fix(deps): update dependency express to ^4.21.1 (#2784)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [express](http://expressjs.com/)
([source](https://github.com/expressjs/express)) | [`^4.19.2`
-> `^4.21.1`](https://renovatebot.com/diffs/npm/express/4.19.2/4.21.1) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/express/4.21.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/express/4.21.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/express/4.19.2/4.21.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/express/4.19.2/4.21.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

### Release Notes

<details>
<summary>expressjs/express (express)</summary>

###
[`v4.21.1`](https://github.com/expressjs/express/releases/tag/4.21.1)

[Compare
Source](https://github.com/expressjs/express/compare/4.21.0...4.21.1)

#### What's Changed

- Backport a fix for CVE-2024-47764 to the 4.x branch by
[@&#8203;joshbuker](https://github.com/joshbuker) in
[https://github.com/expressjs/express/pull/6029](https://github.com/expressjs/express/pull/6029)
- Release: 4.21.1 by
[@&#8203;UlisesGascon](https://github.com/UlisesGascon) in
[https://github.com/expressjs/express/pull/6031](https://github.com/expressjs/express/pull/6031)

**Full Changelog**:
expressjs/express@4.21.0...4.21.1

###
[`v4.21.0`](https://github.com/expressjs/express/releases/tag/4.21.0)

[Compare
Source](https://github.com/expressjs/express/compare/4.20.0...4.21.0)

#### What's Changed

- Deprecate `"back"` magic string in redirects by
[@&#8203;blakeembrey](https://github.com/blakeembrey) in
[https://github.com/expressjs/express/pull/5935](https://github.com/expressjs/express/pull/5935)
- finalhandler@1.3.1 by
[@&#8203;wesleytodd](https://github.com/wesleytodd) in
[https://github.com/expressjs/express/pull/5954](https://github.com/expressjs/express/pull/5954)
- fix(deps): serve-static@1.16.2 by
[@&#8203;wesleytodd](https://github.com/wesleytodd) in
[https://github.com/expressjs/express/pull/5951](https://github.com/expressjs/express/pull/5951)
- Upgraded dependency qs to 6.13.0 to match qs in body-parser by
[@&#8203;agadzinski93](https://github.com/agadzinski93) in
[https://github.com/expressjs/express/pull/5946](https://github.com/expressjs/express/pull/5946)

#### New Contributors

- [@&#8203;agadzinski93](https://github.com/agadzinski93) made
their first contribution in
[https://github.com/expressjs/express/pull/5946](https://github.com/expressjs/express/pull/5946)

**Full Changelog**:
expressjs/express@4.20.0...4.21.0

###
[`v4.20.0`](https://github.com/expressjs/express/blob/HEAD/History.md#4200--2024-09-10)

[Compare
Source](https://github.com/expressjs/express/compare/4.19.2...4.20.0)

\==========

-   deps: serve-static@0.16.0
    -   Remove link renderization in html while redirecting
-   deps: send@0.19.0
    -   Remove link renderization in html while redirecting
-   deps: body-parser@0.6.0
    -   add `depth` option to customize the depth level in the parser
- IMPORTANT: The default `depth` level for parsing URL-encoded data is
now `32` (previously was `Infinity`)
-   Remove link renderization in html while using `res.redirect`
-   deps: path-to-regexp@0.1.10
- Adds support for named matching groups in the routes using a regex
- Adds backtracking protection to parameters without regexes defined
-   deps: encodeurl@~2.0.0
- Removes encoding of `\`, `|`, and `^` to align better with URL spec
- Deprecate passing `options.maxAge` and `options.expires` to
`res.clearCookie`
- Will be ignored in v5, clearCookie will set a cookie with an expires
in the past to instruct clients to delete the cookie

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/fwouts/previewjs).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS43LjEiLCJ1cGRhdGVkSW5WZXIiOiIzOS43LjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

app/package.json

@@ -20,7 +20,7 @@
     "build": "tsc && unbuild && tsc -p client/tsconfig.json && vite build client"
   },
   "dependencies": {
-    "express": "^4.19.2"
+    "express": "^4.21.1"
   },
   "devDependencies": {
     "@previewjs/analyzer-api": "workspace:^0.1.1",

chromeless/package.json

@@ -26,7 +26,7 @@
     "@previewjs/iframe": "^17.1.0",
     "@previewjs/properties": "^5.0.4",
     "@previewjs/vfs": "^2.1.2",
-    "express": "^4.19.2",
+    "express": "^4.21.1",
     "pino": "^9.5.0",
     "playwright": "^1.48.2",
     "typescript": "^5.6.3"

core/package.json

@@ -34,7 +34,7 @@
     "axios": "^1.7.7",
     "esbuild-plugin-polyfill-node": "^0.3.0",
     "exclusive-promises": "^1.0.3",
-    "express": "^4.19.2",
+    "express": "^4.21.1",
     "fs-extra": "^11.2.0",
     "globby": "^14.0.2",
     "html-escaper": "^3.0.3",