build(deps): bump express from 4.17.1 to 4.19.2

[dependabot]

Bumps express from 4.17.1 to 4.19.2.

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: Node.js@16.18 and Node.js@18.12 by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add Node.js@19.7 by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: cookie@0.6.0

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: body-parser@1.20.2
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: raw-body@2.5.2
• deps: cookie@0.6.0
  • Add partitioned option

4.18.2 / 2022-10-08

• Fix regression routing a large stack in a single route
• deps: body-parser@1.20.1
  • deps: qs@6.11.0
  • perf: remove unnecessary object clone
• deps: qs@6.11.0

4.18.1 / 2022-04-29

• Fix hanging on large stack of sync routes

4.18.0 / 2022-04-25

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get

... (truncated)

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: cookie@0.6.0
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
traduora-docs-co	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 19, 2024 3:23pm

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@nestjs/axios@3.0.2	None	0	19.1 kB	nestjscore
npm/@nestjs/common@10.3.7	None	+3	514 kB	nestjscore
npm/@nestjs/core@10.3.7	environment, unsafe Transitive: filesystem, network, shell	+11	1.27 MB	nestjscore
npm/@nestjs/jwt@10.2.0	None	0	51 kB	nestjscore
npm/@nestjs/mapped-types@2.0.5	None	0	24.4 kB	nestjscore
npm/@nestjs/passport@10.0.3	None	0	21.2 kB	nestjscore
npm/@nestjs/platform-express@10.3.7	network Transitive: environment, filesystem	+13	372 kB	nestjscore
npm/@nestjs/swagger@7.3.1	None	+2	2.95 MB	nestjscore
npm/@nestjs/testing@10.3.7	None	0	34 kB	nestjscore
npm/@nestjs/typeorm@10.0.2	None	0	38.8 kB	nestjscore
npm/@sqltools/formatter@1.2.5	None	0	75 kB	mtxr
npm/@types/babel__core@7.1.16	None	+2	50 kB	types
npm/@types/babel__traverse@7.14.2	None	0	123 kB	types
npm/@types/bcrypt@5.0.0	None	0	10.2 kB	types
npm/@types/csv-stringify@3.1.0	None	0	1.78 kB	types
npm/@types/estree@0.0.50	None	0	23.9 kB	types
npm/@types/express@4.17.13	None	+7	132 kB	types
npm/@types/handlebars@4.1.0	None	0	1.75 kB	types
npm/@types/iconv-lite@0.0.1	None	0	3.09 kB	types
npm/@types/istanbul-lib-coverage@2.0.3	None	0	5.91 kB	types
npm/@types/jest@26.0.24	None	+3	213 kB	types
npm/@types/js-yaml@4.0.3	None	0	9.14 kB	types
npm/@types/json-schema@7.0.9	None	0	32.2 kB	types
npm/@types/jsonwebtoken@9.0.5	None	0	13.5 kB	types
npm/@types/moment@2.13.0	None	0	508 B	types
npm/@types/morgan@1.9.3	None	0	13.8 kB	types
npm/@types/node@15.14.9	None	0	806 kB	types
npm/@types/nodemailer@6.4.4	None	0	88.8 kB	types
npm/@types/supertest@2.0.11	None	+2	24.5 kB	types
npm/@types/zen-observable@0.8.3	None	0	10.1 kB	types
npm/abab@2.0.5	None	0	11.1 kB	jeffcarp
npm/accepts@1.3.8	None	0	16.8 kB	dougwilson
npm/acorn@8.5.0	None	0	459 kB	marijn
npm/anymatch@3.1.2	None	0	9.54 kB	paulmillr
npm/app-root-path@3.1.0	environment, unsafe	0	15 kB	inxilpro
npm/asap@2.0.6	None	0	33.9 kB	kriskowal
npm/axios@1.6.8	network Transitive: environment, filesystem	+6	1.99 MB	jasonsaayman
npm/bcrypt@5.0.1	Transitive: environment, filesystem, network, shell	+32	1.78 MB	amitosh
npm/bignumber.js@9.0.0	None	0	402 kB	mikemcl
npm/body-parser@1.20.2	network	+1	397 kB	dougwilson
npm/busboy@1.6.0	None	+1	141 kB	mscdex
npm/bytes@3.1.2	None	0	12.3 kB	dougwilson
npm/chalk@4.1.2	None	0	35 kB	sindresorhus
npm/class-transformer@0.4.0	None	0	740 kB	typestack-release-bot
npm/class-validator@0.13.1	None	+3	10.8 MB	typestack-release-bot
npm/console-control-strings@1.1.0	None	0	12.7 kB	iarna
npm/content-disposition@0.5.4	None	0	19.1 kB	dougwilson
npm/content-type@1.0.5	None	0	10.5 kB	dougwilson
npm/cookie@0.6.0	None	0	23.7 kB	dougwilson
npm/copyfiles@2.4.1	filesystem Transitive: environment	+7	111 kB	cwmma
npm/cross-env@7.0.3	environment	0	29.1 kB	kentcdodds
npm/csv-stringify@6.0.5	None	0	1.27 MB	david
npm/csv@5.5.3	None	+5	3.03 MB	david
npm/depd@2.0.0	environment, eval	0	27.1 kB	dougwilson
npm/destroy@1.2.0	filesystem	0	9.02 kB	dougwilson
npm/dicer@0.2.5	Transitive: environment	+5	179 kB	mscdex
npm/dotenv@16.4.5	environment, filesystem	0	79.1 kB	motdotla
npm/ejs@3.1.7	eval, filesystem Transitive: environment, shell	+3	1.15 MB	mde
npm/enhanced-resolve@5.8.2	None	0	157 kB	sokra
npm/fast-safe-stringify@2.1.1	None	0	39.7 kB	matteo.collina
npm/figlet@1.5.2	filesystem, network	0	6.01 MB	patorjk
npm/finalhandler@1.2.0	environment	+3	40.5 kB	dougwilson
npm/fsevents@2.3.2	None	0	156 kB	pipobscure
npm/generate-password@1.6.1	None	0	22.7 kB	brendanashworth
npm/gettext-parser@4.0.4	Transitive: environment	+2	179 kB	smhg
npm/handlebars@4.7.7	filesystem Transitive: environment, eval	+2	3.93 MB	knappi
npm/he@1.2.0	None	0	124 kB	mathias
npm/http-errors@2.0.0	None	0	18.8 kB	dougwilson
npm/iconv-lite@0.6.3	None	0	349 kB	ashtuchkin
npm/ini@1.3.7	None	0	9.39 kB	isaacs
npm/istanbul-lib-instrument@4.0.3	None	+2	100 kB	coreyfarrell
npm/jest-util@27.2.0	environment	+7	171 kB	simenb
npm/jest-worker@27.2.0	environment, shell	+3	100 kB	simenb
npm/jest@27.2.0	Transitive: environment, eval, filesystem, network, shell, unsafe	+203	12.6 MB	simenb
npm/js-yaml@4.1.0	Transitive: environment, filesystem	+1	576 kB	vitaly
npm/jsonwebtoken@9.0.2	None	+13	263 kB	charlesrea
npm/lru-cache@6.0.0	None	0	15.6 kB	isaacs
npm/make-dir@3.1.0	filesystem	0	10 kB	sindresorhus
npm/make-error@1.3.6	None	0	12.4 kB	julien-f
npm/mime-db@1.52.0	None	0	206 kB	dougwilson
npm/mime-types@2.1.35	None	0	18.3 kB	dougwilson
npm/mkdirp@1.0.4	environment, filesystem	0	19.1 kB	isaacs
npm/moment@2.29.4	None	0	4.23 MB	ichernev
npm/morgan@1.10.0	eval	+4	64.7 kB	dougwilson
npm/multer@1.4.4-lts.1	filesystem	+8	94 kB	linusu
npm/mysql@2.18.1	filesystem, network	+4	511 kB	dougwilson
npm/mysql2@3.9.6	environment, network Transitive: eval	+9	1.7 MB	sidorares
npm/negotiator@0.6.3	None	0	27.4 kB	dougwilson
npm/neo-async@2.6.2	None	0	298 kB	suguru03
npm/node-native2ascii@0.2.0	None	+2	53.4 kB	neocotic
npm/nodemailer@6.6.3	environment, filesystem, network, shell	0	474 kB	andris
npm/nodemon@2.0.12	environment, filesystem, shell Transitive: network	+82	1.34 MB	remy
npm/normalize-path@3.0.0	None	0	9.22 kB	jonschlinkert
npm/object-hash@2.2.0	None	0	59 kB	addaleax
npm/on-finished@2.4.1	unsafe	+1	19.9 kB	dougwilson
npm/optional@0.1.4	None	0	2.48 kB	segomos
