diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..034e84803
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported |
+| ------- | ------------------ |
+| 5.1.x | :white_check_mark: |
+| 5.0.x | :x: |
+| 4.0.x | :white_check_mark: |
+| < 4.0 | :x: |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
diff --git a/yarn.lock b/yarn.lock
index a37182e63..cc6e11ca6 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -6318,9 +6318,9 @@ __metadata:
languageName: node
linkType: hard
-"body-parser@npm:1.20.2":
- version: 1.20.2
- resolution: "body-parser@npm:1.20.2"
+"body-parser@npm:1.20.3":
+ version: 1.20.3
+ resolution: "body-parser@npm:1.20.3"
dependencies:
bytes: 3.1.2
content-type: ~1.0.5
@@ -6330,11 +6330,11 @@ __metadata:
http-errors: 2.0.0
iconv-lite: 0.4.24
on-finished: 2.4.1
- qs: 6.11.0
+ qs: 6.13.0
raw-body: 2.5.2
type-is: ~1.6.18
unpipe: 1.0.0
- checksum: 14d37ec638ab5c93f6099ecaed7f28f890d222c650c69306872e00b9efa081ff6c596cd9afb9930656aae4d6c4e1c17537bea12bb73c87a217cb3cfea8896737
+ checksum: 1a35c59a6be8d852b00946330141c4f142c6af0f970faa87f10ad74f1ee7118078056706a05ae3093c54dabca9cd3770fa62a170a85801da1a4324f04381167d
languageName: node
linkType: hard
@@ -6553,6 +6553,19 @@ __metadata:
languageName: node
linkType: hard
+"call-bind@npm:^1.0.7":
+ version: 1.0.7
+ resolution: "call-bind@npm:1.0.7"
+ dependencies:
+ es-define-property: ^1.0.0
+ es-errors: ^1.3.0
+ function-bind: ^1.1.2
+ get-intrinsic: ^1.2.4
+ set-function-length: ^1.2.1
+ checksum: 295c0c62b90dd6522e6db3b0ab1ce26bdf9e7404215bda13cfee25b626b5ff1a7761324d58d38b1ef1607fc65aca2d06e44d2e18d0dfc6c14b465b00d8660029
+ languageName: node
+ linkType: hard
+
"callsites@npm:^3.0.0":
version: 3.1.0
resolution: "callsites@npm:3.1.0"
@@ -7618,6 +7631,17 @@ __metadata:
languageName: node
linkType: hard
+"define-data-property@npm:^1.1.4":
+ version: 1.1.4
+ resolution: "define-data-property@npm:1.1.4"
+ dependencies:
+ es-define-property: ^1.0.0
+ es-errors: ^1.3.0
+ gopd: ^1.0.1
+ checksum: 8068ee6cab694d409ac25936eb861eea704b7763f7f342adbdfe337fc27c78d7ae0eff2364b2917b58c508d723c7a074326d068eef2e45c4edcd85cf94d0313b
+ languageName: node
+ linkType: hard
+
"define-lazy-prop@npm:^2.0.0":
version: 2.0.0
resolution: "define-lazy-prop@npm:2.0.0"
@@ -7955,6 +7979,13 @@ __metadata:
languageName: node
linkType: hard
+"encodeurl@npm:~2.0.0":
+ version: 2.0.0
+ resolution: "encodeurl@npm:2.0.0"
+ checksum: abf5cd51b78082cf8af7be6785813c33b6df2068ce5191a40ca8b1afe6a86f9230af9a9ce694a5ce4665955e5c1120871826df9c128a642e09c58d592e2807fe
+ languageName: node
+ linkType: hard
+
"encoding@npm:^0.1.13":
version: 0.1.13
resolution: "encoding@npm:0.1.13"
@@ -8126,6 +8157,22 @@ __metadata:
languageName: node
linkType: hard
+"es-define-property@npm:^1.0.0":
+ version: 1.0.0
+ resolution: "es-define-property@npm:1.0.0"
+ dependencies:
+ get-intrinsic: ^1.2.4
+ checksum: f66ece0a887b6dca71848fa71f70461357c0e4e7249696f81bad0a1f347eed7b31262af4a29f5d726dc026426f085483b6b90301855e647aa8e21936f07293c6
+ languageName: node
+ linkType: hard
+
+"es-errors@npm:^1.3.0":
+ version: 1.3.0
+ resolution: "es-errors@npm:1.3.0"
+ checksum: ec1414527a0ccacd7f15f4a3bc66e215f04f595ba23ca75cdae0927af099b5ec865f9f4d33e9d7e86f512f252876ac77d4281a7871531a50678132429b1271b5
+ languageName: node
+ linkType: hard
+
"es-get-iterator@npm:^1.1.2":
version: 1.1.3
resolution: "es-get-iterator@npm:1.1.3"
@@ -8692,41 +8739,41 @@ __metadata:
linkType: hard
"express@npm:^4.18.2":
- version: 4.19.2
- resolution: "express@npm:4.19.2"
+ version: 4.21.0
+ resolution: "express@npm:4.21.0"
dependencies:
accepts: ~1.3.8
array-flatten: 1.1.1
- body-parser: 1.20.2
+ body-parser: 1.20.3
content-disposition: 0.5.4
content-type: ~1.0.4
cookie: 0.6.0
cookie-signature: 1.0.6
debug: 2.6.9
depd: 2.0.0
- encodeurl: ~1.0.2
+ encodeurl: ~2.0.0
escape-html: ~1.0.3
etag: ~1.8.1
- finalhandler: 1.2.0
+ finalhandler: 1.3.1
fresh: 0.5.2
http-errors: 2.0.0
- merge-descriptors: 1.0.1
+ merge-descriptors: 1.0.3
methods: ~1.1.2
on-finished: 2.4.1
parseurl: ~1.3.3
- path-to-regexp: 0.1.7
+ path-to-regexp: 0.1.10
proxy-addr: ~2.0.7
- qs: 6.11.0
+ qs: 6.13.0
range-parser: ~1.2.1
safe-buffer: 5.2.1
- send: 0.18.0
- serve-static: 1.15.0
+ send: 0.19.0
+ serve-static: 1.16.2
setprototypeof: 1.2.0
statuses: 2.0.1
type-is: ~1.6.18
utils-merge: 1.0.1
vary: ~1.1.2
- checksum: 212dbd6c2c222a96a61bc927639c95970a53b06257080bb9e2838adb3bffdb966856551fdad1ab5dd654a217c35db94f987d0aa88d48fb04d306340f5f34dca5
+ checksum: 1c5212993f665809c249bf00ab550b989d1365a5b9171cdfaa26d93ee2ef10cd8add520861ec8d5da74b3194d8374e1d9d53e85ef69b89fd9c4196b87045a5d4
languageName: node
linkType: hard
@@ -8927,18 +8974,18 @@ __metadata:
languageName: node
linkType: hard
-"finalhandler@npm:1.2.0":
- version: 1.2.0
- resolution: "finalhandler@npm:1.2.0"
+"finalhandler@npm:1.3.1":
+ version: 1.3.1
+ resolution: "finalhandler@npm:1.3.1"
dependencies:
debug: 2.6.9
- encodeurl: ~1.0.2
+ encodeurl: ~2.0.0
escape-html: ~1.0.3
on-finished: 2.4.1
parseurl: ~1.3.3
statuses: 2.0.1
unpipe: ~1.0.0
- checksum: 92effbfd32e22a7dff2994acedbd9bcc3aa646a3e919ea6a53238090e87097f8ef07cced90aa2cc421abdf993aefbdd5b00104d55c7c5479a8d00ed105b45716
+ checksum: a8c58cd97c9cd47679a870f6833a7b417043f5a288cd6af6d0f49b476c874a506100303a128b6d3b654c3d74fa4ff2ffed68a48a27e8630cda5c918f2977dcf4
languageName: node
linkType: hard
@@ -9240,6 +9287,13 @@ __metadata:
languageName: node
linkType: hard
+"function-bind@npm:^1.1.2":
+ version: 1.1.2
+ resolution: "function-bind@npm:1.1.2"
+ checksum: 2b0ff4ce708d99715ad14a6d1f894e2a83242e4a52ccfcefaee5e40050562e5f6dafc1adbb4ce2d4ab47279a45dc736ab91ea5042d843c3c092820dfe032efb1
+ languageName: node
+ linkType: hard
+
"function.prototype.name@npm:^1.1.5":
version: 1.1.5
resolution: "function.prototype.name@npm:1.1.5"
