chore(deps): update dependency express to ~4.16.0

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
express (source)	devDependencies	minor	~4.14.0 -> ~4.16.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	7.5	CVE-2017-1000048	#10
High	7.5	CVE-2017-16119	#22
High	7.5	CVE-2017-16138	#18
High	7.5	CVE-2017-20165	#88
High	7.5	CVE-2022-24999	#76

---

Release Notes

expressjs/express (express)

v4.16.0

Compare Source

===================

• Add "json escape" setting for res.json and res.jsonp
• Add express.json and express.urlencoded to parse bodies
• Add options argument to res.download
• Improve error message when autoloading invalid view engine
• Improve error messages when non-function provided as middleware
• Skip Buffer encoding when not generating ETag for small response
• Use safe-buffer for improved Buffer API
• deps: accepts@~1.3.4
  • deps: mime-types@~2.1.16
• deps: content-type@~1.0.4
  • perf: remove argument reassignment
  • perf: skip parameter parsing when no parameters
• deps: etag@~1.8.1
  • perf: replace regular expression with substring
• deps: finalhandler@1.1.0
  • Use res.headersSent when available
• deps: parseurl@~1.3.2
  • perf: reduce overhead for full URLs
  • perf: unroll the "fast-path" RegExp
• deps: proxy-addr@~2.0.2
  • Fix trimming leading / trailing OWS in X-Forwarded-For
  • deps: forwarded@~0.1.2
  • deps: ipaddr.js@1.5.2
  • perf: reduce overhead when no X-Forwarded-For header
• deps: qs@6.5.1
  • Fix parsing & compacting very deep objects
• deps: send@0.16.0
  • Add 70 new types for file extensions
  • Add immutable option
  • Fix missing </html> in default error & redirects
  • Set charset as "UTF-8" for .js and .json
  • Use instance methods on steam to check for listeners
  • deps: mime@1.4.1
  • perf: improve path validation speed
• deps: serve-static@1.13.0
  • Add 70 new types for file extensions
  • Add immutable option
  • Set charset as "UTF-8" for .js and .json
  • deps: send@0.16.0
• deps: setprototypeof@1.1.0
• deps: utils-merge@1.0.1
• deps: vary@~1.1.2
  • perf: improve header token parsing speed
• perf: re-use options object when generating ETags
• perf: remove dead .charset set in res.jsonp

v4.15.5

Compare Source

===================

• deps: debug@2.6.9
• deps: finalhandler@~1.0.6
  • deps: debug@2.6.9
  • deps: parseurl@~1.3.2
• deps: fresh@0.5.2
  • Fix handling of modified headers with invalid dates
  • perf: improve ETag match loop
  • perf: improve If-None-Match token parsing
• deps: send@0.15.6
  • Fix handling of modified headers with invalid dates
  • deps: debug@2.6.9
  • deps: etag@~1.8.1
  • deps: fresh@0.5.2
  • perf: improve If-Match token parsing
• deps: serve-static@1.12.6
  • deps: parseurl@~1.3.2
  • deps: send@0.15.6
  • perf: improve slash collapsing

v4.15.4

Compare Source

===================

• deps: debug@2.6.8
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading
• deps: finalhandler@~1.0.4
  • deps: debug@2.6.8
• deps: proxy-addr@~1.1.5
  • Fix array argument being altered
  • deps: ipaddr.js@1.4.0
• deps: qs@6.5.0
• deps: send@0.15.4
  • deps: debug@2.6.8
  • deps: depd@~1.1.1
  • deps: http-errors@~1.6.2
• deps: serve-static@1.12.4
  • deps: send@0.15.4

v4.15.3

Compare Source

===================

• Fix error when res.set cannot add charset to Content-Type
• deps: debug@2.6.7
  • Fix DEBUG_MAX_ARRAY_LENGTH
  • deps: ms@2.0.0
• deps: finalhandler@~1.0.3
  • Fix missing </html> in HTML document
  • deps: debug@2.6.7
• deps: proxy-addr@~1.1.4
  • deps: ipaddr.js@1.3.0
• deps: send@0.15.3
  • deps: debug@2.6.7
  • deps: ms@2.0.0
• deps: serve-static@1.12.3
  • deps: send@0.15.3
• deps: type-is@~1.6.15
  • deps: mime-types@~2.1.15
• deps: vary@~1.1.1
  • perf: hoist regular expression

