From 601194070f73c8759c7217e05d724a5275c79b5c Mon Sep 17 00:00:00 2001
From: Jon Church <me@jonchurch.com>
Date: Sat, 4 May 2024 19:55:58 -0400
Subject: [PATCH 1/7] add test for removing user provided expires

---
 test/res.clearCookie.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/test/res.clearCookie.js b/test/res.clearCookie.js
index fc0cfb99a3..b350571f97 100644
--- a/test/res.clearCookie.js
+++ b/test/res.clearCookie.js
@@ -32,5 +32,31 @@ describe('res', function(){
       .expect('Set-Cookie', 'sid=; Path=/admin; Expires=Thu, 01 Jan 1970 00:00:00 GMT')
       .expect(200, done)
     })
+
+    it('should ignore maxAge', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.clearCookie('sid', { path: '/admin', maxAge: 900 }).end();
+      });
+
+      request(app)
+      .get('/')
+      .expect('Set-Cookie', 'sid=; Path=/admin; Expires=Thu, 01 Jan 1970 00:00:00 GMT')
+      .expect(200, done)
+    })
+
+    it('should ignore user supplied expires param', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.clearCookie('sid', { path: '/admin', expires: new Date() }).end();
+      });
+
+      request(app)
+      .get('/')
+      .expect('Set-Cookie', 'sid=; Path=/admin; Expires=Thu, 01 Jan 1970 00:00:00 GMT')
+      .expect(200, done)
+    })
   })
 })

From d17db3cb7836fedf2510d07505dd52a317c0f744 Mon Sep 17 00:00:00 2001
From: Jon Church <me@jonchurch.com>
Date: Sat, 27 Jul 2024 19:01:12 -0400
Subject: [PATCH 2/7] rework impl and tests to ignore maxAge, do not set it

this is to take into account the built-in relative expires when passing
a maxAge to res.cookie

I realized that using maxAge to invalidate cookies inherrently hit this
relativee expires behavior, and the goal of this PR is not to rework
that relative expires behavior w/ maxAge, but to prevent users from
overwriting these values by accident when clearing cookies
---
 lib/response.js         | 4 +++-
 test/res.clearCookie.js | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/response.js b/lib/response.js
index 6ad54dbfc7..df4676544f 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -707,7 +707,9 @@ res.get = function(field){
  */
 
 res.clearCookie = function clearCookie(name, options) {
-  var opts = merge({ expires: new Date(1), path: '/' }, options);
+  // Force cookie expiration by setting expires to the past
+  // ensure maxAge is undefined
+  const opts = {path: '/', ...options, expires: new Date(1), maxAge: undefined}
 
   return this.cookie(name, '', opts);
 };
diff --git a/test/res.clearCookie.js b/test/res.clearCookie.js
index b350571f97..74a746eb7b 100644
--- a/test/res.clearCookie.js
+++ b/test/res.clearCookie.js
@@ -37,7 +37,7 @@ describe('res', function(){
       var app = express();
 
       app.use(function(req, res){
-        res.clearCookie('sid', { path: '/admin', maxAge: 900 }).end();
+        res.clearCookie('sid', { path: '/admin', maxAge: 1000 }).end();
       });
 
       request(app)

From 6a0a534dcfa994d9929038aeb041c1e2c859c8a1 Mon Sep 17 00:00:00 2001
From: Jon Church <me@jonchurch.com>
Date: Sat, 27 Jul 2024 19:15:11 -0400
Subject: [PATCH 3/7] update history.md

---
 History.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/History.md b/History.md
index 89d5af3ceb..d9ccf08350 100644
--- a/History.md
+++ b/History.md
@@ -4,6 +4,8 @@ unreleased
   * `res.status()` accepts only integers, and input must be greater than 99 and less than 1000
     * will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range
     * will throw a `TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs
+* change:
+  - `res.clearCookie` ignore user provided `maxAge` and `expires` options
 
 5.0.0-beta.3 / 2024-03-25
 =========================

From 48dfbd5f3c8b0c5f1f4ac151e2cd832842e5c397 Mon Sep 17 00:00:00 2001
From: Jon Church <me@jonchurch.com>
Date: Sat, 27 Jul 2024 19:25:49 -0400
Subject: [PATCH 4/7] explicitly delete maxAge instead of setting as undefined

---
 lib/response.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/response.js b/lib/response.js
index df4676544f..ce85b0bd8b 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -708,8 +708,9 @@ res.get = function(field){
 
 res.clearCookie = function clearCookie(name, options) {
   // Force cookie expiration by setting expires to the past
-  // ensure maxAge is undefined
-  const opts = {path: '/', ...options, expires: new Date(1), maxAge: undefined}
+  const opts = { path: '/', ...options, expires: new Date(1) }
+  // ensure maxAge is not passed
+  delete opts.maxAge
 
   return this.cookie(name, '', opts);
 };

From 1abae7a4805d85097b23bb0b676bb2557eb24738 Mon Sep 17 00:00:00 2001
From: Jon Church <me@jonchurch.com>
Date: Thu, 1 Aug 2024 17:01:43 -0400
Subject: [PATCH 5/7] drop the spread, use object.assign

---
 lib/response.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/response.js b/lib/response.js
index ce85b0bd8b..c14bc4b3a7 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -708,7 +708,7 @@ res.get = function(field){
 
 res.clearCookie = function clearCookie(name, options) {
   // Force cookie expiration by setting expires to the past
-  const opts = { path: '/', ...options, expires: new Date(1) }
+  const opts = Object.assign({ path: '/' } , options, { expires: new Date(1) })
   // ensure maxAge is not passed
   delete opts.maxAge
 

From b4d37090ddb65e1cc1575d08fe833c80ca28e377 Mon Sep 17 00:00:00 2001
From: Jon Church <me@jonchurch.com>
Date: Fri, 2 Aug 2024 16:02:16 -0400
Subject: [PATCH 6/7] wording, review comment on history.md

Co-authored-by: Chris de Almeida <ctcpip@users.noreply.github.com>
---
 History.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/History.md b/History.md
index d9ccf08350..7c51a32d8b 100644
--- a/History.md
+++ b/History.md
@@ -5,7 +5,7 @@ unreleased
     * will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range
     * will throw a `TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs
 * change:
-  - `res.clearCookie` ignore user provided `maxAge` and `expires` options
+  - `res.clearCookie` will ignore user provided `maxAge` and `expires` options
 
 5.0.0-beta.3 / 2024-03-25
 =========================

From 4feefb921828eb4d7d43b62b5cafc9490f0a0df6 Mon Sep 17 00:00:00 2001
From: ctcpip <ctcpip@users.noreply.github.com>
Date: Fri, 2 Aug 2024 15:06:29 -0500
Subject: [PATCH 7/7] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20use=20spread,=20update?=
 =?UTF-8?q?=20supported=20ecmascript=20version?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .eslintrc.yml   | 2 +-
 lib/response.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.eslintrc.yml b/.eslintrc.yml
index 9e282530d5..70bc9a6e7e 100644
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@@ -1,6 +1,6 @@
 root: true
 env:
-  es6: true
+  es2022: true
   node: true
 rules:
   eol-last: error
diff --git a/lib/response.js b/lib/response.js
index c14bc4b3a7..a5a33e8609 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -708,7 +708,7 @@ res.get = function(field){
 
 res.clearCookie = function clearCookie(name, options) {
   // Force cookie expiration by setting expires to the past
-  const opts = Object.assign({ path: '/' } , options, { expires: new Date(1) })
+  const opts = { path: '/', ...options, expires: new Date(1)};
   // ensure maxAge is not passed
   delete opts.maxAge