[Snyk] Security upgrade express from 4.18.2 to 4.21.0

[schalla0791]

Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	696
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	541
	Cross-site Scripting SNYK-JS-SEND-7926862	391
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	391

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

[dryrunsecurity]

DryRun Security Summary

The provided code changes in this pull request consist of updates to the dependencies in the package.json and package-lock.json files, with the main change being an update to the express dependency from version ^4.18.2 to ^4.21.0, which is a minor version update and typically includes bug fixes, performance improvements, and minor feature additions, without any significant breaking changes.

Expand for full summary

Summary:

The provided code changes in this pull request consist of updates to the dependencies in the package.json and package-lock.json files. The main change is an update to the express dependency from version ^4.18.2 to ^4.21.0, which is a minor version update. This type of update typically includes bug fixes, performance improvements, and minor feature additions, without any significant breaking changes.

From an application security perspective, this update is generally a positive change, as it is likely to include security patches and improvements. Express.js is a widely-used web application framework for Node.js, and it is important to keep it up-to-date to address any known vulnerabilities. Additionally, the update to the body-parser dependency, which is a middleware used by Express.js, should also be reviewed to ensure there are no breaking changes or security implications.

While the changes appear to be routine dependency updates, it is recommended to thoroughly test the application after any dependency update to ensure that the new versions do not introduce any regressions or new security issues. Additionally, reviewing the release notes for the updated dependencies can provide valuable information about the changes and potential security implications.

Files Changed:

1. package.json: The version of the express dependency has been updated from ^4.18.2 to ^4.21.0.
2. package-lock.json: The versions of the express and body-parser dependencies have been updated.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.