@@ -9909,6 +9963,19 @@ __metadata:
languageName: node
linkType: hard
+"get-intrinsic@npm:^1.2.4":
+ version: 1.2.4
+ resolution: "get-intrinsic@npm:1.2.4"
+ dependencies:
+ es-errors: ^1.3.0
+ function-bind: ^1.1.2
+ has-proto: ^1.0.1
+ has-symbols: ^1.0.3
+ hasown: ^2.0.0
+ checksum: 414e3cdf2c203d1b9d7d33111df746a4512a1aa622770b361dadddf8ed0b5aeb26c560f49ca077e24bfafb0acb55ca908d1f709216ccba33ffc548ec8a79a951
+ languageName: node
+ linkType: hard
+
"get-nonce@npm:^1.0.0":
version: 1.0.1
resolution: "get-nonce@npm:1.0.1"
@@ -10227,6 +10294,15 @@ __metadata:
languageName: node
linkType: hard
+"has-property-descriptors@npm:^1.0.2":
+ version: 1.0.2
+ resolution: "has-property-descriptors@npm:1.0.2"
+ dependencies:
+ es-define-property: ^1.0.0
+ checksum: fcbb246ea2838058be39887935231c6d5788babed499d0e9d0cc5737494c48aba4fe17ba1449e0d0fbbb1e36175442faa37f9c427ae357d6ccb1d895fbcd3de3
+ languageName: node
+ linkType: hard
+
"has-proto@npm:^1.0.1":
version: 1.0.1
resolution: "has-proto@npm:1.0.1"
@@ -10283,6 +10359,15 @@ __metadata:
languageName: node
linkType: hard
+"hasown@npm:^2.0.0":
+ version: 2.0.2
+ resolution: "hasown@npm:2.0.2"
+ dependencies:
+ function-bind: ^1.1.2
+ checksum: e8516f776a15149ca6c6ed2ae3110c417a00b62260e222590e54aa367cbcd6ed99122020b37b7fbdf05748df57b265e70095d7bf35a47660587619b15ffb93db
+ languageName: node
+ linkType: hard
+
"he@npm:1.2.0":
version: 1.2.0
resolution: "he@npm:1.2.0"
@@ -11864,10 +11949,10 @@ __metadata:
languageName: node
linkType: hard
-"merge-descriptors@npm:1.0.1":
- version: 1.0.1
- resolution: "merge-descriptors@npm:1.0.1"
- checksum: 5abc259d2ae25bb06d19ce2b94a21632583c74e2a9109ee1ba7fd147aa7362b380d971e0251069f8b3eb7d48c21ac839e21fa177b335e82c76ec172e30c31a26
+"merge-descriptors@npm:1.0.3":
+ version: 1.0.3
+ resolution: "merge-descriptors@npm:1.0.3"
+ checksum: 52117adbe0313d5defa771c9993fe081e2d2df9b840597e966aadafde04ae8d0e3da46bac7ca4efc37d4d2b839436582659cd49c6a43eacb3fe3050896a105d1
languageName: node
linkType: hard
@@ -12583,6 +12668,13 @@ __metadata:
languageName: node
linkType: hard
+"object-inspect@npm:^1.13.1":
+ version: 1.13.2
+ resolution: "object-inspect@npm:1.13.2"
+ checksum: 9f850b3c045db60e0e97746e809ee4090d6ce62195af17dd1e9438ac761394a7d8ec4f7906559aea5424eaf61e35d3e53feded2ccd5f62fcc7d9670d3c8eb353
+ languageName: node
+ linkType: hard
+
"object-is@npm:^1.1.5":
version: 1.1.5
resolution: "object-is@npm:1.1.5"
@@ -13031,6 +13123,13 @@ __metadata:
languageName: node
linkType: hard
+"path-to-regexp@npm:0.1.10":
+ version: 0.1.10
+ resolution: "path-to-regexp@npm:0.1.10"
+ checksum: ab7a3b7a0b914476d44030340b0a65d69851af2a0f33427df1476100ccb87d409c39e2182837a96b98fb38c4ef2ba6b87bdad62bb70a2c153876b8061760583c
+ languageName: node
+ linkType: hard
+
"path-to-regexp@npm:0.1.7":
version: 0.1.7
resolution: "path-to-regexp@npm:0.1.7"
@@ -13757,6 +13856,15 @@ __metadata:
languageName: node
linkType: hard
+"qs@npm:6.13.0":
+ version: 6.13.0
+ resolution: "qs@npm:6.13.0"
+ dependencies:
+ side-channel: ^1.0.6
+ checksum: e9404dc0fc2849245107108ce9ec2766cde3be1b271de0bf1021d049dc5b98d1a2901e67b431ac5509f865420a7ed80b7acb3980099fe1c118a1c5d2e1432ad8
+ languageName: node
+ linkType: hard
+
"query-string@npm:7.1.3":
version: 7.1.3
resolution: "query-string@npm:7.1.3"
@@ -14652,9 +14760,9 @@ __metadata:
languageName: node
linkType: hard
-"send@npm:0.18.0":
- version: 0.18.0
- resolution: "send@npm:0.18.0"
+"send@npm:0.19.0":
+ version: 0.19.0
+ resolution: "send@npm:0.19.0"
dependencies:
debug: 2.6.9
depd: 2.0.0
@@ -14669,7 +14777,7 @@ __metadata:
on-finished: 2.4.1
range-parser: ~1.2.1
statuses: 2.0.1
- checksum: 74fc07ebb58566b87b078ec63e5a3e41ecd987e4272ba67b7467e86c6ad51bc6b0b0154133b6d8b08a2ddda360464f71382f7ef864700f34844a76c8027817a8
+ checksum: 5ae11bd900c1c2575525e2aa622e856804e2f96a09281ec1e39610d089f53aa69e13fd8db84b52f001d0318cf4bb0b3b904ad532fc4c0014eb90d32db0cff55f
languageName: node
linkType: hard
@@ -14702,15 +14810,15 @@ __metadata:
languageName: node
linkType: hard
-"serve-static@npm:1.15.0":
- version: 1.15.0
- resolution: "serve-static@npm:1.15.0"
+"serve-static@npm:1.16.2":
+ version: 1.16.2
+ resolution: "serve-static@npm:1.16.2"
dependencies:
- encodeurl: ~1.0.2
+ encodeurl: ~2.0.0
escape-html: ~1.0.3
parseurl: ~1.3.3
- send: 0.18.0
- checksum: af57fc13be40d90a12562e98c0b7855cf6e8bd4c107fe9a45c212bf023058d54a1871b1c89511c3958f70626fff47faeb795f5d83f8cf88514dbaeb2b724464d
+ send: 0.19.0
+ checksum: dffc52feb4cc5c68e66d0c7f3c1824d4e989f71050aefc9bd5f822a42c54c9b814f595fc5f2b717f4c7cc05396145f3e90422af31186a93f76cf15f707019759
languageName: node
linkType: hard
@@ -14721,6 +14829,20 @@ __metadata:
languageName: node
linkType: hard
+"set-function-length@npm:^1.2.1":
+ version: 1.2.2
+ resolution: "set-function-length@npm:1.2.2"
+ dependencies:
+ define-data-property: ^1.1.4
+ es-errors: ^1.3.0
+ function-bind: ^1.1.2
+ get-intrinsic: ^1.2.4
+ gopd: ^1.0.1
+ has-property-descriptors: ^1.0.2
+ checksum: a8248bdacdf84cb0fab4637774d9fb3c7a8e6089866d04c817583ff48e14149c87044ce683d7f50759a8c50fb87c7a7e173535b06169c87ef76f5fb276dfff72
+ languageName: node
+ linkType: hard
+
"setimmediate@npm:^1.0.5":
version: 1.0.5
resolution: "setimmediate@npm:1.0.5"
@@ -14825,6 +14947,18 @@ __metadata:
languageName: node
linkType: hard
+"side-channel@npm:^1.0.6":
+ version: 1.0.6
+ resolution: "side-channel@npm:1.0.6"
+ dependencies:
+ call-bind: ^1.0.7
+ es-errors: ^1.3.0
+ get-intrinsic: ^1.2.4
+ object-inspect: ^1.13.1
+ checksum: bfc1afc1827d712271453e91b7cd3878ac0efd767495fd4e594c4c2afaa7963b7b510e249572bfd54b0527e66e4a12b61b80c061389e129755f34c493aad9b97
+ languageName: node
+ linkType: hard
+
"signal-exit@npm:^3.0.2, signal-exit@npm:^3.0.3, signal-exit@npm:^3.0.7":
version: 3.0.7
resolution: "signal-exit@npm:3.0.7"