From fb7aba2be05ec74579c55d0acea88526dc0f94ad Mon Sep 17 00:00:00 2001
From: Josh Buker <crypto@joshbuker.com>
Date: Mon, 7 Oct 2024 10:53:50 -0700
Subject: [PATCH 1/2] Backport a fix for CVE-2024-47764 to the 4.x branch

For details, see: https://github.com/expressjs/express/pull/6017#issuecomment-2396359550
---
 History.md   | 5 +++++
 package.json | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/History.md b/History.md
index 178e718fc3..fb35777130 100644
--- a/History.md
+++ b/History.md
@@ -1,3 +1,8 @@
+unreleased
+==========
+
+* Backported a fix for CVE-2024-47764
+
 4.21.0 / 2024-09-11
 ==========
 
diff --git a/package.json b/package.json
index f9b43a69e5..3a94d38a48 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
     "body-parser": "1.20.3",
     "content-disposition": "0.5.4",
     "content-type": "~1.0.4",
-    "cookie": "0.6.0",
+    "cookie": "^0.7.1",
     "cookie-signature": "1.0.6",
     "debug": "2.6.9",
     "depd": "2.0.0",

From 210561431d4b71a565af370ca2edb42d560d9a21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= <ulisesgascongonzalez@gmail.com>
Date: Tue, 8 Oct 2024 12:05:35 +0200
Subject: [PATCH 2/2] chore: remove caret

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 3a94d38a48..9905aac85a 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
     "body-parser": "1.20.3",
     "content-disposition": "0.5.4",
     "content-type": "~1.0.4",
-    "cookie": "^0.7.1",
+    "cookie": "0.7.1",
     "cookie-signature": "1.0.6",
     "debug": "2.6.9",
     "depd": "2.0.0",