[Security] Bump tough-cookie and chii

Dependabotrequested to merge
dependabot-npm_and_yarn-multi-ff0a018036 into master

Bumps tough-cookie to 5.1.2 and updates ancestor dependency chii. These dependencies need to be updated together.

Updates tough-cookie from 2.5.0 to 5.1.2 This update includes a security fix.

Vulnerabilities fixed

tough-cookie Prototype Pollution vulnerability
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Patched versions: 4.1.3
Affected versions: < 4.1.3

Release notes

Sourced from tough-cookie's releases.

v5.1.2

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v5.1.1...v5.1.2

v5.1.1

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v5.1.0...v5.1.1

v5.1.0

What's Changed

Full Changelog: https://github.com/salesforce/tough-cookie/compare/v5.0.0...v5.1.0

v5.1.0-rc.0

What's Changed

... (truncated)

Commits
  • a2c72ef Merge pull request #501 from salesforce/prepare_v5.1.2
  • 7034c22 5.1.2
  • 824b401 Merge pull request #500 from salesforce/499_domain_match_fix
  • a312820 Fix regression bug in domainMatch
  • 9328fc4 Merge pull request #497 from salesforce/wjh/release-v5.1.1
  • 2899336 5.1.1
  • 4954aed chore: npm audit fix
  • bb3e137 chore: auto-close spam PRs (#493)
  • 55ba3c6 isolated modules and almost isolated declarations (#486)
  • 9fc37ef Merge pull request #491 from salesforce/dependabot/npm_and_yarn/eslint-config...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Updates chii from 1.10.0 to 1.15.4

Release notes

Sourced from chii's releases.

v1.15.4

  • fix: auto change theme

v1.15.3

  • fix: embedded mode not resizable on mobile #81

v1.15.2

  • fix: ws dead loop

v1.15.1

  • fix: cache network requests before enable #53
  • chore: minor ui update

v1.15.0

  • feat: shadow dom
  • chore: update dependencies

v1.14.0

  • feat: dark mode
  • fix: memory leak #51

v1.13.0

  • feat: os icon
  • chore: update chobitsu

v1.12.3

  • fix: target.js cdn attribute

v1.12.2

  • fix: firefox elements panel

v1.12.1

  • fix: default favicon

v1.12.0

  • feat: update devtools frontend
  • feat: support safari

v1.11.1

  • chore: update chobitsu

v1.11.0

  • feat: support IndexedDB
  • feat: support WebSocket
Changelog

Sourced from chii's changelog.

1.15.4 (3 Nov 2024)

  • fix: auto change theme

1.15.3 (27 Oct 2024)

  • fix: embedded mode not resizable on mobile #81

1.15.2 (17 Oct 2024)

  • fix: ws dead loop

1.15.1 (16 Oct 2024)

  • fix: cache network requests before enable #53
  • chore: minor ui update

1.15.0 (3 Oct 2024)

  • feat: shadow dom
  • chore: update dependencies

1.14.0 (23 Sep 2024)

  • feat: dark mode
  • fix: memory leak #51

1.13.0 (3 Sep 2024)

  • feat: os icon
  • chore: update chobitsu

1.12.3 (29 Aug 2024)

  • fix: target.js cdn attribute

1.12.2 (29 Aug 2024)

  • fix: firefox elements panel

1.12.1 (29 Aug 2024)

  • fix: default favicon

1.12.0 (29 Aug 2024)

  • feat: update devtools frontend
  • feat: support safari

1.11.1 (20 Aug 2024)

... (truncated)

Commits

Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports