1. csurf 1.9.0 Pulls Critical Transitive Vulnerability from cookie-0.3.1 — No Patch Available
The csurf middleware package, a widely adopted CSRF token library for Node.js applications, has been flagged for containing two security vulnerabilities in its dependency chain, including a critical-severity flaw scoring 9.8 on the CVSS scale. The root cause traces not to csurf itself but to the transitive dependency c...