Update dependency express to v4.21.1 #2

mend-for-github-com · 2024-03-26T12:13:51Z

This PR contains the following updates:

Package	Type	Update	Change
express (source)	dependencies	minor	`4.18.2` -> `4.21.1`

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability
High	7.5	CVE-2024-45296
High	7.5	CVE-2024-45590
High	7.5	CVE-2024-52798
Medium	6.1	CVE-2024-29041
Medium	5.3	CVE-2024-47764
Medium	5.0	CVE-2024-43796
Medium	5.0	CVE-2024-43799
Medium	5.0	CVE-2024-43800

Release Notes

expressjs/express (express)

`v4.21.1`

Compare Source

What's Changed

Backport a fix for CVE-2024-47764 to the 4.x branch by @joshbuker in #6029
Release: 4.21.1 by @UlisesGascon in #6031

Full Changelog: expressjs/express@4.21.0...4.21.1

`v4.21.0`

Compare Source

What's Changed

Deprecate "back" magic string in redirects by @blakeembrey in #5935
finalhandler@1.3.1 by @wesleytodd in #5954
fix(deps): serve-static@1.16.2 by @wesleytodd in #5951
Upgraded dependency qs to 6.13.0 to match qs in body-parser by @agadzinski93 in #5946

New Contributors

@agadzinski93 made their first contribution in #5946

Full Changelog: expressjs/express@4.20.0...4.21.0

`v4.20.0`

Compare Source

==========

deps: serve-static@0.16.0
- Remove link renderization in html while redirecting
deps: send@0.19.0
- Remove link renderization in html while redirecting
deps: body-parser@0.6.0
- add depth option to customize the depth level in the parser
- IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
Remove link renderization in html while using res.redirect
deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
deps: encodeurl@~2.0.0
- Removes encoding of \, |, and ^ to align better with URL spec
Deprecate passing options.maxAge and options.expires to res.clearCookie
- Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

`v4.19.2`

Compare Source

==========

Improved fix for open redirect allow list bypass

`v4.19.1`

Compare Source

==========

Allow passing non-strings to res.location with new encoding handling checks

`v4.19.0`

Compare Source

==========

Prevent open redirect allow list bypass due to encodeurl
deps: cookie@0.6.0

`v4.18.3`

Compare Source

==========

Fix routing requests without method
deps: body-parser@1.20.2
- Fix strict json error message on Node.js 19+
- deps: content-type@~1.0.5
- deps: raw-body@2.5.2
deps: cookie@0.6.0
- Add partitioned option

