[stable-4.3] Bump js-cookie from 2.2.1 to 3.0.1

[dependabot]

Bumps js-cookie from 2.2.1 to 3.0.1.

Release notes

Sourced from js-cookie's releases.

v3.0.1

• Make package.json accessible in export - #727

v3.0.0

• Removed defaults in favor of a builder: now to supply an api instance with particular predefined (cookie) attributes there's Cookies.withAttributes(), e.g.:

const api = Cookies.withAttributes({
  path: '/',
  secure: true
})
api.set('key', 'value') // writes cookie with path: '/' and secure: true...

• The attributes that an api instance is configured with are exposed as attributes property; it's an immutable object and unlike defaults cannot be changed to configure the api.
• The mechanism to fall back to the standard, internal converter by returning a falsy value in a custom read converter has been removed. Instead the default converters are now exposed as Cookies.converter, which allows for implementing self-contained custom converters providing the same behavior:

const customReadConverter = (value, name) => {
  if (name === 'special') {
    return unescape(value)
  }
  return Cookies.converter.read(value)
}

• withConverter() no longer accepts a function as argument to be turned into a read converter. It is now required to always pass an object with the explicit type(s) of converter(s):

const api = Cookies.withConverter({
  read: (value, name) => unescape(value)
})

• The converter(s) that an api instance is configured with are exposed as converter property; it's an immutable object and cannot be changed to configure the api.
• Started providing library as ES module, in addition to UMD module. The module field in package.json points to an ES module variant of the library.
• Started using browser field instead of main in package.json (for the UMD variant of the library).
• Dropped support for IE < 10.
• Removed built-in JSON support, i.e. getJSON() and automatic stringifying in set(): use Cookies.set('foo', JSON.stringify({ ... })) and JSON.parse(Cookies.get('foo')) instead.
• Removed support for Bower.
• Added minified versions to package - #501
• Improved support for url encoded cookie values (support case insensitive encoding) - #466, #530
• Expose default path via API - #541
• Handle falsy arguments passed to getters - #399
• No longer support Node < 12 when building (LTS versions only)

v3.0.0-rc.4

Reverted changes introduced in rc2, which caused a mayor breaking change in the case of requesting the library via jsdelivr CDN with a particular file name. This breaking change was not intentional.

The problem was that we've been advertising the following link in the readme on the master branch:

https://cdn.jsdelivr.net/npm/js-cookie@rc/dist/js.cookie.min.js

while the respective change had changed that file name in the distribution to js.cookie.umd.min.js.

Nonetheless, we advise to always use the latest stable version in production environments.

... (truncated)

Commits

• 0ba7714 Craft v3.0.1 release
• 2a8d172 export package.json
• a6345f0 Let dependabot ignore patch updates
• fee39fc Move RFC 6265 related functionality to converter
• 9e45d88 Use decodeURIComponent() for decoding key
• 0790074 Remove unnecessary assignment
• f06749c Remove iPhone 8 from BrowserStack setup
• 750a2d8 Update overlooked references after releasing
• ea3239a Craft v3.0.0 release
• 1711eb2 Bump eslint-plugin-promise from 4.3.1 to 5.1.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)