build(deps): bump express-session from 1.17.3 to 1.19.0 in /01-Login

[dependabot]

Bumps express-session from 1.17.3 to 1.19.0.

Release notes

Sourced from express-session's releases.

v1.19.0

What's Changed

Main Changes

• Add dynamic cookie options support Cookie options can now be dynamic, allowing for more flexible and context-aware configuration based on each request. This feature enables programmatic modification of cookie attributes like secure, httpOnly, sameSite, maxAge, domain, and path based on session or request conditions.

  var app = express()
  app.use(session({
    secret: 'keyboard cat',
    resave: false,
    saveUninitialized: true,
    cookie: function (req) {
      var match = req.url.match(/^\/([^/]+)/);
      return {
        path: match ? '/' + match[1] : '/',
        httpOnly: true,
        secure: req.secure || false,
        maxAge: 60000
      }
    }
  }))

• Add sameSite 'auto' support for automatic SameSite attribute configuration Added sameSite: 'auto' option for cookie configuration that automatically sets SameSite=None for HTTPS and SameSite=Lax for HTTP connections, simplifying cookie handling across different environments.

• deps: use tilde notation for dependencies

PRs

• chore: add funding to package.json by @​bjohansebas in expressjs/session#1071
• build(deps): bump actions/download-artifact from 4.3.0 to 6.0.0 by @​dependabot[bot] in expressjs/session#1086
• build(deps): bump github/codeql-action from 3.28.18 to 4.31.2 by @​dependabot[bot] in expressjs/session#1085
• build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 by @​dependabot[bot] in expressjs/session#1091
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @​dependabot[bot] in expressjs/session#1090
• build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 by @​dependabot[bot] in expressjs/session#1089
• build(deps): bump actions/checkout from 4.2.2 to 6.0.0 by @​dependabot[bot] in expressjs/session#1088
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.3 by @​dependabot[bot] in expressjs/session#1082
• refactor: remove unused sess parameter from generateSessionId fun… by @​Ayoub-Mabrouk in expressjs/session#1001
• chore: remove history.md from being packaged on publish by @​bjohansebas in expressjs/session#1097
• deps: use tilde notation for dependencies by @​bjohansebas in expressjs/session#1096
• Add sameSite 'auto' support to match secure 'auto' pattern by @​djunehor in expressjs/session#1087
• feat: add support to dynamic cookie options by @​lincond in expressjs/session#1027
• Release: 1.19.0 by @​UlisesGascon in expressjs/session#1107

New Contributors

• @​Ayoub-Mabrouk made their first contribution in expressjs/session#1001
• @​djunehor made their first contribution in expressjs/session#1087
• @​lincond made their first contribution in expressjs/session#1027

... (truncated)

Changelog

Sourced from express-session's changelog.

1.19.0 / 2026-01-22

• Add dynamic cookie options support
• Add sameSite 'auto' support for automatic SameSite attribute configuration
• deps: use tilde notation for dependencies

1.18.2 / 2025-07-17

• deps: mocha@10.8.2
• deps: on-headers@~1.1.0
  • Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

1.18.1 / 2024-10-08

• deps: cookie@0.7.2
  • Fix object assignment of hasOwnProperty
• deps: cookie@0.7.1
  • Allow leading dot for domain
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing
• deps: cookie@0.7.0
  • perf: parse cookies ~10% faster
  • fix: narrow the validation of cookies to match RFC6265
  • fix: add main to package.json for rspack

1.18.0 / 2024-01-28

• Add debug log for pathname mismatch
• Add partitioned to cookie options
• Add priority to cookie options
• Fix handling errors from setting cookie
• Support any type in secret that crypto.createHmac supports
• deps: cookie@0.6.0
  • Fix expires option to reject invalid dates
  • perf: improve default decode speed
  • perf: remove slow string split in parse
• deps: cookie-signature@1.0.7

Commits

• c10b2a3 1.19.0 (#1107)
• 2673736 feat: add support to dynamic cookie options (#1027)
• 73e0193 Add sameSite 'auto' support to match secure 'auto' pattern (#1087)
• 264b6a0 deps: use tilde notation for dependencies (#1096)
• 6d69f09 chore: remove history.md from being packaged on publish (#1097)
• 00b8a5f refactor: remove unused sess parameter from generateSessionId function (#...
• 2cd6561 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.3 (#1082)
• 1307f30 build(deps): bump actions/checkout from 4.2.2 to 6.0.0 (#1088)
• 0e7a438 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#1089)
• a095a9a build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#1090)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express-session since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)