fix: upgrade express from 4.18.1 to 4.18.2

Snyk has created this PR to upgrade express from 4.18.1 to 4.18.2. See this package in npm: See this project in Snyk: https://app.snyk.io/org/lissy93/project/564ca11b-8665-48b8-befa-ccd607c3e09a?utm_source=github&utm_medium=referral&page=upgrade-pr
2022-10-30 17:20:31 +00:00 · 2022-10-30 17:20:31 +00:00 · 023570dad9
parent e8b30b9c25
commit 023570dad9
2 changed files with 64 additions and 2 deletions
--- a/package.json
+++ b/package.json
@ -24,7 +24,7 @@
    "axios": "^0.27.2",
    "connect-history-api-fallback": "^1.6.0",
    "crypto-js": "^4.1.1",
-    "express": "^4.17.2",
+    "express": "^4.18.2",
    "frappe-charts": "^1.6.2",
    "js-yaml": "^4.1.0",
    "keycloak-js": "^16.1.1",
--- a/yarn.lock
+++ b/yarn.lock
@ -2510,6 +2510,24 @@ body-parser@1.20.0:
    type-is "~1.6.18"
    unpipe "1.0.0"

+body-parser@1.20.1:
+  version "1.20.1"
+  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.20.1.tgz#b1812a8912c195cd371a3ee5e66faa2338a5c668"
+  integrity sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==
+  dependencies:
+    bytes "3.1.2"
+    content-type "~1.0.4"
+    debug "2.6.9"
+    depd "2.0.0"
+    destroy "1.2.0"
+    http-errors "2.0.0"
+    iconv-lite "0.4.24"
+    on-finished "2.4.1"
+    qs "6.11.0"
+    raw-body "2.5.1"
+    type-is "~1.6.18"
+    unpipe "1.0.0"
+
 body-parser@~1.19.0:
  version "1.19.2"
  resolved "https://registry.yarnpkg.com/body-parser/-/body-parser-1.19.2.tgz#4714ccd9c157d44797b8b5607d72c0b89952f26e"
@ -4539,7 +4557,7 @@ expand-brackets@^2.1.4:
    snapdragon "^0.8.1"
    to-regex "^3.0.1"

-express@^4.16.3, express@^4.17.1, express@^4.17.2:
+express@^4.16.3, express@^4.17.1:
  version "4.18.1"
  resolved "https://registry.yarnpkg.com/express/-/express-4.18.1.tgz#7797de8b9c72c857b9cd0e14a5eea80666267caf"
  integrity sha512-zZBcOX9TfehHQhtupq57OF8lFZ3UZi08Y97dwFCkD8p9d/d2Y3M+ykKcwaMDEL+4qyUolgBDX6AblpR3fL212Q==
@ -4576,6 +4594,43 @@ express@^4.16.3, express@^4.17.1, express@^4.17.2:
    utils-merge "1.0.1"
    vary "~1.1.2"

+express@^4.18.2:
+  version "4.18.2"
+  resolved "https://registry.yarnpkg.com/express/-/express-4.18.2.tgz#3fabe08296e930c796c19e3c516979386ba9fd59"
+  integrity sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==
+  dependencies:
+    accepts "~1.3.8"
+    array-flatten "1.1.1"
+    body-parser "1.20.1"
+    content-disposition "0.5.4"
+    content-type "~1.0.4"
+    cookie "0.5.0"
+    cookie-signature "1.0.6"
+    debug "2.6.9"
+    depd "2.0.0"
+    encodeurl "~1.0.2"
+    escape-html "~1.0.3"
+    etag "~1.8.1"
+    finalhandler "1.2.0"
+    fresh "0.5.2"
+    http-errors "2.0.0"
+    merge-descriptors "1.0.1"
+    methods "~1.1.2"
+    on-finished "2.4.1"
+    parseurl "~1.3.3"
+    path-to-regexp "0.1.7"
+    proxy-addr "~2.0.7"
+    qs "6.11.0"
+    range-parser "~1.2.1"
+    safe-buffer "5.2.1"
+    send "0.18.0"
+    serve-static "1.15.0"
+    setprototypeof "1.2.0"
+    statuses "2.0.1"
+    type-is "~1.6.18"
+    utils-merge "1.0.1"
+    vary "~1.1.2"
+
 extend-shallow@^2.0.1:
  version "2.0.1"
  resolved "https://registry.yarnpkg.com/extend-shallow/-/extend-shallow-2.0.1.tgz#51af7d614ad9a9f610ea1bafbb989d6b1c56890f"
@ -8155,6 +8210,13 @@ qs@6.10.3:
  dependencies:
    side-channel "^1.0.4"

+qs@6.11.0:
+  version "6.11.0"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.0.tgz#fd0d963446f7a65e1367e01abd85429453f0c37a"
+  integrity sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==
+  dependencies:
+    side-channel "^1.0.4"
+
 qs@6.9.7:
  version "6.9.7"
  resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.7.tgz#4610846871485e1e048f44ae3b94033f0e675afe"