deps: [email protected]

closes #168 closes #177
expressjs · Jan 24, 2024 · 0dc9683 · 0dc9683
1 parent f77fa09
commit 0dc9683
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,3 +1,15 @@
+unreleased
+==========
+
+  * deps: [email protected]
+    - Add `partitioned` option for CHIPS support
+    - Add `priority` option for Priority cookie support
+    - Fix accidental cookie name/value truncation when given invalid chars
+    - Fix `maxAge` option to reject invalid values
+    - Remove quotes from returned quoted cookie value
+    - Use `req.socket` over deprecated `req.connection`
+    - pref: small lookup regexp optimization
+
 2.0.0 / 2021-12-16
 ==================
 

diff --git a/README.md b/README.md
@@ -103,6 +103,8 @@ The options can also contain any of the following (for the full list, see
   - `expires`: a `Date` object indicating the cookie's expiration date (expires at the end of session by default).
   - `path`: a string indicating the path of the cookie (`/` by default).
   - `domain`: a string indicating the domain of the cookie (no default).
+  - `partitioned`: a boolean indicating whether to partition the cookie in Chrome for the [CHIPS Update](https://developers.google.com/privacy-sandbox/3pcd/chips) (`false` by default). If this is true, Cookies from embedded sites will be partitioned and only readable from the same top level site from which it was created.
+  - `priority`: a string indicating the cookie priority. This can be set to `'low'`, `'medium'`, or `'high'`.
   - `sameSite`: a boolean or string indicating whether the cookie is a "same site" cookie (`false` by default). This can be set to `'strict'`, `'lax'`, `'none'`, or `true` (which maps to `'strict'`).
   - `secure`: a boolean indicating whether the cookie is only to be sent over HTTPS (`false` by default for HTTP, `true` by default for HTTPS). If this is set to `true` and Node.js is not directly over a TLS connection, be sure to read how to [setup Express behind proxies](https://expressjs.com/en/guide/behind-proxies.html) or the cookie may not ever set correctly.
   - `httpOnly`: a boolean indicating whether the cookie is only to be sent over HTTP(S), and not made available to client JavaScript (`true` by default).

diff --git a/package.json b/package.json
@@ -15,7 +15,7 @@
   ],
   "repository": "expressjs/cookie-session",
   "dependencies": {
-    "cookies": "0.8.0",
+    "cookies": "0.9.1",
     "debug": "3.2.7",
     "on-headers": "~1.0.2",
     "safe-buffer": "5.2.1"