diff --git a/History.md b/History.md
index 2592c976bf..1e3f939c61 100644
--- a/History.md
+++ b/History.md
@@ -1,3 +1,8 @@
+5.0.1 / 2024-10-08
+==========
+
+* Update `cookie` semver lock to address [CVE-2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764)
+
 5.0.0 / 2024-09-10
 =========================
 * remove:
diff --git a/package.json b/package.json
index 3a10ae4dc5..87335adf7a 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "express",
   "description": "Fast, unopinionated, minimalist web framework",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
   "contributors": [
     "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
@@ -32,7 +32,7 @@
     "body-parser": "^2.0.1",
     "content-disposition": "^1.0.0",
     "content-type": "~1.0.4",
-    "cookie": "0.6.0",
+    "cookie": "0.7.1",
     "cookie-signature": "^1.2.1",
     "debug": "4.3.6",
     "depd": "2.0.0",