fix(deps): update dependency express to version 4.17.1 🌟

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
express (source)	dependencies	minor	4.16.4 -> 4.17.1
express (source)	devDependencies	minor	4.16.4 -> 4.17.1

---

Release Notes

expressjs/express

v4.17.1

Compare Source

===================

• Revert "Improve error message for null/undefined to res.status"

v4.17.0

Compare Source

===================

• Add express.raw to parse bodies into Buffer
• Add express.text to parse bodies into string
• Improve error message for non-strings to res.sendFile
• Improve error message for null/undefined to res.status
• Support multiple hosts in X-Forwarded-Host
• deps: accepts@~1.3.7
• deps: body-parser@1.19.0
• Add encoding MIK
• Add petabyte (pb) support
• Fix parsing array brackets after index
• deps: bytes@3.1.0
• deps: http-errors@1.7.2
• deps: iconv-lite@0.4.24
• deps: qs@6.7.0
• deps: raw-body@2.4.0
• deps: type-is@~1.6.17
• deps: content-disposition@0.5.3
• deps: cookie@0.4.0
• Add SameSite=None support
• deps: finalhandler@~1.1.2
• Set stricter Content-Security-Policy header
• deps: parseurl@~1.3.3
• deps: statuses@~1.5.0
• deps: parseurl@~1.3.3
• deps: proxy-addr@~2.0.5
• deps: ipaddr.js@1.9.0
• deps: qs@6.7.0
• Fix parsing array brackets after index
• deps: range-parser@~1.2.1
• deps: send@0.17.1
• Set stricter CSP header in redirect & error responses
• deps: http-errors@~1.7.2
• deps: mime@1.6.0
• deps: ms@2.1.1
• deps: range-parser@~1.2.1
• deps: statuses@~1.5.0
• perf: remove redundant path.normalize call
• deps: serve-static@1.14.1
• Set stricter CSP header in redirect response
• deps: parseurl@~1.3.3
• deps: send@0.17.1
• deps: setprototypeof@1.1.1
• deps: statuses@~1.5.0
• Add 103 Early Hints
• deps: type-is@~1.6.18
• deps: mime-types@~2.1.24
• perf: prevent internal throw on invalid type

---

Renovate configuration

📅 Schedule: "before 3am on the first day of the month" in timezone America/New_York.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Renovate will not automatically rebase this PR, because other commits have been found.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

[cypress-bot]

See the guidelines for reviewing dependency updates for info on how to review dependency update PRs.

[cypress]

---

Test summary

7929 • 0 • 130 • 2

---

Run details

Project	cypress
Status	Passed
Commit	6cca805
Started	Aug 6, 2020 5:38 AM
Ended	Aug 6, 2020 5:44 AM
Duration	06:14 💡
OS	Linux Debian - 10.1
Browser	Multiple

View run in Cypress Dashboard ➡️

---

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

[jennifer-shehane]

So it looks like express updated one of their deps, finalhandler, which has changed how they set content-security-policy headers by default: pillarjs/finalhandler#26

This is causing this test to fail. I'm not sure if this will affect any behavior.

[flotwig]

Cypress does its own stuff to the CSP header anyways (see #7936) so this change will be overridden by Cypress. We're seeing the snapshot change because the e2e scaffolding code uses express to launch the different HTTP servers used by the tests. @jennifer-shehane This is safe to update the snapshot and merge.

[cypress-bot]

Released in 5.0.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v5.0.0, please open a new issue.