Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update vulnerable cookie package dependency #13432

Closed
johnholliday opened this issue Feb 7, 2025 · 1 comment
Closed

Update vulnerable cookie package dependency #13432

johnholliday opened this issue Feb 7, 2025 · 1 comment

Comments

@johnholliday
Copy link

Describe the problem

@sveltejs/kit 2.17.1 depends on cookie 0.6.0 which has been tagged as a vulnerability.
more info

Image

Describe the proposed solution

Update to the latest version.

Alternatives considered

No response

Importance

would make my life easier

Additional Information

No response
@Conduitry
Copy link
Member

See #13386 - the challenge here is that there are breaking changes that we need to decide whether we're okay with. In the meantime, you can use an override on the cookie dependency.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johnholliday @Conduitry