cookie-parser icon indicating copy to clipboard operation
cookie-parser copied to clipboard
verified publisher icon expressjs

deps: [email protected]

Open masterkey-07 opened this issue 1 year ago • 2 comments

Seing that the mocha and cookie packages has a vulnerability on older versions, i decided to upgraded the packages to remove the vulnerabilities, and decided to change the version text adding a "^" so that in the future, new updates of this packages will be installed instead of a fixed version, it may be better to use "~" for only bug fixes.

masterkey-07 avatar Oct 07 '24 12:10 masterkey-07

Hey @masterkey-07! Thanks for creating this PR and helping the project :heart:

Can you create a new PR or recycle this one just for mocha upgrade?

Currently cookie was upgraded in https://www.npmjs.com/package/cookie-parser/v/1.4.7, also regarding caret there is an open discussion in https://github.com/expressjs/discussions/issues/279. I prefer anchored versions until we have a consensus on the caret policy :wink:

UlisesGascon avatar Oct 08 '24 18:10 UlisesGascon

Hi @UlisesGascon!

I made the change only for the mocha package, but it still has the caret.

masterkey-07 avatar Oct 08 '24 22:10 masterkey-07