Skip to content

chore(deps): bump express to 5.2.1 MONGOSH-3047 #2607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
addaleax merged 2 commits into from
Dec 4, 2025
Merged

chore(deps): bump express to 5.2.1 MONGOSH-3047 #2607

addaleax merged 2 commits into from
Dec 4, 2025

Conversation

@addaleax
Copy link
Collaborator

@addaleax addaleax commented Dec 3, 2025

Resolves a CI vuln check failure for SNYK-JS-EXPRESS-14157151. We are not affected by this vulnerability, and the CVE was even revoked, but this is still the easiest way to resolve this warning.

@addaleax
chore(deps): bump express to 5.2.0
b4a4d35 
Resolves a CI vuln check failure for SNYK-JS-EXPRESS-14157151.
We are not affected by this vulnerability, and the CVE was even
revoked, but this is still the easiest way to resolve this warning.
@addaleax addaleax requested a review from a team as a code owner December 3, 2025 12:01
Copilot AI review requested due to automatic review settings December 3, 2025 12:01
Copilot AI reviewed Dec 3, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR upgrades Express to version 5.2.0 to resolve a CI vulnerability check failure (SNYK-JS-EXPRESS-14157151), even though the project is not actually affected by the vulnerability and the CVE was revoked. The upgrade allows removal of dependency overrides that were previously needed.

Key Changes:

  • Removes overrides section from package.json containing cookie and body-parser version pins

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

addaleax
addaleax commented Dec 3, 2025
View reviewed changes
package.json
"cookie": "^0.7.2",
"body-parser": "^2.2.1"
}
]
Copy link
Collaborator Author

@addaleax addaleax Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't need these anymore, the updated version of express already allows these ranges

@addaleax addaleax added the no-title-validation Skips validation of PR titles (conventional commit adherence + JIRA ticket inclusion) label Dec 3, 2025
@addaleax addaleax changed the title chore(deps): bump express to 5.2.0 chore(deps): bump express to 5.2.0 MONGOSH-3047 Dec 3, 2025
@addaleax addaleax changed the title chore(deps): bump express to 5.2.0 MONGOSH-3047 chore(deps): bump express to 5.2.1 MONGOSH-3047 Dec 3, 2025
@addaleax addaleax merged commit 6fc1946 into main Dec 4, 2025
149 of 156 checks passed
@addaleax addaleax deleted the express-5.2.0 branch December 4, 2025 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@gagik gagik gagik approved these changes

Assignees

No one assigned

Labels

no-title-validation Skips validation of PR titles (conventional commit adherence + JIRA ticket inclusion)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@addaleax @gagik