Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade cookie from 0.4.1 to 0.7.1 #101

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade cookie from 0.4.1 to 0.7.1 #101

wants to merge 1 commit into from

Conversation

polishCarealKiller
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade cookie from 0.4.1 to 0.7.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 5 versions ahead of your current version.

  • The recommended version was released on 23 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Cross-site Scripting (XSS)
SNYK-JS-COOKIE-8163060		 601 No Known Exploit
Release notes
Package name: cookie
  • 0.7.1 - 2024-10-03

    Fixed

    • Allow leading dot for domain (#174)
      • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
    • Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

    v0.7.0...v0.7.1

  • 0.7.0 - 2024-10-02

    v0.6.0...v0.7.0

  • 0.6.0 - 2023-11-07
    • Add partitioned option
  • 0.5.0 - 2022-04-11
    • Add priority option
    • Fix expires option to reject invalid dates
    • pref: improve default decode speed
    • pref: remove slow string split in parse
  • 0.4.2 - 2022-02-02
    • pref: read value only when assigning in parse
    • pref: remove unnecessary regexp in parse
  • 0.4.1 - 2020-04-22
    • Fix maxAge option to reject invalid values
from cookie GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade cookie from 0.4.1 to 0.7.1
95496c4 
Snyk has created this PR to upgrade cookie from 0.4.1 to 0.7.1.

See this package in npm:
cookie

See this project in Snyk:
https://app.snyk.io/org/dreamer-eng/project/c64a9f1a-8e70-4b3b-975c-78d1c9a54f3e?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@polishCarealKiller @snyk-bot