Skip to content

[Snyk] Security upgrade express from 4.21.2 to 4.22.0#11216

Merged
juliasilge merged 3 commits intomainfrom
snyk-fix-dd2034374f265f6df6113b242ed49240
Jan 6, 2026
Merged

[Snyk] Security upgrade express from 4.21.2 to 4.22.0#11216
juliasilge merged 3 commits intomainfrom
snyk-fix-dd2034374f265f6df6113b242ed49240

Conversation

@posit-snyk-bot
Copy link
Contributor

@posit-snyk-bot posit-snyk-bot commented Dec 31, 2025
edited by juliasilge
Loading

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • extensions/positron-proxy/package.json
  • extensions/positron-proxy/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-QS-14724253		   170  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

@:apps
@:help
@:viewer
@:web
@:win

@snyk-bot
fix: extensions/positron-proxy/package.json & extensions/positron-pro…
6e44956 
…xy/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-QS-14724253
@github-actions
Copy link

github-actions bot commented Dec 31, 2025
edited
Loading

Thank you all for this PR! We ask that you sign our Contributor License Agreement before we accept your contribution. You can sign the CLA by posting a comment on this PR saying:

I have read the CLA Document and I hereby sign the CLA

1 out of 2 committers have signed the CLA.
✅ (juliasilge)[https://github.com/juliasilge]
@snyk-bot
You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@github-actions
Copy link

github-actions bot commented Dec 31, 2025
edited
Loading

E2E Tests 🚀
This PR will run tests tagged with: @:critical @:apps @:help @:viewer @:web @:win

readme  valid tags

@juliasilge juliasilge mentioned this pull request Jan 2, 2026
Merged
@juliasilge juliasilge requested a review from jmcphers January 5, 2026 23:20
juliasilge added a commit that referenced this pull request Jan 5, 2026
@juliasilge
Our Snyk bot cannot sign the CLA (#11223)
70872f8 
Related to #11216 where you
can see the CLA action fail


### Release Notes

#### New Features

- N/A

#### Bug Fixes

- N/A


### QA Notes

- N/A
@juliasilge
Copy link
Contributor

juliasilge commented Jan 5, 2026
edited
Loading

Turns out that the user here is not a GitHub App, but rather:

"author": {"login": "posit-snyk-bot", "is_bot": false}

This PR will use the CLA on main and not here (so the CLA action will still fail), but we can at least get the fix merged for next time.

@juliasilge juliasilge merged commit 7cdd5fc into main Jan 6, 2026
11 of 12 checks passed
@juliasilge juliasilge deleted the snyk-fix-dd2034374f265f6df6113b242ed49240 branch January 6, 2026 00:32
@github-actions github-actions bot locked and limited conversation to collaborators Jan 6, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jmcphers jmcphers Awaiting requested review from jmcphers

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@posit-snyk-bot @juliasilge @snyk-bot