Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A vulnerability has been discovered in the cookie library #124

Closed
DiFuks opened this issue Nov 26, 2024 · 1 comment
Closed

A vulnerability has been discovered in the cookie library #124

DiFuks opened this issue Nov 26, 2024 · 1 comment

Comments

@DiFuks
Copy link

DiFuks commented Nov 26, 2024

A vulnerability has been discovered in the cookie library. This has been fixed in version 0.7.0. Unfortunately, importmap-overrides is tightly bound to version 0.6.*.
@joeldenning
Copy link
Member

The vulnerability is low severity and, as far as I can tell, does not impact import-map-overrides, since import-map-overrides only uses cookie.parse() rather than cookie.serialize(), and jshttp/cookie#167 seems to have only changed the serialize() function. There are currently no tests for import-map-overrides-server.js, so upgrading cookie to 0.7 or 1.0 can't be done safely without first adding tests.

Closing this since the issue doesn't impact import-map-overrides

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joeldenning @DiFuks