[Snyk] Upgrade @fastify/session from 10.3.0 to 10.7.0

[PlainDevelopment]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @fastify/session from 10.3.0 to 10.7.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2023-12-08.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ZOD-5925617	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-MONGODB-5871303	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Resource Exhaustion SNYK-JS-NEXT-6032387	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @fastify/session

• 10.7.0 - 2023-12-08
  

  What's Changed

  • Fix: add ability to create Partitioned Cookies by @ nicob-29 in #226

  New Contributors

  • @ nicob-29 made their first contribution in #226

  Full Changelog: v10.6.1...v10.7.0

• 10.6.1 - 2023-11-27
  

  What's Changed

  • export the correct cookie options interface by @ gurgunday in #223

  Full Changelog: v10.6.0...v10.6.1

• 10.6.0 - 2023-11-24
  

  What's Changed

  • perf: use node: prefix to bypass require.cache call for builtins by @ Fdawgs in #210
  • chore: add .gitattributes file by @ Fdawgs in #212
  • perf(lib/fastifysession): optimize split param by @ Fdawgs in #214
  • chore(package): explicitly declare js module type by @ Fdawgs in #217
  • Added documentation for import of modules w/ declaration merging by @ VIEWVIEWVIEW in #220
  • Updated import as per redis-connect docs by @ maxt41 in #219
  • export cookie types by @ gurgunday in #221

  New Contributors

  • @ VIEWVIEWVIEW made their first contribution in #220
  • @ maxt41 made their first contribution in #219
  • @ gurgunday made their first contribution in #221

  Full Changelog: v10.5.0...v10.6.0

• 10.5.0 - 2023-09-07
  

  What's Changed

  • build(deps-dev): bump @ fastify/cookie from 8.3.0 to 9.0.4 by @ dependabot in #205
  • chore: update redis example by @ zanechua in #207
  • build(deps-dev): bump tsd from 0.28.1 to 0.29.0 by @ dependabot in #208
  • fix: remove cookie.expires from shouldSaveSession evaluation logic by @ tomoakiichige in #209

  New Contributors

  • @ zanechua made their first contribution in #207
  • @ tomoakiichige made their first contribution in #209

  Full Changelog: v10.4.0...v10.5.0

• 10.4.0 - 2023-07-05
  

  What's Changed

  • fix: make sure to set cookie on manual session saves by @ SimenB in #203

  Full Changelog: v10.3.1...v10.4.0

• 10.3.1 - 2023-07-03
  

  What's Changed

  • ci: only trigger on pushes to main branches by @ Fdawgs in #198
  • build(deps-dev): bump @ types/node from 18.16.5 to 20.1.0 by @ dependabot in #199
  • fix: manually persisting the session should make isModified return false by @ SimenB in #201

  Full Changelog: v10.3.0...v10.3.1

• 10.3.0 - 2023-04-27
  Read more

from @fastify/session GitHub release notes

Commit messages

Package name: @fastify/session

• 8ea7e46 Bumped v10.7.0
• 77e9847 Fix: add ability to create Partitioned Cookies (#226)
• 25b4f6b v10.6.1
• c78aab1 use CookieSerializeOptions (#223)
• a2d146b v10.6.0
• fad6a8f export cookie types (#221)
• a36a4e2 fix: updated import as per redis-connect docs (#219)
• 1fb32fd Added documentation for import of modules w/ declaration merging (#220)
• a8b1aaa chore(package): explicitly declare js module type (#217)
• 4f6575e perf(lib/fastifysession): optimize split param (#214)
• 7f319d0 chore: add `.gitattributes` file (#212)
• 7502cb3 perf: use `node:` prefix to bypass require.cache call for builtins (#210)
• b3bea04 Bumped v10.5.0
• cc0f4b5 fix: remove cookie.expires from shouldSaveSession evaluation logic (#209)
• 5dc9125 build(deps-dev): bump tsd from 0.28.1 to 0.29.0 (#208)
• 4ec4ef6 chore: update redis example (#207)
• 74615c3 build(deps-dev): bump @ fastify/cookie from 8.3.0 to 9.0.4 (#205)
• 4955465 Bumped v10.4.0
• d255ee7 fix: make sure to set cookie on manual session saves (#203)
• 607d7bb Bumped v10.3.1
• a6171ad fix: manually persiting the dession should make `isModified` return false (#201)
• 0113e4e build(deps-dev): bump @ types/node from 18.16.5 to 20.1.0 (#199)
• 2220048 ci: only trigger on pushes to main branches (#198)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs