Upgrade "node-cookie" and "cookie" dependencies to allow sameSite value to be "None" in advance of Chrome 80 updates

[mattmallon]

In February 2020, the Chrome browser will be updated to by default block third party cookies unless the value of sameSite="none" is set on the cookie: https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

For applications that run in iframes, this means that cookie-based sessions will no longer work unless this value can be set.

The fix is simple but it goes a couple of layers down. Shield is dependent on the node-cookie package, which is archived, so I was unable to open an issue there. The node-cookie package is dependent on the cookie npm package, version ^0.3.1, but the dependency needs to be updated to ^0.4.0 to allow for the "none" attribute to be set. (In the version currently used, the value of "none" is not accepted and will throw an error.)

For workarounds, I tried updating the version number manually in npm/yarn lock files and it was overridden when I re-installed dependencies. Since Virk owns the node-cookie package, it looks like he would have to make this very simple one-line change in the package.json file to update the cookie dependency. Thank you!

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.