fix(deps): update dependency express to v4.19.2 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
express (source)	4.17.3 -> 4.19.2

GitHub Vulnerability Alerts

CVE-2024-29041

Impact

Versions of Express.js prior to 4.19.2 and pre-release alpha and beta versions before 5.0.0-beta.3 are affected by an open redirect vulnerability using malformed URLs.

When a user of Express performs a redirect using a user-provided URL Express performs an encode using encodeurl on the contents before passing it to the location header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list.

The main method impacted is res.location() but this is also called from within res.redirect().

Patches

expressjs/express@0867302
expressjs/express@0b74695

An initial fix went out with [email protected], we then patched a feature regression in 4.19.1 and added improved handling for the bypass in 4.19.2.

Workarounds

The fix for this involves pre-parsing the url string with either require('node:url').parse or new URL. These are steps you can take on your own before passing the user input string to res.location or res.redirect.

References

https://github.com/expressjs/express/pull/5539
https://github.com/koajs/koa/issues/1800
https://expressjs.com/en/4x/api.html#res.location

---

Release Notes

expressjs/express (express)

v4.19.2

Compare Source

==========

• Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

• Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

v4.18.3

Compare Source

==========

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

v4.18.2

Compare Source

===================

• Fix regression routing a large stack in a single route
• deps: [email protected]
  • deps: [email protected]
  • perf: remove unnecessary object clone
• deps: [email protected]

v4.18.1

Compare Source

===================

• Fix hanging on large stack of sync routes

v4.18.0

Compare Source

===================

• Add "root" option to res.download
• Allow options without filename in res.download
• Deprecate string and non-integer arguments to res.status
• Fix behavior of null/undefined as maxAge in res.cookie
• Fix handling very large stacks of sync middleware
• Ignore Object.prototype values in settings through app.set/app.get
• Invoke default with same arguments as types in res.format
• Support proper 205 responses using res.send
• Use http-errors for res.format error
• deps: [email protected]
  • Fix error message for json parse whitespace in strict
  • Fix internal error when inflated body exceeds limit
  • Prevent loss of async hooks context
  • Prevent hanging when request already read
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Add priority option
  • Fix expires option to reject invalid dates
• deps: [email protected]
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
• deps: [email protected]
  • Remove set content headers that break response
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Prevent loss of async hooks context
• deps: [email protected]
• deps: [email protected]
  • Fix emitted 416 error missing headers property
  • Limit the headers removed for 304 response
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • deps: [email protected]
• deps: [email protected]
  • Remove code 306
  • Rename 425 Unordered Collection to standard 425 Too Early

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@one-ini/[email protected]	filesystem	0	98 kB	hildjj
npm/@sentry/[email protected]	None	+2	1.1 MB	sentry-bot
npm/@sentry/[email protected]	environment, filesystem, network, shell, unsafe	+1	3.34 MB	sentry-bot
npm/@sindresorhus/[email protected]	None	0	40.2 kB	sindresorhus
npm/@szmarczak/[email protected]	None	0	6.3 kB	szmarczak
npm/@tootallnate/[email protected]	None	0	16.3 kB	tootallnate
npm/@types/[email protected]	None	0	6.45 kB	types
npm/@types/[email protected]	None	0	13.5 kB	types
npm/@types/[email protected]	None	0	6.12 kB	types
npm/@types/[email protected]	None	0	3.2 kB	types
npm/@types/[email protected]	None	+1	2.09 MB	types
npm/@types/[email protected]	None	0	4.6 kB	types
npm/@types/[email protected]	None	0	71.8 kB	types
npm/[email protected]	None	0	16.8 kB	dougwilson
npm/[email protected]	None	0	34.6 kB	tootallnate
npm/[email protected]	network	0	43.7 kB	fengmk2
npm/[email protected]	None	+5	61.1 kB	nexdrew
npm/[email protected]	None	0	9.65 kB	phated
npm/[email protected]	None	0	6.04 kB	linusu
npm/[email protected]	None	0	8.05 kB	iarna
npm/[email protected]	Transitive: environment	+1	138 kB	lukekarrys
npm/[email protected]	None	0	4.42 kB	blakeembrey
npm/[email protected]	None	0	2.63 kB	ryanzim
npm/[email protected]	None	0	8.89 kB	dougwilson
npm/[email protected]	None	0	5.03 kB	sindresorhus
npm/[email protected]	environment, eval, unsafe	0	632 kB	esailija
npm/[email protected]	network	0	60.8 kB	dougwilson
npm/[email protected]	None	0	18.4 kB	sindresorhus
npm/[email protected]	None	0	5.23 kB	goinstant
npm/[email protected]	None	0	5.05 kB	linusu
npm/[email protected]	filesystem	0	680 kB	mscdex
npm/[email protected]	None	0	12.3 kB	dougwilson
npm/[email protected]	filesystem	0	63.6 kB	npm-cli-ops
npm/[email protected]	None	0	11.7 kB	sindresorhus
npm/[email protected]	environment, filesystem	0	90.2 kB	paulmillr
npm/[email protected]	None	0	6.14 kB	sindresorhus
npm/[email protected]	None	0	39.6 kB	medikoo
npm/[email protected]	None	+1	41.2 kB	oss-bot
npm/[email protected]	environment, filesystem, shell	0	174 kB	abetomo
npm/[email protected]	Transitive: environment	+2	129 kB	mafintosh
npm/[email protected]	environment, filesystem, network	0	15 kB	isaacs
npm/[email protected]	None	0	19.1 kB	dougwilson
npm/[email protected]	None	0	10.5 kB	dougwilson
npm/[email protected]	None	0	12.1 kB	dougwilson
npm/[email protected]	None	0	3.94 kB	natevw
npm/[email protected]	None	0	18.1 kB	dougwilson
npm/[email protected]	None	0	4.98 kB	isaacs
npm/[email protected]	None	0	20 kB	dougwilson
npm/[email protected]	environment	0	29.1 kB	kentcdodds
npm/[email protected]	None	0	14.2 kB	medikoo
npm/[email protected]	environment, filesystem, network	0	51.2 kB	tootallnate
npm/[email protected]	None	0	31.2 kB	tehshrike
npm/[email protected]	network	0	5.45 kB	szmarczak
npm/[email protected]	None	0	7.46 kB	tjholowaychuk
npm/[email protected]	environment, eval	0	27.1 kB	dougwilson
npm/[email protected]	filesystem	0	9.02 kB	dougwilson
npm/[email protected]	None	0	61.9 kB	mscdex
npm/[email protected]	None	0	28.8 kB	feedic
npm/[email protected]	None	0	11.4 kB	feedic
npm/[email protected]	None	0	75.3 kB	feedic
npm/[email protected]	network	0	162 kB	feedic
npm/[email protected]	None	0	10.4 kB	mickhansen
npm/[email protected]	None	0	20.6 kB	d2l-travis-deploy
npm/[email protected]	filesystem Transitive: environment	+1	463 kB	hildjj
npm/[email protected]	None	0	6.26 kB	dougwilson
npm/[email protected]	None	0	7.86 kB	dougwilson
npm/[email protected]	None	0	413 kB	feedic
npm/[email protected]	eval	+1	435 kB	medikoo
npm/[email protected]	None	0	29.7 kB	medikoo
npm/[email protected]	None	0	16.5 kB	medikoo
npm/[email protected]	None	0	12.5 kB	medikoo
npm/[email protected]	None	0	3.66 kB	dougwilson
npm/[email protected]	filesystem	0	10.8 kB	dougwilson
npm/[email protected]	None	0	27.2 kB	medikoo
npm/[email protected]	environment, filesystem, network	+1	238 kB	wesleytodd
npm/[email protected]	None	0	23.1 kB	medikoo
npm/[email protected]	environment	0	18.6 kB	dougwilson
npm/[email protected]	None	0	5.88 kB	dougwilson
npm/[email protected]	None	0	10.1 kB	dougwilson
npm/[email protected]	filesystem	0	130 kB	ryanzim
npm/[email protected]	None	0	4.72 kB	stefanpenner
npm/[email protected]	None	0	3.13 kB	sindresorhus
npm/[email protected]	None	0	73.8 kB	evanhahn
npm/[email protected]	None	0	265 kB	feedic
npm/[email protected]	None	0	18.8 kB	dougwilson
npm/[email protected]	None	0	3.66 kB	dead_horse
npm/[email protected]	None	0	336 kB	ashtuchkin
npm/[email protected]	None	0	2.82 kB	novemberborn
npm/[email protected]	None	0	49.9 kB	patcher56
npm/[email protected]	None	0	9.3 kB	isaacs
npm/[email protected]	None	0	42.1 kB	whitequark
npm/[email protected]	None	0	9.16 kB	trysound
npm/[email protected]	None	0	2.75 kB	forbeslindesay
npm/[email protected]	None	0	3.89 kB	juliangruber
npm/[email protected]	None	+1	1 MB	bitwiseman
npm/[email protected]	filesystem	0	19.8 kB	ryanzim
npm/[email protected]	None	+1	50.2 kB	charlesrea
npm/[email protected]	None	0	13.7 kB	omsmith
npm/[email protected]	None	0	17.7 kB	omsmith
npm/[email protected]	None	0	21.9 kB	jdalton
npm/[email protected]	None	0	4.27 kB	jdalton
npm/[email protected]	None	0	9.21 kB	jdalton
npm/[email protected]	None	0	4.47 kB	jdalton
npm/[email protected]	None	0	6.89 kB	jdalton
npm/[email protected]	None	0	4.75 kB	jdalton
npm/[email protected]	None	0	10.2 kB	jdalton
npm/[email protected]	None	0	1.41 MB	bnjmnt4n
npm/[email protected]	None	0	5.57 kB	medikoo
npm/[email protected]	None	0	11.1 kB	dougwilson
npm/[email protected]	None	0	55.6 kB	medikoo
npm/[email protected]	None	0	4.89 kB	dougwilson
npm/[email protected]	network	0	5.29 kB	dougwilson
npm/[email protected]	environment, filesystem	0	51.7 kB	broofa
npm/[email protected]	filesystem	0	7.69 kB	isaacs
npm/[email protected]	None	0	3.01 MB	gilmoreorless
npm/[email protected]	None	0	4.35 MB	ichernev
npm/[email protected]	eval	+1	42 kB	dougwilson
npm/[email protected]	None	0	6.27 kB	leo
npm/[email protected]	filesystem	0	27.9 kB	linusu
npm/[email protected]	None	0	7.65 kB	medikoo
npm/[email protected]	network	0	162 kB	node-fetch-bot
npm/[email protected]	environment, filesystem, shell Transitive: network	+2	306 kB	remy
npm/[email protected]	unsafe	0	13.7 kB	dougwilson
npm/[email protected]	None	0	7.54 kB	dougwilson
npm/[email protected]	None	0	125 kB	albell
npm/[email protected]	None	0	10.3 kB	dougwilson
npm/[email protected]	None	0	52 kB	themikenicholson
npm/[email protected]	None	0	5.1 kB	jaredhanson
npm/[email protected]	network	0	81.6 kB	jaredhanson
npm/[email protected]	None	0	35.8 kB	tbking
npm/[email protected]	None	0	6.78 kB	blakeembrey
npm/[email protected]	None	0	2.17 kB
npm/[email protected]	None	0	22 kB	scarney
npm/[email protected]	None	0	3.17 kB	cwmma
npm/[email protected]	None	0	4.86 kB	isaacs
npm/[email protected]	None	0	15.4 kB	dougwilson
npm/[email protected]	environment, shell	0	15 kB	remy
npm/[email protected]	None	0	229 kB	ljharb
npm/[email protected]	None	0	8.46 kB	dougwilson
npm/[email protected]	network, unsafe	0	25.8 kB	dougwilson
npm/[email protected]	environment	+2	102 kB	cwmma
npm/[email protected]	filesystem	0	12.1 kB	troygoode
npm/[email protected]	None	0	37.6 kB	mickhansen
npm/[email protected]	None	0	64.5 kB	boutell
npm/[email protected]	None	0	63.3 kB	lukekarrys
npm/[email protected]	filesystem, network	0	50.1 kB	dougwilson
npm/[email protected]	None	0	66.5 kB	sdepold
npm/[email protected]	None	0	37.5 kB	sushantdhiman
npm/[email protected]	filesystem	0	2.9 MB	sdepold
npm/[email protected]	None	0	25.2 kB	dougwilson
npm/[email protected]	None	0	4.03 kB	wesleytodd
npm/[email protected]	None	0	12.1 kB	dougwilson
npm/[email protected]	None	0	10.1 kB	mscdex
npm/[email protected]	None	0	15.3 kB	matteo.collina
npm/[email protected]	environment	0	6.63 kB	sindresorhus
npm/[email protected]	None	0	14.4 kB	medikoo
npm/[email protected]	None	0	4.68 kB	dougwilson
npm/[email protected]	None	0	27 kB	gustavohenke
npm/[email protected]	filesystem Transitive: environment	+1	37 kB	isaacs
npm/[email protected]	None	0	268 kB	sebmaster
npm/[email protected]	None	0	34 kB	typescript-bot
npm/[email protected]	None	0	18.5 kB	dougwilson
npm/[email protected]	None	0	88.7 kB	medikoo
npm/[email protected]	None	0	26 kB	substack
npm/[email protected]	filesystem	0	58.1 kB	sushantdhiman
npm/[email protected]	None	0	7.6 kB	remy
npm/[email protected]	eval	0	903 kB	jgonggrijp
npm/[email protected]	None	0	4.67 kB	ryanzim
npm/[email protected]	None	0	4.31 kB	dougwilson
npm/[email protected]	None	0	3.72 kB	jaredhanson
npm/[email protected]	None	0	116 kB	ctavan
npm/[email protected]	None	0	751 kB	profnandaa
npm/[email protected]	None	0	8.75 kB	dougwilson
npm/[email protected]	None	0	12.4 kB	sebmaster
npm/[email protected]	None	0	49.9 kB	domenic
npm/[email protected]	None	0	3.73 kB	sindresorhus
npm/[email protected]	None	0	282 kB	cschwarz
npm/[email protected]	filesystem	0	23.4 kB	oss-bot
npm/[email protected]	environment, filesystem	0	124 kB	oss-bot
npm/[email protected]	environment, filesystem	0	286 kB	oss-bot
npm/[email protected]	None	0	628 kB	colinmcd94

🚮 Removed packages: npm/@ampproject/[email protected], npm/@apideck/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.24.1, npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/plugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2, npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@babel/[email protected], npm/@bcoe/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@emotion/[email protected], npm/@floating-ui/[email protected], npm/@floating-ui/[email protected], npm/@humanwhocodes/[email protected], npm/@hypnosphi/[email protected], npm/@istanbuljs/[email protected], npm/@istanbuljs/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jest/[email protected], npm/@jridgewell/[email protected], npm/@jridgewell/[email protected], npm/@jridgewell/[email protected], npm/@jridgewell/[email protected], npm/@jridgewell/[email protected], npm/@jridgewell/[email protected], npm/@juggle/[email protected], npm/@leichtgewicht/[email protected], npm/@nicolo-ribaudo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@nivo/[email protected], npm/@pmmmwh/[email protected], npm/@popperjs/[email protected], npm/@reach/[email protected], npm/@reach/[email protected], npm/@react-hookz/[email protected], npm/@react-hookz/[email protected], npm/@react-spring/[email protected], npm/@react-spring/[email protected], npm/@react-spring/[email protected], npm/@react-spring/[email protected], npm/@react-spring/[email protected], npm/@react-spring/[email protected], npm/@rollup/[email protected], npm/@rollup/[email protected], npm/@rollup/[email protected], npm/@rollup/[email protected], npm/@rushstack/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@sentry/[email protected], npm/@sinclair/[email protected], npm/@sinonjs/[email protected], npm/@sinonjs/[email protected], npm/@surma/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@svgr/[email protected], npm/@tailwindcss/[email protected], npm/@tootallnate/[email protected], npm/@trysound/[email protected], npm/@types/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note
Protestware/Troll package	npm/[email protected]	Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale
Install scripts	npm/[email protected]	Install script: postinstall Source: node -e "try{require('./_postinstall')}catch(e){}" || exit 0

View full report↗︎

Next steps

What is protestware?

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Consider that consuming this package my come along with functionality unrelated to its primary purpose.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (^4.17.3). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.