Skip to content

[Snyk] Upgrade cookie-signature from 1.0.6 to 1.2.0 #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade cookie-signature from 1.0.6 to 1.2.0 #5

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Mar 14, 2023

Snyk has created this PR to upgrade cookie-signature from 1.0.6 to 1.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 2 versions ahead of your current version.
  • The recommended version was released a year ago, on 2022-02-17.
Release notes
Package name: cookie-signature
  • 1.2.0 - 2022-02-17

    bump package version and copyright years for release

  • 1.1.0 - 2018-01-19

    update changelog too

  • 1.0.6 - 2015-02-03

    bump rev and changelog for v1.0.6

from cookie-signature GitHub release notes
Commit messages
Package name: cookie-signature
  • 7deca8b bump package version and copyright years for release
  • 4409a44 Merge pull request #42 from tj/nvw-binary-secrets
  • 7db51c8 add one more test to confirm that non-sensical keys are still rejected by the underlying call
  • f1e8911 check only presence but not typeof secret params, fixes #33
  • 50db507 add failing tests for #33
  • 58727f3 Merge pull request #41 from tj/nvw-unsign-fixes
  • ea03dd5 make sure input-as-buffer is same length as expected buffer before comparing. fixes #40
  • 2e896ce add failing test for #40
  • 6a9a1a0 fix bug in current tests
  • 5791f91 rename variables inside `unsign` for clarity. fixes #26
  • 025a9f3 update © year, mention all contributors generally
  • 4a84503 keep brief note re. license in readme
  • 3d7139a Merge pull request #31 from ranadewa/master
  • e7a9bf0 Removed License text from Read me and added it as a seperate file.
  • 4496ae0 update changelog too
  • 1e5f40d bump version for change in token validation
  • ff3e8fb Merge pull request [Snyk] Security upgrade express from 4.18.2 to 4.22.0 #24 from jodevsa/master
  • 9d84560 Replace deprecated function
  • 94581e6 Handled unEqual length scenario
  • 68b9205 Removed specified ascii encoding
  • efdc6cb Removed redundant comment
  • 1c17742 added 'supported engine' to package.json
  • 5fb33f0 Use timingSafeEqual instead of hashing to prevent time attack

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@snyk-bot