If you want to rebase/retry this PR, check this box

rafikmojr · 2024-03-27T11:26:18Z

Checkmarx One – Scan Summary & Details – 76ea6322-0458-41e7-8408-526e93f3518d

New Issues (273)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
Second_Order_SQL_Injection	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	details The application's query method executes an SQL query with sqLiteQuery, at line 74 of /room/room-runtime/src/main/java/androidx/room/util/DBUtil.k... `ID: YFxHBKIaSabz2R5i8%2FLUQfbL%2FTY%3D` Attack Vector
Stored_Command_Injection	/privacysandbox/tools/tools-apigenerator/src/main/java/androidx/privacysandbox/tools/apigenerator/PrivacySandboxApiGenerator.kt: 122	details The application's compile method calls an OS (shell) command with start, at line 53 of /privacysandbox/tools/tools-core/src/main/java/androidx/p... `ID: Tv3LnZ8UUHrVV%2FoCECrGdxJIL90%3D` Attack Vector
Stored_Command_Injection	/development/update_library_versions.py: 59	details The application's does_exist_on_gmaven method calls an OS (shell) command with check_output, at line 128 of /development/update_library_ver... `ID: WT3xBniIPWLrRwIXql2u4j3VLFw%3D` Attack Vector
Stored_Command_Injection	/appsearch/exportToFramework.py: 93	details The application's _FormatWrittenFiles method calls an OS (shell) command with check_call, at line 335 of /appsearch/exportToFramework.py, usin... `ID: h2woJE%2FE2w%2Bif8DD1M5LUAlczmg%3D` Attack Vector
CVE-2024-12905	Npm-tar-fs-2.1.1	details Recommended version: 2.1.3 Description: An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"... Attack Vector: NETWORK Attack Complexity: LOW `ID: kmoF9rEE7xoZsGLXnD5DRIGzCzdrravrny5zNOGgN7g%3D` Vulnerable Package
CVE-2024-37890	Npm-ws-8.9.0	details Recommended version: 8.17.1 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW `ID: ayHBIBaikAasbqo0LoyH9jEXGbzJAlV91hPjttYd5%2B8%3D` Vulnerable Package
CVE-2024-4068	Npm-braces-3.0.2	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW `ID: 3HXPFRYIm8VChZJykWdPR%2BNonM0vmu4UyeaIvy9Fofo%3D` Vulnerable Package
CVE-2024-52798	Npm-path-to-regexp-0.1.10	details Recommended version: 0.1.12 Description: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploit... Attack Vector: NETWORK Attack Complexity: LOW `ID: eq6X1j2VNrstN9hvJctookHeOkZ0oQAGaBh4LAz0F4A%3D` Vulnerable Package
CVE-2025-31125	Npm-vite-4.4.7	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for javascript. Vite exposes the content of non-allowed files using `?inline&import` or `?raw?import`. Only ap... Attack Vector: NETWORK Attack Complexity: LOW `ID: LbvIoNNMba4q8YHFXo1HFKwY%2FdEwGVousjQw5dIAPZM%3D` Vulnerable Package
CVE-2025-48387	Npm-tar-fs-2.1.1	details Recommended version: 2.1.3 Description: The package tar-fs provides filesystem bindings for tar-stream. In versions prior to 1.16.5, 2.0.x prior to 2.1.3, and 3.0.x prior to 3.0.9, there ... Attack Vector: NETWORK Attack Complexity: LOW `ID: 3CA284GAtTx7b4oSruWQC6u9ugVv8T6K%2FIQyGFAaW8U%3D` Vulnerable Package
CVE-2024-31207	Npm-vite-4.4.7	details Recommended version: 5.4.20 Description: Vite (French word for "quick", pronounced "/vit/", like "veet") is a frontend build tooling to improve the frontend development experience. "server... Attack Vector: NETWORK Attack Complexity: HIGH `ID: puAJTcNrMhwpeUc168v4mVLNeUZkS0ULI3RmjpHijAw%3D` Vulnerable Package
CVE-2024-4067	Npm-micromatch-4.0.5	details Recommended version: 4.0.8 Description: The NPM package "micromatch" prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in "micromatch.... Attack Vector: NETWORK Attack Complexity: LOW `ID: 84eevGnZQEotzmLA4FXkSkokKsj%2BbAYkZEc%2F9l4aGPk%3D` Vulnerable Package
