FluidFramework icon indicating copy to clipboard operation
FluidFramework copied to clipboard

Published 20 hours ago verified publisher icon microsoft

refactor: Update dependency on cookie to address CVE

Open alexvy86 opened this issue 4 months ago • 1 comments

Description

(Note: currently built on top of https://github.com/microsoft/FluidFramework/pull/22845. Once that merges, I'll update this so only its changes are reflected)

Updates the cookie dependency to address [a CVE in the cookie package](https://nvd.nist.gov/vuln/detail/CVE-2024-47764). This required updating express since it declares a hardcoded (no range) dependency on cookie.

Reviewer Guidance

The review process is outlined on this wiki page.

AB#19026 AB#19027 AB#19028

alexvy86 avatar Oct 18 '24 16:10 alexvy86