EDIT: False positive - HIGH vulnerability in dependency used, Cookie 0.6.0

[glansbury]

We are importing a vulnerability here:
https://github.com/expressjs/express/blob/4.19.2/package.json#L36
Can we please upgrade to version 0.7.6

CVSS score 7.5 in this library
GHSA-vjrq-cg9x-rfjp

[krzysdz]

Express is not written in Rust and does not use the Rust cookie crate. Express uses jshttp/cookie, for which 0.6.0 is the latest version.

[glansbury]

Thank you @krzysdz !