Skip to content

Commit 1e5eb3c

Browse files
nathankleynnathankleyn
committed
🔧 fix: Upgrade Cookie to 0.7.x, fix CVE-2024-47764
Cookie `0.6.x` is vulnerable to an XSS vulnerability which has been logged as CVE-2024-47764 at https://www.cve.org/CVERecord?id=CVE-2024-47764. This commit upgrades cookie to `^0.7.0` which includes the CVE fix. There is cookie `1.0.x` available now but it includes breaking changes which should be done separately. There is no currently available upgrade to `@types/cookie` for `0.7.x` but `0.6.x` is type compatible.
1 parent 9007186 commit 1e5eb3c

File tree

2 files changed

+1
-1
lines changed

2 files changed

+1
-1
lines changed

bun.lockb

0 Bytes
Binary file not shown.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@
104104
},
105105
"dependencies": {
106106
"@sinclair/typebox": "0.32.34",
107-
"cookie": "^0.6.0",
107+
"cookie": "^0.7.0",
108108
"fast-decode-uri-component": "^1.0.1",
109109
"openapi-types": "^12.1.3"
110110
},

0 commit comments

Comments
 (0)