CVE-2024-45047	Npm-svelte-4.1.1	details Recommended version: 4.2.19 Description: Svelte is a performance-oriented web framework. A potential mXSS vulnerability exists in Svelte for versions through 4.2.18, 5.0.0-next.1 through 5... Attack Vector: NETWORK Attack Complexity: LOW `ID: xJEU8qbqo78qupp5wpwZdUW6cwpX%2FbGNWBfJxNrCflY%3D` Vulnerable Package
CVE-2024-45811	Npm-vite-4.4.7	details Recommended version: 5.4.20 Description: Vite a frontend build tooling framework for JavaScript. In versions through 3.2.10, 4.0.0-alpha.0 through 4.5.3, 5.0.0-beta.0 through 5.1.7, 5.2.0-... Attack Vector: ADJACENT NETWORK Attack Complexity: HIGH `ID: FM3zDy%2FCCH2mbfzKs1OTAw%2FXaQWff4MQRtQ3nZLQaZo%3D` Vulnerable Package
CVE-2024-45812	Npm-vite-4.4.7	details Recommended version: 5.4.20 Description: Vite a frontend build tooling framework for javascript. In vite versions through 3.2.10, 4.0.0-alpha.0 through 4.5.3, 5.0.0-beta.0 through 5.1.7, 5... Attack Vector: NETWORK Attack Complexity: HIGH `ID: asWbvIGtAV00h%2BshqNKmuu2nOyjVKiGlEScNZDvB8Fc%3D` Vulnerable Package
CVE-2024-47068	Npm-rollup-3.27.2	details Recommended version: 3.29.5 Description: Rollup is a module bundler for JavaScript. In rollup versions prior to 2.79.2, 3.x prior to 3.29.5, and 4.x prior to 4.22.4 are susceptible to a DO... Attack Vector: NETWORK Attack Complexity: LOW `ID: 4BBVAKAkyYqmhxXtJaSspQmsSoeHpeL92uoDHXlPkSM%3D` Vulnerable Package
CVE-2024-47068	Npm-rollup-3.26.3	details Recommended version: 3.29.5 Description: Rollup is a module bundler for JavaScript. In rollup versions prior to 2.79.2, 3.x prior to 3.29.5, and 4.x prior to 4.22.4 are susceptible to a DO... Attack Vector: NETWORK Attack Complexity: LOW `ID: nzWXS8SzXm6wuYBR0MpylgHd7N7eJhuASZ60QtDDCoI%3D` Vulnerable Package
CVE-2024-55565	Npm-nanoid-3.3.6	details Recommended version: 3.3.8 Description: The package nanoid versions through 3.3.7 and 4.0.0 through 5.0.8 mishandle non-integer values. Attack Vector: NETWORK Attack Complexity: LOW `ID: lrmx9f8ml7zOKhiiDTtzfmFIJnTXj5Wuic6UXtp%2BxXQ%3D` Vulnerable Package
CVE-2025-24010	Npm-vite-4.4.7	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for JavaScript. Vite allowed any websites to send any requests to the development server and read the response... Attack Vector: NETWORK Attack Complexity: LOW `ID: pMjWFAMGbGQHGPijUNU1wD7GJwVZCqAE9ejRn87k%2BAI%3D` Vulnerable Package
CVE-2025-30208	Npm-vite-4.4.7	details Recommended version: 5.4.20 Description: Vite, a provider of frontend development tooling, has a vulnerability in versions through 4.5.9, 5.0.0 through 5.4.14, 6.0.0 through 6.0.11, 6.1.0 ... Attack Vector: NETWORK Attack Complexity: HIGH `ID: PCUvr1UVKx%2FvoFyFzJ0kwXWHBLED%2FxVX0yAQMZNABgE%3D` Vulnerable Package
CVE-2025-31486	Npm-vite-4.4.7	details Recommended version: 5.4.20 Description: A vulnerability in Vite allows the contents of arbitrary files to be returned to the browser. By appending "?.svg" along with "?.wasm?init" or sett... Attack Vector: NETWORK Attack Complexity: HIGH `ID: MD%2FT%2Fz%2Bu8j0jpJhSGFAKkA9I987M9mpKz7w%2FUCISZXE%3D` Vulnerable Package
CVE-2025-32395	Npm-vite-4.4.7	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for JavaScript. The contents of arbitrary files can be returned to the browser if the dev server is running on... Attack Vector: NETWORK Attack Complexity: LOW `ID: aJk3mmhg%2FaS49HSgH8eG97Qg9o5MMRHUaNkdbzvfzMo%3D` Vulnerable Package
CVE-2025-46565	Npm-vite-4.4.7	details Recommended version: 5.4.20 Description: Vite is a frontend tooling framework for javascript. In vite package versions through 4.5.13, 5.0.0-beta.0 through 5.4.18, 6.0.0-alpha.0 through 6.... Attack Vector: NETWORK Attack Complexity: LOW `ID: AFa2jJVSatB4i7GMMDtScgU%2FQ29dwhDL%2BaekGROm2rM%3D` Vulnerable Package
