Skip to content

refactor: Bump express-session from 1.18.2 to 1.19.0#3301

Closed
dependabot[bot] wants to merge 1 commit intoalphafrom
dependabot/npm_and_yarn/express-session-1.19.0
Closed

refactor: Bump express-session from 1.18.2 to 1.19.0#3301
dependabot[bot] wants to merge 1 commit intoalphafrom
dependabot/npm_and_yarn/express-session-1.19.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps express-session from 1.18.2 to 1.19.0.

Release notes

Sourced from express-session's releases.

v1.19.0

What's Changed

Main Changes

  • Add dynamic cookie options support Cookie options can now be dynamic, allowing for more flexible and context-aware configuration based on each request. This feature enables programmatic modification of cookie attributes like secure, httpOnly, sameSite, maxAge, domain, and path based on session or request conditions.

    var app = express()
app.use(session({
  secret: 'keyboard cat',
  resave: false,
  saveUninitialized: true,
  cookie: function (req) {
    var match = req.url.match(/^\/([^/]+)/);
    return {
      path: match ? '/' + match[1] : '/',
      httpOnly: true,
      secure: req.secure || false,
      maxAge: 60000
    }
  }
}))

  • Add sameSite 'auto' support for automatic SameSite attribute configuration Added sameSite: 'auto' option for cookie configuration that automatically sets SameSite=None for HTTPS and SameSite=Lax for HTTP connections, simplifying cookie handling across different environments.

  • deps: use tilde notation for dependencies

PRs

New Contributors

... (truncated)

Changelog

Sourced from express-session's changelog.

1.19.0 / 2026-01-22

  • Add dynamic cookie options support
  • Add sameSite 'auto' support for automatic SameSite attribute configuration
  • deps: use tilde notation for dependencies
Commits
  • c10b2a3 1.19.0 (#1107)
  • 2673736 feat: add support to dynamic cookie options (#1027)
  • 73e0193 Add sameSite 'auto' support to match secure 'auto' pattern (#1087)
  • 264b6a0 deps: use tilde notation for dependencies (#1096)
  • 6d69f09 chore: remove history.md from being packaged on publish (#1097)
  • 00b8a5f refactor: remove unused sess parameter from generateSessionId function (#...
  • 2cd6561 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.3 (#1082)
  • 1307f30 build(deps): bump actions/checkout from 4.2.2 to 6.0.0 (#1088)
  • 0e7a438 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#1089)
  • a095a9a build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#1090)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels Apr 1, 2026
@parse-github-assistant
Copy link
Copy Markdown

parse-github-assistant Bot commented Apr 1, 2026

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant Bot changed the title refactor: bump express-session from 1.18.2 to 1.19.0 refactor: Bump express-session from 1.18.2 to 1.19.0 Apr 1, 2026
@mtrezza mtrezza mentioned this pull request Apr 1, 2026
Merged
@dependabot dependabot Bot changed the title refactor: Bump express-session from 1.18.2 to 1.19.0 refactor: bump express-session from 1.18.2 to 1.19.0 Apr 1, 2026
@dependabot
refactor: bump express-session from 1.18.2 to 1.19.0
1e049b5 
Bumps [express-session](https://github.com/expressjs/session) from 1.18.2 to 1.19.0.
- [Release notes](https://github.com/expressjs/session/releases)
- [Changelog](https://github.com/expressjs/session/blob/master/HISTORY.md)
- [Commits](expressjs/session@v1.18.2...v1.19.0)

---
updated-dependencies:
- dependency-name: express-session
  dependency-version: 1.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/express-session-1.19.0 branch from 0250491 to 1e049b5 Compare April 1, 2026 14:10
@parse-github-assistant
Copy link
Copy Markdown

parse-github-assistant Bot commented Apr 1, 2026

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant Bot changed the title refactor: bump express-session from 1.18.2 to 1.19.0 refactor: Bump express-session from 1.18.2 to 1.19.0 Apr 1, 2026
@parse-github-assistant
Copy link
Copy Markdown

parse-github-assistant Bot commented Apr 1, 2026

I will reformat the title to use the proper commit message syntax.

@mtrezza mtrezza closed this in #3305 Apr 1, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 1, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/express-session-1.19.0 branch April 1, 2026 14:24
@parseplatformorg
Copy link
Copy Markdown
Contributor

parseplatformorg commented Apr 7, 2026

🎉 This change has been released in version 9.1.0-alpha.12

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Apr 7, 2026
@parseplatformorg
Copy link
Copy Markdown
Contributor

parseplatformorg commented Apr 7, 2026

🎉 This change has been released in version 9.1.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Apr 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code state:released Released as stable version state:released-alpha Released as alpha version

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@parseplatformorg