Skip to content

Upgrade cookie-session dependency to v2.1.1 #4442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
siddhsuresh merged 3 commits into from
Sep 11, 2025
Merged

Upgrade cookie-session dependency to v2.1.1 #4442

siddhsuresh merged 3 commits into from
Sep 11, 2025

Conversation

@rene-demonsters
Copy link
Contributor

@rene-demonsters rene-demonsters commented Aug 19, 2025

Closes: #4441

What are the changes and their implications?

Fixes security issue with on-headers dependency. Hopefully this can be released as part of the v2.x.x line of blitz as well as we're still on that.

Bug Checklist

  • Changeset added (run pnpm changeset in the root directory)
  • Integration test added (see test docs if needed)

Feature Checklist

@siddhsuresh
Copy link
Member

siddhsuresh commented Aug 28, 2025

thanks for the PR @rene-demonsters! will fix the CI then publish

@changeset-bot
Copy link

changeset-bot bot commented Sep 11, 2025

🦋 Changeset detected

Latest commit: 51e935f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 7 packages
Name Type
@blitzjs/auth Patch
@blitzjs/rpc Patch
@blitzjs/next Patch
@blitzjs/codemod Patch
@blitzjs/config Patch
@blitzjs/generator Patch
blitz Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@siddhsuresh siddhsuresh merged commit 83b6be7 into blitz-js:main Sep 11, 2025
29 of 30 checks passed
siddhsuresh added a commit that referenced this pull request Sep 11, 2025
@rene-demonsters @siddhsuresh
Upgrade cookie-session dependency to v2.1.1 (#4442)
030c813 
* Upgrade cookie-session dependency to v2.1.1

* Add changeset

* update workflow dependencies

---------

Co-authored-by: Siddharth Suresh <[email protected]>
# Conflicts:
#	pnpm-lock.yaml
@siddhsuresh
Copy link
Member

siddhsuresh commented Sep 11, 2025
edited
Loading

apologies for the delay, published in v2.2.4 and v3.0.2 versions of blitz.

@tordans
Copy link
Contributor

tordans commented Sep 11, 2025

@siddhsuresh what version of NextJS are you running with your blitz app? (Sorry, Offtopic)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@siddhsuresh siddhsuresh siddhsuresh approved these changes

@flybayer flybayer Awaiting requested review from flybayer flybayer is a code owner

+1 more reviewer

@Kosai106 Kosai106 Kosai106 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

0 - <(^_^)> - merge it! ✌️ Kodiak automerge status/done status/in-review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[chore] Update cookie-session dependency to fix security issue

5 participants

@rene-demonsters @siddhsuresh @tordans @Kosai106 @blitzjs-bot