[Snyk] Security upgrade express from 4.21.2 to 4.22.0 by ebothegreat · Pull Request #3 · ebothegreat/Figma-Context-MCP

ebothegreat · 2025-12-31T09:17:53Z

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

package.json

⚠️

Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Allocation of Resources Without Limits or Throttling SNYK-JS-QS-14724253	828

Important

Check the changes in this PR to ensure they won't cause issues with your project.
Max score is 1000. Note that the real score may have changed since the PR was raised.
This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-QS-14724253

continue · 2025-12-31T09:17:55Z

Learn more

All Green is an AI agent that automatically:

✅ Addresses code review comments

✅ Fixes failing CI checks

✅ Resolves merge conflicts

Unsubscribe from All Green comments

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2025-12-31T09:19:38Z

package.json

    "axios": "^1.7.9",
    "dotenv": "^16.4.7",
-    "express": "^4.21.2",
+    "express": "^4.22.0",


Update pnpm lockfile with express bump

The dependency was raised to express@^4.22.0 in package.json (package.json:46) but pnpm-lock.yaml still pins express@4.21.2 (pnpm-lock.yaml:1192-1194). Any environment that uses pnpm install --frozen-lockfile will now fail because the lockfile does not satisfy the manifest, and installs that rely on the lock will continue to resolve 4.21.2, leaving the vulnerability unfixed until the lockfile is regenerated. Please update pnpm-lock.yaml alongside the manifest change.

Useful? React with 👍 / 👎.

fix: package.json to reduce vulnerabilities

cdde2e4

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-QS-14724253

chatgpt-codex-connector bot reviewed Dec 31, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade express from 4.21.2 to 4.22.0#3

[Snyk] Security upgrade express from 4.21.2 to 4.22.0#3
ebothegreat wants to merge 1 commit intomainfrom
snyk-fix-c5f84d1cf69fcdfcb2f4eee26dddfb2c

ebothegreat commented Dec 31, 2025

Uh oh!

continue bot commented Dec 31, 2025

Uh oh!

chatgpt-codex-connector bot left a comment

Uh oh!

chatgpt-codex-connector bot Dec 31, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

ebothegreat commented Dec 31, 2025

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

Vulnerabilities that will be fixed with an upgrade:

Uh oh!

continue bot commented Dec 31, 2025

Uh oh!

chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

chatgpt-codex-connector bot Dec 31, 2025

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants