMain/kotlin/androidx/compose/ui/graphics/colorspace/ColorSpace.kt: 458	Attack Vector
Reflected_XSS	/camera/integration-tests/extensionstestapp/src/main/java/androidx/camera/integration/extensions/validation/ImageValidationActivity.kt: 114	Attack Vector
Reflected_XSS	/camera/integration-tests/extensionstestapp/src/main/java/androidx/camera/integration/extensions/validation/ImageValidationActivity.kt: 113	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3585	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3558	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3504	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3464	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3437	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3416	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3393	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3368	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3344	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3321	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3298	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3269	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3250	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2359	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2332	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2278	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2234	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2207	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2152	Attack Vector
Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2132	Attack Vector
Reflected_XSS	/activity/activity/src/main/java/androidx/activity/ComponentActivity.kt: 588	Attack Vector
CVE-2024-31207	Npm-vite-4.4.7	Vulnerable Package
CVE-2024-4067	Npm-micromatch-4.0.5	Vulnerable Package
CVE-2024-45047	Npm-svelte-4.1.1	Vulnerable Package
CVE-2024-45811	Npm-vite-4.4.7	Vulnerable Package
CVE-2024-45812	Npm-vite-4.4.7	Vulnerable Package
CVE-2024-47068	Npm-rollup-3.26.3	Vulnerable Package
CVE-2024-47068	Npm-rollup-3.27.2	Vulnerable Package
Cx14b19a02-387a	Npm-body-parser-1.20.3	Vulnerable Package
Parameter_Tampering	/camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/foldable/FoldableCameraActivity.kt: 402	Attack Vector
Parameter_Tampering	/camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/foldable/FoldableCameraActivity.kt: 402	Attack Vector
Parameter_Tampering	/camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/foldable/FoldableCameraActivity.kt: 402	Attack Vector
Privacy_Violation	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text2/BasicSecureTextFieldDemos.kt: 80	Attack Vector
Privacy_Violation	/compose/ui/ui/src/androidInstrumentedTest/kotlin/androidx/compose/ui/input/pointer/TestUtils.kt: 362	Attack Vector
Privacy_Violation	/compose/ui/ui/src/androidInstrumentedTest/kotlin/androidx/compose/ui/input/pointer/TestUtils.kt: 329	Attack Vector
Privacy_Violation	/room/room-compiler/src/test/test-data/kotlinCodeGen/pojoRowAdapter_valueClassConverter.kt: 65	Attack Vector
Privacy_Violation	/compose/runtime/runtime/samples/src/main/java/androidx/compose/runtime/samples/ModelSamples.kt: 45	Attack Vector
Privacy_Violation	/compose/material3/material3/samples/src/main/java/androidx/compose/material3/samples/TextFieldSamples.kt: 198	Attack Vector
Privacy_Violation	/compose/material/material/samples/src/main/java/androidx/compose/material/samples/TextFieldSamples.kt: 170	Attack Vector
Privacy_Violation	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text/TextFieldKeyboardTypeDemo.kt: 35	Attack Vector
Privacy_Violation	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text/TextFieldKeyboardTypeDemo.kt: 34	Attack Vector
Privacy_Violation	/compose/runtime/runtime/samples/src/main/java/androidx/compose/runtime/samples/ModelSamples.kt: 45	Attack Vector
Privacy_Violation	/compose/material3/material3/samples/src/main/java/androidx/compose/material3/samples/TextFieldSamples.kt: 198	Attack Vector
Privacy_Violation

More results are available on AST platform

fix: development/fetchLicenses/package.json & development/fetchLicens…

4544eaf

…es/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade express from 4.18.2 to 4.21.1 #9

[Snyk] Security upgrade express from 4.18.2 to 4.21.1 #9

karencapiiro commented Oct 9, 2024

socket-security bot commented Oct 9, 2024

rafikmojr commented Oct 9, 2024

[Snyk] Security upgrade express from 4.18.2 to 4.21.1 #9

Are you sure you want to change the base?

[Snyk] Security upgrade express from 4.18.2 to 4.21.1 #9

Conversation

karencapiiro commented Oct 9, 2024

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

socket-security bot commented Oct 9, 2024

rafikmojr commented Oct 9, 2024

New Issues