[Snyk] Security upgrade express from 4.18.2 to 4.21.2

[adamlaska]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json
• yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	721

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/body-parser@1.20.3	network	+1	73.1 kB	ulisesgascon
npm/call-bind-apply-helpers@1.0.0	None	0	13.8 kB	ljharb
npm/call-bind@1.0.8	None	0	22.9 kB	ljharb
npm/cookie@0.7.1	None	0	23.3 kB	blakeembrey
npm/define-data-property@1.1.4	None	0	30.9 kB	ljharb
npm/dotenv@16.0.1	environment, filesystem	0	34.2 kB	motdotla
npm/dunder-proto@1.0.0	None	0	11.8 kB	ljharb
npm/encodeurl@2.0.0	None	0	6.98 kB	blakeembrey
npm/env-ci@7.1.0	environment	0	48.5 kB	semantic-release-bot
npm/es-errors@1.3.0	None	0	12.3 kB	ljharb
npm/express@4.21.2	environment, filesystem, network	+3	311 kB	jonchurch
npm/extract-stack@2.0.0	None	0	5.57 kB	sindresorhus
npm/fast-levenshtein@3.0.0	None	0	7.63 kB	hiddentao
npm/finalhandler@1.3.1	environment	+1	23.3 kB	wesleytodd
npm/fromentries@1.3.2	None	0	4.95 kB	feross
npm/fs-extra@8.1.0	filesystem	0	128 kB	ryanzim
npm/function-bind@1.1.2	None	0	31.4 kB	ljharb
npm/gaze@1.1.3	filesystem	0	25.9 kB	shama
npm/get-intrinsic@1.2.5	None	0	44 kB	ljharb
npm/git-parse@2.1.1	environment, filesystem, shell	0	44.5 kB	wayfair
npm/git-rev-sync@3.0.2	shell	0	13.3 kB	kurttheviking
npm/git-url-parse@11.6.0	None	0	29.6 kB	ionicabizau
npm/glob@8.0.1	filesystem	+1	92.4 kB	isaacs
npm/global-agent@3.0.0	environment, network	0	125 kB	gajus
npm/graphql-tag@2.12.6	None	0	172 kB	apollo-bot
npm/graphql@15.8.0	environment	0	2.12 MB	i1g
npm/has-property-descriptors@1.0.2	None	0	10.9 kB	ljharb
npm/has-symbols@1.1.0	None	0	23.4 kB	ljharb
npm/hasown@2.0.2	None	0	8.77 kB	ljharb
npm/hoist-non-react-statics@3.3.2	None	0	38.9 kB	mridgway
npm/http-call@5.3.0	environment, network	0	43.9 kB	rasphilco
npm/hyperlinker@1.0.0	None	0	5.58 kB	jamestalmage
npm/indent-string@4.0.0	None	0	4.4 kB	sindresorhus
npm/inflected@2.1.0	None	0	80.5 kB	martinandert
npm/listr@0.14.3	None	0	23.5 kB	samverschueren
npm/load-json-file@5.3.0	Transitive: environment, filesystem	+3	44.6 kB	sindresorhus
npm/lodash.debounce@4.0.8	None	0	14 kB	jdalton
npm/lodash.identity@3.0.0	None	0	3.47 kB	jdalton
npm/lodash.pickby@4.6.0	None	0	67.5 kB	jdalton
npm/lodash.sortby@4.7.0	None	0	75.8 kB	jdalton
npm/lodash@4.17.21	None	0	1.41 MB	bnjmnt4n
npm/loose-envify@1.4.0	environment	0	5.81 kB	zertosh
npm/merge-descriptors@1.0.3	None	0	5.08 kB	sindresorhus
npm/mkdirp@1.0.4	environment, filesystem	0	19.1 kB	isaacs
npm/moment@2.29.3	None	0	4.23 MB	ichernev
npm/object-assign@4.1.1	None	0	5.49 kB	sindresorhus
npm/object-inspect@1.13.3	None	0	101 kB	emilbayes, ljharb
npm/optimism@0.16.1	None	0	124 kB	benjamn
npm/password-prompt@1.1.2	environment	0	4.9 kB	dickeyxxx
npm/path-to-regexp@0.1.12	None	0	6.6 kB	blakeembrey, defunctzombie, dougwilson, ...2 more
npm/prop-types@15.7.2	environment	0	97.7 kB	ljharb
npm/qs@6.13.0	None	0	254 kB	ljharb
npm/raw-body@2.5.2	network, unsafe	0	25.8 kB	dougwilson
npm/react-is@16.13.1	environment	0	24 kB	acdlite
npm/recast@0.21.1	filesystem	0	239 kB	eventualbuddha
npm/send@0.19.0	filesystem, network	+2	64.8 kB	ulisesgascon
npm/serve-static@1.16.2	None	0	25.4 kB	wesleytodd
npm/set-function-length@1.2.2	None	+1	24.6 kB	ljharb
npm/sha.js@2.4.11	None	0	31.1 kB	dcousens
npm/side-channel@1.0.6	None	0	23.2 kB	ljharb
npm/symbol-observable@4.0.0	eval	0	16.8 kB	blesh
npm/table@6.8.0	None	0	335 kB	gajus-table
npm/ts-invariant@0.10.3	None	0	28.5 kB	benjamn
npm/tslib@2.3.0	None	0	39 kB	typescript-bot
npm/tty@1.0.1	None	0	786 B	npm
npm/vscode-languageserver-textdocument@1.0.5	None	0	36.5 kB	dbaeumer
npm/vscode-languageserver@7.0.0	environment, filesystem, shell	0	148 kB	dbaeumer
npm/vscode-uri@1.0.6	None	0	57.9 kB	jrieken
npm/yarn@1.22.19	environment, filesystem, shell	0	5.33 MB	danbuild
npm/zen-observable-ts@1.2.5	None	0	22.8 kB	apollo-bot
npm/zen-observable@0.8.15	None	0	72.5 kB	zenparsing

