Bumps the dev-dependencies group with 1 update:
[express](https://github.com/expressjs/express).

Updates `express` from 4.21.2 to 5.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases">express's
releases</a>.</em></p>
<blockquote>
<h2>5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>remove --bail from test script by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5962">expressjs/express#5962</a></li>
<li>Nominate <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> to
the triage team by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6009">expressjs/express#6009</a></li>
<li>Link and update captains by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6013">expressjs/express#6013</a></li>
<li>Update <code>cookie</code> semver lock to address CVE-2024-47764 by
<a href="https://github.com/joshbuker"><code>@​joshbuker</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6017">expressjs/express#6017</a></li>
<li>Release: 5.0.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6032">expressjs/express#6032</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/v5.0.0...5.0.1">https://github.com/expressjs/express/compare/v5.0.0...5.0.1</a></p>
<h2>5.0.0</h2>
<h1>Express v5.0.0</h1>
<p>🎉 <strong>Express v5 is finally here!</strong> 🎉</p>
<p>After years of development, the long-awaited Express v5 has been
officially released. This version focuses on simplifying the codebase,
improving security, and dropping support for older Node.js versions to
enable better performance and maintainability.</p>
<p>For detailed information, please check out the official <a
href="https://expressjs.com/2024/10/15/v5-release.html">Express v5
release blog post</a>.</p>
<h2>Most relevant details</h2>
<h3>Major Changes in v5</h3>
<ul>
<li><strong>Node.js version support</strong>: Dropped support for
Node.js versions before v18.</li>
<li><strong>Routing changes</strong>: Updated to
<code>path-to-regexp@8.x</code>, removing sub-expression regex patterns
for security reasons (ReDoS mitigation).</li>
<li><strong>Promise support</strong>: Middleware can now return rejected
promises, caught by the router as errors.</li>
<li><strong><code>body-parser</code> changes</strong>: Several
improvements including the ability to customize <code>urlencoded</code>
body depth and defaulting <code>extended</code> to
<code>false</code>.</li>
<li><strong>Deprecated API methods removed</strong>: Removed old,
deprecated API method signatures from Express v3/v4.</li>
</ul>
<p>For a complete list of breaking changes and API deprecations, see the
<a href="https://expressjs.com/en/guide/migrating-5.html">migration
guide</a>.</p>
<h3>Security Updates</h3>
<p>This release includes important security fixes, including
improvements to prevent ReDoS attacks and mitigation for CVE-2024-45590.
Full details can be found in the <a
href="https://expressjs.com/2024/09/29/security-releases.html">security
release notes</a>.</p>
<h3>Migration</h3>
<p>Be sure to check out our <a
href="https://expressjs.com/en/guide/migrating-5.html">migration
guide</a> for instructions on how to update your applications from
Express v4 to v5.</p>
<h3>Security Guidance</h3>
<p>For best practices, we recommend reviewing the <a
href="https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md">Threat
Model</a> which outlines Express' approach to securing your
applications, including tips for user input validation and other
critical aspects.</p>
<h2>What's Changed</h2>
<ul>
<li>4.19.2 Staging by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5561">expressjs/express#5561</a></li>
<li>remove duplicate location test for data uri by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5562">expressjs/express#5562</a></li>
<li>feat: document beta releases expectations by <a
href="https://github.com/marco-ippolito"><code>@​marco-ippolito</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5565">expressjs/express#5565</a></li>
<li>Cut down on duplicated CI runs by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5564">expressjs/express#5564</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/master/History.md">express's
changelog</a>.</em></p>
<blockquote>
<h1>5.0.1 / 2024-10-08</h1>
