-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: upgrade cookie dependency and cleanup imports #77
Conversation
Wdyt? Could this be merged? Then I could start to look at another issue with the latest next.js. EDIT: I fixed the lint. Forgot to run it. |
Fixed the lint problems. |
This issue is also happening to me with SvelteKit:
|
@J0 Thank you for the review. Do I need to do anything additional for this to be merged and released? |
Could you regenerate the package-lock.json and package.json? Apologies I was slightly hesitant to bump the version to v1.0.1 as that's a jump in major version. I went ahead and bumped the minor version which resulted in some conflicts. The minor version bump to v0.7.0 should also resolve the warning for now I believe We'll still consider the v1.0.1 upgrade and changes but I need to check in with the team before I go ahead and merge. |
@J0 Thank you for the feedback. I regenerated the package-lock.json. The breaking changes are described here: |
@J0 The security fix has not been released as of now. It's just a RC version not a published version. I get that this needs some more validation but can you guys release the current RC version as V5.0.2? |
When will this be merged? Want to fix my audits :) |
Hey apologies for missing this. We are releasing v0.5.2 now. |
Thanks for your patience @siimsams AFAICT this shouldn't affect our API beyond the requirement for an increment in node version to v18 (current LTS is v20) I think it should be fine to merge this as a minor version bump so going to merge. Welcome dissenting opinions though. This should live in rc for a while, which will give us time to test. |
Thank you for releasing the fix. Not in a hurry with this PR. |
What kind of change does this PR introduce?
cookie
package to the latest version.cookie
package.What is the current behavior?
It currently shows up as unfixable security issue in my project.
GHSA-pxg6-pf52-xh8x
Related issues:
#73
What is the new behavior?
The new version of this package does not have this security issue.
Additional context