Cxbb85e86c-2fac	Npm-esbuild-0.18.16	details Recommended version: 0.25.0 Description: esbuild is an extremely fast bundler for the web, allowing any website to send any request to the development server and read the response due to d... Attack Vector: NETWORK Attack Complexity: HIGH `ID: 9uWp8bn0QUhKRzI%2F6rK4mluf88lS5G3mEEsRHrJraFw%3D` Vulnerable Package
Parameter_Tampering	/camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/foldable/FoldableCameraActivity.kt: 402	details Method showCamerasAndDisplayInfo at line 402 of /camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/fol... `ID: 3C%2BFO2fqH3cGkmaheOXEVRbIvcM%3D` Attack Vector
Parameter_Tampering	/camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/foldable/FoldableCameraActivity.kt: 402	details Method showCamerasAndDisplayInfo at line 402 of /camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/fol... `ID: GJ%2FpWxj3HsXan4tWY3Z32Zzz4wo%3D` Attack Vector
Parameter_Tampering	/camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/foldable/FoldableCameraActivity.kt: 402	details Method showCamerasAndDisplayInfo at line 402 of /camera/integration-tests/uiwidgetstestapp/src/main/java/androidx/camera/integration/uiwidgets/fol... `ID: Ae9wHJfpnTsV0oP%2Fl5j4fp8%2F48k%3D` Attack Vector
Privacy_Violation	/compose/material3/material3/samples/src/main/java/androidx/compose/material3/samples/TextFieldSamples.kt: 198	details Method PasswordTextField at line 198 of /compose/material3/material3/samples/src/main/java/androidx/compose/material3/samples/TextFieldSamples.kt ... `ID: yI4sbDRsOS3XKEG7wlAonNPIlVk%3D` Attack Vector
Privacy_Violation	/compose/material/material/samples/src/main/java/androidx/compose/material/samples/TextFieldSamples.kt: 170	details Method PasswordTextField at line 170 of /compose/material/material/samples/src/main/java/androidx/compose/material/samples/TextFieldSamples.kt sen... `ID: Dal6B4jp8zQf2MwsYHYB45tJh4w%3D` Attack Vector
Privacy_Violation	/room/room-compiler/src/test/test-data/kotlinCodeGen/queryResultAdapter_array.kt: 47	details Method queryOfArray at line 47 of /room/room-compiler/src/test/test-data/kotlinCodeGen/queryResultAdapter_array.kt sends user information outsi... `ID: ngxGvZ%2BrMK9NmJYqZFtjY1khlOQ%3D` Attack Vector
Privacy_Violation	/room/room-compiler/src/test/test-data/kotlinCodeGen/pojoRowAdapter_enum.kt: 75	details Method getEntity at line 75 of /room/room-compiler/src/test/test-data/kotlinCodeGen/pojoRowAdapter_enum.kt sends user information outside the a... `ID: 26%2F07yt9D%2FJRoL%2FRd7Ob5s4DNWI%3D` Attack Vector
Privacy_Violation	/room/room-compiler/src/test/test-data/kotlinCodeGen/pojoRowAdapter_enum.kt: 70	details Method getEntity at line 70 of /room/room-compiler/src/test/test-data/kotlinCodeGen/pojoRowAdapter_enum.kt sends user information outside the a... `ID: GA3uUjmbVNVpw08KRrGJzI%2BKvvo%3D` Attack Vector
Privacy_Violation	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 189	details Method Lambda at line 189 of /room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt sends user information outside the application. This ... `ID: xwTaLZbPCAhsKMXl6375aPBtKS0%3D` Attack Vector
Privacy_Violation	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 191	details Method Lambda at line 191 of /room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt sends user information outside the application. This ... `ID: %2BA1Hw8n1UycVFPAkMxwRDv%2BgHds%3D` Attack Vector

