[Snyk] Security upgrade express from 4.17.1 to 4.17.3

[aravindvnair99]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • functions/package.json
  • functions/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-QS-3153490	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: express

The new version differs by 117 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: [email protected]
• a007863 deps: [email protected]
• e98f584 Revert "build: use [email protected] for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use [email protected] for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: [email protected]
• 43cc56e build: clean up gitignore
• 1c7bbcc build: [email protected]
• 9cbbc8a deps: [email protected]
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[guardrails]

⚠️ We detected 17 security issues in this pull request:

Insecure Processing of Data (1)

Docs	Details
💡	Title: XSS - Reflected Cross Site Scripting, Severity: Medium Email-Application/functions/index.js Line 216 in 1f64b08 res.send(req.decodedClaims.uid);

More info on how to fix Insecure Processing of Data in JavaScript.

---

Vulnerable Libraries (16)

Severity	Details
Medium	pkg:npm/[email protected]@2.6.6 (t) - no patch available
High	pkg:npm/[email protected]@10.8.2 (t) - no patch available
High	pkg:npm/[email protected]@0.3.0 (t) - no patch available
High	pkg:npm/[email protected]@3.0.4 (t) upgrade to: 3.0.5
Critical	pkg:npm/[email protected]@1.0.2 (t) - no patch available
N/A	pkg:npm/[email protected]@0.10.0 (t) upgrade to: 1.0.0
Medium	pkg:npm/[email protected]@4.17.3 - no patch available
Medium	pkg:npm/[email protected]@2.0.5 (t) upgrade to: 1.28.2,3.20.4,3.20.4,3.20.4,2.0.6,3.20.4,4.9.2,4.9.2,4.9.2,4.9.2
High	pkg:npm/[email protected]@6.11.2 (t) upgrade to: 6.11.3
Critical	[email protected] upgrade to: >=3.1.7
High	[email protected] upgrade to: >10.2.0
High	[email protected] (t) upgrade to: >2.2.1-pre.2 || >2.30.4 || >3.0.1
Medium	[email protected] (t) upgrade to: >3.1.2
Medium	[email protected] (t) upgrade to: >2.0.5
High	[email protected] (t) upgrade to: >=3.0.5
High	[email protected] (t) upgrade to: >=2.6.7

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.