Dependency on cookie 0.6.0 fails npm audit #6019

joebowbeer · 2024-10-04T22:43:25Z

GitHub Advisory Database says cookie 0.6.0 has issues, resulting in npm audit failure

npm ls cookie
─┬ express@4.21.0
 └── cookie@0.6.0

Remedy: Upgrade to cookie 0.7.0

mcandre · 2024-10-08T04:15:32Z

Both Snyk and npm audit report this.

When can we expect fixes to be released, and hopefully later backported to previous major version series as well?

anishkumar127 · 2024-10-08T04:21:50Z

same issue

UlisesGascon · 2024-10-08T10:20:35Z

Release proposals:

UlisesGascon · 2024-10-08T10:21:05Z

I will keep this issue open until the releases are published.

UlisesGascon · 2024-10-08T19:44:09Z

express 4.21.1 and 5.0.1 are available in npm with the patch 🥳

joebowbeer added the bug label Oct 4, 2024

joebowbeerxealth mentioned this issue Oct 4, 2024

Dependency on cookie 0.6.0 fails npm audit #6018

Closed

kurt-apple mentioned this issue Oct 4, 2024

Update cookie semver lock to address CVE-2024-47764 #6017

Merged

porschesstein mentioned this issue Oct 7, 2024

npm audit fail on last Express version (4.21.0) due to cookie(0.6.0) vulnerability #6026

Closed

UlisesGascon self-assigned this Oct 7, 2024

UlisesGascon closed this as completed in #6017 Oct 8, 2024

UlisesGascon reopened this Oct 8, 2024

Gregurevic mentioned this issue Oct 8, 2024

194 fix yarn audit AppMaintainers/beloved-projects#203

Merged

UlisesGascon closed this as completed Oct 8, 2024

t2y mentioned this issue Oct 9, 2024

bump express to v^4.21 storybookjs/storybook#29079

Closed

8 tasks

Provide feedback