[Security] Bump tough-cookie and chii
Bumps tough-cookie to 4.1.4 and updates ancestor dependency chii. These dependencies need to be updated together.
Updates tough-cookie
from 2.5.0 to 4.1.4 This update includes a security fix.
Vulnerabilities fixed
tough-cookie Prototype Pollution vulnerability Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in
rejectPublicSuffixes=false
mode. This issue arises from the manner in which the objects are initialized.Patched versions: 4.1.3 Affected versions: < 4.1.3
Release notes
Sourced from tough-cookie's releases.
v4.1.4
https://www.npmjs.com/package/tough-cookie/v/4.1.4
What's Changed
- Add local alias for
toString
by@corvidism
in salesforce/tough-cookie#409- Fix incorrect string validation for URL by
@coditva
in salesforce/tough-cookie#261New Contributors
@corvidism
made their first contribution in salesforce/tough-cookie#409@coditva
made their first contribution in salesforce/tough-cookie#261Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.3...v4.1.4
4.1.3
Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the
inspect
utility is affected by this change, we felt this change was important enough to be pushed into the next patch.4.1.2 -- Patch and Bugfix Release
What's Changed
- fix: allow set cookies with localhost by
@colincasey
in salesforce/tough-cookie#253Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.1...v4.1.2
4.1.1
Patch Release
What's Changed
- fix: allow special use domains by default by
@colincasey
in salesforce/tough-cookie#249- 4.1.1 Patch -- allow special use domains by default by
@awaterma
in salesforce/tough-cookie#250Full Changelog: https://github.com/salesforce/tough-cookie/compare/v4.1.0...v4.1.1
4.1.0
v4.1.0
Minor release, focused mainly on resolving reported issues and some minor feature work.
What's Changed
- Create CHANGELOG.md by
@ShivanKaul
in salesforce/tough-cookie#189- Missing param validation issue145 by
@medelibero-sfdc
in salesforce/tough-cookie#193- Create SECURITY.md by
@ShivanKaul
in salesforce/tough-cookie#201- Create CODE_OF_CONDUCT.md by
@ShivanKaul
in salesforce/tough-cookie#200- Fix for issue #195 by
@medelibero-sfdc
in salesforce/tough-cookie#202- Add explanation and more special-use domains by
@ShivanKaul
in salesforce/tough-cookie#203- Sync of constructor options for serialization by
@medelibero-sfdc
in salesforce/tough-cookie#204- Returned null in case of empty cookie value by
@vsin12
in salesforce/tough-cookie#196- 132 str trim not a function by
@awaterma
in salesforce/tough-cookie#209- Fix for issue #153 by
@medelibero-sfdc
in salesforce/tough-cookie#210- Fix permuteDomain with trailing dot by
@ruoho-sfdc
in salesforce/tough-cookie#216- Issue #213 -- added gh-actions flow for building and testing tough-co… by
@awaterma
in salesforce/tough-cookie#218
... (truncated)
Commits
-
cacbc37
Bump version to 4.1.4 -
a48fb3a
Add tests for url validation -
50e69bf
Merge pull request #261 from postmanlabs/fix/url-string-validation -
1253d58
Merge pull request #409 from corvidism/validators-to-string -
238367e
Add local alias fortoString
-
4ff4d29
4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284) -
12d4747
Prevent prototype pollution in cookie memstore (#283) -
f06b72d
Fix documentation for store.findCookies, missing allowSpecialUseDomain proper... -
cf6debd
Fix incorrect string validation for URL -
b1a8898
fix: allow set cookies with localhost (#253) - Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.
Updates chii
from 1.10.0 to 1.15.3
Release notes
Sourced from chii's releases.
v1.15.3
- fix: embedded mode not resizable on mobile #81
v1.15.2
- fix: ws dead loop
v1.15.1
- fix: cache network requests before enable #53
- chore: minor ui update
v1.15.0
- feat: shadow dom
- chore: update dependencies
v1.14.0
- feat: dark mode
- fix: memory leak #51
v1.13.0
- feat: os icon
- chore: update chobitsu
v1.12.3
- fix: target.js cdn attribute
v1.12.2
- fix: firefox elements panel
v1.12.1
- fix: default favicon
v1.12.0
- feat: update devtools frontend
- feat: support safari
v1.11.1
- chore: update chobitsu
v1.11.0
- feat: support IndexedDB
- feat: support WebSocket
Changelog
Sourced from chii's changelog.
1.15.3 (27 Oct 2024)
- fix: embedded mode not resizable on mobile #81
1.15.2 (17 Oct 2024)
- fix: ws dead loop
1.15.1 (16 Oct 2024)
- fix: cache network requests before enable #53
- chore: minor ui update
1.15.0 (3 Oct 2024)
- feat: shadow dom
- chore: update dependencies
1.14.0 (23 Sep 2024)
- feat: dark mode
- fix: memory leak #51
1.13.0 (3 Sep 2024)
- feat: os icon
- chore: update chobitsu
1.12.3 (29 Aug 2024)
- fix: target.js cdn attribute
1.12.2 (29 Aug 2024)
- fix: firefox elements panel
1.12.1 (29 Aug 2024)
- fix: default favicon
1.12.0 (29 Aug 2024)
- feat: update devtools frontend
- feat: support safari
1.11.1 (20 Aug 2024)
- chore: update chobitsu
1.11.0 (31 Jul 2024)
... (truncated)
Commits
-
0239a03
release: v1.15.3 -
5d1c342
fix: embedded mode not resizable on mobile -
e83b708
docs: simplify readme -
c32c3a6
chore: small changes -
e716f66
release: v1.15.2 -
d4cce0b
release: v1.15.1 -
16ee7cd
release: v1.15.0 -
0a0231c
feat: export chobitsu instance -
ec4b5b4
chore: update dependencies -
8a477e2
release: v1.14.0 - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts