Express dependency upgrades

[kentcdodds]

Upgrades express, express-rate-limit, and @types/express to their latest versions. This required updating Express wildcard routes from string patterns to regex patterns to align with Express 5's routing behavior. An e2e test assertion was also updated to reflect a minor UI text change.

Test Plan

Full gate (npm run validate) was executed to ensure no regressions. No manual UI testing was performed as changes are dependency/server/test-only, and automated e2e tests cover UI flows.

Checklist

• Tests updated
• Docs updated

Screenshots

N/A - Dependency and server-side changes.

---

 

---

Note

Medium Risk
Express major-version upgrade plus routing-pattern changes can subtly affect request matching and middleware execution order; changes are localized and covered by automated tests.

Overview
Upgrades server dependencies to express@5, express-rate-limit@8, and @types/express@5, with the corresponding package-lock.json refresh.

Updates Express route matching in server/index.ts to use regex-based catch-alls and static-path handlers (replacing '*' and ['/img/*','/favicons/*']) to align with Express 5 routing behavior, and adjusts one Playwright assertion to match updated “no past messages yet” UI copy.

^{Written by Cursor Bugbot for commit 9601d68. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}