Skip to content

[Snyk] Upgrade express-session from 1.17.3 to 1.18.1#119

Open
X-oss-byte wants to merge 1 commit intomainfrom
snyk-upgrade-ba741a3bd88b042ce5ff836f82938e64
Open

[Snyk] Upgrade express-session from 1.17.3 to 1.18.1#119
X-oss-byte wants to merge 1 commit intomainfrom
snyk-upgrade-ba741a3bd88b042ce5ff836f82938e64

Conversation

@X-oss-byte
Copy link
Owner

@X-oss-byte X-oss-byte commented Nov 15, 2024
edited by sourcery-ai bot
Loading

snyk-top-banner

Snyk has created this PR to upgrade express-session from 1.17.3 to 1.18.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 2 versions ahead of your current version.

  • The recommended version was released on a month ago.

Release notes
Package name: express-session
  • 1.18.1 - 2024-10-08

    What's Changed

    New Contributors

    Full Changelog: v1.18.0...v1.18.1

  • 1.18.0 - 2024-01-28
    • Add debug log for pathname mismatch
    • Add partitioned to cookie options
    • Add priority to cookie options
    • Fix handling errors from setting cookie
    • Support any type in secret that crypto.createHmac supports
    • deps: cookie@0.6.0
      • Fix expires option to reject invalid dates
      • perf: improve default decode speed
      • perf: remove slow string split in parse
    • deps: cookie-signature@1.0.7
  • 1.17.3 - 2022-05-11
    • Fix resaving already-saved new session at end of request
    • deps: cookie@0.4.2
from express-session GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Summary by Sourcery

Build:

  • Upgrade express-session dependency from version 1.17.3 to 1.18.1 in package.json.

@snyk-bot
fix: upgrade express-session from 1.17.3 to 1.18.1
f4560c2 
Snyk has created this PR to upgrade express-session from 1.17.3 to 1.18.1.

See this package in npm:
express-session

See this project in Snyk:
https://app.snyk.io/org/sammytezzy/project/baae60b0-b551-4edb-bcb1-55eb7c12e4a6?utm_source=github&utm_medium=referral&page=upgrade-pr
@bolt-new-by-stackblitz
Copy link

bolt-new-by-stackblitz bot commented Nov 15, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@changeset-bot
Copy link

changeset-bot bot commented Nov 15, 2024

⚠️ No Changeset found

Latest commit: f4560c2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@sourcery-ai
Copy link

sourcery-ai bot commented Nov 15, 2024
edited
Loading

Reviewer's Guide by Sourcery

This PR upgrades the express-session dependency from version 1.17.3 to 1.18.1. The upgrade includes several improvements including new cookie options, better error handling, and performance optimizations. The changes are implemented through a simple version bump in the package.json file.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change Details Files
Dependency version upgrade in package.json
  • Updated express-session from ~1.17.2 to ~1.18.1
 examples/express-session-example/package.json
New features and improvements from express-session upgrade
  • Added support for 'partitioned' and 'priority' cookie options
  • Improved error handling for cookie setting
  • Added debug logging for pathname mismatch
  • Enhanced cookie parsing performance
  • Updated cookie dependency to version 0.7.2
  • Added support for OSSF scorecard reporting
 examples/express-session-example/package.json
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time. You can also use
    this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Nov 15, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@X-oss-byte @snyk-bot