Transitive dependency express-js 4.17.1 considered vulnerable

[BavithiraG]

Hello Team,

I use karma-ui version 2.4.0 which brings the transitive dependency of expressjs with version 4.17.1.
The latest version of karma-ui5 still uses the 4.17.1 version of expressjs which is considered as vulnerable in security scan.
Please let me know if the version of expressjs will be updated in the upcoming release.

Thanks in advance.

[matz3]

Both karma-ui5 and @ui5/server define a proper range to all new 4.x.x versions of express.
Also in v2 the range allows newer versions.

Please make sure to update your lockfiles (e.g. package-lock.json) to make sure the latest version of express is used.
I don't see anything that could be done within this project.