feat(core): Upgrade to express 5 to address CVE-2024-52798 (#14332)

2025-12-16 17:46:45 +00:00 · 2025-04-03 13:43:52 +02:00
parent 02d11b5e7a
commit 4110f3188e
22 changed files with 465 additions and 327 deletions
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -57,9 +57,9 @@
    "@redocly/cli": "^1.28.5",
    "@types/aws4": "^1.5.1",
    "@types/bcryptjs": "^2.4.2",
-    "@types/compression": "1.0.1",
+    "@types/compression": "^1.7.5",
    "@types/convict": "^6.1.1",
-    "@types/cookie-parser": "^1.4.7",
+    "@types/cookie-parser": "^1.4.8",
    "@types/express": "catalog:",
    "@types/flat": "^5.0.5",
    "@types/formidable": "^3.4.5",
@@ -111,23 +111,22 @@
    "change-case": "4.1.2",
    "class-transformer": "0.5.1",
    "class-validator": "0.14.0",
-    "compression": "1.7.4",
+    "compression": "1.8.0",
    "convict": "6.2.4",
    "cookie-parser": "1.4.7",
    "csrf": "3.1.0",
    "dotenv": "8.6.0",
-    "express": "4.21.1",
-    "express-async-errors": "3.1.1",
-    "express-handlebars": "7.1.2",
+    "express": "5.1.0",
+    "express-handlebars": "8.0.1",
    "express-openapi-validator": "5.4.7",
-    "express-prom-bundle": "6.6.0",
-    "express-rate-limit": "7.2.0",
+    "express-prom-bundle": "8.0.0",
+    "express-rate-limit": "7.5.0",
    "fast-glob": "catalog:",
    "flat": "5.0.2",
    "flatted": "catalog:",
    "formidable": "3.5.1",
    "handlebars": "4.7.8",
-    "helmet": "7.1.0",
+    "helmet": "8.1.0",
    "infisical-node": "1.3.0",
    "ioredis": "5.3.2",
    "isbot": "3.6.13",
@@ -153,9 +152,9 @@
    "picocolors": "catalog:",
    "pkce-challenge": "3.0.0",
    "posthog-node": "3.2.1",
-    "prom-client": "13.2.0",
+    "prom-client": "15.1.3",
    "psl": "1.9.0",
-    "raw-body": "2.5.1",
+    "raw-body": "3.0.0",
    "reflect-metadata": "catalog:",
    "replacestream": "4.0.3",
    "samlify": "2.9.0",