More results are available on the CxOne platform

Fixed Issues (1766)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	~~Buffer_Improper_Index_Access~~	/graphics/graphics-core/src/main/cpp/sc_test_utils.cpp: 29
	~~Buffer_Improper_Index_Access~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 643
	~~Buffer_Improper_Index_Access~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 633
	~~Buffer_Improper_Index_Access~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 623
	~~Buffer_Improper_Index_Access~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 211
	~~Buffer_Improper_Index_Access~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 201
	~~Buffer_Improper_Index_Access~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 191
	~~Buffer_Overflow_Unbounded_Format~~	/benchmark/benchmark-common/src/main/cpp/androidx_benchmark_CpuCounter.cpp: 66
	~~Buffer_Overflow_Unbounded_Format~~	/benchmark/benchmark-common/src/main/cpp/androidx_benchmark_CpuCounter.cpp: 66
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 148
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 148
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/androidTest/java/androidx/wear/watchface/editor/EditorSessionTest.kt: 336
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/androidTest/java/androidx/wear/watchface/editor/EditorSessionTest.kt: 336
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 164
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 164
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 164
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 164
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 151
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 151
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 151
	~~Code_Injection~~	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 151
	~~Command_Injection~~	/development/update_tracing_perfetto.py: 188
	~~Command_Injection~~	/development/file-utils/diff-filterer.py: 970
	~~Command_Injection~~	/development/update_library_versions.py: 59
	~~Command_Injection~~	/appsearch/exportToFramework.py: 376
	~~Command_Injection~~	/appsearch/exportToFramework.py: 377
	~~Command_Injection~~	/development/update_tracing_perfetto.py: 188
	~~Command_Injection~~	/development/update_tracing_perfetto.py: 188
	~~Command_Injection~~	/development/project-creator/create_project.py: 663
	~~Cx89601373-08db~~	Npm-debug-2.6.9
	~~Cx89601373-08db~~	Npm-debug-3.2.7
	~~Cxab55612e-3a56~~	Npm-braces-3.0.2
	~~Cxca84a1c2-1f12~~	Npm-micromatch-4.0.5
	~~Cxf6e7f2c1-dc59~~	Npm-yauzl-2.10.0
	~~OS_Access_Violation~~	/development/file-utils/diff-filterer.py: 970
	~~OS_Access_Violation~~	/development/copy_screenshots_to_golden_repo.py: 22
	~~OS_Access_Violation~~	/development/simplify-build-failure/impl/explode.py: 211
	~~OS_Access_Violation~~	/development/simplify-build-failure/impl/explode.py: 211
	~~OS_Access_Violation~~	/appsearch/exportToFramework.py: 377
	~~OS_Access_Violation~~	/development/project-creator/create_project.py: 663
	~~OS_Access_Violation~~	/development/project-creator/create_project.py: 663
	~~OS_Access_Violation~~	/development/offlinifyDocs/offlinify_dackka_docs.py: 31
	~~OS_Access_Violation~~	/development/offlinifyDocs/offlinify_dackka_docs.py: 72
	~~OS_Access_Violation~~	/development/project-creator/create_project.py: 663
	~~OS_Access_Violation~~	/development/project-creator/create_project.py: 663
	~~OS_Access_Violation~~	/development/simplify-build-failure/impl/explode.py: 211
	~~OS_Access_Violation~~	/development/simplify-build-failure/impl/explode.py: 211
	~~Off_by_One_Error~~	/graphics/graphics-core/src/main/cpp/sc_test_utils.cpp: 29
	~~Off_by_One_Error~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 643
	~~Off_by_One_Error~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 633
	~~Off_by_One_Error~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 623
	~~Off_by_One_Error~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 211
	~~Off_by_One_Error~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 201
	~~Off_by_One_Error~~	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 191
	~~Reflected_XSS~~	/compose/ui/ui-text/benchmark/src/androidTest/java/androidx/compose/ui/text/benchmark/input/EditProcessorBenchmark.kt: 96

More results are available on the CxOne platform

Use @Checkmarx to reach out to us for assistance.

Just send a PR comment with @Checkmarx followed by a natural language request.

