Closed
Description
I propose:
Please see:
ec4a01b#commitcomment-146499333
Please sync
"qs": "6.11.0",
to the actual version"body-parser": "1.20.3",
is using which is"qs": "6.13.0",
4c9ddc1#commitcomment-146501448
You should also bump
send
within"serve-static": "1.16.0",
.
express requires"send": "0.19.0",
but"serve-static": "1.16.0",
requires"send": "0.18.0"
,
So, bump where applicable the following two packages:
"qs": "6.13.0",
"send": "0.19.0",
My two cents.
Related:
- npm audit fail on last Express version (4.20.0) due to send(0.19.0) vulnerability #5947
- Dependency on vulnerable version of send package serve-static#175
- Upgraded dependency qs to 6.13.0 to match qs in body-parser #5946
- bump send to 0.19 serve-static#176
Linking more related issues: