[Snyk] Fix for 1 vulnerabilities

[FinalDes]

Snyk has created this PR to fix 1 vulnerabilities in the yarn dependencies of this project.

Snyk changed the following file(s):

• package.json
• yarn.lock

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory.
If you are not using zero-install you can ignore this as your flow should likely be unchanged.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253	828

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

[Copilot]

Pull request overview

This PR addresses a high-severity security vulnerability (SNYK-JS-QS-14724253) related to "Allocation of Resources Without Limits or Throttling" in the qs package by upgrading Express and body-parser dependencies.

Key changes:

• Upgrades express from 4.16.4 to 4.22.x (resolves to 4.22.1)
• Upgrades body-parser from 1.18.3 to 1.20.4
• Updates transitive dependency qs from 6.5.2 to 6.14.1, which contains the security fix

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates express constraint to ^4.22.0 and body-parser to ^1.20.4 to pull in patched qs versions
yarn.lock	Comprehensive update of express, body-parser, and all transitive dependencies including the vulnerable qs package, with many supporting utilities updated to compatible versions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The package.json specifies express version ^4.22.0, but yarn.lock resolves to version 4.22.1. While this is technically correct behavior for semver (^ allows patch updates), it creates a mismatch with the PR description which states Express is being updated to 4.22.0. Consider updating package.json to ^4.22.1 to reflect the actual installed version, or be aware that the resolved version may differ from what's specified in the PR metadata.