Bump express-session and @types/express-session in /node-roncli-com

[dependabot]

Bumps express-session and @types/express-session. These dependencies needed to be updated together.
Updates express-session from 1.18.1 to 1.18.2

Release notes

Sourced from express-session's releases.

v1.18.2

What's Changed

• fix: Resolve test failure - Refresh server.crt with existing key extending expiry to Nov 21 03:28:10 2034 GMT by @​BaileyFirman in expressjs/session#1003
• feat: gencert script to regenerate the test ssl certs by @​wesleytodd in expressjs/session#1015
• chore: upgrade scorecard workflow pinned action versions by @​carpasse in expressjs/session#1008
• ci: add CodeQL (SAST) by @​bjohansebas in expressjs/session#1005
• [StepSecurity] Apply security best practices by @​step-security-bot in expressjs/session#1047
• build(deps-dev): bump mocha from 10.2.0 to 10.8.2 by @​dependabot[bot] in expressjs/session#1061
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​dependabot[bot] in expressjs/session#1048
• build(deps): bump github/codeql-action from 3.24.7 to 3.28.18 by @​dependabot[bot] in expressjs/session#1050
• build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @​dependabot[bot] in expressjs/session#1049
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @​dependabot[bot] in expressjs/session#1052
• build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @​dependabot[bot] in expressjs/session#1051
• chore: fix typos by @​noritaka1166 in expressjs/session#1066
• deps: on-headers@1.1.0 by @​UlisesGascon in expressjs/session#1069
• 🔖 v1.18.2 by @​ctcpip in expressjs/session#1070

New Contributors

• @​BaileyFirman made their first contribution in expressjs/session#1003
• @​wesleytodd made their first contribution in expressjs/session#1015
• @​carpasse made their first contribution in expressjs/session#1008
• @​step-security-bot made their first contribution in expressjs/session#1047
• @​dependabot[bot] made their first contribution in expressjs/session#1061
• @​noritaka1166 made their first contribution in expressjs/session#1066
• @​ctcpip made their first contribution in expressjs/session#1070

Full Changelog: expressjs/session@v1.18.1...v1.18.2

Changelog

Sourced from express-session's changelog.

1.18.2 / 2025-07-17

• deps: mocha@10.8.2
• deps: on-headers@~1.1.0
  • Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

Commits

• d10709f 🔖 v1.18.2 (#1070)
• 5808783 deps: on-headers@1.1.0 (#1069)
• b9fcad8 chore: fix typos (#1066)
• a698c81 build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 (#1051)
• ec1957b build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 (#1052)
• 2caff6a build(deps): bump actions/checkout from 4.1.1 to 4.2.2 (#1049)
• 2633e88 build(deps): bump github/codeql-action from 3.24.7 to 3.28.18 (#1050)
• 7e2c696 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#1048)
• 92dd300 build(deps-dev): bump mocha from 10.2.0 to 10.8.2 (#1061)
• 168271c fix(dependabot): do not update major versions
• Additional commits viewable in compare view

Updates @types/express-session from 1.18.0 to 1.18.2

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)