npm/parent-require@1.0.0	None	0	5.96 kB	jaredhanson
npm/passport-jwt@4.0.0	None	+12	245 kB	themikenicholson
npm/passport-strategy@1.0.0	None	0	5.1 kB	jaredhanson
npm/passport@0.4.1	network	+1	48.3 kB	jaredhanson
npm/pg@8.11.5	environment, network Transitive: filesystem	+12	450 kB	brianc
npm/php-array-parser@1.0.1	None	+1	2.57 MB	rmariuzzo
npm/prettier@2.4.0	environment, eval, filesystem, unsafe	0	20.7 MB	sosukesuzuki
npm/pretty-format@26.6.2	Transitive: environment	+6	195 kB	simenb
npm/preview-email@3.0.5	filesystem Transitive: environment, eval, network, shell	+55	4.15 MB	niftylettuce
npm/properties@1.2.1	filesystem	0	47 kB	gagle
npm/pug-runtime@3.0.1	filesystem	0	17 kB	pug-bot
npm/qs@6.11.0	Transitive: eval	+5	361 kB	ljharb
npm/query-string@7.0.1	None	+4	59.7 kB	sindresorhus
npm/querystring@0.2.1	None	0	9.39 kB	medikoo
npm/raw-body@2.5.2	network, unsafe	0	25.8 kB	dougwilson
npm/reflect-metadata@0.1.13	None	0	293 kB	rbuckton
npm/rimraf@3.0.2	filesystem	0	17.3 kB	isaacs
npm/rxjs@7.3.0	None	+1	4.48 MB	blesh
npm/safe-buffer@5.2.1	None	0	32.1 kB	feross
npm/schema-utils@3.1.1	Transitive: eval	+5	1.57 MB	evilebottnawi
npm/semver-regex@4.0.3	None	0	3.86 kB	sindresorhus
npm/semver@7.3.5	None	0	88.2 kB	isaacs
npm/send@0.18.0	filesystem, network Transitive: environment	+6	143 kB	dougwilson
npm/serve-static@1.15.0	None	+3	47.1 kB	dougwilson
npm/setprototypeof@1.2.0	None	0	4.03 kB	wesleytodd
npm/statuses@2.0.1	None	0	12.1 kB	dougwilson
npm/string-width@1.0.2	None	+3	13.6 kB	sindresorhus
npm/strings-file@0.0.5	filesystem	0	5.39 kB	alkal
npm/supertest@6.2.2	network Transitive: environment, filesystem	+14	1.16 MB	niftylettuce
npm/swagger-ui-dist@5.11.2	None	0	10.3 MB	swagger-api
npm/swagger-ui-express@4.3.0	Transitive: environment, filesystem, network	+12	310 kB	scottie1984
npm/tapable@2.2.1	None	0	46.9 kB	sokra
npm/toidentifier@1.0.1	None	0	4.68 kB	dougwilson
npm/ts-jest@27.0.5	environment, filesystem Transitive: eval, network, shell, unsafe	+50	1.31 MB	kul
npm/ts-loader@9.2.5	filesystem	0	247 kB	johnnyreilly
npm/ts-node@10.2.1	environment, filesystem, unsafe	+10	1.09 MB	cspotcode
npm/tsconfig-paths@3.11.0	environment, filesystem, unsafe	+3	182 kB	jonaskello
npm/tslib@2.6.2	None	0	84 kB	typescript-bot
npm/tslint@6.1.3	filesystem Transitive: environment	+8	2.82 MB	palantir
npm/type-is@1.6.18	None	+1	29.6 kB	dougwilson
npm/typeorm@0.3.20	environment, eval, filesystem Transitive: network, shell	+45	27.1 MB	pleerock
npm/typescript@4.2.3	None	0	59.2 MB	typescript-bot
npm/unpipe@1.0.0	None	0	4.31 kB	dougwilson
npm/util-deprecate@1.0.2	None	0	5.48 kB	tootallnate
npm/uuid@9.0.1	None	0	123 kB	ctavan
npm/vary@1.1.2	None	0	8.75 kB	dougwilson
npm/webpack-cli@4.8.0	environment, filesystem, unsafe Transitive: eval, shell	+30	876 kB	evilebottnawi
npm/webpack-node-externals@1.7.2	filesystem	0	12.5 kB	liady
npm/webpack@5.52.1	environment, filesystem, network, unsafe Transitive: eval	+38	7.86 MB	sokra
npm/whatwg-url@8.7.0	None	+2	327 kB	domenic
npm/xliff@5.6.2	None	0	543 kB	adrai
npm/xml-js@1.6.11	None	0	421 kB	nashwaan
npm/xml2js@0.4.23	None	+1	212 kB	leonidas
npm/xtend@4.0.2	None	0	6.46 kB	raynos

