node-twitter
node-twitter copied to clipboard
vinitkumar
[Snyk] Upgrade express-session from 1.18.1 to 1.18.2
Snyk has created this PR to upgrade express-session from 1.18.1 to 1.18.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
-
The recommended version is 1 version ahead of your current version.
-
The recommended version was released a month ago.
Issues fixed by the recommended upgrade:
| Issue | Score | Exploit Maturity | |
|---|---|---|---|
 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230 |
542 | Proof of Concept |
Release notes
Package name: express-session
-
1.18.2 - 2025-07-17
What's Changed
- fix: Resolve test failure - Refresh server.crt with existing key extending expiry to Nov 21 03:28:10 2034 GMT by @ BaileyFirman in #1003
- feat: gencert script to regenerate the test ssl certs by @ wesleytodd in #1015
- chore: upgrade scorecard workflow pinned action versions by @ carpasse in #1008
- ci: add CodeQL (SAST) by @ bjohansebas in #1005
- [StepSecurity] Apply security best practices by @ step-security-bot in #1047
- build(deps-dev): bump mocha from 10.2.0 to 10.8.2 by @ dependabot[bot] in #1061
- build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @ dependabot[bot] in #1048
- build(deps): bump github/codeql-action from 3.24.7 to 3.28.18 by @ dependabot[bot] in #1050
- build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @ dependabot[bot] in #1049
- build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @ dependabot[bot] in #1052
- build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @ dependabot[bot] in #1051
- chore: fix typos by @ noritaka1166 in #1066
- deps: [email protected] by @ UlisesGascon in #1069
- π v1.18.2 by @ ctcpip in #1070
New Contributors
- @ BaileyFirman made their first contribution in #1003
- @ wesleytodd made their first contribution in #1015
- @ carpasse made their first contribution in #1008
- @ step-security-bot made their first contribution in #1047
- @ dependabot[bot] made their first contribution in #1061
- @ noritaka1166 made their first contribution in #1066
- @ ctcpip made their first contribution in #1070
Full Changelog: v1.18.1...v1.18.2
-
1.18.1 - 2024-10-08
What's Changed
- chore: add support for OSSF scorecard reporting by @ inigomarquinez in #984
- dep: [email protected] by @ knolleary in #997
- Release: 1.18.1 by @ UlisesGascon in #998
New Contributors
- @ inigomarquinez made their first contribution in #984
- @ knolleary made their first contribution in #997
- @ UlisesGascon made their first contribution in #998
Full Changelog: v1.18.0...v1.18.1
[!IMPORTANT]
- Check the changes in this PR to ensure they won't cause issues with your project.
- This PR was automatically created by Snyk using the credentials of a real user.
- Max score is 1000. Note that the real score may have changed since the PR was raised.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
This change isβ
