From 921c605040b6f643605db70659fa1b79b01b9f1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=A9rald=20Gounot?= <gerald@gounot.eu>
Date: Thu, 4 Sep 2025 15:54:06 +0200
Subject: [PATCH] =?UTF-8?q?fix:=20mise=20=C3=A0=20jour=20forc=C3=A9e=20de?=
 =?UTF-8?q?=20cookie=20pour=20cause=20de=20vuln=C3=A9rabilit=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On doit la forcer (override) car il est impossibilité pour SvelteKit de mettre à jour cookie avant la v3. La version 0.7.0 contient un breaking change mais qui ne nous concerne pas.

Voir : https://github.com/sveltejs/kit/pull/12767
---
 front/package-lock.json | 6 +++---
 front/package.json      | 3 +++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/front/package-lock.json b/front/package-lock.json
index f55791d22..c3c4fddd0 100644
--- a/front/package-lock.json
+++ b/front/package-lock.json
@@ -4670,9 +4670,9 @@
       "license": "MIT"
     },
     "node_modules/cookie": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
-      "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
+      "version": "0.7.2",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz",
+      "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.6"
diff --git a/front/package.json b/front/package.json
index 6cac65c2f..97802b2d4 100644
--- a/front/package.json
+++ b/front/package.json
@@ -75,6 +75,9 @@
     "wicg-inert": "^3.1.3",
     "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.3/xlsx-0.20.3.tgz"
   },
+  "overrides": {
+    "cookie": "0.7.2"
+  },
   "type": "module",
   "lint-staged": {
     "*.{js,ts,svelte}": [