Skip to content

Update dependency express-session to v1.18.2#59

Open
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/express-session-1.x-lockfile
Open

Update dependency express-session to v1.18.2#59
mend-for-github-com[bot] wants to merge 1 commit into
masterfrom
whitesource-remediate/express-session-1.x-lockfile

Conversation

@mend-for-github-com

Copy link
Copy Markdown

This PR contains the following updates:

Package Type Update Change
express-session dependencies minor 1.17.31.18.2

By merging this PR, the issue #12 will be automatically resolved and closed:

Severity CVSS Score Vulnerability Reachability
Low Low 3.4 CVE-2025-7339

Release Notes

expressjs/session (express-session)

v1.18.2

Compare Source

==========

v1.18.1

Compare Source

==========

  • deps: cookie@​0.7.2
    • Fix object assignment of hasOwnProperty
  • deps: cookie@​0.7.1
    • Allow leading dot for domain
      • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
    • Add fast path for serialize without options, use obj.hasOwnProperty when parsing
  • deps: cookie@​0.7.0
    • perf: parse cookies ~10% faster
    • fix: narrow the validation of cookies to match RFC6265
    • fix: add main to package.json for rspack

v1.18.0

Compare Source

===================

  • Add debug log for pathname mismatch
  • Add partitioned to cookie options
  • Add priority to cookie options
  • Fix handling errors from setting cookie
  • Support any type in secret that crypto.createHmac supports
  • deps: cookie@​0.6.0
    • Fix expires option to reject invalid dates
    • perf: improve default decode speed
    • perf: remove slow string split in parse
  • deps: cookie-signature@​1.0.7

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com Bot added the security fix Security fix generated by Mend label Apr 26, 2026
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch 2 times, most recently from ab44110 to 39a6aeb Compare May 9, 2026 09:13
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch 4 times, most recently from 67e949d to 77093bc Compare May 22, 2026 19:30
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch 3 times, most recently from 3f8a83e to acfc865 Compare June 1, 2026 10:17
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch 4 times, most recently from b53c8cf to 0de0031 Compare June 12, 2026 02:23
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch 2 times, most recently from ebee8c0 to d4c07dc Compare June 19, 2026 10:48
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch 3 times, most recently from a8ada4a to adb3c67 Compare June 25, 2026 11:29
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from adb3c67 to f9a2513 Compare June 27, 2026 10:09
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from f9a2513 to 89adaf3 Compare July 8, 2026 11:49
@mend-for-github-com mend-for-github-com Bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from 89adaf3 to 94977d0 Compare July 11, 2026 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security fix Security fix generated by Mend

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants