[Snyk] Security upgrade express from 4.18.2 to 4.22.0

[shelomo]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning

Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253	170

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[shelomo]

This minor version upgrade of Express introduces a potentially breaking change in version 4.20.0. The default nesting depth for the express.urlencoded() middleware has been changed from Infinity to 32. [1, 2] Applications processing deeply nested objects in form data may experience data loss. Additionally, version 4.21.0 deprecates the use of res.redirect("back"). [1]

Recommendation: Review usages of the express.urlencoded() middleware. If your application requires a nesting depth greater than 32, you must now explicitly configure it: app.use(express.urlencoded({ extended: true, depth: 50 })).

Source: Express Release changelog

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[Copilot]

Pull request overview

This PR upgrades the Express framework from version 4.18.2 to 4.22.0 to address a high-severity security vulnerability (SNYK-JS-QS-14724253) related to allocation of resources without limits or throttling in the qs dependency. The upgrade requires manual update of yarn.lock before merging.

• Security upgrade of Express to patch CVE with a priority score of 170
• Version bump from 4.18.2 to 4.22.0 in package.json

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.