[Snyk-dev] Fix for 5 vulnerabilities

[jonny-irving]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • other-app/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Recently disclosed, Has a fix available, CVSS 8.2	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	No	No Known Exploit
	541/1000 Why? Recently disclosed, Has a fix available, CVSS 5.1	Cross-site Scripting SNYK-JS-EXPRESS-7926867	No	No Known Exploit
	738/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.9	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	No	Proof of Concept
	391/1000 Why? Recently disclosed, Has a fix available, CVSS 2.1	Cross-site Scripting SNYK-JS-SEND-7926862	No	No Known Exploit
	391/1000 Why? Recently disclosed, Has a fix available, CVSS 2.1	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: body-parser

The new version differs by 250 commits.

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• ee91374 1.20.2
• 368a93a Fix strict json error message on Node.js 19+
• 0385872 deps: raw-body@2.5.2
• 2c35b41 build: eslint@8.34.0
• f0646c2 build: Node.js@18.14
• f345fb1 build: Node.js@14.21
• 6842efc deps: content-type@~1.0.5
• 5af7315 build: eslint-plugin-promise@6.1.1
• 8e605b3 build: supertest@6.3.3
• cba6e77 build: mocha@10.2.0
• 6a464ab build: eslint-plugin-import@2.27.5
• 7ebf276 build: eslint@8.32.0
• 69bb649 build: Node.js@16.19
• 8ff995f docs: switch badges to badgen
• 850832f build: Node.js@18.13
• dad8f34 build: actions/download-artifact@v3

See the full diff

Package name: express

The new version differs by 250 commits.

• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate `"back"` magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• ec4a01b feat: upgrade to body-parser@1.20.3 (#5926)
• 54271f6 fix: don't render redirect values in anchor href
• 125bb74 path-to-regexp@0.1.10 (#5902)
• 2a980ad merge-descriptors@1.0.3 (#5781)
• a3e7e05 docs: specify new instructions for `question` and `discuss`
• c5addb9 deps: path-to-regexp@0.1.8 (#5603)
• e35380a docs: add @ IamLizu to the triage team (#5836)
• f5b6e67 docs: update scorecard link (#5814)
• 2177f67 docs: add OSSF Scorecard badge (#5436)
• f4bd86e Replace Appveyor windows testing with GHA (#5599)
• 2ec589c Fix Contributor Covenant link definition reference in attribution section (#5762)
• 4cf7eed remove minor version pinning from ci (#5722)
• 6d08471 📝 update people, add ctcpip to TC (#5683)
• 61421a8 skip QUERY tests for Node 21 only, still not supported (#5695)
• f42b160 [v4] Deprecate `res.clearCookie` accepting `options.maxAge` and `options.expires` (#5672)
• 689073d ✨ bring back query tests for node 21 (#5690)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting
🦉 Regular Expression Denial of Service (ReDoS)