[Snyk] Security upgrade express from 4.17.1 to 4.21.0

[gitafolabi]

Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• api/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	696
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	541
	Cross-site Scripting SNYK-JS-SEND-7926862	391
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	391

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

[dryrunsecurity]

DryRun Security Summary

The proposed changes in this pull request focus on updating the express dependency in the api/package.json file from version ^4.17.1 to ^4.21.0, which is a minor version update that typically includes bug fixes and improvements, but may also introduce some backward-incompatible changes, and it's important to review the Express.js changelog and release notes to understand if there are any security-related fixes or improvements included in the new version.

Expand for full summary

Summary:

The proposed changes in this pull request focus on updating the express dependency in the api/package.json file from version ^4.17.1 to ^4.21.0. This is a minor version update, which typically includes bug fixes and improvements, but may also introduce some backward-incompatible changes.

From an application security perspective, it's important to review the Express.js changelog and release notes to understand if there are any security-related fixes or improvements included in the new version. Upgrading dependencies, especially those related to web frameworks and server-side components, is a crucial step in maintaining the security of the application. Additionally, it's a good practice to ensure that all other dependencies are also up-to-date to address any known vulnerabilities. In this case, the mongodb and mongoose dependencies remain unchanged, but they should also be reviewed for any security-related updates.

Overall, the changes look reasonable, and the upgrade of the Express.js dependency is a positive step in keeping the application secure. However, it's important to thoroughly test the application after the update to ensure that there are no regressions or unexpected behavior changes.

Files Changed:

• api/package.json: The main change in this pull request is the update of the express dependency from version ^4.17.1 to ^4.21.0. This is a minor version update, which typically includes bug fixes and improvements, but may also introduce some backward-incompatible changes.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.