Dependency on cookie version 0.6.0 triggers an npm audit failure
Closed this issue ยท 5 comments
According to Github GHSA-pxg6-pf52-xh8x
accepts cookie name, path, and domain with out of bounds characters
The solution to resolve the npm audit failure is to upgrade the cookie dependency from version 0.6.0 to version 0.7.0. This update addresses the security vulnerabilities identified in the audit.
@hello-alf if you are using Express... we are going to release a new version soon with the updated version included. See: expressjs/express#6017
@UlisesGascon can you clarify if doing the express release will also cause this repo to have its dependency updated and released?
We depend on both express
and express-session
- which both currently depend on cookie 0.6.0. Having a new release of express
will be great, but we need express-session
updating as well.
My fault, you are right @knolleary. We need to update cookie version in this repo too. Are willing to create the PR, @knolleary ? ๐
@UlisesGascon #997 - hope I've follow the right conventions for the HISTORY file update.
This will be solve once 1.1.18 is released #998