New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade express-session from 1.17.3 to 1.18.0 #278

Open

empierre wants to merge 1 commit into nodejs from snyk-upgrade-a5dc59aa1895a0380af2ecdae0b6ab90

Owner

empierre commented Feb 19, 2024

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade express-session from 1.17.3 to 1.18.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago, on 2024-01-28.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: express-session

1.18.0 - 2024-01-28
- Add debug log for pathname mismatch
- Add partitioned to cookie options
- Add priority to cookie options
- Fix handling errors from setting cookie
- Support any type in secret that crypto.createHmac supports
- deps: [email protected]
  - Fix expires option to reject invalid dates
  - perf: improve default decode speed
  - perf: remove slow string split in parse
- deps: [email protected]
1.17.3 - 2022-05-11
- Fix resaving already-saved new session at end of request
- deps: [email protected]

from express-session GitHub release notes

Commit messages

Package name: express-session

24d4972 1.18.0
855f21a docs: add connect-ottoman to the list of session stores
991b7ee Add debug log for pathname mismatch
408229e Add "partitioned" to cookie options
50e1429 build: [email protected]
6153b3f build: [email protected]
88e0f2e build: actions/checkout@v4
d9354ef Fix handling errors from setting cookie
f9f2318 docs: remove session-rethinkdb to the list of session stores
3ee08c4 Add "priority" to cookie options
71c3f74 docs: add connect-cosmosdb to the list of session stores
9d377c5 docs: add dynamodb-store-v3 to the list of session stores
a1f884f docs: add @ cyclic.sh/session-store to the list of session stores
e5f19ce docs: add note on length of secret
2a7a50b [email protected]
a46e857 [email protected]
7dec651 build: [email protected]
8e9f7a4 build: [email protected]
6b7c9a0 build: [email protected]
825e6c0 build: fix code coverage aggregate upload
c1611ad build: actions/checkout@v3
4bfc5ba build: use $GITHUB_OUTPUT for environment list
fc24b26 build: [email protected]
e942982 build: [email protected]

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs


          fix: upgrade express-session from 1.17.3 to 1.18.0

1fb5534

Snyk has created this PR to upgrade express-session from 1.17.3 to 1.18.0.

See this package in npm:
https://www.npmjs.com/package/express-session

See this project in Snyk:
https://app.snyk.io/org/empierre/project/fea29c16-fcf8-4d96-b745-ab135b60dafa?utm_source=github&utm_medium=referral&page=upgrade-pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet