[Snyk] Security upgrade express from 4.17.1 to 4.22.0#156
[Snyk] Security upgrade express from 4.17.1 to 4.22.0#156
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-QS-14724253
There was a problem hiding this comment.
Pull request overview
This is a security upgrade PR automatically generated by Snyk to update the Express dependency from version 4.17.1 to 4.22.0, addressing a high-severity vulnerability (SNYK-JS-QS-14724253) in the qs package related to "Allocation of Resources Without Limits or Throttling."
Key changes:
- Updates Express from ^4.17.1 to ^4.22.0 in docs/package.json to fix a security vulnerability in the transitive dependency
qs - Note: The PR description indicates that yarn.lock failed to update automatically and requires manual intervention
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "doctrine": "^3.0.0", | ||
| "emotion-theming": "^10.0.27", | ||
| "express": "^4.17.1", | ||
| "express": "^4.22.0", |
There was a problem hiding this comment.
The PR description indicates that the yarn.lock file failed to update automatically. This package.json change alone is insufficient - the yarn.lock file must also be updated to ensure the correct version of express and its transitive dependencies (especially the qs package which contains the security vulnerability) are installed. Please run yarn install or yarn upgrade express@^4.22.0 locally and commit the updated yarn.lock file before merging.
Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.
Snyk changed the following file(s):
docs/package.jsonNote for zero-installs users
If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the
.yarn/cache/directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to runyarnto update the contents of the./yarn/cachedirectory.If you are not using zero-install you can ignore this as your flow should likely be unchanged.
Vulnerabilities that will be fixed with an upgrade:
SNYK-JS-QS-14724253
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling