[Snyk] Fix for 4 vulnerabilities

[Exnadella]

User description

Snyk has created this PR to fix 4 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/web-component-tester/package.json
• packages/web-component-tester/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	696
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	541
	Cross-site Scripting SNYK-JS-SEND-7926862	391
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	391

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting

---

PR Type

enhancement, dependencies

---

Description

• Upgraded body-parser, express, and send dependencies in package.json to address vulnerabilities.
• Updated package-lock.json to reflect the changes in dependency versions.
• These changes aim to fix vulnerabilities related to asymmetric resource consumption and cross-site scripting.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Upgrade dependencies to fix vulnerabilities                            packages/web-component-tester/package.json Upgraded body-parser from version ^1.17.2 to ^1.20.3. Upgraded express from version ^4.15.3 to ^4.20.0. Upgraded send from version ^0.16.1 to ^0.19.0. +3/-3      package-lock.json Update package-lock.json for dependency upgrades                  packages/web-component-tester/package-lock.json Updated lock file to reflect new dependency versions. +11908/-11896
Additional files (token-limit)	package-lock.json ...                                                                                                            packages/web-component-tester/package-lock.json ... +11908/-11896

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[qodo-merge-pro]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ No key issues to review

[qodo-merge-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Security	Update the Lodash dependency to the latest version for improved security and features Consider updating the lodash dependency to a more recent version, such as ^4.17.21. The current version ^3.10.1 is quite old and may have security vulnerabilities. packages/web-component-tester/package.json [68] -"lodash": "^3.10.1", +"lodash": "^4.17.21", Apply this suggestion Suggestion importance[1-10]: 9 Why: The suggestion correctly identifies a potential security vulnerability in the outdated lodash version and recommends updating to the latest version, which is crucial for security and feature improvements.	9
Enhancement	Update the Chalk dependency to a more recent version for improved features and compatibility Consider updating the chalk dependency to a more recent version, such as ^4.1.2. The current version ^1.1.3 is quite old and may lack recent features and improvements. packages/web-component-tester/package.json [63] -"chalk": "^1.1.3", +"chalk": "^4.1.2", Apply this suggestion Suggestion importance[1-10]: 8 Why: The suggestion correctly identifies that the chalk dependency is outdated and recommends updating to a more recent version, which would improve compatibility and features.	8

[qodo-merge-pro]

CI Failure Feedback 🧐

(Checks updated until commit 1624b9a)

Action: test (ubuntu-latest)

Failed stage: Run npm run bootstrap [❌]

Failure summary: The action failed because the npm ci command exited with code 1 in the 'wct-mocha' package. This indicates that there was an error during the installation of dependencies. Additionally, there are multiple deprecation warnings for various packages, which may contribute to the failure.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 564: npm WARN deprecated [email protected]: Glob versions prior to v9 are no longer supported 565: npm WARN deprecated [email protected]: This module is no longer supported. 566: npm WARN deprecated [email protected]: This package is no longer supported. 567: npm WARN deprecated [email protected]: This package is no longer supported. 568: npm WARN deprecated [email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 569: npm WARN deprecated [email protected]: This package is no longer supported. 570: npm WARN deprecated [email protected]: This package is no longer supported. 571: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 572: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. ... 747: npm ERR! 748: npm ERR! aliases: clean-install, ic, install-clean, isntall-clean 749: npm ERR! 750: npm ERR! Run "npm help ci" for more info 751: npm ERR! A complete log of this run can be found in: 752: npm ERR! /home/runner/.npm/_logs/2024-09-11T20_37_46_632Z-debug-0.log 753: lerna ERR! npm ci exited 1 in 'wct-mocha' 754: lerna WARN complete Waiting for 1 child process to exit. CTRL-C to exit immediately. 755: ##[error]Process completed with exit code 1.

---

✨ CI feedback usage guide:

---

The CI feedback tool (/checks) automatically triggers when a PR has a failed check.
The tool analyzes the failed checks and provides several feedbacks:

• Failed stage
• Failed test name
• Failure summary
• Relevant error logs

In addition to being automatically triggered, the tool can also be invoked manually by commenting on a PR:

/checks "https://github.com/{repo_name}/actions/runs/{run_number}/job/{job_number}"

where {repo_name} is the name of the repository, {run_number} is the run number of the failed check, and {job_number} is the job number of the failed check.

Configuration options

• enable_auto_checks_feedback - if set to true, the tool will automatically provide feedback when a check is failed. Default is true.
• excluded_checks_list - a list of checks to exclude from the feedback, for example: ["check1", "check2"]. Default is an empty list.
• enable_help_text - if set to true, the tool will provide a help message with the feedback. Default is true.
• persistent_comment - if set to true, the tool will overwrite a previous checks comment with the new feedback. Default is true.
• final_update_message - if persistent_comment is true and updating a previous checks message, the tool will also create a new message: "Persistent checks updated to latest commit". Default is true.

See more information about the checks tool in the docs.