Skip to content

Commit 363bc9b

Browse files
collinschreyer-devcollinschreyer-dev
committed
fix(security): upgrade express to 4.22.1 and pin qs to 6.14.2 to remediate CVE-2026-2391
Addresses CISA KEV finding SNYK-JS-QS-15268416 (Allocation of Resources Without Limits or Throttling in qs >=6.7.0 <6.14.2).
1 parent 89ddb78 commit 363bc9b

2 files changed

Lines changed: 7 additions & 5 deletions

File tree

package-lock.json

Lines changed: 5 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
"clone-deep": "^4.0.1",
3535
"cors": "^2.8.5",
3636
"cron": "^1.8.2",
37-
"express": "^4.21.1",
37+
"express": "^4.22.1",
3838
"express-session": "^1.18.1",
3939
"express-winston": "^3.4.0",
4040
"flatted": "^3.3.1",
@@ -49,6 +49,7 @@
4949
"openid-client": "^5.7.0",
5050
"pg": "^8.12.0",
5151
"pg-hstore": "^2.3.4",
52+
"qs": "6.14.2",
5253
"sequelize": "^6.37.3",
5354
"sequelize-cli": "^6.6.1",
5455
"umzug": "^2.3.0",

0 commit comments

Comments
 (0)