Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update shrinkwrapped express to v4.21.1 #2889

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

oskarwilliams
Copy link

Change-type: patch

Update shrinkwrapped express to v4.21.1 to bump cookie version to 0.7.1 to resolve low vulnerability

Resolves: #2888
Change-type: patch


Please check the CONTRIBUTING.md file for relevant information and some
guidance. Keep in mind that the CLI is a cross-platform application that runs
on Windows, macOS and Linux. Tests will be automatically run by balena CI on
all three operating systems, but this will only help if you have added test
code that exercises the modified or added feature code.

Note that each commit message (currently only the first line) will be
automatically copied to the CHANGELOG.md file, so try writing it in a way
that describes the feature or fix for CLI users.

If there isn't a linked issue or if the linked issue doesn't quite match the
PR, please add a PR description to explain its purpose or the features that it
implements. Adding PR comments to blocks of code that aren't self explanatory
usually helps with the review process.

If the PR introduces security considerations or affects the development, build
or release process, please be sure to highlight this in the PR description.

Thank you very much for your contribution!

Copy link

A repository maintainer needs to approve this workflow run.

https://github.com/balena-io/balena-cli/actions/runs/11776647253

Maintainers, please review all commits and react with 👍 to approve or 👎 to reject.

Things to look for: GitHub Actions Security Cheat Sheet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Vulnerability in cookie exposed via express
1 participant