[Snyk] Upgrade express from 4.21.2 to 4.22.1

[chirag127]

Snyk has created this PR to upgrade express from 4.21.2 to 4.22.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253	614	Proof of Concept
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253	614	Proof of Concept

Release notes

Package name: express

• 4.22.1 - 2025-12-01
  

  What's Changed

  Important

  The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

  • Release: 4.22.1 by @ UlisesGascon in #6934

  Full Changelog: 4.22.0...v4.22.1

• 4.22.0 - 2025-12-01
  

  Important: Security

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

  What's Changed

  • Refactor: improve readability by @ sazk07 in #6190
  • ci: add support for Node.js@23.0 by @ UlisesGascon in #6080
  • Method functions with no path should error by @ wesleytodd in #5957
  • ci: updated github actions ci workflow by @ Phillip9587 in #6323
  • ci: reorder npm i steps to fix ci for older node versions by @ Phillip9587 in #6336
  • Backport: ci: add node.js 24 to test matrix by @ Phillip9587 in #6506
  • chore(4.x): wider range for query test skip by @ jonchurch in #6513
  • use tilde notation for certain dependencies by @ UlisesGascon in #6905
  • deps: qs@6.14.0 by @ UlisesGascon in #6909
  • deps: use tilde notation for qs by @ Phillip9587 in #6919
  • Release: 4.22.0 by @ UlisesGascon in #6921

  Full Changelog: 4.21.2...4.22.0

• 4.21.2 - 2024-12-05
  

  What's Changed

  • Add funding field (v4) by @ bjohansebas in #6065
  • deps: path-to-regexp@0.1.11 by @ blakeembrey in #5956
  • deps: bump path-to-regexp@0.1.12 by @ jonchurch in #6209
  • Release: 4.21.2 by @ UlisesGascon in #6094

  Full Changelog: 4.21.1...4.21.2

from express GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[continue]

Learn more

---

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

---

Unsubscribe from All Green comments

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: build

Failed stage: Lint [❌]

Failed test name: ""

Failure summary: The action failed during the npm run lint step because package.json does not define a lint script. The workflow attempted to run npm run lint, but npm reported Missing script: "lint" and exited with code 1 (log lines 137–149).

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 126: shell: /usr/bin/bash -e {0} 127: ##[endgroup] 128: added 121 packages, and audited 122 packages in 3s 129: 20 packages are looking for funding 130: run `npm fund` for details 131: 5 vulnerabilities (1 low, 4 high) 132: To address issues that do not require attention, run: 133: npm audit fix 134: To address all issues (including breaking changes), run: 135: npm audit fix --force 136: Run `npm audit` for details. 137: ##[group]Run npm run lint 138: �[36;1mnpm run lint�[0m 139: shell: /usr/bin/bash -e {0} 140: ##[endgroup] 141: npm error Missing script: "lint" 142: npm error 143: npm error Did you mean this? 144: npm error npm link # Symlink a package folder 145: npm error 146: npm error To see a list of scripts, run: 147: npm error npm run 148: npm error A complete log of this run can be found in: /home/runner/.npm/_logs/2026-01-09T06_00_54_740Z-debug-0.log 149: ##[error]Process completed with exit code 1. 150: Post job cleanup.