Update dependency express to v4.20.0

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
express (source)	dependencies	minor	4.18.2 -> 4.20.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	CVE
Medium	6.1	CVE-2024-29041
Medium	5.0	CVE-2024-43796

---

Release Notes

expressjs/express (express)

v4.20.0

Compare Source

==========

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

v4.19.2

Compare Source

==========

• Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

• Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

==========

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

v4.18.3

Compare Source

==========

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

---

• If you want to rebase/retry this PR, check this box

[rafikmojr]

Checkmarx One – Scan Summary & Details – 3f108405-d54d-4213-a233-709c962a2de4

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Second_Order_SQL_Injection	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	Attack Vector
	Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
	Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
	Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
	Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	Attack Vector
	CVE-2024-37890	Npm-ws-8.9.0	Vulnerable Package
	CVE-2024-4068	Npm-braces-3.0.2	Vulnerable Package
	Reflected_XSS	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavController.kt: 1809	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavController.kt: 1809	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavController.kt: 1335	Attack Vector
	Reflected_XSS	/navigation/navigation-common/src/main/java/androidx/navigation/NavDeepLinkRequest.kt: 51	Attack Vector
	Reflected_XSS	/navigation/navigation-common/src/main/java/androidx/navigation/NavDeepLinkRequest.kt: 51	Attack Vector
	Reflected_XSS	/compose/foundation/foundation/src/commonMain/kotlin/androidx/compose/foundation/text/CoreTextField.kt: 243	Attack Vector
	Reflected_XSS	/compose/ui/ui-text/src/commonMain/kotlin/androidx/compose/ui/text/input/VisualTransformation.kt: 30	Attack Vector
	Reflected_XSS	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text/ComposeInputFieldMinMaxLines.kt: 140	Attack Vector
	Reflected_XSS	/glance/glance-template/src/main/java/androidx/glance/template/GlanceTemplate.kt: 39	Attack Vector
	Reflected_XSS	/glance/glance-template/src/main/java/androidx/glance/template/GlanceTemplate.kt: 39	Attack Vector
	Reflected_XSS	/compose/foundation/foundation/src/androidInstrumentedTest/kotlin/androidx/compose/foundation/textfield/TextFieldSelectionTest.kt: 452	Attack Vector
	Reflected_XSS	/window/window-demos/demo/src/main/java/androidx/window/demo/embedding/SplitDeviceStateActivityBase.kt: 100	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavDeepLinkBuilder.kt: 288	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavDeepLinkBuilder.kt: 277	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavDeepLinkBuilder.kt: 316	Attack Vector
	Reflected_XSS	/compose/ui/ui-text/benchmark/src/androidTest/java/androidx/compose/ui/text/benchmark/input/EditProcessorBenchmark.kt: 96	Attack Vector
	Reflected_XSS	/compose/ui/ui-text/benchmark/src/androidTest/java/androidx/compose/ui/text/benchmark/input/EditProcessorBenchmark.kt: 96	Attack Vector
	Reflected_XSS	/compose/ui/ui-text/benchmark/src/androidTest/java/androidx/compose/ui/text/benchmark/input/EditProcessorBenchmark.kt: 96	Attack Vector
	Reflected_XSS	/window/window-demos/demo/src/main/java/androidx/window/demo/embedding/SplitDeviceStateActivityBase.kt: 117	Attack Vector
	Reflected_XSS	/compose/ui/ui-test/src/androidInstrumentedTest/kotlin/androidx/compose/ui/test/util/TestTextField.kt: 59	Attack Vector
	Reflected_XSS	/paging/integration-tests/testapp/src/main/java/androidx/paging/integration/testapp/v3/Item.kt: 21	Attack Vector
	Reflected_XSS	/paging/integration-tests/testapp/src/main/java/androidx/paging/integration/testapp/v3/Item.kt: 21	Attack Vector
	Reflected_XSS	/paging/integration-tests/testapp/src/main/java/androidx/paging/integration/testapp/v3/Item.kt: 21	Attack Vector
	Reflected_XSS	/paging/integration-tests/testapp/src/main/java/androidx/paging/integration/testapp/v3/Item.kt: 21	Attack Vector
	Reflected_XSS	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text2/DecorationBoxDemos.kt: 85	Attack Vector
	Reflected_XSS	/compose/material3/material3/src/commonMain/kotlin/androidx/compose/material3/TimePicker.kt: 1554	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavController.kt: 1317	Attack Vector
