Upgrade express version since audit report vulnerabilites

[GuillaumeOd]

IoT Agent Node Lib version the issue has been seen with

4.6.0

Bound or port used (API interaction)

Other

NGSI version

Other

Are you running a container?

Yes, I am using a contaner (Docker, Kubernetes...)

Image type

normal

Expected behaviour you didn't see

No response

Unexpected behaviour you saw

npm audit is reporting high vulnerabilites since iotagent-node-lib 4.6.0 uses a vulnerable version of express.

Steps to reproduce the problem

npm install
npm audit

Configs

environment:
    - "IOTA_CB_HOST=orion"
    - "IOTA_CB_PORT=1026"
    - "IOTA_NORTH_PORT=4041"
    - "IOTA_REGISTRY_TYPE=mongodb"
    - "IOTA_MONGO_HOST=mongodb"
    - "IOTA_MONGO_PORT=27017"
    - "IOTA_MONGO_DB=iotagent-json"
    - "IOTA_HTTP_PORT=7896"
    - "IOTA_PROVIDER_URL=http://iot-agent:4041"

Log output

> npm audit
# npm audit report

body-parser  <1.20.3
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7
fix available via `npm audit fix --force`
Will install iotagent-node-lib@2.7.0, which is a breaking change
node_modules/iotagent-node-lib/node_modules/express/node_modules/body-parser
  express  <=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3
  Depends on vulnerable versions of body-parser
  Depends on vulnerable versions of path-to-regexp
  Depends on vulnerable versions of send
  node_modules/iotagent-node-lib/node_modules/express
    iotagent-node-lib  <=0.9.6 || >=2.7.50
    Depends on vulnerable versions of express
    node_modules/iotagent-node-lib

express  <=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3
Severity: high
express vulnerable to XSS via response.redirect() - https://github.com/advisories/GHSA-qw6h-vgh9-j6wx
Depends on vulnerable versions of body-parser
Depends on vulnerable versions of path-to-regexp
Depends on vulnerable versions of send
fix available via `npm audit fix --force`
Will install iotagent-node-lib@2.7.0, which is a breaking change
node_modules/iotagent-node-lib/node_modules/express
  iotagent-node-lib  <=0.9.6 || >=2.7.50
  Depends on vulnerable versions of express
  node_modules/iotagent-node-lib

path-to-regexp  <0.1.10
Severity: high
path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
fix available via `npm audit fix --force`
Will install iotagent-node-lib@2.7.0, which is a breaking change
node_modules/iotagent-node-lib/node_modules/path-to-regexp
  express  <=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3
  Depends on vulnerable versions of body-parser
  Depends on vulnerable versions of path-to-regexp
  Depends on vulnerable versions of send
  node_modules/iotagent-node-lib/node_modules/express
    iotagent-node-lib  <=0.9.6 || >=2.7.50
    Depends on vulnerable versions of express
    node_modules/iotagent-node-lib

send  <0.19.0
Severity: moderate
send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
fix available via `npm audit fix --force`
Will install iotagent-node-lib@2.7.0, which is a breaking change
node_modules/iotagent-node-lib/node_modules/send
  express  <=4.19.2 || 5.0.0-alpha.1 - 5.0.0-beta.3
  Depends on vulnerable versions of body-parser
  Depends on vulnerable versions of path-to-regexp
  Depends on vulnerable versions of send
  node_modules/iotagent-node-lib/node_modules/express
    iotagent-node-lib  <=0.9.6 || >=2.7.50
    Depends on vulnerable versions of express
    node_modules/iotagent-node-lib
  serve-static  <=1.16.0
  Depends on vulnerable versions of send
  node_modules/iotagent-node-lib/node_modules/serve-static

serve-static  <=1.16.0
Severity: moderate
serve-static vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-cm22-4g7w-348p

[AlvaroVega]

also related: #1651

[fgalan]

@GuillaumeOd after merging PR #1659 this issue should be solved. What do you think?

[GuillaumeOd]

I agree, thanks for the update