restify - npm Package Compare versions

Comparing version 3.0.0 to 3.0.1

CHANGES.md

 # restify Changelog
 
+## 3.0.1
+- #779 set-cookie headers should not include comma separated values. See:
+  http://tools.ietf.org/html/rfc6265#section-3
+
 ## 3.0.0
@@ -4,0 +8,0 @@

lib/response.js

@@ -145,3 +145,5 @@ // Copyright 2012 Mark Cavage, Inc.  All rights reserved.
     var current = this.getHeader(name);
-    if (current) {
+    // #779, don't use comma separated values for set-cookie, see
+    // http://tools.ietf.org/html/rfc6265#section-3
+    if (current && name.toLowerCase() !== 'set-cookie') {
         if (Array.isArray(current)) {
@@ -148,0 +150,0 @@ current.push(value);

package.json

@@ -41,3 +41,3 @@ {
   "description": "REST framework",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "repository": {
@@ -44,0 +44,0 @@ "type": "git",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

185132

increased by0.16%

Lines of code

4735

increased by0.04%

Number of medium supply chain risk alerts

8

decreased by-11.11%

No dependency changes