From 6ed3c6dcd4fb8cb3ab6d604b384b77b94a81a561 Mon Sep 17 00:00:00 2001
From: Julien Cayzac <julien.cayzac@gmail.com>
Date: Sun, 6 Oct 2024 16:01:24 +0900
Subject: [PATCH 1/2] [CVE 2024-47764] Update package 'cookie'

---
 .changeset/twenty-spoons-sneeze.md |  5 +++++
 packages/astro/package.json        |  2 +-
 pnpm-lock.yaml                     | 10 +++++-----
 3 files changed, 11 insertions(+), 6 deletions(-)
 create mode 100644 .changeset/twenty-spoons-sneeze.md

diff --git a/.changeset/twenty-spoons-sneeze.md b/.changeset/twenty-spoons-sneeze.md
new file mode 100644
index 000000000000..ac4fae9d68f3
--- /dev/null
+++ b/.changeset/twenty-spoons-sneeze.md
@@ -0,0 +1,5 @@
+---
+'astro': patch
+---
+
+This updates Astro's dependency on the [`cookie`](https://npmjs.com/package/cookie) package to a version that is not susceptible to the [CVE 2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764) vulnerability.
diff --git a/packages/astro/package.json b/packages/astro/package.json
index 4af70bb6984f..e9a9c9e46cff 100644
--- a/packages/astro/package.json
+++ b/packages/astro/package.json
@@ -140,7 +140,7 @@
     "ci-info": "^4.0.0",
     "clsx": "^2.1.1",
     "common-ancestor-path": "^1.0.1",
-    "cookie": "^0.6.0",
+    "cookie": "^0.7.1",
     "cssesc": "^3.0.0",
     "debug": "^4.3.7",
     "deterministic-object-hash": "^2.0.2",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index e2fbae2cc678..3904a1d5edef 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -607,8 +607,8 @@ importers:
         specifier: ^1.0.1
         version: 1.0.1
       cookie:
-        specifier: ^0.6.0
-        version: 0.6.0
+        specifier: ^0.7.1
+        version: 0.7.1
       cssesc:
         specifier: ^3.0.0
         version: 3.0.0
@@ -7774,8 +7774,8 @@ packages:
   convert-source-map@2.0.0:
     resolution: {integrity: sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==}
 
-  cookie@0.6.0:
-    resolution: {integrity: sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==}
+  cookie@0.7.1:
+    resolution: {integrity: sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==}
     engines: {node: '>= 0.6'}
 
   copy-anything@3.0.5:
@@ -13518,7 +13518,7 @@ snapshots:
 
   convert-source-map@2.0.0: {}
 
-  cookie@0.6.0: {}
+  cookie@0.7.1: {}
 
   copy-anything@3.0.5:
     dependencies:

From 778e3904a7267f388cff1796f163a3ecd0435074 Mon Sep 17 00:00:00 2001
From: Bjorn Lu <bjornlu.dev@gmail.com>
Date: Mon, 7 Oct 2024 14:45:27 +0800
Subject: [PATCH 2/2] Update .changeset/twenty-spoons-sneeze.md

---
 .changeset/twenty-spoons-sneeze.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.changeset/twenty-spoons-sneeze.md b/.changeset/twenty-spoons-sneeze.md
index ac4fae9d68f3..c4a4bb59254c 100644
--- a/.changeset/twenty-spoons-sneeze.md
+++ b/.changeset/twenty-spoons-sneeze.md
@@ -2,4 +2,4 @@
 'astro': patch
 ---
 
-This updates Astro's dependency on the [`cookie`](https://npmjs.com/package/cookie) package to a version that is not susceptible to the [CVE 2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764) vulnerability.
+Updates the [`cookie`](https://npmjs.com/package/cookie) dependency to avoid the [CVE 2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764) vulnerability.