v4.15.2

Compare Source

===================

• deps: qs@6.4.0
  • Fix regression parsing keys starting with [

v4.15.1

Compare Source

===================

• deps: send@0.15.1
  • Fix issue when Date.parse does not return NaN on invalid date
  • Fix strict violation in broken environments
• deps: serve-static@1.12.1
  • Fix issue when Date.parse does not return NaN on invalid date
  • deps: send@0.15.1

v4.15.0

Compare Source

===================

• Add debug message when loading view engine
• Add next("router") to exit from router
• Fix case where router.use skipped requests routes did not
• Remove usage of res._headers private field
  • Improves compatibility with Node.js 8 nightly
• Skip routing when req.url is not set
• Use %o in path debug to tell types apart
• Use Object.create to setup request & response prototypes
• Use setprototypeof module to replace __proto__ setting
• Use statuses instead of http module for status messages
• deps: debug@2.6.1
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable set to 3 or higher
  • Fix error when running under React Native
  • Use same color for same namespace
  • deps: ms@0.7.2
• deps: etag@~1.8.0
  • Use SHA1 instead of MD5 for ETag hashing
  • Works with FIPS 140-2 OpenSSL configuration
• deps: finalhandler@~1.0.0
  • Fix exception when err cannot be converted to a string
  • Fully URL-encode the pathname in the 404
  • Only include the pathname in the 404 message
  • Send complete HTML document
  • Set Content-Security-Policy: default-src 'self' header
  • deps: debug@2.6.1
• deps: fresh@0.5.0
  • Fix false detection of no-cache request directive
  • Fix incorrect result when If-None-Match has both * and ETags
  • Fix weak ETag matching to match spec
  • perf: delay reading header values until needed
  • perf: enable strict mode
  • perf: hoist regular expressions
  • perf: remove duplicate conditional
  • perf: remove unnecessary boolean coercions
  • perf: skip checking modified time if ETag check failed
  • perf: skip parsing If-None-Match when no ETag header
  • perf: use Date.parse instead of new Date
• deps: qs@6.3.1
  • Fix array parsing from skipping empty values
  • Fix compacting nested arrays
• deps: send@0.15.0
  • Fix false detection of no-cache request directive
  • Fix incorrect result when If-None-Match has both * and ETags
  • Fix weak ETag matching to match spec
  • Remove usage of res._headers private field
  • Support If-Match and If-Unmodified-Since headers
  • Use res.getHeaderNames() when available
  • Use res.headersSent when available
  • deps: debug@2.6.1
  • deps: etag@~1.8.0
  • deps: fresh@0.5.0
  • deps: http-errors@~1.6.1
• deps: serve-static@1.12.0
  • Fix false detection of no-cache request directive
  • Fix incorrect result when If-None-Match has both * and ETags
  • Fix weak ETag matching to match spec
  • Remove usage of res._headers private field
  • Send complete HTML document in redirect response
  • Set default CSP header in redirect response
  • Support If-Match and If-Unmodified-Since headers
  • Use res.getHeaderNames() when available
  • Use res.headersSent when available
  • deps: send@0.15.0
• perf: add fast match path for * route
• perf: improve req.ips performance

v4.14.1

Compare Source

===================

• deps: content-disposition@0.5.2
• deps: finalhandler@0.5.1
  • Fix exception when err.headers is not an object
  • deps: statuses@~1.3.1
  • perf: hoist regular expressions
  • perf: remove duplicate validation path
• deps: proxy-addr@~1.1.3
  • deps: ipaddr.js@1.2.0
• deps: send@0.14.2
  • deps: http-errors@~1.5.1
  • deps: ms@0.7.2
  • deps: statuses@~1.3.1
• deps: serve-static@~1.11.2
  • deps: send@0.14.2
• deps: type-is@~1.6.14
  • deps: mime-types@~2.1.13

---

• If you want to rebase/retry this PR, check this box