fix(deps): update dependency tough-cookie to v4 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
tough-cookie	^2.5.0 → ^4.0.0

GitHub Vulnerability Alerts

CVE-2023-26136

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

---

Release Notes

salesforce/tough-cookie (tough-cookie)

v4.1.3: 4.1.3

Compare Source

Security fix for Prototype Pollution discovery in #​282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

v4.1.2: 4.1.2 -- Patch and Bugfix Release

Compare Source

What's Changed

• fix: allow set cookies with localhost by @​colincasey in #​253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

v4.1.1: 4.1.1

Compare Source

Patch Release

What's Changed

• fix: allow special use domains by default by @​colincasey in #​249
• 4.1.1 Patch -- allow special use domains by default by @​awaterma in #​250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

v4.1.0: 4.1.0

Compare Source

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

• Create CHANGELOG.md by @​ShivanKaul in #​189
• Missing param validation issue145 by @​medelibero-sfdc in #​193
• Create SECURITY.md by @​ShivanKaul in #​201
• Create CODE_OF_CONDUCT.md by @​ShivanKaul in #​200
• Fix for issue #​195 by @​medelibero-sfdc in #​202
• Add explanation and more special-use domains by @​ShivanKaul in #​203
• Sync of constructor options for serialization by @​medelibero-sfdc in #​204
• Returned null in case of empty cookie value by @​vsin12 in #​196
• 132 str trim not a function by @​awaterma in #​209
• Fix for issue #​153 by @​medelibero-sfdc in #​210
• Fix permuteDomain with trailing dot by @​ruoho-sfdc in #​216
• Issue #​213 -- added gh-actions flow for building and testing tough-co… by @​awaterma in #​218
• Issue #​210 -- Updated workflow to use npm install. by @​awaterma in #​220
• @​GH-215 -- Tests that document localhost behavior when set as domain. by @​awaterma in #​221
• fix: MemoryCookieStore methods should exist on the prototype, not on the class. by @​wjhsf in #​226
• Unit test cases for allowSpecialUseDomain option by @​colincasey in #​225
• [Snyk] Upgrade universalify from 0.1.2 to 0.2.0 by @​snyk-bot in #​228
• React Native Support by @​colincasey in #​227
• Adding Updating CODEOWNERS with ECCN as per Export Control Compliance by @​svc-scm in #​223
• fix: domain match routine by @​colincasey in #​236
• Stop using the internal NodeJS punycode module by @​gboer in #​238
• Initial documentation review by @​mcarey86 in #​234
• fix: distinguish between no samesite and samesite=none by @​colincasey in #​240
• Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move… by @​awaterma in #​242
• 4.1.0 release to NPM by @​awaterma in #​245

New Contributors

• @​vsin12 made their first contribution in #​196
• @​ruoho-sfdc made their first contribution in #​216
• @​wjhsf made their first contribution in #​226
• @​colincasey made their first contribution in #​225
• @​snyk-bot made their first contribution in #​228
• @​svc-scm made their first contribution in #​223
• @​gboer made their first contribution in #​238
• @​mcarey86 made their first contribution in #​234

Full Changelog: salesforce/tough-cookie@v4.0.0...v4.1.0

v4.0.0: Version 4.0.0

Compare Source

Breaking Changes (Major Version)

• Modernized JS Syntax
  • Use ESLint and Prettier to apply consistent, modern formatting (add dependency on universalify, eslint and prettier)
• Upgraded version dependencies for psl and async
• Re-order parameters for findCookies() - callback fn has to be last in order to comply with universalify
• Use Classes instead of function prototypes to define classes
  • Might break people using .call() to do inheritance using function prototypes

Minor Changes

• SameSite cookie support
• Cookie prefix support
• Support for promises
• '.local' support
• Numerous bug fixes!

v3.0.1

Compare Source

v3.0.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.