v1.18.2

What's Changed

• fix: Resolve test failure - Refresh server.crt with existing key extending expiry to Nov 21 03:28:10 2034 GMT by @BaileyFirman in #1003
• feat: gencert script to regenerate the test ssl certs by @wesleytodd in #1015
• chore: upgrade scorecard workflow pinned action versions by @carpasse in #1008
• ci: add CodeQL (SAST) by @bjohansebas in #1005
• [StepSecurity] Apply security best practices by @step-security-bot in #1047
• build(deps-dev): bump mocha from 10.2.0 to 10.8.2 by @dependabot[bot] in #1061
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @dependabot[bot] in #1048
• build(deps): bump github/codeql-action from 3.24.7 to 3.28.18 by @dependabot[bot] in #1050
• build(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @dependabot[bot] in #1049
• build(deps): bump actions/upload-artifact from 4.5.0 to 4.6.2 by @dependabot[bot] in #1052
• build(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by @dependabot[bot] in #1051
• chore: fix typos by @noritaka1166 in #1066
• deps: [email protected] by @UlisesGascon in #1069
• 🔖 v1.18.2 by @ctcpip in #1070

New Contributors

• @BaileyFirman made their first contribution in #1003
• @wesleytodd made their first contribution in #1015
• @carpasse made their first contribution in #1008
• @step-security-bot made their first contribution in #1047
• @dependabot[bot] made their first contribution in #1061
• @noritaka1166 made their first contribution in #1066
• @ctcpip made their first contribution in #1070

Full Changelog: v1.18.1...v1.18.2

1.18.1

What's Changed

• chore: add support for OSSF scorecard reporting by @inigomarquinez in #984
• dep: [email protected] by @knolleary in #997
• Release: 1.18.1 by @UlisesGascon in #998

New Contributors

• @inigomarquinez made their first contribution in #984
• @knolleary made their first contribution in #997
• @UlisesGascon made their first contribution in #998

Full Changelog: v1.18.0...v1.18.1

1.18.0

• Add debug log for pathname mismatch
• Add partitioned to cookie options
• Add priority to cookie options
• Fix handling errors from setting cookie
• Support any type in secret that crypto.createHmac supports
• deps: [email protected]
  • Fix expires option to reject invalid dates
  • perf: improve default decode speed
  • perf: remove slow string split in parse
• deps: [email protected]

1.17.3

• Fix resaving already-saved new session at end of request
• deps: [email protected]

1.17.2

• Fix res.end patch to always commit headers
• deps: [email protected]
• deps: [email protected]

1.17.1

• Fix internal method wrapping error on failed reloads

1.17.0

• deps: [email protected]
  • Add SameSite=None support
• deps: [email protected]

1.16.2

• Fix restoring cookie.originalMaxAge when store returns Date
• deps: parseurl@~1.3.3

1.16.1

• Fix error passing data option to Cookie constructor
• Fix uncaught error from bad session data

1.16.0

• Catch invalid cookie.maxAge value earlier
• Deprecate setting cookie.maxAge to a Date object
• Fix issue where resave: false may not save altered sessions
• Remove utils-merge dependency
• Use safe-buffer for improved Buffer API
• Use Set-Cookie as cookie header name for compatibility
• deps: depd@~2.0.0
  • Replace internal eval usage with Function constructor
  • Use instance methods on process to check for listeners
  • perf: remove argument reassignment
• deps: on-headers@~1.0.2
  • Fix res.writeHead patch missing return value