[Recovery] chore(deps)(deps): bump express from 5.1.0 to 5.2.1 in /apps/api

[LessUp]

Recovered from closed PR #8 because the original Dependabot branch was deleted.

Original PR: #8

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/body-parser	2.2.2	🟢 8.2	Details Check Score Reason Dependency-Update-Tool 🟢 10 update tool detected Code-Review 🟢 9 Found 14/15 approved changesets -- score normalized to 9 Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 13 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected SAST 🟢 10 SAST tool is run on all commits Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 1 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 28 out of 28 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 31 contributing companies or organizations
npm/express	5.2.1	🟢 8.9	Details Check Score Reason Maintained 🟢 10 20 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 10 all changesets reviewed Packaging ⚠️ -1 packaging workflow not detected Dependency-Update-Tool 🟢 10 update tool detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 License 🟢 10 license file detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing ⚠️ 0 project is not fuzzed Security-Policy 🟢 10 security policy file detected CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 111 contributing companies or organizations
npm/iconv-lite	0.7.2	Unknown	Unknown
npm/qs	6.15.1	🟢 5.2	Details Check Score Reason Maintained 🟢 10 29 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/30 approved changesets -- score normalized to 0 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Security-Policy 🟢 10 security policy file detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices 🟢 5 badge detected: Passing Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• apps/api/package-lock.json