Upgrade express in yarn.lock, package.json and package-lock.json #1152

dlpzx · 2024-04-08T07:40:41Z

upgrade express package to non-vulnerable version and set the version in the resolutions and dependencies

Please answer the questions below briefly where applicable, or write N/A. Based on
OWASP 10.

Does this PR introduce or modify any input fields or queries - this includes
fetching data from storage outside the application (e.g. a database, an S3 bucket)?
- Is the input sanitized?
- What precautions are you taking before deserializing the data you consume?
- Is injection prevented by parametrizing queries?
- Have you ensured no eval or similar functions are used?
Does this PR introduce any functionality or component that requires authorization?
- How have you ensured it respects the existing AuthN/AuthZ mechanisms?
- Are you logging failed auth attempts?
Are you using or adding any cryptographic features?
- Do you use a standard proven implementations?
- Are the used keys controlled by the customer? Where are they stored?
Are you introducing any new policies/roles/users?
- Have you used the least-privilege principle? How?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Upgrade express in yarn.lock, package.json and package-lock.json

81ae9c8

dlpzx mentioned this pull request Apr 8, 2024

Bump express from 4.18.2 to 4.19.2 in /frontend #1128

Closed

dlpzx requested a review from SofiaSazonova April 8, 2024 07:41

SofiaSazonova approved these changes Apr 9, 2024

View reviewed changes

SofiaSazonova merged commit 2377940 into main Apr 9, 2024
8 checks passed

dlpzx deleted the fix/npm-upgrade-express branch April 11, 2024 09:31

Provide feedback