ci: reorder npm i steps to fix ci for older node versions
#6336
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎
|
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is a critical CVE?Contains a Critical Common Vulnerability and Exposure (CVE). Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
wesleytodd
approved these changes
Feb 13, 2025
Member
|
I think we can fast track this, but I will let it sit for a bit in case anyone else wants to review first. |
bjohansebas
approved these changes
Feb 13, 2025
UlisesGascon
approved these changes
Feb 14, 2025
Member
|
oh oops! I said fast track then forgot to circle back and merge it. Merging now. |
MightyPrytanis
added a commit
to MightyPrytanis/codebase
that referenced
this pull request
Dec 28, 2025
 <h3>Snyk has created this PR to upgrade express from 4.21.2 to 4.22.1.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **2 versions** ahead of your current version. - The recommended version was released **23 days ago**. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>express</b></summary> <ul> <li> <b>4.22.1</b> - <a href="https://redirect.github.com/expressjs/express/releases/tag/v4.22.1">2025-12-01</a></br><h2>What's Changed</h2> <div class="markdown-alert markdown-alert-important"><p class="markdown-alert-title"><svg class="octicon octicon-report mr-2" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path d="M0 1.75C0 .784.784 0 1.75 0h12.5C15.216 0 16 .784 16 1.75v9.5A1.75 1.75 0 0 1 14.25 13H8.06l-2.573 2.573A1.458 1.458 0 0 1 3 14.543V13H1.75A1.75 1.75 0 0 1 0 11.25Zm1.75-.25a.25.25 0 0 0-.25.25v9.5c0 .138.112.25.25.25h2a.75.75 0 0 1 .75.75v2.19l2.72-2.72a.749.749 0 0 1 .53-.22h6.5a.25.25 0 0 0 .25-.25v-9.5a.25.25 0 0 0-.25-.25Zm7 2.25v2.5a.75.75 0 0 1-1.5 0v-2.5a.75.75 0 0 1 1.5 0ZM9 9a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"></path></svg>Important</p><p>The prior release (4.22.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (<a title="CVE-2024-51999" data-hovercard-type="advisory" data-hovercard-url="/advisories/GHSA-pj86-cfqh-vqx6/hovercard" href="https://redirect.github.com/advisories/GHSA-pj86-cfqh-vqx6">CVE-2024-51999</a> has been rejected). The change has been fully reverted in this release.</p> </div> <ul> <li>Release: 4.22.1 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/UlisesGascon/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3682359911" data-permission-text="Title is private" data-url="expressjs/express#6934" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6934/hovercard" href="https://redirect.github.com/expressjs/express/pull/6934">#6934</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://redirect.github.com/expressjs/express/compare/4.22.0...v4.22.1"><tt>4.22.0...v4.22.1</tt></a></p> </li> <li> <b>4.22.0</b> - <a href="https://redirect.github.com/expressjs/express/releases/tag/4.22.0">2025-12-01</a></br><h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999" rel="nofollow">CVE-2024-51999</a> (<a href="https://redirect.github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>Refactor: improve readability by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/sazk07/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/sazk07">@ sazk07</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2699832614" data-permission-text="Title is private" data-url="expressjs/express#6190" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6190/hovercard" href="https://redirect.github.com/expressjs/express/pull/6190">#6190</a></li> <li>ci: add support for [email protected] by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/UlisesGascon/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2600747827" data-permission-text="Title is private" data-url="expressjs/express#6080" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6080/hovercard" href="https://redirect.github.com/expressjs/express/pull/6080">#6080</a></li> <li>Method functions with no path should error by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/wesleytodd/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/wesleytodd">@ wesleytodd</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2523063687" data-permission-text="Title is private" data-url="expressjs/express#5957" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/5957/hovercard" href="https://redirect.github.com/expressjs/express/pull/5957">#5957</a></li> <li>ci: updated github actions ci workflow by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/Phillip9587/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/Phillip9587">@ Phillip9587</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2832891965" data-permission-text="Title is private" data-url="expressjs/express#6323" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6323/hovercard" href="https://redirect.github.com/expressjs/express/pull/6323">#6323</a></li> <li>ci: reorder <code>npm i</code> steps to fix ci for older node versions by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/Phillip9587/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/Phillip9587">@ Phillip9587</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2849001182" data-permission-text="Title is private" data-url="expressjs/express#6336" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6336/hovercard" href="https://redirect.github.com/expressjs/express/pull/6336">#6336</a></li> <li>Backport: ci: add node.js 24 to test matrix by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/Phillip9587/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/Phillip9587">@ Phillip9587</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3048978479" data-permission-text="Title is private" data-url="expressjs/express#6506" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6506/hovercard" href="https://redirect.github.com/expressjs/express/pull/6506">#6506</a></li> <li>chore(4.x): wider range for query test skip by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jonchurch/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/jonchurch">@ jonchurch</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3064505138" data-permission-text="Title is private" data-url="expressjs/express#6513" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6513/hovercard" href="https://redirect.github.com/expressjs/express/pull/6513">#6513</a></li> <li>use tilde notation for certain dependencies by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/UlisesGascon/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3647756531" data-permission-text="Title is private" data-url="expressjs/express#6905" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6905/hovercard" href="https://redirect.github.com/expressjs/express/pull/6905">#6905</a></li> <li>deps: [email protected] by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/UlisesGascon/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3651273165" data-permission-text="Title is private" data-url="expressjs/express#6909" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6909/hovercard" href="https://redirect.github.com/expressjs/express/pull/6909">#6909</a></li> <li>deps: use tilde notation for <code>qs</code> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/Phillip9587/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/Phillip9587">@ Phillip9587</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3664544540" data-permission-text="Title is private" data-url="expressjs/express#6919" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6919/hovercard" href="https://redirect.github.com/expressjs/express/pull/6919">#6919</a></li> <li>Release: 4.22.0 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/UlisesGascon/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3664588541" data-permission-text="Title is private" data-url="expressjs/express#6921" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6921/hovercard" href="https://redirect.github.com/expressjs/express/pull/6921">#6921</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://redirect.github.com/expressjs/express/compare/4.21.2...4.22.0"><tt>4.21.2...4.22.0</tt></a></p> </li> <li> <b>4.21.2</b> - <a href="https://redirect.github.com/expressjs/express/releases/tag/4.21.2">2024-12-05</a></br><h2>What's Changed</h2> <ul> <li>Add funding field (v4) by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bjohansebas/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/bjohansebas">@ bjohansebas</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2593149488" data-permission-text="Title is private" data-url="expressjs/express#6065" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6065/hovercard" href="https://redirect.github.com/expressjs/express/pull/6065">#6065</a></li> <li>deps: [email protected] by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/blakeembrey/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/blakeembrey">@ blakeembrey</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2523061308" data-permission-text="Title is private" data-url="expressjs/express#5956" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/5956/hovercard" href="https://redirect.github.com/expressjs/express/pull/5956">#5956</a></li> <li>deps: bump [email protected] by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jonchurch/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/jonchurch">@ jonchurch</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2721541419" data-permission-text="Title is private" data-url="expressjs/express#6209" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6209/hovercard" href="https://redirect.github.com/expressjs/express/pull/6209">#6209</a></li> <li>Release: 4.21.2 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/UlisesGascon/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://redirect.github.com/UlisesGascon">@ UlisesGascon</a> in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2621467921" data-permission-text="Title is private" data-url="expressjs/express#6094" data-hovercard-type="pull_request" data-hovercard-url="/expressjs/express/pull/6094/hovercard" href="https://redirect.github.com/expressjs/express/pull/6094">#6094</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://redirect.github.com/expressjs/express/compare/4.21.1...4.21.2"><tt>4.21.1...4.21.2</tt></a></p> </li> </ul> from <a href="https://redirect.github.com/expressjs/express/releases">express GitHub release notes</a> </details> </details> --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI2MTdiNTRmZi05NzhlLTRjMjMtOTk1Yy0zZDY1MmU5M2Y5YmEiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjYxN2I1NGZmLTk3OGUtNGMyMy05OTVjLTNkNjUyZTkzZjliYSJ9fQ==" width="0" height="0"/> > - 🧐 [View latest project report](https://app.snyk.io/org/mightyprytanis/project/bcb5f568-d266-4cb2-8e80-1c9ebed57c1b?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template) > - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/mightyprytanis/project/bcb5f568-d266-4cb2-8e80-1c9ebed57c1b/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/mightyprytanis/project/bcb5f568-d266-4cb2-8e80-1c9ebed57c1b/settings/integration?pkg=express&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) [//]: # 'snyk:metadata:{"breakingChangeRiskLevel":null,"FF_showPullRequestBreakingChanges":false,"FF_showPullRequestBreakingChangesWebSearch":false,"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"express","from":"4.21.2","to":"4.22.1"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"617b54ff-978e-4c23-995c-3d652e93f9ba","prPublicId":"617b54ff-978e-4c23-995c-3d652e93f9ba","packageManager":"npm","priorityScoreList":[],"projectPublicId":"bcb5f568-d266-4cb2-8e80-1c9ebed57c1b","projectUrl":"https://app.snyk.io/org/mightyprytanis/project/bcb5f568-d266-4cb2-8e80-1c9ebed57c1b?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":2,"publishedDate":"2025-12-01T20:50:41.122Z"},"vulns":[]}'
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@wesleytodd That should fix the CI workflow for older node versions