bump up json size limits

[alexvpickering]

Description

bump up json size limits for returning large expression matrices for heatmap. Needed to enable expression downsampling for heatmaps in UI

Details

URL to issue

N/A

Link to staging deployment URL (or set N/A)

N/A

Links to any PRs or resources related to this PR

Integration test branch

master

Merge checklist

Your changes will be ready for merging after all of the steps below have been completed.

Code updates

Have best practices and ongoing refactors being observed in this PR

• Migrated any selector / reducer used to the new format.
• All new dependency licenses have been checked for compatibility

Manual/unit testing

• Tested changes using InfraMock locally or no tests required for change, e.g. Kubernetes chart updates.
• Validated that current unit tests for code work as expected and are sufficient for code coverage or no unit tests required for change, e.g. documentation update.
• Unit tests written or no unit tests required for change, e.g. documentation update.

Integration testing

You must check the box below to run integration tests on the latest commit on your PR branch.
Integration tests have to pass before the PR can be merged. Without checking the box, your PR
will not pass the required status checks for merging.

• Started end-to-end tests on the latest commit.

Documentation updates

• Relevant Github READMEs updated or no GitHub README updates required.
• Relevant Wiki pages created/updated or no Wiki updates required.

Optional

• Staging environment is unstaged before merging.
• Photo of a cute animal attached to this PR.

[dbmi-svc-checkmarx]

Checkmarx One – Scan Summary & Details – e783c43f-32cc-4b37-ab92-90a48b3cd4c4

---

New Issues (24)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2026-24118	Npm-vm2-3.9.19	details Recommended version: 3.11.3 Description: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2026-24120	Npm-vm2-3.9.19	details Recommended version: 3.11.3 Description: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing ... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2026-24781	Npm-vm2-3.9.19	details Recommended version: 3.11.3 Description: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect functi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2026-26332	Npm-vm2-3.9.19	details Recommended version: 3.11.3 Description: vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary cod... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5		CVE-2026-44005	Npm-vm2-3.9.19	details Recommended version: 3.11.3 Description: vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects wit... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6		CVE-2026-45411	Npm-vm2-3.9.19	details Recommended version: 3.11.3 Description: vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.3, it is possible to catch a host exception using the yield* expression inside an async... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
7		CVE-2026-4800	Npm-lodash-4.17.21	details Recommended version: 4.18.0 Description: The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to "options.imports" key na... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
8		CVE-2026-2359	Npm-multer-1.4.5-lts.1	details Recommended version: 2.1.1 Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9		CVE-2026-27601	Npm-underscore-1.12.1	details Recommended version: 1.13.8 Description: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the "_.flatten" and "_.isEqual" functions use recursion without a depth li... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
10		CVE-2026-29786	Npm-tar-6.2.0	details Recommended version: 7.5.11 Description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extractio... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
11		CVE-2026-31802	Npm-tar-6.2.0	details Recommended version: 7.5.11 Description: node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extr... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
12		CVE-2026-32141	Npm-flatted-2.0.2	details Recommended version: 3.4.2 Description: flatted is a circular JSON parser. Prior to 3.4.0, flatted's "parse()" function uses a recursive "revive()" phase to resolve circular references in... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
13		CVE-2026-3304	Npm-multer-1.4.5-lts.1	details Recommended version: 2.1.1 Description: Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.0 and 3.0.0-alpha1 allows an att... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
14		CVE-2026-33151	Npm-socket.io-parser-4.2.4	details Recommended version: 4.2.6 Description: A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to m... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
15		CVE-2026-33151	Npm-socket.io-parser-3.3.3	details Recommended version: 3.3.5 Description: A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to m... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
16		CVE-2026-33228	Npm-flatted-2.0.2	details Recommended version: 3.4.2 Description: The "parse()" function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating t... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
17		CVE-2026-33671	Npm-picomatch-2.3.1	details Recommended version: 2.3.2 Description: `picomatch` is vulnerable prior to 2.3.2, 3.x prior to 3.0.2 and 4.x prior to 4.0.4, to Regular Expression Denial of Service (ReDoS) when processi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
18		CVE-2026-33750	Npm-brace-expansion-1.1.11	details Recommended version: 1.1.13 Description: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. In versions prior to 1.1.13, 2.0.0 prior to 2.0.3, 3... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
19		CVE-2026-4867	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.13 Description: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a peri... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
20		CVE-2026-33532	Npm-yaml-1.10.2	details Recommended version: 1.10.3 Description: yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
21		CVE-2026-3449	Npm-@tootallnate/once-1.1.2	details Recommended version: 2.0.1 Description: Versions of the package @tootallnate/once prior to 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal opt... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
22		CVE-2026-41988	Npm-uuid-8.0.0	details Recommended version: 14.0.0 Description: uuid prior to 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID vers... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package
23		CVE-2026-41988	Npm-uuid-3.4.0	details Recommended version: 14.0.0 Description: uuid prior to 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID vers... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package
24		CVE-2026-41988	Npm-uuid-8.3.2	details Recommended version: 14.0.0 Description: uuid prior to 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID vers... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR