Cookie-parser has a new stable version, 1.4.7, released on October 8, 2024, succeeding version 1.4.6, released on November 16, 2021. Both versions serve the same purpose: parsing HTTP request cookies in Express.js applications. The core functionality for developers remains consistent.
A notable change lies in the "cookie" dependency. Version 1.4.7 upgrades it to version 0.7.2, while version 1.4.6 relied on an older version, 0.4.1. This dependency upgrade likely incorporates bug fixes, performance enhancements, and potentially new features related to cookie handling within the "cookie" library itself. Developers should consult the "cookie" package changelog for detailed information on what's changed between these versions.
Both versions share the same "cookie-signature" dependency at version 1.0.6, ensuring consistent cookie signing capabilities. Development dependencies remain largely consistent. Both use tools like ESLint, Mocha, NYC, and Supertest. However, version 1.4.7 introduces a newer version of Mocha (9.2.1) compared to the older version (9.1.3) in 1.4.6.
The unpacked size of the package has slightly increased from 12055 bytes in 1.4.6 to 12977 bytes in 1.4.7, potentially due to the updated dependencies and minor code changes. Both versions are MIT licensed and maintained in the same GitHub repository. Also, the library is delivered by the same author. For developers, upgrading to cookie-parser 1.4.7 is recommended to leverage the improvements brought by the updated "cookie" dependency and newer tooling such as Mocha.
The are not vulnerabilities for the version 1.4.7 of the package cookie-parser
