fix(deps): update dependency tough-cookie to v4 [security] #30
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^3.0.1
->^4.0.0
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2023-26136
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in
rejectPublicSuffixes=false
mode. This issue arises from the manner in which the objects are initialized.Release Notes
salesforce/tough-cookie (tough-cookie)
v4.1.3
: 4.1.3Compare Source
Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the
inspect
utility is affected by this change, we felt this change was important enough to be pushed into the next patch.v4.1.2
: 4.1.2 -- Patch and Bugfix ReleaseCompare Source
What's Changed
Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2
v4.1.1
: 4.1.1Compare Source
Patch Release
What's Changed
Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1
v4.1.0
: 4.1.0Compare Source
v4.1.0
Minor release, focused mainly on resolving reported issues and some minor feature work.
What's Changed
allowSpecialUseDomain
option by @colincasey in https://github.com/salesforce/tough-cookie/pull/225New Contributors
Full Changelog: salesforce/tough-cookie@v4.0.0...v4.1.0
v4.0.0
: Version 4.0.0Compare Source
Breaking Changes (Major Version)
universalify
,eslint
andprettier
)psl
andasync
findCookies()
- callback fn has to be last in order to comply withuniversalify
.call()
to do inheritance using function prototypesMinor Changes
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.