[Snyk] Upgrade express-session from 1.15.6 to 1.17.0

[snyk-bot]

Snyk has created this PR to upgrade express-session from 1.15.6 to 1.17.0.

✨What is Merge Advice?

We check thousands of dependency upgrade pull requests and CI tests every day to see which upgrades were successfully merged. After crunching this data, we give a recommendation on how safe we think the change is for you to merge without causing issues. Learn more, and share your feedback to help improve this feature. 🙏

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.
• The recommended version was released 7 months ago, on 2019-10-11.

Release notes

Package name: express-session

• 1.17.0 - 2019-10-11
  
  • deps: cookie@0.4.0
    • Add SameSite=None support
  • deps: safe-buffer@5.2.0
• 1.16.2 - 2019-06-12
  
  • Fix restoring cookie.originalMaxAge when store returns Date
  • deps: parseurl@~1.3.3
• 1.16.1 - 2019-04-11
  
  • Fix error passing data option to Cookie constructor
  • Fix uncaught error from bad session data
• 1.16.0 - 2019-04-11
  
  • Catch invalid cookie.maxAge value earlier
  • Deprecate setting cookie.maxAge to a Date object
  • Fix issue where resave: false may not save altered sessions
  • Remove utils-merge dependency
  • Use safe-buffer for improved Buffer API
  • Use Set-Cookie as cookie header name for compatibility
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
    • perf: remove argument reassignment
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value
• 1.15.6 - 2017-09-26
  
  • deps: debug@2.6.9
  • deps: parseurl@~1.3.2
    • perf: reduce overhead for full URLs
    • perf: unroll the "fast-path" RegExp
  • deps: uid-safe@~2.1.5
    • perf: remove only trailing =
  • deps: utils-merge@1.0.1

from express-session GitHub release notes

Commit messages

Package name: express-session

• b22384b 1.17.0
• 4d25340 build: fix coverage reporting
• c32ad19 docs: expand description of the rolling option
• 9a5e313 docs: add lowdb-session-store to the list of session stores
• 9c06509 build: mocha@6.2.1
• 8731d7b build: Node.js@12.11
• 10607bd deps: safe-buffer@5.2.0
• 1684c54 deps: cookie@0.4.0
• 8de7865 docs: add express-session-rsdb to the list of session stores
• f75ed7e build: fix readme lint out of order message
• 2719bef build: Node.js@12.8
• 6db8e04 build: mocha@6.2.0
• 2d54f0d 1.16.2
• 30e23f1 Fix restoring cookie.originalMaxAge when store returns Date
• 479940a tests: add cookie.originalMaxAge tests
• 97fe63c docs: add @google-cloud/connect-firestore to the list of session stores
• bff097e docs: add connect-typeorm to the list of session stores
• fb498ac build: Node.js@12.4
• 1c75fa0 build: Node.js@11.15
• ad90250 build: Node.js@10.16
• 969e4c1 build: express@4.17.1
• 8d6430e build: nyc@14.1.1
• e0feb04 build: support Node.js 12.x
• 327695e build: Node.js@11.14

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs