Skip to content

Update dependency express-session to v1.18.2#12

Open
mend-for-github-com[bot] wants to merge 1 commit intoalphafrom
whitesource-remediate/express-session-1.x-lockfile
Open

Update dependency express-session to v1.18.2#12
mend-for-github-com[bot] wants to merge 1 commit intoalphafrom
whitesource-remediate/express-session-1.x-lockfile

Conversation

@mend-for-github-com
Copy link
Copy Markdown

@mend-for-github-com mend-for-github-com bot commented Oct 28, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
express-session dependencies minor 1.16.11.18.2

By merging this PR, the issue #82 will be automatically resolved and closed:

Severity CVSS Score Vulnerability Reachability
Low Low 3.4 CVE-2025-7339

Unreachable

Release Notes

expressjs/session (express-session)

v1.18.2

Compare Source

==========

v1.18.1

Compare Source

==========

  • deps: cookie@​0.7.2
    • Fix object assignment of hasOwnProperty
  • deps: cookie@​0.7.1
    • Allow leading dot for domain
      • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
    • Add fast path for serialize without options, use obj.hasOwnProperty when parsing
  • deps: cookie@​0.7.0
    • perf: parse cookies ~10% faster
    • fix: narrow the validation of cookies to match RFC6265
    • fix: add main to package.json for rspack

v1.18.0

Compare Source

===================

  • Add debug log for pathname mismatch
  • Add partitioned to cookie options
  • Add priority to cookie options
  • Fix handling errors from setting cookie
  • Support any type in secret that crypto.createHmac supports
  • deps: cookie@​0.6.0
    • Fix expires option to reject invalid dates
    • perf: improve default decode speed
    • perf: remove slow string split in parse
  • deps: cookie-signature@​1.0.7

v1.17.3

Compare Source

===================

  • Fix resaving already-saved new session at end of request
  • deps: cookie@​0.4.2

v1.17.2

Compare Source

===================

  • Fix res.end patch to always commit headers
  • deps: cookie@​0.4.1
  • deps: safe-buffer@​5.2.1

v1.17.1

Compare Source

===================

  • Fix internal method wrapping error on failed reloads

v1.17.0

Compare Source

===================

  • deps: cookie@​0.4.0
    • Add SameSite=None support
  • deps: safe-buffer@​5.2.0

v1.16.2

Compare Source

===================

  • Fix restoring cookie.originalMaxAge when store returns Date
  • deps: parseurl@~1.3.3
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Oct 28, 2025
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch 7 times, most recently from fc87c86 to a53c2f7 Compare November 4, 2025 10:30
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from a53c2f7 to a345a6a Compare November 4, 2025 13:02
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from a345a6a to e1c81bf Compare December 29, 2025 14:34
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch 2 times, most recently from 4ae3bab to 0e91bd6 Compare January 24, 2026 20:10
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from 0e91bd6 to 57671d0 Compare March 28, 2026 03:01
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/express-session-1.x-lockfile branch from 57671d0 to 6466e35 Compare April 10, 2026 00:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security fix Security fix generated by Mend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants