[Snyk] Security upgrade express from 4.12.4 to 4.21.2

[esecdj]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-8482416	721

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[esecdj]

Checkmarx One – Scan Summary & Details – e3d31fd3-bb39-4b72-a9b9-ac3d91696a04

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-21538	Npm-cross-spawn-6.0.5	Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-5.1.0	Vulnerable Package
	CVE-2024-21538	Npm-cross-spawn-4.0.2	Vulnerable Package
	CVE-2024-53900	Npm-mongoose-4.2.4	Vulnerable Package
	Missing User Instruction	/Dockerfile: 2	A user should be specified in the dockerfile, otherwise the image will run as root
	Passwords And Secrets - Generic Password	/docker-compose.yml: 24	Query to find passwords and secrets in infrastructure code.
	Container Traffic Not Bound To Host Interface	/docker-compose.yml: 26	Incoming container traffic should be bound to a specific host interface
	Container Traffic Not Bound To Host Interface	/docker-compose.yml: 8	Incoming container traffic should be bound to a specific host interface
	Container Traffic Not Bound To Host Interface	/docker-compose.yml: 18	Incoming container traffic should be bound to a specific host interface
	Healthcheck Not Set	/docker-compose.yml: 15	Check containers periodically to see if they are running properly.
	Healthcheck Not Set	/docker-compose.yml: 3	Check containers periodically to see if they are running properly.
	Healthcheck Not Set	/docker-compose.yml: 20	Check containers periodically to see if they are running properly.
	Memory Not Limited	/docker-compose.yml: 3	Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
	Memory Not Limited	/docker-compose.yml: 20	Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
	Memory Not Limited	/docker-compose.yml: 15	Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than t...
	Pids Limit Not Set	/docker-compose.yml: 3	'pids_limit' should be set and different than -1
	Pids Limit Not Set	/docker-compose.yml: 15	'pids_limit' should be set and different than -1
	Pids Limit Not Set	/docker-compose.yml: 20	'pids_limit' should be set and different than -1
	Security Opt Not Set	/docker-compose.yml: 3	Attribute 'security_opt' should be defined.
	Security Opt Not Set	/docker-compose.yml: 20	Attribute 'security_opt' should be defined.
	Security Opt Not Set	/docker-compose.yml: 15	Attribute 'security_opt' should be defined.
	Unpinned Actions Full Length Commit SHA	/snyk-code-manual.yml: 13	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Unpinned Actions Full Length Commit SHA	/codeql-analysis.yml: 46	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Unpinned Actions Full Length Commit SHA	/codeql-analysis.yml: 71	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Unpinned Actions Full Length Commit SHA	/snyk-code.yml: 15	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Unpinned Actions Full Length Commit SHA	/codeql-analysis.yml: 57	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Unpinned Actions Full Length Commit SHA	/snyk-test-sarif.yml: 8	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Unpinned Actions Full Length Commit SHA	/snyk-test-sarif.yml: 15	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Unpinned Actions Full Length Commit SHA	/snyk-code.yml: 8	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
	Container Capabilities Unrestricted	/docker-compose.yml: 15	Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
	Container Capabilities Unrestricted	/docker-compose.yml: 3	Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
	Container Capabilities Unrestricted	/docker-compose.yml: 20	Some capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnecessa...
	Cpus Not Limited	/docker-compose.yml: 20	CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
	Cpus Not Limited	/docker-compose.yml: 15	CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
	Cpus Not Limited	/docker-compose.yml: 3	CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
	Healthcheck Instruction Missing	/Dockerfile: 2	Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
	Multiple RUN, ADD, COPY, Instructions Listed	/Dockerfile: 4	Multiple commands (RUN, COPY, ADD) should be grouped in order to reduce the number of layers.

Fixed Issues

Severity	Issue	Source File / Package
	CVE-2017-16119	Npm-fresh-0.2.4
	CVE-2024-45296	Npm-path-to-regexp-0.1.3
	CVE-2024-29041	Npm-express-4.12.4
	CVE-2024-43796	Npm-express-4.12.4
	CVE-2024-43799	Npm-send-0.12.3
	CVE-2024-43800	Npm-serve-static-1.9.3
	Frameable_Login_Page	/routes/index.js: 241