chore(deps): Bump express from 4.21.2 to 4.22.1#662
Open
dependabot[bot] wants to merge 1 commit into
Open
Microsoft GitHub Policy Service / GitOps/AdvancedSecurity
failed
Jan 12, 2026 in 0s
Dependency Review
Dependency review detected vulnerable
Details
Dependency review summary
We have found 1 vulnerable package(s).
Vulnerability
Vulnerabilities were filtered by minimum severity Moderate.
| Dependency | File Name | Version | Vulnerability | Severity |
|---|---|---|---|---|
| qs | package-lock.json | 6.14.0 | qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion | High |
Loading