Update dependency cookie-parser to ~1.4.7 by dev-mend-for-github-com[bot] · Pull Request #34 · TankOrgDev/vulnerable-node

dev-mend-for-github-com · 2026-02-25T22:15:32Z

This PR contains the following updates:

Package	Type	Update	Change
cookie-parser	dependencies	minor	`~1.3.5` → `~1.4.7`

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity	CVSS Score	Vulnerability	Reachability
Medium	5.3	CVE-2024-47764

expressjs/cookie-parser (cookie-parser)

==========

deps: cookie@0.7.2
- Fix object assignment of hasOwnProperty
deps: cookie@0.7.1
- Allow leading dot for domain
  - Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
- Add fast path for serialize without options, use obj.hasOwnProperty when parsing
deps: cookie@0.7.0
- perf: parse cookies ~10% faster
- fix: narrow the validation of cookies to match RFC6265
- fix: add main to package.json for rspack
deps: cookie@0.6.0
- Add partitioned option
deps: cookie@0.5.0
- Add priority option
- Fix expires option to reject invalid dates
- pref: improve default decode speed
- pref: remove slow string split in parse
deps: cookie@0.4.2
- pref: read value only when assigning in parse
- pref: remove unnecessary regexp in parse