Merge pull request #810 from hmcts/NO-TICKET-fix-vulnerability

Fix for path-to-regexp vulnerability

package.json

@@ -51,7 +51,7 @@
     "config": "^3.3.12",
     "cookie-parser": "^1.4.7",
     "csurf": "^1.11.0",
-    "express": "4.21.1",
+    "express": "4.21.2",
     "express-nunjucks": "^3.1.2",
     "glob-parent": "6.0.2",
     "govuk-frontend": "^4.9.0",
@@ -138,11 +138,12 @@
     "axios>follow-redirects": ">=1.15.4",
     "http-proxy-middleware>http-proxy>follow-redirects": ">=1.15.4",
     "@types/http-proxy-middleware>http-proxy-middleware>http-proxy>follow-redirects": ">=1.15.4",
-    "express": "4.21.0",
+    "express": "4.21.2",
     "micromatch": ">=4.0.8",
     "tar": ">=6.2.1",
     "braces": ">=3.0.3",
-    "cookie": ">=0.7.0"
+    "cookie": ">=0.7.0",
+    "@hmcts/info-provider/path-to-regexp": "0.1.12"
   },
   "packageManager": "[email protected]"
 }

yarn.lock

@@ -7088,16 +7088,16 @@ __metadata:
   languageName: node
   linkType: hard
 
-"express@npm:4.21.0":
-  version: 4.21.0
-  resolution: "express@npm:4.21.0"
+"express@npm:4.21.2":
+  version: 4.21.2
+  resolution: "express@npm:4.21.2"
   dependencies:
     accepts: ~1.3.8
     array-flatten: 1.1.1
     body-parser: 1.20.3
     content-disposition: 0.5.4
     content-type: ~1.0.4
-    cookie: 0.6.0
+    cookie: 0.7.1
     cookie-signature: 1.0.6
     debug: 2.6.9
     depd: 2.0.0
@@ -7111,7 +7111,7 @@ __metadata:
     methods: ~1.1.2
     on-finished: 2.4.1
     parseurl: ~1.3.3
-    path-to-regexp: 0.1.10
+    path-to-regexp: 0.1.12
     proxy-addr: ~2.0.7
     qs: 6.13.0
     range-parser: ~1.2.1
@@ -7123,7 +7123,7 @@ __metadata:
     type-is: ~1.6.18
     utils-merge: 1.0.1
     vary: ~1.1.2
-  checksum: 1c5212993f665809c249bf00ab550b989d1365a5b9171cdfaa26d93ee2ef10cd8add520861ec8d5da74b3194d8374e1d9d53e85ef69b89fd9c4196b87045a5d4
+  checksum: 3aef1d355622732e20b8f3a7c112d4391d44e2131f4f449e1f273a309752a41abfad714e881f177645517cbe29b3ccdc10b35e7e25c13506114244a5b72f549d
   languageName: node
   linkType: hard
 
@@ -7249,7 +7249,7 @@ __metadata:
     cucumber: ^6.0.7
     debug: ^4.3.7
     eslint: ^8.57.1
-    express: 4.21.1
+    express: 4.21.2
     express-nunjucks: ^3.1.2
     glob-parent: 6.0.2
     govuk-frontend: ^4.9.0
@@ -11627,10 +11627,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"path-to-regexp@npm:0.1.10":
-  version: 0.1.10
-  resolution: "path-to-regexp@npm:0.1.10"
-  checksum: ab7a3b7a0b914476d44030340b0a65d69851af2a0f33427df1476100ccb87d409c39e2182837a96b98fb38c4ef2ba6b87bdad62bb70a2c153876b8061760583c
+"path-to-regexp@npm:0.1.12":
+  version: 0.1.12
+  resolution: "path-to-regexp@npm:0.1.12"
+  checksum: ab237858bee7b25ecd885189f175ab5b5161e7b712b360d44f5c4516b8d271da3e4bf7bf0a7b9153ecb04c7d90ce8ff5158614e1208819cf62bac2b08452722e
   languageName: node
   linkType: hard