[Snyk] Security upgrade express from 4.21.2 to 4.22.0

[Krosebrook]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253	828

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

---

Summary by cubic

Upgraded Express to 4.22.0 to fix a high-severity qs vulnerability (SNYK-JS-QS-14724253) by pulling in qs 6.14.x. Only dependency files changed; no app code or breaking changes expected.

^{Written for commit fd07c61. Summary will update on new commits.}

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 2 files

[claude]

Claude encountered an error —— View job

---

I'll analyze this and get back to you.

[Copilot]

Pull request overview

This PR attempts to upgrade Express from version 4.21.2 to 4.22.0 to address a high-severity security vulnerability (SNYK-JS-QS-14724253) related to allocation of resources without limits or throttling in the qs package, with a severity score of 828.

Key Changes:

• Update Express dependency version in package.json from ^4.18.2 to ^4.22.0
• Update Express and its dependency qs to version 6.14.1 in package-lock.json
• Convert several Express dependency version specifications from exact to tilde ranges

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Updates Express version constraint from ^4.18.2 to ^4.22.0
package-lock.json	Updates Express to version 4.22.0 with resolved registry URL, adds nested qs 6.14.1 dependency, and converts dependency version specifications to tilde ranges

⚠️ Critical Issue Identified: The Express version 4.22.0 referenced in this PR does not appear to exist in the npm registry as of January 2025. The latest versions in the Express 4.x branch are in the 4.18-4.21 range. This version should be verified before merging this security update.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.