[Snyk] Security upgrade express from 4.17.1 to 4.22.0#218
[Snyk] Security upgrade express from 4.17.1 to 4.22.0#218
Conversation
…ilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-QS-14724253
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
This is the final PR Bugbot will review for you during this billing cycle
Your free Bugbot reviews will reset on January 7
Details
You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.
To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.
| "license": "ISC", | ||
| "dependencies": { | ||
| "express": "^4.17.1" | ||
| "express": "^4.22.0" |
There was a problem hiding this comment.
Lock file not updated, vulnerability remains for npm ci
The package.json is updated to Express 4.22.0, but the existing package-lock.json still pins Express 4.17.1 and the vulnerable qs version 6.7.0. When npm ci is used (common in CI/CD pipelines), the lock file takes precedence, causing the old vulnerable version to be installed. The security vulnerability this PR aims to fix (SNYK-JS-QS-14724253) will remain present unless the lock file is also regenerated and committed.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
resources/solution/node.js/ex_14/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-QS-14724253
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling
Note
Dependency upgrade
expressinresources/solution/node.js/ex_14/package.jsonfrom^4.17.1to^4.22.0.Written by Cursor Bugbot for commit 7f7dbfd. This will update automatically on new commits. Configure here.