Skip to content

[Security] Bump tough-cookie and chii

Dependabot requested to merge dependabot-npm_and_yarn-multi-84c685b8b2 into master

Bumps tough-cookie to 5.1.0 and updates ancestor dependency chii. These dependencies need to be updated together.

Updates tough-cookie from 2.5.0 to 5.1.0 This update includes a security fix.

Vulnerabilities fixed

tough-cookie Prototype Pollution vulnerability
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Patched versions: 4.1.3
Affected versions: < 4.1.3

Release notes

Sourced from tough-cookie's releases.

v5.1.0

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v5.0.0...v5.1.0

v5.1.0-rc.0

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v5.0.0...v5.1.0-rc.0

v5.0.0

Summary

Breaking Changes

... (truncated)

Commits
  • f27648d Merge pull request #484 from salesforce/prepare-v5.1.0
  • 7020bb0 5.1.0
  • 80cf3c9 Merge pull request #480 from salesforce/wjh/revert-domain-to-ascii
  • 58a5e7e Merge branch 'master' into wjh/revert-domain-to-ascii
  • b407f60 Merge pull request #483 from salesforce/provenance_perms
  • dc6508e Give permissions for provenance generation
  • 8cec91f Merge pull request #482 from salesforce/npm_auth
  • 5bf0608 Fix npm token config for publish
  • 8a9418d 5.1.0-rc.0
  • 2ff5218 revert: use runtime-agnostic domainToASCII
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Updates chii from 1.10.0 to 1.15.4

Release notes

Sourced from chii's releases.

v1.15.4

  • fix: auto change theme

v1.15.3

  • fix: embedded mode not resizable on mobile #81

v1.15.2

  • fix: ws dead loop

v1.15.1

  • fix: cache network requests before enable #53
  • chore: minor ui update

v1.15.0

  • feat: shadow dom
  • chore: update dependencies

v1.14.0

  • feat: dark mode
  • fix: memory leak #51

v1.13.0

  • feat: os icon
  • chore: update chobitsu

v1.12.3

  • fix: target.js cdn attribute

v1.12.2

  • fix: firefox elements panel

v1.12.1

  • fix: default favicon

v1.12.0

  • feat: update devtools frontend
  • feat: support safari

v1.11.1

  • chore: update chobitsu

v1.11.0

  • feat: support IndexedDB
  • feat: support WebSocket
Changelog

Sourced from chii's changelog.

1.15.4 (3 Nov 2024)

  • fix: auto change theme

1.15.3 (27 Oct 2024)

  • fix: embedded mode not resizable on mobile #81

1.15.2 (17 Oct 2024)

  • fix: ws dead loop

1.15.1 (16 Oct 2024)

  • fix: cache network requests before enable #53
  • chore: minor ui update

1.15.0 (3 Oct 2024)

  • feat: shadow dom
  • chore: update dependencies

1.14.0 (23 Sep 2024)

  • feat: dark mode
  • fix: memory leak #51

1.13.0 (3 Sep 2024)

  • feat: os icon
  • chore: update chobitsu

1.12.3 (29 Aug 2024)

  • fix: target.js cdn attribute

1.12.2 (29 Aug 2024)

  • fix: firefox elements panel

1.12.1 (29 Aug 2024)

  • fix: default favicon

1.12.0 (29 Aug 2024)

  • feat: update devtools frontend
  • feat: support safari

1.11.1 (20 Aug 2024)

... (truncated)

Commits

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports