[Snyk] Upgrade: , express, express-oauth2-jwt-bearer, helmet

[regreaves]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@mysql/xdevapi
from 8.0.33 to 8.0.35 | 1 version ahead of your current version | a year ago
on 2023-10-25
express
from 4.18.2 to 4.19.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-25
express-oauth2-jwt-bearer
from 1.4.1 to 1.6.0 | 2 versions ahead of your current version | a year ago
on 2023-10-09
helmet
from 6.1.5 to 6.2.0 | 1 version ahead of your current version | a year ago
on 2023-05-06

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Open Redirect SNYK-JS-EXPRESS-6474509	519	No Known Exploit

Release notes

Package name: @mysql/xdevapi

• 8.0.35 - 2023-10-25
  

  Change-Id: Ib9f9b563ee49ca8ff7e414daa6e135063b1dc8c1

• 8.0.33 - 2023-04-18
  

  Change-Id: If554d696c2464f4bf874836f76942dcc093fc6c3

from @mysql/xdevapi GitHub release notes

Package name: express

• 4.19.2 - 2024-03-25
• 4.19.1 - 2024-03-20
  

  What's Changed

  • Fix ci after location patch by @ wesleytodd in #5552
  • fixed un-edited version in history.md for 4.19.0 by @ wesleytodd in #5556

  Full Changelog: 4.19.0...4.19.1

• 4.19.0 - 2024-03-20
  

  What's Changed

  • fix typo in release date by @ UlisesGascon in #5527
  • docs: nominating @ wesleytodd to be project captian by @ wesleytodd in #5511
  • docs: loosen TC activity rules by @ wesleytodd in #5510
  • Add note on how to update docs for new release by @ crandmck in #5541
  • Prevent open redirect allow list bypass due to encodeurl
  • Release 4.19.0 by @ wesleytodd in #5551

  New Contributors

  • @ crandmck made their first contribution in #5541

  Full Changelog: 4.18.3...4.19.0

• 4.18.3 - 2024-02-29
  

  Main Changes

  • Fix routing requests without method
  • deps: [email protected]
    • Fix strict json error message on Node.js 19+
    • deps: content-type@~1.0.5
    • deps: [email protected]

  Other Changes

  • Use https: protocol instead of deprecated git: protocol by @ vcsjones in #5032
  • build: [email protected] and [email protected] by @ abenhamdine in #5034
  • ci: update actions/checkout to v3 by @ armujahid in #5027
  • test: remove unused function arguments in params by @ raksbisht in #5124
  • Remove unused originalIndex from acceptParams by @ raksbisht in #5119
  • Fixed typos by @ raksbisht in #5117
  • examples: remove unused params by @ raksbisht in #5113
  • fix: parameter str is not described in JSDoc by @ raksbisht in #5130
  • fix: typos in History.md by @ raksbisht in #5131
  • build : add [email protected] by @ abenhamdine in #5028
  • test: remove unused function arguments in params by @ raksbisht in #5137
  • use random port in test so it won't fail on already listening by @ rluvaton in #5162
  • tests: use cb() instead of done() by @ kristof-low in #5233
  • examples: remove multipart example by @ riddlew in #5195
  • Update support Node.js@18 in the CI by @ UlisesGascon in #5490
  • Fix favicon-related bug in cookie-sessions example by @ DmytroKondrashov in #5414
  • Release 4.18.3 by @ UlisesGascon in #5505

  New Contributors

  • @ vcsjones made their first contribution in #5032
  • @ abenhamdine made their first contribution in #5034
  • @ armujahid made their first contribution in #5027
  • @ raksbisht made their first contribution in #5124
  • @ rluvaton made their first contribution in #5162
  • @ kristof-low made their first contribution in #5233
  • @ riddlew made their first contribution in #5195
  • @ DmytroKondrashov made their first contribution in #5414

  Full Changelog: 4.18.2...4.18.3

• 4.18.2 - 2022-10-08
  
  • Fix regression routing a large stack in a single route
  • deps: [email protected]
    • deps: [email protected]
    • perf: remove unnecessary object clone
  • deps: [email protected]

from express GitHub release notes

Package name: express-oauth2-jwt-bearer

• 1.6.0 - 2023-10-09
  

  Added

  • nbf claim validation should include clockTolerance #115 (adamjmcgrath)
• 1.5.0 - 2023-05-24
  

  Added

  • Add support for Node version 20 #108 (EdenGottlieb)
• 1.4.1 - 2023-04-14
  

  Fixed

  • fix missing agent #103 (indeed404)

from express-oauth2-jwt-bearer GitHub release notes

Package name: helmet

• 6.2.0 - 2023-05-06
  

  6.2.0

• 6.1.5 - 2023-04-11
  

  6.1.5

from helmet GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs