Skip to content
This repository has been archived by the owner on Jan 19, 2024. It is now read-only.

fix(deps): update dependency tough-cookie to v4.1.3 [security] #297

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jul 9, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
tough-cookie 4.0.0 -> 4.1.3 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-26136

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.


Release Notes

salesforce/tough-cookie (tough-cookie)

v4.1.3: 4.1.3

Compare Source

Security fix for Prototype Pollution discovery in #​282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

v4.1.2: 4.1.2 -- Patch and Bugfix Release

Compare Source

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

v4.1.1: 4.1.1

Compare Source

Patch Release

What's Changed

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

v4.1.0: 4.1.0

Compare Source

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

New Contributors

Full Changelog: salesforce/tough-cookie@v4.0.0...v4.1.0


Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jul 9, 2023
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jul 9, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@socket-security
Copy link

Updated dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
tough-cookie 4.0.0...4.1.3 None +6/-3 689 kB awaterma

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants