[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Poisoning SNYK-JS-QS-3153490	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @lhci/cli

The new version differs by 21 commits.

• 71d3af2 chore: bump to node 16 in dockerfiles (A New, Next-Generation Rendering Architecture for Chromium [6/11/2021] GoogleChrome/developer.chrome.com#841)
• 43afef4 fix(docker): include globally installed puppeteer (Deprecation for x-origin alerts. GoogleChrome/developer.chrome.com#736)
• 55fd467 feat(cli): API requests will respect HTTP_PROXY env variable ([email protected] GoogleChrome/developer.chrome.com#727)
• e4c2b2c chore(deps): node 16, storybook, esbuild (ScriptInjection Documentation Error? GoogleChrome/developer.chrome.com#839)
• ada2782 feat(cli): added url hash to differentiate between urls (Display + link to blog post tags from blog post detail pages GoogleChrome/developer.chrome.com#835)
• 75f4bb8 docs: clarify when Github status checks apply ("magic" getTabId() method in the docs GoogleChrome/developer.chrome.com#822)
• b7f59c6 chore(docs): update security tradeoff link (Update permissions warnings table with  GoogleChrome/developer.chrome.com#815)
• fbd4465 fix typecheck
• 908b075 tests: use relative path in utils test files (getAuthToken and oauth2 manifest documentation should mention failure modes GoogleChrome/developer.chrome.com#737)
• 0da6496 docs(heroku): fix recipe for Heroku to support LHCI 0.9.0 (Create Chủ GoogleChrome/developer.chrome.com#782)
• d218192 feat: extract type defs to assert.d.ts (Create Owner.main GoogleChrome/developer.chrome.com#785)
• ff1f14d chore(docs): s/enviroment/environment (adds 'pills' for types/version information GoogleChrome/developer.chrome.com#720)
• d41928d docs: update CircleCI config example (bump chrome-types-helper to fix nodoc GoogleChrome/developer.chrome.com#721)
• c9a3684 chore: add commitMessage to storybook tests (Video at https://developer.chrome.com/docs/apps/app_architecture/#security doesn't load. GoogleChrome/developer.chrome.com#744)
• fea2fd4 chore(deps): remove update-notifier ([devtools-blog] Update APCA explanation GoogleChrome/developer.chrome.com#756)
• c8957a8 Update minimum node version requirement (Debugger keeping machine awake GoogleChrome/developer.chrome.com#803)
• 72270e7 fix standalone viewer build via build-app adjustments (Twice calls chrome.tabs.onUpdated.addListener when use document.write GoogleChrome/developer.chrome.com#786)
• aa10d00 fix(docker): update deps in docker-server to match global deps (Phande/chủ GoogleChrome/developer.chrome.com#779)
• 0fe44dd fix(server): CLS diff not showing on compare screen (Phande/chủ GoogleChrome/developer.chrome.com#784)
• 9deb96d update dockerfiles to use node 14 (Suppress spurious extension in screenshot GoogleChrome/developer.chrome.com#772)
• fe181b6 chore: update docker images with latest version (ESTADO do RIO de JANEIRO GoogleChrome/developer.chrome.com#754)

See the full diff

Package name: express

The new version differs by 117 commits.

• 3d7fce5 4.17.3
• f906371 build: update example dependencies
• 6381bc6 deps: [email protected]
• a007863 deps: [email protected]
• e98f584 Revert "build: use [email protected] for Node.js < 4"
• a659137 tests: use strict mode
• a39e409 tests: prevent leaking changes to NODE_ENV
• 82de4de examples: fix path traversal in downloads example
• 12310c5 build: use nyc for test coverage
• 884657d examples: remove bitwise syntax for includes check
• 7511d08 build: use [email protected] for Node.js < 4
• 2585f20 tests: fix test missing assertion
• 9d09762 build: [email protected]
• 43cc56e build: clean up gitignore
• 1c7bbcc build: [email protected]
• 9cbbc8a deps: [email protected]
• 6fbc269 pref: remove unnecessary regexp for trust proxy
• 2bc734a deps: accepts@~1.3.8
• 89bb531 docs: fix typo in res.download jsdoc
• 744564f tests: add test for multiple ips in "trust proxy"
• da6cb0e tests: add range tests to res.download
• 00ad5be tests: add more tests for app.request & app.response
• 141914e tests: fix tests that did not bubble errors
• bd4fdfe tests: remove global dependency on should

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Poisoning