🚮 Removed packages: npm/@apollo/utils.keyvaluecache@1.0.1, npm/@apollo/utils.logger@1.0.0, npm/@apollographql/graphql-language-service-parser@2.0.2, npm/@apollographql/graphql-language-service-types@2.0.2, npm/@apollographql/graphql-language-service-utils@2.0.2, npm/@babel/code-frame@7.18.6, npm/@babel/highlight@7.18.6, npm/@jridgewell/set-array@1.1.2, npm/@jridgewell/sourcemap-codec@1.4.14, npm/@samverschueren/stream-to-observable@0.3.1, npm/@types/node@18.0.0, npm/ajv@8.11.0, npm/ansicolors@0.3.2, npm/any-observable@0.3.0, npm/apollo-link-http-common@0.2.16, npm/apollo-server-env@4.2.1, npm/apollo-utilities@1.3.4, npm/array.prototype.reduce@1.0.4, npm/astral-regex@2.0.0, npm/async@3.2.4, npm/asynckit@0.4.0, npm/at-least-node@1.0.0, npm/body-parser@1.20.1, npm/boolean@3.2.0, npm/brace-expansion@2.0.1, npm/byline@5.0.0, npm/call-bind@1.0.2, npm/camel-case@4.1.2, npm/capital-case@1.0.4, npm/cli-truncate@0.2.1, npm/code-point-at@1.1.0, npm/combined-stream@1.0.8, npm/constant-case@3.0.4, npm/cookie@0.5.0, npm/date-fns@1.30.1, npm/express@4.18.2, npm/finalhandler@1.2.0, npm/function-bind@1.1.1, npm/get-intrinsic@1.1.1, npm/has-symbols@1.0.2, npm/merge-descriptors@1.0.1, npm/object-inspect@1.11.0, npm/path-to-regexp@0.1.7, npm/qs@6.11.0, npm/raw-body@2.5.1, npm/send@0.18.0, npm/serve-static@1.15.0, npm/side-channel@1.0.4

View full report↗︎