search

remix-run / remix

Build Better Websites. Create modern, resilient user experiences with web fundamentals.
https://remix.run
MIT License
29.81k stars 2.51k forks source link

update cookie@0.6 to cookie@0.7 #10077

Open rktyt opened 2 weeks ago

rktyt commented 2 weeks ago

Reproduction

npm audit

I have included this as a bug report because there is no PR yet and I could not find an appropriate place to list it.

System Info

@remix-run/node@2.12.1
@remix-run/server-runtime@2.12.1

Used Package Manager

npm

Expected Behavior

no audit report

Actual Behavior

# npm audit report

cookie  <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
No fix available
node_modules/cookie
  @remix-run/server-runtime  *
  Depends on vulnerable versions of cookie
  node_modules/@remix-run/server-runtime
    @remix-run/node  *
    Depends on vulnerable versions of @remix-run/server-runtime
    node_modules/@remix-run/node
chohner commented 2 weeks ago

To temporarily bump the transitive cookie dependency you can use an override in your package.json:

  "overrides": {
    "@remix-run/server-runtime": {
      "cookie": "^0.7.2"
    }
  }