search

empierre / MyDomoAtHome

MyDomoAtHome - REST interface for ImperoHome with Domoticz (ISS)
http://domoticz.com/wiki/ImperiHome
GNU General Public License v3.0
32 stars 22 forks source link

[Snyk] Upgrade express-session from 1.17.3 to 1.18.0 #278

Open empierre opened 4 months ago

empierre commented 4 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade express-session from 1.17.3 to 1.18.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **1 version** ahead of your current version. - The recommended version was released **21 days ago**, on 2024-01-28. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIREGEX-1583908](https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908) | **482/1000**
**Why?** Proof of Concept exploit, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: express-session
  • 1.18.0 - 2024-01-28
    • Add debug log for pathname mismatch
    • Add partitioned to cookie options
    • Add priority to cookie options
    • Fix handling errors from setting cookie
    • Support any type in secret that crypto.createHmac supports
    • deps: cookie@0.6.0
      • Fix expires option to reject invalid dates
      • perf: improve default decode speed
      • perf: remove slow string split in parse
    • deps: cookie-signature@1.0.7
  • 1.17.3 - 2022-05-11
    • Fix resaving already-saved new session at end of request
    • deps: cookie@0.4.2
from express-session GitHub release notes
Commit messages
Package name: express-session
  • 24d4972 1.18.0
  • 855f21a docs: add connect-ottoman to the list of session stores
  • 991b7ee Add debug log for pathname mismatch
  • 408229e Add "partitioned" to cookie options
  • 50e1429 build: Node.js@20.11
  • 6153b3f build: Node.js@21.6
  • 88e0f2e build: actions/checkout@v4
  • d9354ef Fix handling errors from setting cookie
  • f9f2318 docs: remove session-rethinkdb to the list of session stores
  • 3ee08c4 Add "priority" to cookie options
  • 71c3f74 docs: add connect-cosmosdb to the list of session stores
  • 9d377c5 docs: add dynamodb-store-v3 to the list of session stores
  • a1f884f docs: add @ cyclic.sh/session-store to the list of session stores
  • e5f19ce docs: add note on length of secret
  • 2a7a50b eslint@8.56.0
  • a46e857 supertest@6.3.4
  • 7dec651 build: Node.js@18.19
  • 8e9f7a4 build: Node.js@20.10
  • 6b7c9a0 build: Node.js@21.5
  • 825e6c0 build: fix code coverage aggregate upload
  • c1611ad build: actions/checkout@v3
  • 4bfc5ba build: use $GITHUB_OUTPUT for environment list
  • fc24b26 build: Node.js@18.18
  • e942982 build: Node.js@20.9
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/empierre/project/fea29c16-fcf8-4d96-b745-ab135b60dafa?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/empierre/project/fea29c16-fcf8-4d96-b745-ab135b60dafa/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/empierre/project/fea29c16-fcf8-4d96-b745-ab135b60dafa/settings/integration?pkg=express-session&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)