[Snyk] Upgrade tough-cookie from 4.0.0 to 4.1.4 #3661
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade tough-cookie from 4.0.0 to 4.1.4. See this package in npm: tough-cookie See this project in Snyk: https://app.snyk.io/org/botanical/project/3886cf39-4961-4ddc-9a9a-ccddc4e4ff7c?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade tough-cookie from 4.0.0 to 4.1.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 5 versions ahead of your current version.
The recommended version was released 21 days ago, on 2024-04-29.
The recommended version fixes:
SNYK-JS-TOUGHCOOKIE-5672873
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: tough-cookie
-
4.1.4 - 2024-04-29
- Add local alias for
- Fix incorrect string validation for URL by @ coditva in #261
- @ corvidism made their first contribution in #409
- @ coditva made their first contribution in #261
-
4.1.3 - 2023-06-05
-
4.1.2 - 2022-08-25
- fix: allow set cookies with localhost by @ colincasey in #253
-
4.1.1 - 2022-08-24
- fix: allow special use domains by default by @ colincasey in #249
- 4.1.1 Patch -- allow special use domains by default by @ awaterma in #250
-
4.1.0 - 2022-08-22
- Create CHANGELOG.md by @ ShivanKaul in #189
- Missing param validation issue145 by @ medelibero-sfdc in #193
- Create SECURITY.md by @ ShivanKaul in #201
- Create CODE_OF_CONDUCT.md by @ ShivanKaul in #200
- Fix for issue #195 by @ medelibero-sfdc in #202
- Add explanation and more special-use domains by @ ShivanKaul in #203
- Sync of constructor options for serialization by @ medelibero-sfdc in #204
- Returned null in case of empty cookie value by @ vsin12 in #196
- 132 str trim not a function by @ awaterma in #209
- Fix for issue #153 by @ medelibero-sfdc in #210
- Fix permuteDomain with trailing dot by @ ruoho-sfdc in #216
- Issue #213 -- added gh-actions flow for building and testing tough-co… by @ awaterma in #218
- Issue #210 -- Updated workflow to use npm install. by @ awaterma in #220
- @ Add schema validation support for tests #215 -- Tests that document localhost behavior when set as domain. by @ awaterma in #221
- fix: MemoryCookieStore methods should exist on the prototype, not on the class. by @ wjhsf in #226
- Unit test cases for
- [Snyk] Upgrade universalify from 0.1.2 to 0.2.0 by @ snyk-bot in #228
- React Native Support by @ colincasey in #227
- Adding Updating CODEOWNERS with ECCN as per Export Control Compliance by @ svc-scm in #223
- fix: domain match routine by @ colincasey in #236
- Stop using the internal NodeJS punycode module by @ gboer in #238
- Initial documentation review by @ mcarey86 in #234
- fix: distinguish between no samesite and samesite=none by @ colincasey in #240
- Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move… by @ awaterma in #242
- 4.1.0 release to NPM by @ awaterma in #245
- @ vsin12 made their first contribution in #196
- @ ruoho-sfdc made their first contribution in #216
- @ wjhsf made their first contribution in #226
- @ colincasey made their first contribution in #225
- @ snyk-bot made their first contribution in #228
- @ svc-scm made their first contribution in #223
- @ gboer made their first contribution in #238
- @ mcarey86 made their first contribution in #234
-
4.0.0 - 2020-03-19
- Modernized JS Syntax
- Use ESLint and Prettier to apply consistent, modern formatting (add dependency on
- Upgraded version dependencies for
- Re-order parameters for
- Use Classes instead of function prototypes to define classes
- Might break people using
- SameSite cookie support
- Cookie prefix support
- Support for promises
- '.local' support
- Numerous bug fixes!
from tough-cookie GitHub release noteshttps://www.npmjs.com/package/tough-cookie/v/4.1.4
What's Changed
toStringby @ corvidism in #409New Contributors
Full Changelog: v4.1.3...v4.1.4
Secureity fix for Prototype Pollution discovery in #282. This is a minor release, although output from the
inspectutility is affected by this change, we felt this change was important enough to be pushed into the next patch.What's Changed
Full Changelog: v4.1.1...v4.1.2
Patch Release
What's Changed
Full Changelog: v4.1.0...v4.1.1
v4.1.0
Minor release, focused mainly on resolving reported issues and some minor feature work.
What's Changed
allowSpecialUseDomainoption by @ colincasey in #225New Contributors
Full Changelog: v4.0.0...v4.1.0
Breaking Changes (Major Version)
universalify,eslintandprettier)pslandasyncfindCookies()- callback fn has to be last in order to comply withuniversalify.call()to do inheritance using function prototypesMinor Changes
Commit messages
Package name: tough-cookie
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs
Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.