Skip to content
Snippets Groups Projects

[Security] Bump tough-cookie and chii

Open [Security] Bump tough-cookie and chii
dependabot-npm_and_yarn-multi-5edb74c41e into master
Open Dependabot requested to merge dependabot-npm_and_yarn-multi-5edb74c41e into master

Bumps tough-cookie to 5.1.1 and updates ancestor dependency chii. These dependencies need to be updated together.

Updates tough-cookie from 2.5.0 to 5.1.1 This update includes a security fix.

Vulnerabilities fixed

tough-cookie Prototype Pollution vulnerability
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Patched versions: 4.1.3
Affected versions: < 4.1.3

Release notes

Sourced from tough-cookie's releases.

v5.1.1

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v5.1.0...v5.1.1

v5.1.0

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v5.0.0...v5.1.0

v5.1.0-rc.0

What's Changed

... (truncated)

Commits
  • 2899336 5.1.1
  • 4954aed chore: npm audit fix
  • bb3e137 chore: auto-close spam PRs (#493)
  • 55ba3c6 isolated modules and almost isolated declarations (#486)
  • 9fc37ef Merge pull request #491 from salesforce/dependabot/npm_and_yarn/eslint-config...
  • d81b019 Bump eslint-config-prettier from 9.1.0 to 10.0.1
  • ea40fcb Merge pull request #489 from salesforce/dependabot/npm_and_yarn/production-de...
  • 0bc852b Bump tldts from 6.1.71 to 6.1.76 in the production-dependencies group
  • e21b71a Merge pull request #490 from salesforce/dependabot/npm_and_yarn/dev-dependenc...
  • 6ef80eb Bump the dev-dependencies group with 7 updates
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Updates chii from 1.10.0 to 1.15.4

Release notes

Sourced from chii's releases.

v1.15.4

  • fix: auto change theme

v1.15.3

  • fix: embedded mode not resizable on mobile #81

v1.15.2

  • fix: ws dead loop

v1.15.1

  • fix: cache network requests before enable #53
  • chore: minor ui update

v1.15.0

  • feat: shadow dom
  • chore: update dependencies

v1.14.0

  • feat: dark mode
  • fix: memory leak #51

v1.13.0

  • feat: os icon
  • chore: update chobitsu

v1.12.3

  • fix: target.js cdn attribute

v1.12.2

  • fix: firefox elements panel

v1.12.1

  • fix: default favicon

v1.12.0

  • feat: update devtools frontend
  • feat: support safari

v1.11.1

  • chore: update chobitsu

v1.11.0

  • feat: support IndexedDB
  • feat: support WebSocket
Changelog

Sourced from chii's changelog.

1.15.4 (3 Nov 2024)

  • fix: auto change theme

1.15.3 (27 Oct 2024)

  • fix: embedded mode not resizable on mobile #81

1.15.2 (17 Oct 2024)

  • fix: ws dead loop

1.15.1 (16 Oct 2024)

  • fix: cache network requests before enable #53
  • chore: minor ui update

1.15.0 (3 Oct 2024)

  • feat: shadow dom
  • chore: update dependencies

1.14.0 (23 Sep 2024)

  • feat: dark mode
  • fix: memory leak #51

1.13.0 (3 Sep 2024)

  • feat: os icon
  • chore: update chobitsu

1.12.3 (29 Aug 2024)

  • fix: target.js cdn attribute

1.12.2 (29 Aug 2024)

  • fix: firefox elements panel

1.12.1 (29 Aug 2024)

  • fix: default favicon

1.12.0 (29 Aug 2024)

  • feat: update devtools frontend
  • feat: support safari

1.11.1 (20 Aug 2024)

... (truncated)

Commits

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Ready to merge by members who can write to the target branch.
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply