Fix various audit issues (uplift to 1.70.x) #25563

diracdeltas · 2024-09-13T22:22:15Z

Submitter Checklist:

I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
There is a ticket for my issue
Used Github auto-closing keywords in the PR description above
Wrote a good PR/commit description
Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
Checked the PR locally:
- npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
- npm run presubmit wiki, npm run gn_check, npm run tslint
Ran git rebase master (if needed)

A security review is not needed, or a link to one is included in the PR description
New files have MPL-2.0 license header
Adequate test coverage exists to prevent regressions
Major classes, functions and non-trivial code blocks are well-commented
Changes in component dependencies are properly reflected in gn
Code follows the style guide
Test plan is specified in PR before merging

Bumps [body-parser](https://github.com/expressjs/body-parser) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.20.2...1.20.3) Updates `express` from 4.19.2 to 4.20.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/master/History.md) - [Commits](expressjs/express@4.19.2...4.20.0) --- updated-dependencies: - dependency-name: body-parser dependency-type: indirect - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

kjozwiak

Uplift into 1.70.x approved 👍

dependabot bot and others added 2 commits September 13, 2024 15:15

Fix various audit issues

c98165a

Fix brave/brave-browser#40973 Fix brave/brave-browser#40974 Fix brave/brave-browser#40975

diracdeltas added the CI/run-audit-deps Check for known npm/cargo vulnerabilities (audit_deps) label Sep 13, 2024

diracdeltas self-assigned this Sep 13, 2024

diracdeltas requested a review from a team as a code owner September 13, 2024 22:22

kjozwiak added this to the 1.70.x - Release milestone Sep 16, 2024

kjozwiak approved these changes Sep 16, 2024

View reviewed changes

kjozwiak merged commit 838de60 into 1.70.x Sep 16, 2024
15 of 16 checks passed

kjozwiak deleted the fix/audit-sept-24-1.70.x branch September 16, 2024 00:47