Update Express #1078

Brian-McBride · 2022-04-15T20:33:33Z

Lines 169 to 171 in 9a5b23f

    
           "@types/express": "4.17.3", 
        
           "cors": "^2.8.5", 
        
           "express": "^4.17.1",

Express is updated, for some reason the @types is current in this lib, but the actual express is a couple of versions behind.

Can we get this bumped up? Using Firebase is causing a lot of dependency conflicts with other packages that are keeping up.

The text was updated successfully, but these errors were encountered:

google-oss-bot · 2022-04-15T20:33:38Z

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

adrian-meditect · 2023-10-30T21:31:34Z

There is currently a vulnerability in this express version caused by a dependency on qs. Please, upgrade asap 🙏 .

Here are the dependency trail details in yarn.lock format:

express@^4.17.1:
  version "4.17.2"
  resolved "https://registry.yarnpkg.com/express/-/express-4.17.2.tgz#c18369f265297319beed4e5558753cc8c1364cb3"
  integrity sha512-oxlxJxcQlYwqPWKVJJtvQiwHgosH/LrLSPA+H4UxpyvSS6jC5aH+5MoHFM+KABgTOt0APue4w66Ha8jCUo9QGg==
  dependencies:
    accepts "~1.3.7"
    array-flatten "1.1.1"
    body-parser "1.19.1"
    content-disposition "0.5.4"
    content-type "~1.0.4"
    cookie "0.4.1"
    cookie-signature "1.0.6"
    debug "2.6.9"
    depd "~1.1.2"
    encodeurl "~1.0.2"
    escape-html "~1.0.3"
    etag "~1.8.1"
    finalhandler "~1.1.2"
    fresh "0.5.2"
    merge-descriptors "1.0.1"
    methods "~1.1.2"
    on-finished "~2.3.0"
    parseurl "~1.3.3"
    path-to-regexp "0.1.7"
    proxy-addr "~2.0.7"
    qs "6.9.6"
    range-parser "~1.2.1"
    safe-buffer "5.2.1"
    send "0.17.2"
    serve-static "1.14.2"
    setprototypeof "1.2.0"
    statuses "~1.5.0"
    type-is "~1.6.18"
    utils-merge "1.0.1"
    vary "~1.1.2"