[Security] Bump tough-cookie and chii
Bumps tough-cookie to 5.0.0 and updates ancestor dependency chii. These dependencies need to be updated together.
Updates tough-cookie
from 2.5.0 to 5.0.0 This update includes a security fix.
Vulnerabilities fixed
tough-cookie Prototype Pollution vulnerability
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar inrejectPublicSuffixes=false
mode. This issue arises from the manner in which the objects are initialized.Patched versions: 4.1.3
Affected versions: < 4.1.3
Release notes
Sourced from tough-cookie's releases.
v5.0.0
Summary
Breaking Changes
- We've migrated the project to TypeScript! First-party types are now available.
- The minimum supported version of node is v18.
- We no longer provide official support for non-node enviroments.
API Changes
- We've standardized most of our exposed interfaces to accept both
null
andundefined
and return onlyundefined
.getCookie
andgetCookies
now accept astring
orURL
as a parameter.- We've removed the
inspect
function in favor of node'sutil.inspect.custom
symbol. Cookies may appear different when logged in non-node environments.Other Changes
- Fixed the expiry time not updating when a cookie is updating.
- Fixed validation errors not getting called in some callbacks.
- New documentation that is always kept up to date!
- Performance improvements.
What's Changed
- Typescript support by
@colincasey
in salesforce/tough-cookie#264- [v5] Update config by
@wjhsf
in salesforce/tough-cookie#269- Fix prettier in eslint config by
@wjhsf
in salesforce/tough-cookie#274- Updated dev tooling by
@colincasey
in salesforce/tough-cookie#271- Port 283 fix to v5 by
@colincasey
in salesforce/tough-cookie#287- Remove some
@ts-ignore
directives. by@wjhsf
in salesforce/tough-cookie#288- Clean up validate function. by
@wjhsf
in salesforce/tough-cookie#275- Changes to support full eslint rule configurations by
@colincasey
in salesforce/tough-cookie#289- Split giant cookie.ts into multiple files. by
@wjhsf
in salesforce/tough-cookie#296- Merge branch 'master' into v5 by
@wjhsf
in salesforce/tough-cookie#300- Merge
v5
intomaster
by@colincasey
in salesforce/tough-cookie#303- Preparing for release
5.0.0-rc.0
by@colincasey
in salesforce/tough-cookie#304- Bump
@babel/traverse
from 7.21.3 to 7.23.2 by@dependabot
in salesforce/tough-cookie#305- Configure dependabot and codeowners by
@colincasey
in salesforce/tough-cookie#306- Bump
@typescript-eslint/parser
from 5.58.0 to 5.62.0 by@dependabot
in salesforce/tough-cookie#310- Bump eslint-config-prettier from 8.8.0 to 9.0.0 by
@dependabot
in salesforce/tough-cookie#311- Bump async from 2.6.4 to 3.2.4 by
@dependabot
in salesforce/tough-cookie#313- Avoid using
arguments
by@wjhsf
in salesforce/tough-cookie#316- Configure dependabot to ignore
@types/node
. by@wjhsf
in salesforce/tough-cookie#319- Bump dependencies. by
@wjhsf
in salesforce/tough-cookie#323- Bump the dev-dependencies group with 6 updates by
@dependabot
in salesforce/tough-cookie#342- Bump the dev-dependencies group with 1 update by
@dependabot
in salesforce/tough-cookie#344- Bump the dev-dependencies group with 3 updates by
@dependabot
in salesforce/tough-cookie#347- docs: use correct memstore file link by
@alissonsleal
in salesforce/tough-cookie#349- Bump the dev-dependencies group with 3 updates by
@dependabot
in salesforce/tough-cookie#351- Bump the dev-dependencies group with 2 updates by
@dependabot
in salesforce/tough-cookie#354- Fix expiry time not updating when cookie is updated by
@colincasey
in salesforce/tough-cookie#345- Change dependabot to monthly by
@wjhsf
in salesforce/tough-cookie#355- Bump the dev-dependencies group with 5 updates by
@dependabot
in salesforce/tough-cookie#358
... (truncated)
Commits
-
7ed1b8a
Merge pull request #451 from salesforce/prepare_v5 -
cbaa1a5
Prepare v5 release -
57b534c
5.0.0 -
2e6b3f4
Bump eslint from 8.57.0 to 9.9.1 (#449) -
b72cdb2
Bump the dev-dependencies group with 2 updates (#448) -
93d550b
upgrade typescript-eslint to 8.0.1 (#440) -
07a7a4d
Bump the dev-dependencies group with 6 updates (#444) -
9b78073
Bump tldts from 6.1.37 to 6.1.41 in the production-dependencies group (#443) -
25a769c
Bump the dev-dependencies group across 1 directory with 6 updates (#439) -
99dab1b
Bump tldts from 6.1.32 to 6.1.37 in the production-dependencies group (#436) - Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.
Updates chii
from 1.10.0 to 1.15.4
Release notes
Sourced from chii's releases.
v1.15.4
- fix: auto change theme
v1.15.3
- fix: embedded mode not resizable on mobile #81
v1.15.2
- fix: ws dead loop
v1.15.1
- fix: cache network requests before enable #53
- chore: minor ui update
v1.15.0
- feat: shadow dom
- chore: update dependencies
v1.14.0
- feat: dark mode
- fix: memory leak #51
v1.13.0
- feat: os icon
- chore: update chobitsu
v1.12.3
- fix: target.js cdn attribute
v1.12.2
- fix: firefox elements panel
v1.12.1
- fix: default favicon
v1.12.0
- feat: update devtools frontend
- feat: support safari
v1.11.1
- chore: update chobitsu
v1.11.0
- feat: support IndexedDB
- feat: support WebSocket
Changelog
Sourced from chii's changelog.
1.15.4 (3 Nov 2024)
- fix: auto change theme
1.15.3 (27 Oct 2024)
- fix: embedded mode not resizable on mobile #81
1.15.2 (17 Oct 2024)
- fix: ws dead loop
1.15.1 (16 Oct 2024)
- fix: cache network requests before enable #53
- chore: minor ui update
1.15.0 (3 Oct 2024)
- feat: shadow dom
- chore: update dependencies
1.14.0 (23 Sep 2024)
- feat: dark mode
- fix: memory leak #51
1.13.0 (3 Sep 2024)
- feat: os icon
- chore: update chobitsu
1.12.3 (29 Aug 2024)
- fix: target.js cdn attribute
1.12.2 (29 Aug 2024)
- fix: firefox elements panel
1.12.1 (29 Aug 2024)
- fix: default favicon
1.12.0 (29 Aug 2024)
- feat: update devtools frontend
- feat: support safari
1.11.1 (20 Aug 2024)
... (truncated)
Commits
-
ae22de5
release: v1.15.4 -
0239a03
release: v1.15.3 -
5d1c342
fix: embedded mode not resizable on mobile -
e83b708
docs: simplify readme -
c32c3a6
chore: small changes -
e716f66
release: v1.15.2 -
d4cce0b
release: v1.15.1 -
16ee7cd
release: v1.15.0 -
0a0231c
feat: export chobitsu instance -
ec4b5b4
chore: update dependencies - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts