Update dependency express-session to v1.17.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
express-session	1.10.2 -> 1.17.3

---

Release Notes

expressjs/session

v1.17.3

Compare Source

===================

• Fix resaving already-saved new session at end of request
• deps: cookie@0.4.2

v1.17.2

Compare Source

===================

• Fix res.end patch to always commit headers
• deps: cookie@0.4.1
• deps: safe-buffer@5.2.1

v1.17.1

Compare Source

===================

• Fix internal method wrapping error on failed reloads

v1.17.0

Compare Source

===================

• deps: cookie@0.4.0
  • Add SameSite=None support
• deps: safe-buffer@5.2.0

v1.16.2

Compare Source

===================

• Fix restoring cookie.originalMaxAge when store returns Date
• deps: parseurl@~1.3.3

v1.16.1

Compare Source

===================

• Fix error passing data option to Cookie constructor
• Fix uncaught error from bad session data

v1.16.0

Compare Source

===================

• Catch invalid cookie.maxAge value earlier
• Deprecate setting cookie.maxAge to a Date object
• Fix issue where resave: false may not save altered sessions
• Remove utils-merge dependency
• Use safe-buffer for improved Buffer API
• Use Set-Cookie as cookie header name for compatibility
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
  • perf: remove argument reassignment
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value

v1.15.6

Compare Source

===================

• deps: debug@2.6.9
• deps: parseurl@~1.3.2
  • perf: reduce overhead for full URLs
  • perf: unroll the "fast-path" RegExp
• deps: uid-safe@~2.1.5
  • perf: remove only trailing =
• deps: utils-merge@1.0.1

v1.15.5

Compare Source

===================

• Fix TypeError when req.url is an empty string
• deps: depd@~1.1.1
  • Remove unnecessary Buffer loading

v1.15.4

Compare Source

===================

• deps: debug@2.6.8

v1.15.3

Compare Source

===================

• deps: debug@2.6.7
  • deps: ms@2.0.0

v1.15.2

Compare Source

===================

• deps: debug@2.6.3
  • Fix DEBUG_MAX_ARRAY_LENGTH
• deps: uid-safe@~2.1.4
  • Remove base64-url dependency

v1.15.1

Compare Source

===================

• deps: debug@2.6.1
  • Fix deprecation messages in WebStorm and other editors
  • Undeprecate DEBUG_FD set to 1 or 2

v1.15.0

Compare Source

===================

• Fix detecting modified session when session contains "cookie" property
• Fix resaving already-saved reloaded session at end of request
• deps: crc@3.4.4
  • perf: use Buffer.from when available
• deps: debug@2.6.0
  • Allow colors in workers
  • Deprecated DEBUG_FD environment variable
  • Use same color for same namespace
  • Fix error when running under React Native
  • deps: ms@0.7.2
• perf: remove unreachable branch in set-cookie method

v1.14.2

Compare Source

===================

• deps: crc@3.4.1
  • Fix deprecation warning in Node.js 7.x
• deps: uid-safe@~2.1.3
  • deps: base64-url@1.3.3

v1.14.1

Compare Source

===================

• Fix not always resetting session max age before session save
• Fix the cookie sameSite option to actually alter the Set-Cookie
• deps: uid-safe@~2.1.2
  • deps: base64-url@1.3.2

v1.14.0

Compare Source

===================

• Correctly inherit from EventEmitter class in Store base class
• Fix issue where Set-Cookie Expires was not always updated
• Methods are no longer enumerable on req.session object
• deps: cookie@0.3.1
  • Add sameSite option
  • Improve error message when encode is not a function
  • Improve error message when expires is not a Date
  • perf: enable strict mode
  • perf: use for loop in parse
  • perf: use string concatination for serialization
• deps: parseurl@~1.3.1
  • perf: enable strict mode
• deps: uid-safe@~2.1.1
  • Use random-bytes for byte source
  • deps: base64-url@1.2.2
• perf: enable strict mode
• perf: remove argument reassignment

v1.13.0

Compare Source

===================

• Fix rolling: true to not set cookie when no session exists
  • Better saveUninitialized: false + rolling: true behavior
• deps: crc@3.4.0

v1.12.1

Compare Source

===================

• deps: cookie@0.2.3
  • Fix cookie Max-Age to never be a floating point number

v1.12.0

Compare Source

===================

• Support the value 'auto' in the cookie.secure option
• deps: cookie@0.2.2
  • Throw on invalid values provided to serialize
• deps: depd@~1.1.0
  • Enable strict mode in more places
  • Support web browser loading
• deps: on-headers@~1.0.1
  • perf: enable strict mode

v1.11.3

Compare Source

===================

• deps: cookie@0.1.3
  • Slight optimizations
• deps: crc@3.3.0

v1.11.2

Compare Source

===================

• deps: debug@~2.2.0
  • deps: ms@0.7.1
• deps: uid-safe@~2.0.0

v1.11.1

Compare Source

===================

• Fix mutating options.secret value

v1.11.0

Compare Source

===================

• Support an array in secret option for key rotation
• deps: depd@~1.0.1

v1.10.4

Compare Source

===================

• deps: debug@~2.1.3
  • Fix high intensity foreground color for bold
  • deps: ms@0.7.0

v1.10.3

Compare Source

===================

• deps: cookie-signature@1.0.6
• deps: uid-safe@1.1.0
  • Use crypto.randomBytes, if available
  • deps: base64-url@1.2.1

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[pull-assistant]

Best reviewed: commit by commit

---

Optimal code review plan

     Update dependency express-session to v1.17.1

Powered by Pull Assistant. Last update 157bcd7 ... 157bcd7. Read the comment docs.