🚮 Removed packages: npm/@babel/helper-annotate-as-pure@7.15.4, npm/@babel/helper-create-class-features-plugin@7.15.4, npm/@babel/helper-function-name@7.15.4, npm/@babel/helper-remap-async-to-generator@7.15.4, npm/@babel/helper-skip-transparent-expression-wrappers@7.15.4, npm/@babel/plugin-proposal-class-properties@7.14.5, npm/@babel/plugin-proposal-object-rest-spread@7.15.6, npm/@babel/plugin-proposal-unicode-property-regex@7.14.5, npm/@babel/plugin-transform-dotall-regex@7.14.5, npm/address@1.1.2, npm/assert-plus@1.0.0, npm/boolbase@1.0.0, npm/bootstrap@5.1.1, npm/caw@2.0.1, npm/content-disposition@0.5.3, npm/core-js-compat@3.17.3, npm/css-color-names@0.0.4, npm/css-what@5.0.1, npm/debug@4.3.2, npm/decompress-tar@4.1.1, npm/decompress@4.2.1, npm/docusaurus@1.14.7, npm/enzyme-shallow-equal@1.0.4, npm/error-ex@1.3.2, npm/es-abstract@1.18.6, npm/extsprintf@1.3.0, npm/file-type@10.11.0, npm/function.prototype.name@1.1.4, npm/get-stream@3.0.0, npm/get-value@2.0.6, npm/glob@7.2.0, npm/http-errors@1.7.2, npm/ini@1.3.8, npm/is-boolean-object@1.1.2, npm/is-callable@1.2.4, npm/is-descriptor@1.0.2, npm/is-extendable@0.1.1, npm/is-plain-obj@1.1.0, npm/is-retry-allowed@1.2.0, npm/is-stream@1.1.0, npm/is-string@1.0.7, npm/is-symbol@1.0.4, npm/loose-envify@1.4.0, npm/make-dir@2.1.0, npm/map-obj@1.0.1, npm/merge2@1.4.1, npm/mime-db@1.49.0, npm/mime-types@2.1.32, npm/mixin-deep@1.3.2, npm/normalize-package-data@2.5.0, npm/object-is@1.1.5, npm/object-keys@1.1.1, npm/object.assign@4.1.2, npm/object.entries@1.1.4, npm/object.pick@1.3.0, npm/object.values@1.1.4, npm/path-key@2.0.1, npm/postcss-value-parser@4.1.0, npm/postcss@7.0.36, npm/prop-types@15.7.2, npm/qs@6.7.0, npm/react-is@16.13.1, npm/regex-not@1.0.2, npm/repeat-string@1.6.1, npm/request@2.88.2, npm/set-value@2.0.1, npm/split-string@3.1.0, npm/statuses@1.5.0, npm/supports-preserve-symlinks-flag@1.0.0, npm/svgo@1.3.2

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/nodemon@2.0.12	Install script: postinstall Source: node bin/postinstall || exit 0	api/package.json
Install scripts	npm/bcrypt@5.0.1	Install script: install Source: node-pre-gyp install --fallback-to-build	api/package.json
Install scripts	npm/@nestjs/core@10.3.7	Install script: postinstall Source: opencollective || exit 0	api/package.json

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/nodemon@2.0.12
• @SocketSecurity ignore npm/bcrypt@5.0.1
• @SocketSecurity ignore npm/@nestjs/core@10.3.7