[Snyk] Upgrade express-session from 1.15.6 to 1.18.1

[BD-HUGO]

Snyk has created this PR to upgrade express-session from 1.15.6 to 1.18.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.

• The recommended version was released on a month ago.

Release notes

Package name: express-session

• 1.18.1 - 2024-10-08
  

  What's Changed

  • chore: add support for OSSF scorecard reporting by @ inigomarquinez in #984
  • dep: [email protected] by @ knolleary in #997
  • Release: 1.18.1 by @ UlisesGascon in #998

  New Contributors

  • @ inigomarquinez made their first contribution in #984
  • @ knolleary made their first contribution in #997
  • @ UlisesGascon made their first contribution in #998

  Full Changelog: v1.18.0...v1.18.1

• 1.18.0 - 2024-01-28
  
  • Add debug log for pathname mismatch
  • Add partitioned to cookie options
  • Add priority to cookie options
  • Fix handling errors from setting cookie
  • Support any type in secret that crypto.createHmac supports
  • deps: [email protected]
    • Fix expires option to reject invalid dates
    • perf: improve default decode speed
    • perf: remove slow string split in parse
  • deps: [email protected]
• 1.17.3 - 2022-05-11
  
  • Fix resaving already-saved new session at end of request
  • deps: [email protected]
• 1.17.2 - 2021-05-19
  
  • Fix res.end patch to always commit headers
  • deps: [email protected]
  • deps: [email protected]
• 1.17.1 - 2020-04-17
  
  • Fix internal method wrapping error on failed reloads
• 1.17.0 - 2019-10-11
  
  • deps: [email protected]
    • Add SameSite=None support
  • deps: [email protected]
• 1.16.2 - 2019-06-12
  
  • Fix restoring cookie.originalMaxAge when store returns Date
  • deps: parseurl@~1.3.3
• 1.16.1 - 2019-04-11
  
  • Fix error passing data option to Cookie constructor
  • Fix uncaught error from bad session data
• 1.16.0 - 2019-04-11
  
  • Catch invalid cookie.maxAge value earlier
  • Deprecate setting cookie.maxAge to a Date object
  • Fix issue where resave: false may not save altered sessions
  • Remove utils-merge dependency
  • Use safe-buffer for improved Buffer API
  • Use Set-Cookie as cookie header name for compatibility
  • deps: depd@~2.0.0
    • Replace internal eval usage with Function constructor
    • Use instance methods on process to check for listeners
    • perf: remove argument reassignment
  • deps: on-headers@~1.0.2
    • Fix res.writeHead patch missing return value
• 1.15.6 - 2017-09-26
  
  • deps: [email protected]
  • deps: parseurl@~1.3.2
    • perf: reduce overhead for full URLs
    • perf: unroll the "fast-path" RegExp
  • deps: uid-safe@~2.1.5
    • perf: remove only trailing =
  • deps: [email protected]

from express-session GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[BD-HUGO]

Automated PR Comment From Polaris SCA

❌ Found dependencies violating policy!

Dependency	Policies Violated	License(s)	Vulnerabilities	Short Term Recommended Upgrade	Long Term Recommended Upgrade	Resolved / Filtered Out
body-parser 1.18.3	Third-party component usage	MIT License	❌   CVE-2024-45590 High CVSS 7.5	1.20.3 (0 known vulnerabilities)	2.0.1 (0 known vulnerabilities)	❕