chore(deps): update dependency express to v5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
express (source)	4.21.2 → 5.2.1

---

Release Notes

expressjs/express (express)

v5.2.1

Compare Source

=======================

• Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

v5.2.0

Compare Source

========================

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: body-parser@^2.2.1
• A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

v5.1.0

Compare Source

========================

• Add support for Uint8Array in res.send()
• Add support for ETag option in res.sendFile()
• Add support for multiple links with the same rel in res.links()
• Add funding field to package.json
• perf: use loop for acceptParams
• refactor: prefix built-in node module imports
• deps: remove setprototypeof
• deps: remove safe-buffer
• deps: remove utils-merge
• deps: remove methods
• deps: remove depd
• deps: debug@^4.4.0
• deps: body-parser@^2.2.0
• deps: router@^2.2.0
• deps: content-type@^1.0.5
• deps: finalhandler@^2.1.0
• deps: qs@^6.14.0
• deps: server-static@2.2.0
• deps: type-is@2.0.1

v5.0.1

Compare Source

==========

• Update cookie semver lock to address CVE-2024-47764

v5.0.0

Compare Source

=========================

• remove:
  • path-is-absolute dependency - use path.isAbsolute instead
• breaking:
  • res.status() accepts only integers, and input must be greater than 99 and less than 1000
    • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
    • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
  • deps: send@​1.0.0
  • res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
• change:
  • res.clearCookie will ignore user provided maxAge and expires options
• deps: cookie-signature@^1.2.1
• deps: debug@​4.3.6
• deps: merge-descriptors@^2.0.0
• deps: serve-static@^2.1.0
• deps: qs@​6.13.0
• deps: accepts@^2.0.0
• deps: mime-types@^3.0.0
  • application/javascript => text/javascript
• deps: type-is@^2.0.0
• deps: content-disposition@^1.0.0
• deps: finalhandler@^2.0.0
• deps: fresh@^2.0.0
• deps: body-parser@^2.0.1
• deps: send@^1.1.0

v4.22.1

Compare Source

v4.22.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[safedep]

SafeDep Report Summary

Package Details

Package	Malware	Vulnerability	Risky License	Report
accepts @ 2.0.0 pnpm-lock.yaml				🔗
body-parser @ 2.2.2 pnpm-lock.yaml				🔗
cookie-signature @ 1.2.2 pnpm-lock.yaml				🔗
express @ 5.2.1 packages/api-client/package.json packages/webhook/package.json pnpm-lock.yaml pnpm-lock.yaml				🔗
finalhandler @ 2.1.1 pnpm-lock.yaml				🔗
fresh @ 2.0.0 pnpm-lock.yaml				🔗
iconv-lite @ 0.7.2 pnpm-lock.yaml				🔗
is-promise @ 4.0.0 pnpm-lock.yaml				🔗
media-typer @ 1.1.0 pnpm-lock.yaml				🔗
merge-descriptors @ 2.0.0 pnpm-lock.yaml				🔗
negotiator @ 1.0.0 pnpm-lock.yaml				🔗
qs @ 6.14.1 pnpm-lock.yaml				🔗
raw-body @ 3.0.2 pnpm-lock.yaml				🔗
router @ 2.2.0 pnpm-lock.yaml				🔗
send @ 1.2.1 pnpm-lock.yaml				🔗
serve-static @ 2.2.1 pnpm-lock.yaml				🔗
type-is @ 2.0.1 pnpm-lock.yaml				🔗

_{This report is generated by SafeDep Github App}