From e200576d081c34697413203b0f3b5d21c7ef5c86 Mon Sep 17 00:00:00 2001
From: Ben Hardill <hardillb@gmail.com>
Date: Tue, 2 Dec 2025 11:33:16 +0000
Subject: [PATCH] Update express version

Update to pick up new version with CVE fixes

CVE: cve-2024-51999
---
 package.json                                            | 2 +-
 packages/node_modules/@node-red/editor-api/package.json | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index d09aa1378..6e25c2d23 100644
--- a/package.json
+++ b/package.json
@@ -42,7 +42,7 @@
         "cors": "2.8.5",
         "cronosjs": "1.7.1",
         "denque": "2.1.0",
-        "express": "4.21.2",
+        "express": "4.22.0",
         "express-session": "1.18.2",
         "form-data": "4.0.4",
         "fs-extra": "11.3.0",
diff --git a/packages/node_modules/@node-red/editor-api/package.json b/packages/node_modules/@node-red/editor-api/package.json
index b0f29491b..82b2674ac 100644
--- a/packages/node_modules/@node-red/editor-api/package.json
+++ b/packages/node_modules/@node-red/editor-api/package.json
@@ -23,7 +23,7 @@
         "clone": "2.1.2",
         "cors": "2.8.5",
         "express-session": "1.18.2",
-        "express": "4.21.2",
+        "express": "4.22.0",
         "memorystore": "1.6.7",
         "mime": "3.0.0",
         "multer": "2.0.2",