Update dependency express-session to ^1.18.2

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
express-session	dependencies	minor	^1.17.3 -> ^1.18.2

By merging this PR, the issue #5 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
Medium	5.3	CVE-2024-47764
Low	3.4	CVE-2025-7339

---

Release Notes

expressjs/session (express-session)

v1.18.2

Compare Source

==========

• deps: mocha@​10.8.2
• deps: on-headers@~1.1.0
  • Fix CVE-2025-7339 (GHSA-76c9-3jph-rj3q)

v1.18.1

Compare Source

==========

• deps: cookie@​0.7.2
  • Fix object assignment of hasOwnProperty
• deps: cookie@​0.7.1
  • Allow leading dot for domain
    • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
  • Add fast path for serialize without options, use obj.hasOwnProperty when parsing
• deps: cookie@​0.7.0
  • perf: parse cookies ~10% faster
  • fix: narrow the validation of cookies to match RFC6265
  • fix: add main to package.json for rspack

v1.18.0

Compare Source

===================

• Add debug log for pathname mismatch
• Add partitioned to cookie options
• Add priority to cookie options
• Fix handling errors from setting cookie
• Support any type in secret that crypto.createHmac supports
• deps: cookie@​0.6.0
  • Fix expires option to reject invalid dates
  • perf: improve default decode speed
  • perf: remove slow string split in parse
• deps: cookie-signature@​1.0.7

---

• If you want to rebase/retry this PR, check this box