build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by dependabot[bot] · Pull Request #6678

build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by dependabot[bot] · Pull Request #6678 · expressjs/express

Bumps cookie-session from 2.1.0 to 2.1.1.

Release notes

Sourced from cookie-session's releases.

v2.1.1

What's Changed

chore: add support for OSSF scorecard reporting by @inigomarquinez in expressjs/cookie-session#180

chore: upgrade scorecard workflow pinned action versions by @carpasse in expressjs/cookie-session#184

docs: Fix typo in README.md by @mkonikov in expressjs/cookie-session#187

fix: use ubuntu-latest as ci runner by @UlisesGascon in expressjs/cookie-session#185

ci: apply OSSF Scorecard security best practices by @UlisesGascon in expressjs/cookie-session#186

💚 fix CI by @ctcpip in expressjs/cookie-session#198

deps: on-headers@1.1.0 by @UlisesGascon in expressjs/cookie-session#201

Release: 2.1.1 by @UlisesGascon in expressjs/cookie-session#202

New Contributors

@inigomarquinez made their first contribution in expressjs/cookie-session#180

@carpasse made their first contribution in expressjs/cookie-session#184

@mkonikov made their first contribution in expressjs/cookie-session#187

@UlisesGascon made their first contribution in expressjs/cookie-session#185

@ctcpip made their first contribution in expressjs/cookie-session#198

Full Changelog: expressjs/cookie-session@v2.1.0...v2.1.1

Changelog

Sourced from cookie-session's changelog.

2.1.1 / 2025-07-17

deps: on-headers@~1.1.0

Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

Commits

beb3ece 2.1.1
8c674d0 deps: on-headers@1.1.0 (#201)
ad77352 💚 fix CI
127d899 ci: apply OSSF Scorecard security best practices (#186)
78674e1 fix: use ubuntu-latest as ci runner (#185)
fb96951 fix: typo in documentation (#187)
aa2ecf4 chore: upgrade scorecard workflow pinned action versions (#184)
a9466a8 ci: add support for OSSF scorecard reporting (#180)
See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for cookie-session since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)