diff --git a/apps/lockfile-explorer/package.json b/apps/lockfile-explorer/package.json index df2bdf3d4ea..0a97f5f29d3 100644 --- a/apps/lockfile-explorer/package.json +++ b/apps/lockfile-explorer/package.json @@ -33,7 +33,7 @@ "scripts": { "build": "heft build --clean", "start": "heft start", - "serve": "node ./lib/start.js --debug", + "serve": "node ./lib/start-explorer.js --debug", "test": "heft test", "_phase:build": "heft run --only build -- --clean", "_phase:test": "heft run --only test -- --clean" @@ -63,7 +63,7 @@ "@rushstack/node-core-library": "workspace:*", "@rushstack/terminal": "workspace:*", "cors": "~2.8.5", - "express": "4.20.0", + "express": "5.1.0", "js-yaml": "~3.13.1", "open": "~8.4.0", "update-notifier": "~5.1.0", diff --git a/common/changes/@microsoft/rush/user-cmalonzo-npmaudit-express_2025-09-08-19-21.json b/common/changes/@microsoft/rush/user-cmalonzo-npmaudit-express_2025-09-08-19-21.json new file mode 100644 index 00000000000..9d0a511eb9b --- /dev/null +++ b/common/changes/@microsoft/rush/user-cmalonzo-npmaudit-express_2025-09-08-19-21.json @@ -0,0 +1,10 @@ +{ + "changes": [ + { + "packageName": "@microsoft/rush", + "comment": "Upgrade express to 5.1.0", + "type": "none" + } + ], + "packageName": "@microsoft/rush" +} \ No newline at end of file diff --git a/common/changes/@rushstack/lockfile-explorer/user-cmalonzo-npmaudit-express_2025-09-08-19-21.json b/common/changes/@rushstack/lockfile-explorer/user-cmalonzo-npmaudit-express_2025-09-08-19-21.json new file mode 100644 index 00000000000..1a92d60f3f7 --- /dev/null +++ b/common/changes/@rushstack/lockfile-explorer/user-cmalonzo-npmaudit-express_2025-09-08-19-21.json @@ -0,0 +1,10 @@ +{ + "changes": [ + { + "packageName": "@rushstack/lockfile-explorer", + "comment": "Upgrade express to 5.1.0", + "type": "patch" + } + ], + "packageName": "@rushstack/lockfile-explorer" +} \ No newline at end of file diff --git a/common/config/subspaces/default/pnpm-lock.yaml b/common/config/subspaces/default/pnpm-lock.yaml index be905f3bec9..881e2115ada 100644 --- a/common/config/subspaces/default/pnpm-lock.yaml +++ b/common/config/subspaces/default/pnpm-lock.yaml @@ -215,8 +215,8 @@ importers: specifier: ~2.8.5 version: 2.8.5 express: - specifier: 4.20.0 - version: 4.20.0 + specifier: 5.1.0 + version: 5.1.0 js-yaml: specifier: ~3.13.1 version: 3.13.1 @@ -4585,8 +4585,8 @@ importers: specifier: ~2.8.5 version: 2.8.5 express: - specifier: 4.20.0 - version: 4.20.0 + specifier: 5.1.0 + version: 5.1.0 http2-express-bridge: specifier: ~1.0.7 version: 1.0.7(@types/express@4.17.21) @@ -11646,7 +11646,7 @@ packages: detect-port-alt: 1.1.6 esbuild: 0.14.54 esbuild-runner: 2.2.2(esbuild@0.14.54) - express: 4.20.0 + express: 4.21.2 fs-extra: 9.1.0 remeda: 0.0.32 source-map-support: 0.5.21 @@ -11687,7 +11687,7 @@ packages: dotenv-expand: 5.1.0 esbuild: 0.14.54 escodegen: 2.1.0 - express: 4.20.0 + express: 4.21.2 fs-extra: 9.1.0 immer: 9.0.21 js-yaml: 4.1.0 @@ -12731,7 +12731,7 @@ packages: core-js: 3.36.0 cross-spawn: 7.0.3 envinfo: 7.11.1 - express: 4.20.0 + express: 4.21.2 find-up: 5.0.0 fs-extra: 9.1.0 get-port: 5.1.1 @@ -12933,7 +12933,7 @@ packages: babel-plugin-polyfill-corejs3: 0.1.7(@babel/core@7.20.12) chalk: 4.1.2 core-js: 3.36.0 - express: 4.20.0 + express: 4.21.2 file-system-cache: 1.1.0 find-up: 5.0.0 fork-ts-checker-webpack-plugin: 6.5.3(eslint@9.25.1)(typescript@5.8.2)(webpack@4.47.0) @@ -13009,7 +13009,7 @@ packages: core-js: 3.36.0 cpy: 8.1.2 detect-port: 1.5.1 - express: 4.20.0 + express: 4.21.2 file-system-cache: 1.1.0 fs-extra: 9.1.0 globby: 11.1.0 @@ -13131,7 +13131,7 @@ packages: chalk: 4.1.2 core-js: 3.36.0 css-loader: 3.6.0(webpack@4.47.0) - express: 4.20.0 + express: 4.21.2 file-loader: 6.2.0(webpack@4.47.0) file-system-cache: 1.1.0 find-up: 5.0.0 @@ -17374,7 +17374,7 @@ packages: resolution: {integrity: sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==} engines: {node: '>= 0.6'} dependencies: - mime-db: 1.52.0 + mime-db: 1.54.0 /compression@1.7.4: resolution: {integrity: sha512-jaSIDzP9pZVS4ZfQ+TzvtiWhdpFhE2RDHz8QJkpX9SIpLq88VueF5jJw6t+6CUQcAoA6t+x89MLrWAqpfDE8iQ==} @@ -17487,8 +17487,8 @@ packages: engines: {node: '>= 0.6'} dev: false - /cookie@0.6.0: - resolution: {integrity: sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==} + /cookie@0.7.1: + resolution: {integrity: sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==} engines: {node: '>= 0.6'} /cookie@0.7.2: @@ -20084,8 +20084,8 @@ packages: express: 5.1.0 dev: false - /express@4.20.0: - resolution: {integrity: sha512-pLdae7I6QqShF5PnNTCVn4hI91Dx0Grkn2+IAsMTgMIKuQVte2dN9PeGSSAME2FR8anOhVA62QDIUaWVfEXVLw==} + /express@4.21.2: + resolution: {integrity: sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==} engines: {node: '>= 0.10.0'} dependencies: accepts: 1.3.8 @@ -20093,27 +20093,27 @@ packages: body-parser: 1.20.3 content-disposition: 0.5.4 content-type: 1.0.5 - cookie: 0.6.0 + cookie: 0.7.1 cookie-signature: 1.0.6 debug: 2.6.9 depd: 2.0.0 encodeurl: 2.0.0 escape-html: 1.0.3 etag: 1.8.1 - finalhandler: 1.2.0 + finalhandler: 1.3.1 fresh: 0.5.2 http-errors: 2.0.0 merge-descriptors: 1.0.3 methods: 1.1.2 on-finished: 2.4.1 parseurl: 1.3.3 - path-to-regexp: 0.1.10 + path-to-regexp: 0.1.12 proxy-addr: 2.0.7 - qs: 6.11.0 + qs: 6.13.0 range-parser: 1.2.1 safe-buffer: 5.2.1 send: 0.19.0 - serve-static: 1.16.0 + serve-static: 1.16.2 setprototypeof: 1.2.0 statuses: 2.0.1 type-is: 1.6.18 @@ -20427,12 +20427,12 @@ packages: dependencies: to-regex-range: 5.0.1 - /finalhandler@1.2.0: - resolution: {integrity: sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==} + /finalhandler@1.3.1: + resolution: {integrity: sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==} engines: {node: '>= 0.8'} dependencies: debug: 2.6.9 - encodeurl: 1.0.2 + encodeurl: 2.0.0 escape-html: 1.0.3 on-finished: 2.4.1 parseurl: 1.3.3 @@ -21296,10 +21296,6 @@ packages: dependencies: dunder-proto: 1.0.1 - /has-symbols@1.0.3: - resolution: {integrity: sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==} - engines: {node: '>= 0.4'} - /has-symbols@1.1.0: resolution: {integrity: sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==} engines: {node: '>= 0.4'} @@ -24247,7 +24243,6 @@ packages: /mime-db@1.54.0: resolution: {integrity: sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==} engines: {node: '>= 0.6'} - dev: false /mime-types@2.1.35: resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==} @@ -24931,7 +24926,7 @@ packages: dependencies: call-bind: 1.0.7 define-properties: 1.2.1 - has-symbols: 1.0.3 + has-symbols: 1.1.0 object-keys: 1.1.1 /object.assign@4.1.7: @@ -25419,8 +25414,8 @@ packages: minipass: 7.1.2 dev: false - /path-to-regexp@0.1.10: - resolution: {integrity: sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==} + /path-to-regexp@0.1.12: + resolution: {integrity: sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==} /path-to-regexp@8.2.0: resolution: {integrity: sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==} @@ -26295,7 +26290,8 @@ packages: resolution: {integrity: sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==} engines: {node: '>=0.6'} dependencies: - side-channel: 1.0.6 + side-channel: 1.1.0 + dev: true /qs@6.12.0: resolution: {integrity: sha512-trVZiI6RMOkO476zLGaBIzszOdFPnCCXHPG9kn0yuS1uz6xdVxPfZdB3vUig9pxPFDM9BRAgz/YUIVQ1/vuiUg==} @@ -27756,24 +27752,6 @@ packages: statuses: 1.5.0 dev: false - /send@0.18.0: - resolution: {integrity: sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==} - engines: {node: '>= 0.8.0'} - dependencies: - debug: 2.6.9 - depd: 2.0.0 - destroy: 1.2.0 - encodeurl: 1.0.2 - escape-html: 1.0.3 - etag: 1.8.1 - fresh: 0.5.2 - http-errors: 2.0.0 - mime: 1.6.0 - ms: 2.1.3 - on-finished: 2.4.1 - range-parser: 1.2.1 - statuses: 2.0.1 - /send@0.19.0: resolution: {integrity: sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==} engines: {node: '>= 0.8.0'} @@ -27857,14 +27835,14 @@ packages: parseurl: 1.3.3 dev: false - /serve-static@1.16.0: - resolution: {integrity: sha512-pDLK8zwl2eKaYrs8mrPZBJua4hMplRWJ1tIFksVC3FtBEBnl8dxgeHtsaMS8DhS9i4fLObaon6ABoc4/hQGdPA==} + /serve-static@1.16.2: + resolution: {integrity: sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==} engines: {node: '>= 0.8.0'} dependencies: - encodeurl: 1.0.2 + encodeurl: 2.0.0 escape-html: 1.0.3 parseurl: 1.3.3 - send: 0.18.0 + send: 0.19.0 /serve-static@2.2.0: resolution: {integrity: sha512-61g9pCh0Vnh7IutZjtLGGpTA355+OPn2TyDv/6ivP2h/AdAVX9azsoxmg2/M6nZeQZNYBEwIcsne1mJd9oQItQ==} @@ -28023,8 +28001,9 @@ packages: dependencies: call-bind: 1.0.7 es-errors: 1.3.0 - get-intrinsic: 1.2.4 + get-intrinsic: 1.3.0 object-inspect: 1.13.4 + dev: true /side-channel@1.1.0: resolution: {integrity: sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==} @@ -30234,7 +30213,7 @@ packages: compression: 1.7.4 connect-history-api-fallback: 2.0.0 default-gateway: 6.0.3 - express: 4.20.0 + express: 4.21.2 graceful-fs: 4.2.11 html-entities: 2.5.2 http-proxy-middleware: 2.0.6 @@ -30288,7 +30267,7 @@ packages: colorette: 2.0.20 compression: 1.7.4 connect-history-api-fallback: 2.0.0 - express: 4.20.0 + express: 4.21.2 graceful-fs: 4.2.11 html-entities: 2.5.2 http-proxy-middleware: 2.0.6 diff --git a/common/config/subspaces/default/repo-state.json b/common/config/subspaces/default/repo-state.json index d5311ebb9a9..54c4a17057e 100644 --- a/common/config/subspaces/default/repo-state.json +++ b/common/config/subspaces/default/repo-state.json @@ -1,5 +1,5 @@ // DO NOT MODIFY THIS FILE MANUALLY BUT DO COMMIT IT. It is generated and used by Rush. { - "pnpmShrinkwrapHash": "afd64fcadd84dabdd15342e7c535d6fc4b7537ad", + "pnpmShrinkwrapHash": "3e8771714aa033b13641f9d43cccd317de215190", "preferredVersionsHash": "61cd419c533464b580f653eb5f5a7e27fe7055ca" } diff --git a/rush-plugins/rush-serve-plugin/package.json b/rush-plugins/rush-serve-plugin/package.json index f684f5b5f86..9ceead65557 100644 --- a/rush-plugins/rush-serve-plugin/package.json +++ b/rush-plugins/rush-serve-plugin/package.json @@ -24,7 +24,7 @@ "@rushstack/ts-command-line": "workspace:*", "compression": "~1.7.4", "cors": "~2.8.5", - "express": "4.20.0", + "express": "5.1.0", "http2-express-bridge": "~1.0.7", "ws": "~8.14.1" },