From dbe0ec32a4df875e280e704a632d0c67b3277ce7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 20:13:50 +0000 Subject: [PATCH] fix(deps): update dependency cookie to v0.7.0 [security] (#11661) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [cookie](https://redirect.github.com/jshttp/cookie) | [`0.6.0` -> `0.7.0`](https://renovatebot.com/diffs/npm/cookie/0.6.0/0.7.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/cookie/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/cookie/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/cookie/0.6.0/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/cookie/0.6.0/0.7.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. ### GitHub Vulnerability Alerts #### [CVE-2024-47764](https://redirect.github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x) ### Impact The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. For example, `serialize("userName=; Max-Age=2592000; a", value)` would result in `"userName=; Max-Age=2592000; a=test"`, setting `userName` cookie to `