Skip to content

[@rushstack/rush-serve-plugin] Bump express to 4.21.1 (fix vulnerabilities) #5365

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
iclanton merged 4 commits into from
Sep 28, 2025
Merged

[@rushstack/rush-serve-plugin] Bump express to 4.21.1 (fix vulnerabilities) #5365

iclanton merged 4 commits into from
Sep 28, 2025

Conversation

@cnaples79
Copy link
Contributor

@cnaples79 cnaples79 commented Sep 17, 2025

This updates @rushstack/rush-serve-plugin to use express@4.21.1 to address vulnerabilities reported for express@4.20.0 (see #5327).

Changes

  • bump express from 4.20.0 → 4.21.1 in rush-plugins/rush-serve-plugin/package.json
  • add a Rush change file marking a patch release for @rushstack/rush-serve-plugin

Notes

  • No code changes; dependency-only.
  • I did not update the lockfile; happy to refresh it if required by CI.

Fixes #5327.

@github-project-automation github-project-automation bot moved this to Needs triage in Bug Triage Sep 17, 2025
iclanton
iclanton reviewed Sep 18, 2025
View reviewed changes
Copy link
Member

@iclanton iclanton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to run rush update and check in the updated lockfile.

iclanton
iclanton reviewed Sep 18, 2025
View reviewed changes
@iclanton
Copy link
Member

iclanton commented Sep 18, 2025

You also need to update the lockfile explorer project.

@dmichon-msft
Copy link
Contributor

dmichon-msft commented Sep 22, 2025

Should include the change to the lockfile explorer's version as well.

@iclanton iclanton requested a review from patmill as a code owner September 28, 2025 12:19
cnaples79 and others added 4 commits September 28, 2025 14:27
@cnaples79 @iclanton
rush-serve-plugin: bump express to 4.21.1 to address vulnerabilities\…
b3dd801 
…n\n- Update dependency in rush-serve-plugin/package.json\n- Add Rush change file (patch) for @rushstack/rush-serve-plugin\n\nFixes microsoft#5327
@iclanton
Update changefile.
9958ebf
@iclanton
Update changefile.
a835b28
@iclanton
Bump version in lockfile explorer.
f5cd24c
@iclanton iclanton force-pushed the fix/rush-serve-express-bump branch from 1ee32d0 to f5cd24c Compare September 28, 2025 12:28
@iclanton iclanton enabled auto-merge (squash) September 28, 2025 12:28
@iclanton iclanton merged commit b703dea into microsoft:main Sep 28, 2025
5 checks passed
@github-project-automation github-project-automation bot moved this from Needs triage to Closed in Bug Triage Sep 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iclanton iclanton iclanton left review comments

@dmichon-msft dmichon-msft dmichon-msft approved these changes

@octogonz octogonz Awaiting requested review from octogonz octogonz is a code owner

@apostolisms apostolisms Awaiting requested review from apostolisms apostolisms is a code owner

@D4N14L D4N14L Awaiting requested review from D4N14L

@patmill patmill Awaiting requested review from patmill patmill is a code owner

Assignees

No one assigned

Labels

None yet

Projects

Bug Triage
Status: Closed

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[@rushstack/rush-serve-plugin] express 4.20.0 dependency has security vulnerabilities

3 participants

@cnaples79 @iclanton @dmichon-msft