Skip to content
This repository was archived by the owner on Nov 3, 2025. It is now read-only.

[Snyk] Upgrade express-session from 1.10.4 to 1.17.0 #6

Open
snyk-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade express-session from 1.10.4 to 1.17.0 #6

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Oct 25, 2019

Snyk has created this PR to upgrade express-session from 1.10.4 to 1.17.0.

  • The recommended version is 21 versions ahead of your current version.
  • The recommended version was released 14 days ago, on 2019-10-11.

The recommended version fixes:

Severity Title Issue ID
Uninitialized Memory Exposure npm:base64-url:20180512
Release notes
  • Package name: express-session
    • 1.17.0 - 2019-10-11
      • deps: cookie@0.4.0
        • Add SameSite=None support
      • deps: safe-buffer@5.2.0
    • 1.16.2 - 2019-06-12
      • Fix restoring cookie.originalMaxAge when store returns Date
      • deps: parseurl@~1.3.3
    • 1.16.1 - 2019-04-11
      • Fix error passing data option to Cookie constructor
      • Fix uncaught error from bad session data
    • 1.16.0 - 2019-04-11
      • Catch invalid cookie.maxAge value earlier
      • Deprecate setting cookie.maxAge to a Date object
      • Fix issue where resave: false may not save altered sessions
      • Remove utils-merge dependency
      • Use safe-buffer for improved Buffer API
      • Use Set-Cookie as cookie header name for compatibility
      • deps: depd@~2.0.0
        • Replace internal eval usage with Function constructor
        • Use instance methods on process to check for listeners
        • perf: remove argument reassignment
      • deps: on-headers@~1.0.2
        • Fix res.writeHead patch missing return value
    • 1.15.6 - 2017-09-26
      • deps: debug@2.6.9
      • deps: parseurl@~1.3.2
        • perf: reduce overhead for full URLs
        • perf: unroll the "fast-path" RegExp
      • deps: uid-safe@~2.1.5
        • perf: remove only trailing =
      • deps: utils-merge@1.0.1
    • 1.15.5 - 2017-08-03
      • Fix TypeError when req.url is an empty string
      • deps: depd@~1.1.1
        • Remove unnecessary Buffer loading
    • 1.15.4 - 2017-07-19
      • deps: debug@2.6.8
    • 1.15.3 - 2017-05-18
      • deps: debug@2.6.7
        • deps: ms@2.0.0
    • 1.15.2 - 2017-03-26
      • deps: debug@2.6.3
        • Fix DEBUG_MAX_ARRAY_LENGTH
      • deps: uid-safe@~2.1.4
        • Remove base64-url dependency
    • 1.15.1 - 2017-02-11
      • deps: debug@2.6.1
        • Fix deprecation messages in WebStorm and other editors
        • Undeprecate DEBUG_FD set to 1 or 2
    • 1.15.0 - 2017-01-23 
        </li>
  <li>
    <b>1.14.2</b> - <a href="">2016-10-31</a>
    
  </li>
  <li>
    <b>1.14.1</b> - <a href="">2016-08-24</a>
    
  </li>
  <li>
    <b>1.14.0</b> - <a href="">2016-07-02</a>
    
  </li>
  <li>
    <b>1.13.0</b> - <a href="">2016-01-11</a>
    
  </li>
  <li>
    <b>1.12.1</b> - <a href="">2015-10-29</a>
    
  </li>
  <li>
    <b>1.12.0</b> - <a href="">2015-10-26</a>
    
  </li>
  <li>
    <b>1.11.3</b> - <a href="">2015-06-11</a>
    
  </li>
  <li>
    <b>1.11.2</b> - <a href="">2015-05-11</a>
    
  </li>
  <li>
    <b>1.11.1</b> - <a href="">2015-04-08</a>
    
  </li>
  <li>
    <b>1.11.0</b> - <a href="">2015-04-08</a>
    
  </li>
  <li>
    <b>1.10.4</b> - <a href="">2015-03-16</a>
    
  </li>
</ul>
      • from [`express-session` GitHub Release Notes](https://github.com/expressjs/session/releases)
------------

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot