From fb7aba2be05ec74579c55d0acea88526dc0f94ad Mon Sep 17 00:00:00 2001 From: Josh Buker Date: Mon, 7 Oct 2024 10:53:50 -0700 Subject: [PATCH] Backport a fix for CVE-2024-47764 to the 4.x branch For details, see: https://github.com/expressjs/express/pull/6017#issuecomment-2396359550 --- History.md | 5 +++++ package.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/History.md b/History.md index 178e718fc3..fb35777130 100644 --- a/History.md +++ b/History.md @@ -1,3 +1,8 @@ +unreleased +========== + +* Backported a fix for CVE-2024-47764 + 4.21.0 / 2024-09-11 ========== diff --git a/package.json b/package.json index f9b43a69e5..3a94d38a48 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "body-parser": "1.20.3", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.6.0", + "cookie": "^0.7.1", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0",