[Arvion] Security remediation: Update 2 dependencies with breaking change fixes (+ 1 related dep)

[arvion-bot]

Security Remediation

Fix 10 Vulnerabilities

Auto-generated by Arvion - This PR automatically remediates 10 vulnerabilities by updating 2 dependencies and modifying 1 files.

Executive Summary

Vulnerabilities Fixed

Critical - 0 Fixed None

High - 5 Fixed GHSA-qwcr-r2fm-qrc7 No description available GHSA-6rw7-vpxm-498p No description available GHSA-hrpp-h998-j3pp No description available GHSA-9wv6-86v2-598j No description available GHSA-rhx6-c78j-4q9w No description available

Dependency Updates

2 packages updated

express 4.17.1 → 5.2.1

body-parser 1.20.4 → 2.2.2

Code Changes

1 files modified

---

Arvion Impact Analysis Diagram

Interactive visualization showing vulnerability → dependency → code change flow

Click any file node to jump to detailed code review below

%%{init: {'theme':'dark', 'themeVariables': {'fontSize':'14px'}}}%%
graph LR
    subgraph CVEs["Vulnerabilities Fixed"]
        CVE1["MODERATE GHSA-rv95-896h-c2vc<br/>No description available..."]
        CVE2["HIGH GHSA-qwcr-r2fm-qrc7<br/>No description available..."]
        CVE3["HIGH GHSA-6rw7-vpxm-498p<br/>No description available..."]
        CVE4["HIGH GHSA-hrpp-h998-j3pp<br/>No description available..."]
        CVE5["HIGH GHSA-9wv6-86v2-598j<br/>No description available..."]
        CVE6["HIGH GHSA-rhx6-c78j-4q9w<br/>No description available..."]
        CVE7["LOW GHSA-qw6h-vgh9-j6wx<br/>No description available..."]
        CVE8["LOW GHSA-m6fv-jmcg-4jfg<br/>No description available..."]
        CVE9["LOW GHSA-pxg6-pf52-xh8x<br/>No description available..."]
        CVE10["LOW GHSA-cm22-4g7w-348p<br/>No description available..."]
    end

    subgraph DEPS["Dependencies Updated"]
        DEP1["express<br/>4.17.1 → 5.2.1<br/>SAFE"]
        DEP2["body-parser<br/>1.20.4 → 2.2.2<br/>SAFE"]
    end

    subgraph FILES["Files Modified"]
        FILE1["services/api/package.json"]
    end

    CVE7 -.fixes.-> DEP1
    CVE1 -.fixes.-> DEP1
    DEP1 --> FILE1
    CVE2 -.fixes.-> DEP2
    DEP2 --> FILE1

    click FILE1 "#file-1-services-api-package-json" "View detailed changes"

Loading

Quick Summary

1 files modified

File	Type	Breaking	Review
services/api/package.json	manifest	No	Jump to review →

---

Vulnerabilities Addressed

GHSA-rv95-896h-c2vc - No description available (MODERATE) - Click to expand

Severity: MODERATE
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• express

References:

• GHSA

GHSA-qwcr-r2fm-qrc7 - No description available (HIGH) - Click to expand

Severity: HIGH
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• body-parser

References:

• GHSA

GHSA-6rw7-vpxm-498p - No description available (HIGH) - Click to expand

Severity: HIGH
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• qs

References:

• GHSA

GHSA-hrpp-h998-j3pp - No description available (HIGH) - Click to expand

Severity: HIGH
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• qs

References:

• GHSA

GHSA-9wv6-86v2-598j - No description available (HIGH) - Click to expand

Severity: HIGH
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• path-to-regexp

References:

• GHSA

GHSA-rhx6-c78j-4q9w - No description available (HIGH) - Click to expand

Severity: HIGH
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• path-to-regexp

References:

• GHSA

GHSA-qw6h-vgh9-j6wx - No description available (LOW) - Click to expand

Severity: LOW
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• express

References:

• GHSA

GHSA-m6fv-jmcg-4jfg - No description available (LOW) - Click to expand

Severity: LOW
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• send

References:

• GHSA

GHSA-pxg6-pf52-xh8x - No description available (LOW) - Click to expand

Severity: LOW
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• cookie

References:

• GHSA

GHSA-cm22-4g7w-348p - No description available (LOW) - Click to expand

Severity: LOW
Status: FIXED

Summary:
No description available

Details:

Affected Packages:

• serve-static

References:

• GHSA

---

Dependency Update Summary

View dependency changes - Click to expand

Dependency Updates

Package	Old Version	New Version	Change Type	Fixes CVEs
express	4.17.1	5.2.1	Safe	GHSA-qw6h-vgh9-j6wx, GHSA-rv95-896h-c2vc
body-parser	1.20.4	2.2.2	Safe	GHSA-qwcr-r2fm-qrc7

---

Arvion Code Review

Powered by Arvion's AI-driven code analysis

Click any file below to see detailed explanations and automated fix rationale

---

File 1: services/api/package.json

Type: manifest

View changes - Click to expand

Why: Updated 2 dependencies:
express (dependencies): 4.17.1 → 5.2.1
body-parser (dependencies): ^1.19.0 → ^2.2.2

↑ Back to summary

---

Need Help?

Arvion Support Resources:

• Documentation: Remediation Guide
• Support: hello@arvion.ai
• Report Issues: GitHub Issues
• Website: arvion.ai

---

Auto-generated by Arvion Security Platform
Intelligent vulnerability remediation with automated code fixes
^{Generated: 2026-01-29 03:05:59 UTC | Remediation ID: 6beb3f89-9573-4db8-8280-f6cbb7eb5423}