chore(deps): update dependency express to v4.17.3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
express (source)	4.17.1 -> 4.17.3

---

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the logs for more information.

GitHub Vulnerability Alerts

CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[proto]=b&a[proto]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).

---

Release Notes

expressjs/express

v4.17.3

Compare Source

===================

• deps: accepts@~1.3.8
  • deps: mime-types@~2.1.34
  • deps: negotiator@0.6.3
• deps: body-parser@1.19.2
  • deps: bytes@3.1.2
  • deps: qs@6.9.7
  • deps: raw-body@2.4.3
• deps: cookie@0.4.2
• deps: qs@6.9.7
  • Fix handling of __proto__ keys
• pref: remove unnecessary regexp for trust proxy

v4.17.2

Compare Source

===================

• Fix handling of undefined in res.jsonp
• Fix handling of undefined when "json escape" is enabled
• Fix incorrect middleware execution with unanchored RegExps
• Fix res.jsonp(obj, status) deprecation message
• Fix typo in res.is JSDoc
• deps: body-parser@1.19.1
  • deps: bytes@3.1.1
  • deps: http-errors@1.8.1
  • deps: qs@6.9.6
  • deps: raw-body@2.4.2
  • deps: safe-buffer@5.2.1
  • deps: type-is@~1.6.18
• deps: content-disposition@0.5.4
  • deps: safe-buffer@5.2.1
• deps: cookie@0.4.1
  • Fix maxAge option to reject invalid values
• deps: proxy-addr@~2.0.7
  • Use req.socket over deprecated req.connection
  • deps: forwarded@0.2.0
  • deps: ipaddr.js@1.9.1
• deps: qs@6.9.6
• deps: safe-buffer@5.2.1
• deps: send@0.17.2
  • deps: http-errors@1.8.1
  • deps: ms@2.1.3
  • pref: ignore empty http tokens
• deps: serve-static@1.14.2
  • deps: send@0.17.2
• deps: setprototypeof@1.2.0

---

Configuration

📅 Schedule: Branch creation - "" in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[codeclimate]

Code Climate has analyzed commit ea31c46 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 96.9% (0.0% change).

View more on Code Climate.

[bundlemon]

BundleMon

Unchanged files (6)

Status	Path	Size	Limits
✅	fesm5/ngxs-store.js	137.67KB	145KB / +0.5%
✅	fesm2015/ngxs-store.js	118.39KB	125KB / +0.5%
✅	fesm5/ngxs-store-operators.js	10.07KB	15KB / +0.5%
✅	fesm2015/ngxs-store-operators.js	9.94KB	15KB / +0.5%
✅	fesm5/ngxs-store-internals.js	6.58KB	20KB / +0.5%
✅	fesm2015/ngxs-store-internals.js	5.65KB	20KB / +0.5%

No change in files bundle size

Unchanged groups (6)

Status	Path	Size	Limits
✅	@ngxs/store(esm5)[gzip] ./esm5/**/*.js	179.31KB	+1%
✅	@ngxs/store(esm2015)[gzip] ./esm2015/**/*.js	172.59KB	+1%
✅	@ngxs/store(umd)[gzip] ./bundles/*.umd.js	40.57KB	+1%
✅	@ngxs/store(fesm5)[gzip] ./fesm5/*.js	29.86KB	+1%
✅	@ngxs/store(fesm2015)[gzip] ./fesm2015/*.js	27.33KB	+1%
✅	@ngxs/store(umd.min)[gzip] ./bundles/*.umd.min.js	13.65KB	+1%

Final result: ✅

View report in BundleMon website ➡️

---

Current branch size history | Target branch size history

[bundlemon]

BundleMon (NGXS Plugins)

Unchanged files (28)

Status	Path	Size	Limits
✅	Plugins(umd)[gzip] storage-plugin/bundles/ngxs-storage-plugin.um d.js	7.98KB	+1%
✅	Plugins(umd)[gzip] hmr-plugin/bundles/ngxs-hmr-plugin.umd.js	6.96KB	+1%
✅	Plugins(umd)[gzip] websocket-plugin/bundles/ngxs-websocket-plugi n.umd.js	6.87KB	+1%
✅	Plugins(umd)[gzip] devtools-plugin/bundles/ngxs-devtools-plugin. umd.js	6.53KB	+1%
✅	Plugins(umd)[gzip] router-plugin/bundles/ngxs-router-plugin.umd. js	6.5KB	+1%
✅	Plugins(umd)[gzip] form-plugin/bundles/ngxs-form-plugin.umd.js	6.44KB	+1%
✅	Plugins(umd)[gzip] logger-plugin/bundles/ngxs-logger-plugin.umd. js	5.77KB	+1%
✅	Plugins(fesm5)[gzip] storage-plugin/fesm5/ngxs-storage-plugin.js	4.67KB	+1%
✅	Plugins(fesm2015)[gzip] storage-plugin/fesm2015/ngxs-storage-plugin.j s	4.35KB	+1%
✅	Plugins(fesm5)[gzip] hmr-plugin/fesm5/ngxs-hmr-plugin.js	3.62KB	+1%
✅	Plugins(fesm5)[gzip] websocket-plugin/fesm5/ngxs-websocket-plugin. js	3.53KB	+1%
✅	Plugins(fesm2015)[gzip] hmr-plugin/fesm2015/ngxs-hmr-plugin.js	3.25KB	+1%
✅	Plugins(fesm5)[gzip] devtools-plugin/fesm5/ngxs-devtools-plugin.js	3.21KB	+1%
✅	Plugins(fesm5)[gzip] router-plugin/fesm5/ngxs-router-plugin.js	3.15KB	+1%
✅	Plugins(fesm2015)[gzip] websocket-plugin/fesm2015/ngxs-websocket-plug in.js	3.15KB	+1%
✅	Plugins(umd.min)[gzip] hmr-plugin/bundles/ngxs-hmr-plugin.umd.min.js	3.1KB	+1%
✅	Plugins(fesm5)[gzip] form-plugin/fesm5/ngxs-form-plugin.js	3.07KB	+1%
✅	Plugins(fesm2015)[gzip] devtools-plugin/fesm2015/ngxs-devtools-plugin .js	3.03KB	+1%
✅	Plugins(fesm2015)[gzip] router-plugin/fesm2015/ngxs-router-plugin.js	2.89KB	+1%
✅	Plugins(fesm2015)[gzip] form-plugin/fesm2015/ngxs-form-plugin.js	2.74KB	+1%
✅	Plugins(umd.min)[gzip] storage-plugin/bundles/ngxs-storage-plugin.um d.min.js	2.54KB	+1%
✅	Plugins(fesm5)[gzip] logger-plugin/fesm5/ngxs-logger-plugin.js	2.48KB	+1%
✅	Plugins(umd.min)[gzip] router-plugin/bundles/ngxs-router-plugin.umd. min.js	2.48KB	+1%
✅	Plugins(umd.min)[gzip] form-plugin/bundles/ngxs-form-plugin.umd.min. js	2.43KB	+1%
✅	Plugins(fesm2015)[gzip] logger-plugin/fesm2015/ngxs-logger-plugin.js	2.37KB	+1%
✅	Plugins(umd.min)[gzip] websocket-plugin/bundles/ngxs-websocket-plugi n.umd.min.js	2.18KB	+1%
✅	Plugins(umd.min)[gzip] logger-plugin/bundles/ngxs-logger-plugin.umd. min.js	1.95KB	+1%
✅	Plugins(umd.min)[gzip] devtools-plugin/bundles/ngxs-devtools-plugin. umd.min.js	1.86KB	+1%

No change in files bundle size

Unchanged groups (6)

Status	Path	Size	Limits
✅	All Plugins(esm5)[gzip] ./-plugin/esm5/**/.js	124.79KB	+1%
✅	All Plugins(esm2015)[gzip] ./-plugin/esm2015/**/.js	119.46KB	+1%
✅	All Plugins(umd)[gzip] ./-plugin/bundles/.umd.js	47.06KB	+1%
✅	All Plugins(fesm5)[gzip] ./-plugin/fesm5/.js	23.74KB	+1%
✅	All Plugins(fesm2015)[gzip] ./-plugin/fesm2015/.js	21.78KB	+1%
✅	All Plugins(umd.min)[gzip] ./-plugin/bundles/.umd.min.js	16.54KB	+1%

Final result: ✅

View report in BundleMon website ➡️

---

Current branch size history | Target branch size history

[bundlemon]

BundleMon (Integration Projects)

Unchanged files (4)

Status	Path	Size	Limits
✅	Main bundles(Gzip) hello-world-ng11-ivy/dist-integration/main.(h ash).js	71.13KB	+1%
✅	Main bundles(Gzip) hello-world-ng13-ivy/dist-integration/main.(h ash).js	69.78KB	+1%
✅	Main bundles(Gzip) hello-world-ng12-ivy/dist-integration/main.(h ash).js	67.84KB	+1%
✅	Main bundles(Gzip) hello-world-ng14-ivy/dist-integration/main.(h ash).js	65.46KB	+1%

No change in files bundle size

Final result: ✅

View report in BundleMon website ➡️

---

Current branch size history | Target branch size history