<ul>
<li>Update <code>cookie</code> semver lock to address <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li>
</ul>
<h1>5.0.0 / 2024-09-10</h1>
<ul>
<li>remove:
<ul>
<li><code>path-is-absolute</code> dependency - use
<code>path.isAbsolute</code> instead</li>
</ul>
</li>
<li>breaking:
<ul>
<li><code>res.status()</code> accepts only integers, and input must be
greater than 99 and less than 1000
<ul>
<li>will throw a <code>RangeError: Invalid status code: ${code}. Status
code must be greater than 99 and less than 1000.</code> for inputs
outside this range</li>
<li>will throw a <code>TypeError: Invalid status code: ${code}. Status
code must be an integer.</code> for non integer inputs</li>
</ul>
</li>
<li>deps: send@1.0.0</li>
<li><code>res.redirect('back')</code> and
<code>res.location('back')</code> is no longer a supported magic string,
explicitly use <code>req.get('Referrer') || '/'</code>.</li>
</ul>
</li>
<li>change:
<ul>
<li><code>res.clearCookie</code> will ignore user provided
<code>maxAge</code> and <code>expires</code> options</li>
</ul>
</li>
<li>deps: cookie-signature@^1.2.1</li>
<li>deps: debug@4.3.6</li>
<li>deps: merge-descriptors@^2.0.0</li>
<li>deps: serve-static@^2.1.0</li>
<li>deps: qs@6.13.0</li>
<li>deps: accepts@^2.0.0</li>
<li>deps: mime-types@^3.0.0
<ul>
<li><code>application/javascript</code> =&gt;
<code>text/javascript</code></li>
</ul>
</li>
<li>deps: type-is@^2.0.0</li>
<li>deps: content-disposition@^1.0.0</li>
<li>deps: finalhandler@^2.0.0</li>
<li>deps: fresh@^2.0.0</li>
<li>deps: body-parser@^2.0.1</li>
<li>deps: send@^1.1.0</li>
</ul>
<h1>5.0.0-beta.3 / 2024-03-25</h1>
<p>This incorporates all changes after 4.19.1 up to 4.19.2.</p>
<h1>5.0.0-beta.2 / 2024-03-20</h1>
<p>This incorporates all changes after 4.17.2 up to 4.19.1.</p>
<h1>5.0.0-beta.1 / 2022-02-14</h1>
<p>This is the first Express 5.0 beta release, based off 4.17.2 and
includes
changes from 5.0.0-alpha.8.</p>
<ul>
<li>change:
<ul>
<li>Default &quot;query parser&quot; setting to
<code>'simple'</code></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/expressjs/express/commit/d14b2de782c16fbef39541c9009b01bd6ae90b92"><code>d14b2de</code></a>
5.0.1</li>
<li><a
href="https://github.com/expressjs/express/commit/2027b87a27396d418f7848cc7fc4c353d798c3d9"><code>2027b87</code></a>
fix(deps): cookie@0.7.0</li>
<li><a
href="https://github.com/expressjs/express/commit/2cbf22721defccbb4f29f460ad007002ca87bd72"><code>2cbf227</code></a>
Link and update captains (<a
href="https://redirect.github.com/expressjs/express/issues/6013">#6013</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/3e1a1cedb237568c2a34944a0f4e72eff3a0b40b"><code>3e1a1ce</code></a>
Add <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> to
the triage team (<a
href="https://redirect.github.com/expressjs/express/issues/6009">#6009</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/6340d1509f83e436f4484be1fb3a6d155ebb6a38"><code>6340d15</code></a>
remove --bail from test script (<a
href="https://redirect.github.com/expressjs/express/issues/5962">#5962</a>)</li>
<li><a
href="https://github.com/expressjs/express/commit/344b022fc7ed95cf07b46e097935e61151fd585f"><code>344b022</code></a>
5.0.0</li>
<li><a
href="https://github.com/expressjs/express/commit/0c49926a9b7aff8bbca2a40d2549db0b41bab5b3"><code>0c49926</code></a>
fix(deps): send@^1.1.0</li>
<li><a
href="https://github.com/expressjs/express/commit/b3906cbdded224554ce1c778996d77b5d2a15ebc"><code>b3906cb</code></a>
fix(deps): serve-static@^2.1.0</li>
<li><a
href="https://github.com/expressjs/express/commit/fed8c2a8857a30b91e07a37f739aee18e756853f"><code>fed8c2a</code></a>
fix(deps): body-parser@^2.0.1</li>
<li><a
href="https://github.com/expressjs/express/commit/bdd81f8670975ef30fd49e92513ef48d35029eaf"><code>bdd81f8</code></a>
Delete <code>back</code> as a magic string (<a
href="https://redirect.github.com/expressjs/express/issues/5933">#5933</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.21.2...5.0.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=express&package-manager=npm_and_yarn&previous-version=4.21.2&new-version=5.0.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>