Skip to content

Chore(deps): Bump tough-cookie from 4.1.2 to 4.1.3 #9291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Chore(deps): Bump tough-cookie from 4.1.2 to 4.1.3 #9291

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 8, 2023
edited
Loading

Bumps tough-cookie from 4.1.2 to 4.1.3.

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

Commits
  • 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
  • 12d4747 Prevent prototype pollution in cookie memstore (#283)
  • f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
  • See full diff in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 8, 2023
@vercel
Copy link

vercel bot commented Jul 8, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
deriv-app ✅ Ready (Inspect) Visit Preview Aug 4, 2023 9:13am

@boring-cyborg boring-cyborg bot added the Bot label Jul 8, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Jul 8, 2023
edited
Loading

A production App ID was automatically generated for this PR. (log)

Click here to copy & paste above information. 
- **PR**: [https://github.com/binary-com/deriv-app/pull/9291](https://github.com/binary-com/deriv-app/pull/9291)
- **URLs**:
    - **w/ App ID + Server**: https://deriv-app-git-dependabot-npmandyarntough-cookie-413.binary.sx?qa_server=red.binaryws.com&app_id=32684
    - **Original**: https://deriv-app-git-dependabot-npmandyarntough-cookie-413.binary.sx
- **App ID**: `32684`

@github-actions
Copy link
Contributor

github-actions bot commented Jul 8, 2023
edited
Loading

🚨 Lighthouse report for the changes in this PR:

Category Score
🔺 Performance 21
🟧 Accessibility 75
🟢 Best practices 92
🟧 SEO 85
🟢 PWA 90

Lighthouse ran with https://deriv-app-git-dependabot-npmandyarntough-cookie-413.binary.sx/

@coveralls
Copy link

coveralls commented Jul 8, 2023
edited
Loading

Coverage Status

coverage: 9.642%. remained the same when pulling fd2fa41 on dependabot/npm_and_yarn/tough-cookie-4.1.3 into abffbe4 on master.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tough-cookie-4.1.3 branch from 8d8f57d to 24aa46b Compare July 10, 2023 01:22
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tough-cookie-4.1.3 branch from 24aa46b to 03af57e Compare July 10, 2023 10:11
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tough-cookie-4.1.3 branch 2 times, most recently from 8d1016b to 6b92d15 Compare July 21, 2023 10:08
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tough-cookie-4.1.3 branch 2 times, most recently from 0978c56 to 54c4db3 Compare July 26, 2023 07:59
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tough-cookie-4.1.3 branch 2 times, most recently from 8b82463 to 758cdba Compare July 31, 2023 18:27
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tough-cookie-4.1.3 branch from 758cdba to fd2fa41 Compare August 3, 2023 10:40
@dependabot
Chore(deps): Bump tough-cookie from 4.1.2 to 4.1.3
cfbe516 
Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v4.1.2...v4.1.3)

---
updated-dependencies:
- dependency-name: tough-cookie
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/tough-cookie-4.1.3 branch from fd2fa41 to cfbe516 Compare August 4, 2023 08:56
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 4, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@github-actions
Copy link
Contributor

github-actions bot commented Oct 9, 2023

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the Stale label Oct 9, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Oct 15, 2023

This PR was closed because it has been stalled for 5 days with no activity. Please reopen it if needed.

@github-actions github-actions bot closed this Oct 15, 2023
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 15, 2023

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/tough-cookie-4.1.3 branch October 15, 2023 00:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prince-deriv prince-deriv Awaiting requested review from prince-deriv

@sandeep-deriv sandeep-deriv Awaiting requested review from sandeep-deriv

@balakrishna-deriv balakrishna-deriv Awaiting requested review from balakrishna-deriv

@yashim-deriv yashim-deriv Awaiting requested review from yashim-deriv yashim-deriv is a code owner

Assignees

No one assigned

Labels

Bot dependencies Pull requests that update a dependency file Stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coveralls