From 9d2c7a997f26fc0d45bfeb948c7e2e1e96884e1d Mon Sep 17 00:00:00 2001 From: Nik Graf Date: Thu, 9 Oct 2025 13:27:29 +0200 Subject: [PATCH] upgrade cookie-parser (#6005) cookie-parser 1.4.7 uses a version cookie that fixed this security issue https://github.com/advisories/GHSA-pxg6-pf52-xh8x --- examples/aws-companion/package.json | 2 +- packages/@uppy/companion/package.json | 2 +- yarn.lock | 21 +++++++-------------- 3 files changed, 9 insertions(+), 16 deletions(-) diff --git a/examples/aws-companion/package.json b/examples/aws-companion/package.json index 91e8b86dc..117ecd34f 100644 --- a/examples/aws-companion/package.json +++ b/examples/aws-companion/package.json @@ -12,7 +12,7 @@ "devDependencies": { "@uppy/companion": "workspace:*", "body-parser": "^1.20.3", - "cookie-parser": "^1.4.6", + "cookie-parser": "^1.4.7", "cors": "^2.8.5", "dotenv": "^16.0.1", "express": "^4.19.2", diff --git a/packages/@uppy/companion/package.json b/packages/@uppy/companion/package.json index 1bb18ebff..0c609b88d 100644 --- a/packages/@uppy/companion/package.json +++ b/packages/@uppy/companion/package.json @@ -43,7 +43,7 @@ "common-tags": "1.8.2", "connect-redis": "7.1.1", "content-disposition": "^0.5.4", - "cookie-parser": "1.4.6", + "cookie-parser": "1.4.7", "cors": "^2.8.5", "escape-goat": "3.0.0", "escape-string-regexp": "4.0.0", diff --git a/yarn.lock b/yarn.lock index 37aa40665..66838212f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -10796,7 +10796,7 @@ __metadata: common-tags: "npm:1.8.2" connect-redis: "npm:7.1.1" content-disposition: "npm:^0.5.4" - cookie-parser: "npm:1.4.6" + cookie-parser: "npm:1.4.7" cors: "npm:^2.8.5" escape-goat: "npm:3.0.0" escape-string-regexp: "npm:4.0.0" @@ -13579,13 +13579,13 @@ __metadata: languageName: node linkType: hard -"cookie-parser@npm:1.4.6, cookie-parser@npm:^1.4.6": - version: 1.4.6 - resolution: "cookie-parser@npm:1.4.6" +"cookie-parser@npm:1.4.7, cookie-parser@npm:^1.4.7": + version: 1.4.7 + resolution: "cookie-parser@npm:1.4.7" dependencies: - cookie: "npm:0.4.1" + cookie: "npm:0.7.2" cookie-signature: "npm:1.0.6" - checksum: 10/1e5a63aa82e8eb4e02d2977c6902983dee87b02e87ec5ec43ac3cb1e72da354003716570cd5190c0ad9e8a454c9d3237f4ad6e2f16d0902205a96a1c72b77ba5 + checksum: 10/243fa13f217e793d20a57675e6552beea08c5989fcc68495d543997a31646875335e0e82d687b42dcfd466df57891d22bae7f5ba6ab33b7705ed2dd6eb989105 languageName: node linkType: hard @@ -13610,13 +13610,6 @@ __metadata: languageName: node linkType: hard -"cookie@npm:0.4.1": - version: 0.4.1 - resolution: "cookie@npm:0.4.1" - checksum: 10/0f2defd60ac93645ee31e82d11da695080435eb4fe5bed9b14d2fc4e0621a66f4c5c60f3eb05761df08a9d6279366e8646edfd1654f359d0b5afc25304fc4ddc - languageName: node - linkType: hard - "cookie@npm:0.6.0, cookie@npm:^0.6.0": version: 0.6.0 resolution: "cookie@npm:0.6.0" @@ -15494,7 +15487,7 @@ __metadata: "@uppy/google-drive": "workspace:*" "@uppy/webcam": "workspace:*" body-parser: "npm:^1.20.3" - cookie-parser: "npm:^1.4.6" + cookie-parser: "npm:^1.4.7" cors: "npm:^2.8.5" dotenv: "npm:^16.0.1" express: "npm:^4.19.2"