From 82160e3f8ee7c7b6a218377d6dc075f33d96b84f Mon Sep 17 00:00:00 2001
From: Ollie-Smith <120727833+Ollie-Smith@users.noreply.github.com>
Date: Tue, 17 Sep 2024 11:46:40 +0100
Subject: [PATCH] PAY-7347 cve pipeline issues addressed (#854)

---
 package.json            | 11 +++---
 yarn-audit-known-issues |  2 +-
 yarn.lock               | 79 +++++++++++++++++++++++------------------
 3 files changed, 52 insertions(+), 40 deletions(-)

diff --git a/package.json b/package.json
index 87d8344fe..619b5cbdc 100644
--- a/package.json
+++ b/package.json
@@ -56,12 +56,12 @@
     "@types/lodash": "4.14.108",
     "applicationinsights": "^1.0.5",
     "applicationinsights-js": "^1.0.20",
-    "body-parser": "^1.20.1",
+    "body-parser": "^1.20.3",
     "client-request": "^2.3.0",
     "config": "^3.3.1",
     "cookie-parser": "^1.4.3",
     "csurf": "^1.9.0",
-    "express": "4.19.2",
+    "express": "4.20.0",
     "helmet": "^3.9.0",
     "http-status-codes": "^1.3.0",
     "i18n": "^0.8.3",
@@ -178,7 +178,7 @@
     "stylelint": "16.6.1",
     "flat": "^5.0.1",
     "formidable": "^3.2.4",
-    "express": "4.19.2",
+    "express": "4.20.0",
     "pug": ">=3.0.3",
     "moment": "^2.29.4",
     "nwmatcher": ">=1.4.4",
@@ -212,7 +212,10 @@
     "ip": "^2.0.1",
     "micromatch": "^4.0.8",
     "braces": "^3.0.3",
-    "path-to-regexp": "^0.1.10"
+    "path-to-regexp": "^0.1.10",
+    "send": "^0.19.0",
+    "serve-static": "^1.16.2",
+    "body-parser": "1.20.3"
   },
   "packageManager": "yarn@3.6.3"
 }
diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
index f24cd7b87..87091bfea 100644
--- a/yarn-audit-known-issues
+++ b/yarn-audit-known-issues
@@ -1 +1 @@
-{"actions":[],"advisories":{},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":0,"high":0,"critical":0},"dependencies":755,"devDependencies":10,"optionalDependencies":0,"totalDependencies":765}}
+{"actions":[],"advisories":{},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":0,"high":0,"critical":0},"dependencies":756,"devDependencies":10,"optionalDependencies":0,"totalDependencies":766}}
diff --git a/yarn.lock b/yarn.lock
index 8bf26a9b9..7b1efc579 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6528,7 +6528,7 @@ __metadata:
     allure-commandline: ^2.17.2
     applicationinsights: ^1.0.5
     applicationinsights-js: ^1.0.20
-    body-parser: ^1.20.1
+    body-parser: ^1.20.3
     chai: 4.1.2
     chai-http: 4.2.0
     client-request: ^2.3.0
@@ -6544,7 +6544,7 @@ __metadata:
     eslint-config-prettier: ^9.0.0
     eslint-plugin-import: ^2.28.0
     eslint-plugin-jest: ^27.2.3
-    express: 4.19.2
+    express: 4.20.0
     faker: ^4.1.0
     govuk-elements-sass: ^3.1.2
     govuk-frontend: ^4.3.1
@@ -6724,9 +6724,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"body-parser@npm:1.20.2, body-parser@npm:^1.19.0, body-parser@npm:^1.20.1":
-  version: 1.20.2
-  resolution: "body-parser@npm:1.20.2"
+"body-parser@npm:1.20.3":
+  version: 1.20.3
+  resolution: "body-parser@npm:1.20.3"
   dependencies:
     bytes: 3.1.2
     content-type: ~1.0.5
@@ -6736,11 +6736,11 @@ __metadata:
     http-errors: 2.0.0
     iconv-lite: 0.4.24
     on-finished: 2.4.1
-    qs: 6.11.0
+    qs: 6.13.0
     raw-body: 2.5.2
     type-is: ~1.6.18
     unpipe: 1.0.0
-  checksum: 14d37ec638ab5c93f6099ecaed7f28f890d222c650c69306872e00b9efa081ff6c596cd9afb9930656aae4d6c4e1c17537bea12bb73c87a217cb3cfea8896737
+  checksum: 1a35c59a6be8d852b00946330141c4f142c6af0f970faa87f10ad74f1ee7118078056706a05ae3093c54dabca9cd3770fa62a170a85801da1a4324f04381167d
   languageName: node
   linkType: hard
 
@@ -9296,6 +9296,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"encodeurl@npm:~2.0.0":
+  version: 2.0.0
+  resolution: "encodeurl@npm:2.0.0"
+  checksum: abf5cd51b78082cf8af7be6785813c33b6df2068ce5191a40ca8b1afe6a86f9230af9a9ce694a5ce4665955e5c1120871826df9c128a642e09c58d592e2807fe
+  languageName: node
+  linkType: hard
+
 "encoding@npm:^0.1.13":
   version: 0.1.13
   resolution: "encoding@npm:0.1.13"
@@ -10216,42 +10223,42 @@ __metadata:
   languageName: node
   linkType: hard
 
-"express@npm:4.19.2":
-  version: 4.19.2
-  resolution: "express@npm:4.19.2"
+"express@npm:4.20.0":
+  version: 4.20.0
+  resolution: "express@npm:4.20.0"
   dependencies:
     accepts: ~1.3.8
     array-flatten: 1.1.1
-    body-parser: 1.20.2
+    body-parser: 1.20.3
     content-disposition: 0.5.4
     content-type: ~1.0.4
     cookie: 0.6.0
     cookie-signature: 1.0.6
     debug: 2.6.9
     depd: 2.0.0
-    encodeurl: ~1.0.2
+    encodeurl: ~2.0.0
     escape-html: ~1.0.3
     etag: ~1.8.1
     finalhandler: 1.2.0
     fresh: 0.5.2
     http-errors: 2.0.0
-    merge-descriptors: 1.0.1
+    merge-descriptors: 1.0.3
     methods: ~1.1.2
     on-finished: 2.4.1
     parseurl: ~1.3.3
-    path-to-regexp: 0.1.7
+    path-to-regexp: 0.1.10
     proxy-addr: ~2.0.7
     qs: 6.11.0
     range-parser: ~1.2.1
     safe-buffer: 5.2.1
-    send: 0.18.0
-    serve-static: 1.15.0
+    send: 0.19.0
+    serve-static: 1.16.0
     setprototypeof: 1.2.0
     statuses: 2.0.1
     type-is: ~1.6.18
     utils-merge: 1.0.1
     vary: ~1.1.2
-  checksum: 212dbd6c2c222a96a61bc927639c95970a53b06257080bb9e2838adb3bffdb966856551fdad1ab5dd654a217c35db94f987d0aa88d48fb04d306340f5f34dca5
+  checksum: faa11bffa16be97b26d9f38187e569378c01cad0b92fbd02094fb4e35a224dc5177cc9cc6849141702da80d2d8cbe857c60a7e622e8106695405dc27e38fb3ee
   languageName: node
   linkType: hard
 
@@ -15349,14 +15356,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"merge-descriptors@npm:1.0.1":
-  version: 1.0.1
-  resolution: "merge-descriptors@npm:1.0.1"
-  checksum: 5abc259d2ae25bb06d19ce2b94a21632583c74e2a9109ee1ba7fd147aa7362b380d971e0251069f8b3eb7d48c21ac839e21fa177b335e82c76ec172e30c31a26
-  languageName: node
-  linkType: hard
-
-"merge-descriptors@npm:~1.0.0":
+"merge-descriptors@npm:1.0.3, merge-descriptors@npm:~1.0.0":
   version: 1.0.3
   resolution: "merge-descriptors@npm:1.0.3"
   checksum: 52117adbe0313d5defa771c9993fe081e2d2df9b840597e966aadafde04ae8d0e3da46bac7ca4efc37d4d2b839436582659cd49c6a43eacb3fe3050896a105d1
@@ -18368,6 +18368,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"qs@npm:6.13.0":
+  version: 6.13.0
+  resolution: "qs@npm:6.13.0"
+  dependencies:
+    side-channel: ^1.0.6
+  checksum: e9404dc0fc2849245107108ce9ec2766cde3be1b271de0bf1021d049dc5b98d1a2901e67b431ac5509f865420a7ed80b7acb3980099fe1c118a1c5d2e1432ad8
+  languageName: node
+  linkType: hard
+
 "qs@npm:^6.11.0, qs@npm:^6.5.1":
   version: 6.12.1
   resolution: "qs@npm:6.12.1"
@@ -19544,9 +19553,9 @@ __metadata:
   languageName: node
   linkType: hard
 
-"send@npm:0.18.0":
-  version: 0.18.0
-  resolution: "send@npm:0.18.0"
+"send@npm:^0.19.0":
+  version: 0.19.0
+  resolution: "send@npm:0.19.0"
   dependencies:
     debug: 2.6.9
     depd: 2.0.0
@@ -19561,7 +19570,7 @@ __metadata:
     on-finished: 2.4.1
     range-parser: ~1.2.1
     statuses: 2.0.1
-  checksum: 74fc07ebb58566b87b078ec63e5a3e41ecd987e4272ba67b7467e86c6ad51bc6b0b0154133b6d8b08a2ddda360464f71382f7ef864700f34844a76c8027817a8
+  checksum: 5ae11bd900c1c2575525e2aa622e856804e2f96a09281ec1e39610d089f53aa69e13fd8db84b52f001d0318cf4bb0b3b904ad532fc4c0014eb90d32db0cff55f
   languageName: node
   linkType: hard
 
@@ -19607,15 +19616,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"serve-static@npm:1.15.0":
-  version: 1.15.0
-  resolution: "serve-static@npm:1.15.0"
+"serve-static@npm:^1.16.2":
+  version: 1.16.2
+  resolution: "serve-static@npm:1.16.2"
   dependencies:
-    encodeurl: ~1.0.2
+    encodeurl: ~2.0.0
     escape-html: ~1.0.3
     parseurl: ~1.3.3
-    send: 0.18.0
-  checksum: af57fc13be40d90a12562e98c0b7855cf6e8bd4c107fe9a45c212bf023058d54a1871b1c89511c3958f70626fff47faeb795f5d83f8cf88514dbaeb2b724464d
+    send: 0.19.0
+  checksum: dffc52feb4cc5c68e66d0c7f3c1824d4e989f71050aefc9bd5f822a42c54c9b814f595fc5f2b717f4c7cc05396145f3e90422af31186a93f76cf15f707019759
   languageName: node
   linkType: hard