From a024c8a7b658a178cbdb9bde33030b7500172815 Mon Sep 17 00:00:00 2001 From: Josh Buker Date: Tue, 8 Oct 2024 10:13:25 +0000 Subject: [PATCH 1/2] fix(deps): cookie@0.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Ulises Gascón --- History.md | 5 +++++ package.json | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/History.md b/History.md index 178e718fc3..fb35777130 100644 --- a/History.md +++ b/History.md @@ -1,3 +1,8 @@ +unreleased +========== + +* Backported a fix for CVE-2024-47764 + 4.21.0 / 2024-09-11 ========== diff --git a/package.json b/package.json index f9b43a69e5..9905aac85a 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "body-parser": "1.20.3", "content-disposition": "0.5.4", "content-type": "~1.0.4", - "cookie": "0.6.0", + "cookie": "0.7.1", "cookie-signature": "1.0.6", "debug": "2.6.9", "depd": "2.0.0", From 8e229f92752ad51462c868b99f6e6c2e559801b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= Date: Tue, 8 Oct 2024 20:36:08 +0200 Subject: [PATCH 2/2] 4.21.1 PR-URL: https://github.com/expressjs/express/pull/6031 --- History.md | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/History.md b/History.md index fb35777130..924f10537b 100644 --- a/History.md +++ b/History.md @@ -1,7 +1,7 @@ -unreleased +4.21.1 / 2024-10-08 ========== -* Backported a fix for CVE-2024-47764 +* Backported a fix for [CVE-2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764) 4.21.0 / 2024-09-11 ========== diff --git a/package.json b/package.json index 9905aac85a..a36e593c31 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "express", "description": "Fast, unopinionated, minimalist web framework", - "version": "4.21.0", + "version": "4.21.1", "author": "TJ Holowaychuk ", "contributors": [ "Aaron Heckmann ",