	Reflected_XSS	/compose/ui/ui-graphics/src/commonMain/kotlin/androidx/compose/ui/graphics/colorspace/ColorSpace.kt: 458	Attack Vector
	Reflected_XSS	/compose/ui/ui-graphics/src/commonMain/kotlin/androidx/compose/ui/graphics/colorspace/ColorSpace.kt: 458	Attack Vector
	Reflected_XSS	/camera/integration-tests/extensionstestapp/src/main/java/androidx/camera/integration/extensions/validation/ImageValidationActivity.kt: 114	Attack Vector
	Reflected_XSS	/camera/integration-tests/extensionstestapp/src/main/java/androidx/camera/integration/extensions/validation/ImageValidationActivity.kt: 113	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3585	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3558	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3504	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3464	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3437	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3416	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3393	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3368	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3344	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3321	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3298	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3269	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerTest.kt: 3250	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2359	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2332	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2278	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2234	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2207	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2152	Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/androidTest/java/androidx/navigation/NavControllerRouteTest.kt: 2132	Attack Vector
	Reflected_XSS	/activity/activity/src/main/java/androidx/activity/ComponentActivity.kt: 588	Attack Vector
	CVE-2024-31207	Npm-vite-4.4.7	Vulnerable Package
	CVE-2024-4067	Npm-micromatch-4.0.5	Vulnerable Package
	CVE-2024-43799	Npm-send-0.18.0	Vulnerable Package
	CVE-2024-45047	Npm-svelte-4.1.1	Vulnerable Package
	CVE-2024-45811	Npm-vite-4.4.7	Vulnerable Package
	CVE-2024-45812	Npm-vite-4.4.7	Vulnerable Package
	CVE-2024-47068	Npm-rollup-3.26.3	Vulnerable Package
	CVE-2024-47068	Npm-rollup-3.27.2	Vulnerable Package
	CVE-2024-47764	Npm-cookie-0.6.0	Vulnerable Package
	Cx14b19a02-387a	Npm-body-parser-1.20.3	Vulnerable Package
	Parameter_Tampering	/camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/foldable/FoldableCameraActivity.kt: 402	Attack Vector
	Parameter_Tampering	/camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/foldable/FoldableCameraActivity.kt: 402	Attack Vector
	Parameter_Tampering	/camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/foldable/FoldableCameraActivity.kt: 402	Attack Vector
	Privacy_Violation	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text2/BasicSecureTextFieldDemos.kt: 80	Attack Vector
	Privacy_Violation	/compose/ui/ui/src/androidInstrumentedTest/kotlin/androidx/compose/ui/input/pointer/TestUtils.kt: 362	Attack Vector
	Privacy_Violation	/compose/ui/ui/src/androidInstrumentedTest/kotlin/androidx/compose/ui/input/pointer/TestUtils.kt: 329	Attack Vector
	Privacy_Violation	/room/room-compiler/src/test/test-data/kotlinCodeGen/pojoRowAdapter_valueClassConverter.kt: 65	Attack Vector
	Privacy_Violation	/compose/runtime/runtime/samples/src/main/java/androidx/compose/runtime/samples/ModelSamples.kt: 45	Attack Vector
	Privacy_Violation	/compose/material3/material3/samples/src/main/java/androidx/compose/material3/samples/TextFieldSamples.kt: 198	Attack Vector
	Privacy_Violation	/compose/material/material/samples/src/main/java/androidx/compose/material/samples/TextFieldSamples.kt: 170	Attack Vector
	Privacy_Violation	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text/TextFieldKeyboardTypeDemo.kt: 35	Attack Vector
	Privacy_Violation	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text/TextFieldKeyboardTypeDemo.kt: 34	Attack Vector
	Privacy_Violation	/compose/runtime/runtime/samples/src/main/java/androidx/compose/runtime/samples/ModelSamples.kt: 45	Attack Vector

More results are available on AST platform

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/express@4.20.0	Transitive: environment, eval, filesystem, network, unsafe	+66	2.44 MB	blakeembrey, dougwilson, linusu, ...4 more

🚮 Removed packages: npm/express@4.18.2

View full report↗︎