Examples: @Checkmarx how are you able to help me? @Checkmarx rescan this PR

socket-security · 2024-09-10T18:07:59Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	express@4.18.2 ⏵ 4.21.1	⁺¹	⁺⁸

View full report

mend-for-github-com bot added the security fix Security fix generated by Mend label Mar 26, 2024

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 6f7ad74 to 882ba91 Compare May 16, 2024 06:17

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 882ba91 to 657cab8 Compare September 10, 2024 18:06

mend-for-github-com bot changed the title ~~Update dependency express to v4.19.0~~ Update dependency express to v4.20.0 Sep 10, 2024

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 657cab8 to 04fca95 Compare November 9, 2024 10:38

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch 6 times, most recently from e7a43e7 to 8bb0100 Compare December 6, 2024 18:08

mend-for-github-com bot changed the title ~~Update dependency express to v4.20.0~~ Update dependency express to v4.21.2 Dec 6, 2024

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch 3 times, most recently from 684ce93 to 0a70457 Compare December 12, 2024 08:11

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch 3 times, most recently from a21d5f6 to 650a54a Compare December 19, 2024 06:33

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 650a54a to 704466b Compare January 3, 2025 04:50

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 704466b to 3780480 Compare January 15, 2025 09:26

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 3780480 to ad1e2e5 Compare February 5, 2025 03:22

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from ad1e2e5 to 55f5790 Compare February 13, 2025 11:39

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 55f5790 to 28e674f Compare February 23, 2025 11:47

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch 2 times, most recently from 81c9889 to 7997676 Compare March 11, 2025 07:19

mend-for-github-com bot changed the title ~~Update dependency express to v4.21.2~~ Update dependency express to v4.21.1 Mar 11, 2025

mend-for-github-com bot changed the title ~~Update dependency express to v4.21.1~~ Update dependency express to v4.21.1 - autoclosed Mar 20, 2025

mend-for-github-com bot closed this Mar 20, 2025

mend-for-github-com bot deleted the whitesource-remediate/express-4.x-lockfile branch March 20, 2025 06:14

mend-for-github-com bot changed the title ~~Update dependency express to v4.21.1 - autoclosed~~ Update dependency express to v4.21.1 Mar 24, 2025

mend-for-github-com bot reopened this Mar 24, 2025

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch 2 times, most recently from 7997676 to 3d5780c Compare March 30, 2025 13:49

mend-for-github-com bot changed the title ~~Update dependency express to v4.21.1~~ Update dependency express to v4.20.0 Mar 30, 2025

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 3d5780c to 67ef3e5 Compare March 30, 2025 16:35

mend-for-github-com bot changed the title ~~Update dependency express to v4.20.0~~ Update dependency express to v4.21.0 Mar 30, 2025

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from 67ef3e5 to e8b7b70 Compare April 29, 2025 18:18

mend-for-github-com bot changed the title ~~Update dependency express to v4.21.0~~ Update dependency express to v4.21.1 Apr 29, 2025

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from e8b7b70 to b2a65d2 Compare September 30, 2025 12:12

Update dependency express to v4.21.1

968d56a

mend-for-github-com bot force-pushed the whitesource-remediate/express-4.x-lockfile branch from b2a65d2 to 968d56a Compare October 1, 2025 13:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update dependency express to v4.21.1 #2

Update dependency express to v4.21.1 #2

Uh oh!

mend-for-github-com bot commented Mar 26, 2024 •

edited

Loading

Uh oh!

rafikmojr commented Mar 27, 2024 •

edited

Loading

Uh oh!

socket-security bot commented Sep 10, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Update dependency express to v4.21.1 #2

Are you sure you want to change the base?

Update dependency express to v4.21.1 #2

Uh oh!

Conversation

mend-for-github-com bot commented Mar 26, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v4.21.1

What's Changed

v4.21.0

What's Changed

New Contributors

v4.20.0

v4.19.2

v4.19.1

v4.19.0

v4.18.3

Uh oh!

rafikmojr commented Mar 27, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

socket-security bot commented Sep 10, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

mend-for-github-com bot commented Mar 26, 2024 •

edited

Loading

`v4.21.1`

`v4.21.0`

`v4.20.0`

`v4.19.2`

`v4.19.1`

`v4.19.0`

`v4.18.3`

rafikmojr commented Mar 27, 2024 •

edited

Loading

socket-security bot commented Sep 10, 2024 •

edited

Loading