Skip to content

Update dependency express-session to v1.18.2#75

Open
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/express-session-1.x-lockfile
Open

Update dependency express-session to v1.18.2#75
mend-for-github-com[bot] wants to merge 1 commit intomasterfrom
whitesource-remediate/express-session-1.x-lockfile

Conversation

@mend-for-github-com
Copy link
Contributor

@mend-for-github-com mend-for-github-com bot commented Sep 29, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
express-session dependencies minor 1.15.61.18.2

By merging this PR, the issue #62 will be automatically resolved and closed:

Severity CVSS Score Vulnerability
Low Low 3.4 CVE-2025-7339

Release Notes

expressjs/session (express-session)

v1.18.2

Compare Source

==========

v1.18.1

Compare Source

==========

  • deps: cookie@​0.7.2
    • Fix object assignment of hasOwnProperty
  • deps: cookie@​0.7.1
    • Allow leading dot for domain
      • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
    • Add fast path for serialize without options, use obj.hasOwnProperty when parsing
  • deps: cookie@​0.7.0
    • perf: parse cookies ~10% faster
    • fix: narrow the validation of cookies to match RFC6265
    • fix: add main to package.json for rspack

v1.18.0

Compare Source

===================

  • Add debug log for pathname mismatch
  • Add partitioned to cookie options
  • Add priority to cookie options
  • Fix handling errors from setting cookie
  • Support any type in secret that crypto.createHmac supports
  • deps: cookie@​0.6.0
    • Fix expires option to reject invalid dates
    • perf: improve default decode speed
    • perf: remove slow string split in parse
  • deps: cookie-signature@​1.0.7

v1.17.3

Compare Source

===================

  • Fix resaving already-saved new session at end of request
  • deps: cookie@​0.4.2

v1.17.2

Compare Source

===================

  • Fix res.end patch to always commit headers
  • deps: cookie@​0.4.1
  • deps: safe-buffer@​5.2.1

v1.17.1

Compare Source

===================

  • Fix internal method wrapping error on failed reloads

v1.17.0

Compare Source

===================

  • deps: cookie@​0.4.0
    • Add SameSite=None support
  • deps: safe-buffer@​5.2.0

v1.16.2

Compare Source

===================

  • Fix restoring cookie.originalMaxAge when store returns Date
  • deps: parseurl@~1.3.3

v1.16.1

Compare Source

===================

  • Fix error passing data option to Cookie constructor
  • Fix uncaught error from bad session data

v1.16.0

Compare Source

===================

  • Catch invalid cookie.maxAge value earlier
  • Deprecate setting cookie.maxAge to a Date object
  • Fix issue where resave: false may not save altered sessions
  • Remove utils-merge dependency
  • Use safe-buffer for improved Buffer API
  • Use Set-Cookie as cookie header name for compatibility
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
    • perf: remove argument reassignment
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Sep 29, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 29, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from cfac08e to 64a8d37 Compare November 20, 2025 23:51
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 20, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from 64a8d37 to d2c993c Compare December 29, 2025 00:02
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 29, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from d2c993c to 3b87937 Compare February 11, 2026 00:11
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 11, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants