Sourced fromtough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in#282. This is a minor release, although output from theinspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

• fix: allow set cookies with localhost by@​colincasey insalesforce/tough-cookie#253

Full Changelog:salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

• fix: allow special use domains by default by@​colincasey insalesforce/tough-cookie#249
• 4.1.1 Patch -- allow special use domains by default by@​awaterma insalesforce/tough-cookie#250

Full Changelog:salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

• Create CHANGELOG.md by@​ShivanKaul insalesforce/tough-cookie#189
• Missing param validation issue145 by@​medelibero-sfdc insalesforce/tough-cookie#193
• Create SECURITY.md by@​ShivanKaul insalesforce/tough-cookie#201
• Create CODE_OF_CONDUCT.md by@​ShivanKaul insalesforce/tough-cookie#200
• Fix for issue#195 by@​medelibero-sfdc insalesforce/tough-cookie#202
• Add explanation and more special-use domains by@​ShivanKaul insalesforce/tough-cookie#203
• Sync of constructor options for serialization by@​medelibero-sfdc insalesforce/tough-cookie#204
• Returned null in case of empty cookie value by@​vsin12 insalesforce/tough-cookie#196
• 132 str trim not a function by@​awaterma insalesforce/tough-cookie#209
• Fix for issue#153 by@​medelibero-sfdc insalesforce/tough-cookie#210
• Fix permuteDomain with trailing dot by@​ruoho-sfdc insalesforce/tough-cookie#216
• Issue#213 -- added gh-actions flow for building and testing tough-co… by@​awaterma insalesforce/tough-cookie#218
• Issue#210 -- Updated workflow to use npm install. by@​awaterma insalesforce/tough-cookie#220
• @GH-215 -- Tests that document localhost behavior when set as domain. by@​awaterma insalesforce/tough-cookie#221
• fix: MemoryCookieStore methods should exist on the prototype, not on the class. by@​wjhsf insalesforce/tough-cookie#226
• Unit test cases forallowSpecialUseDomain option by@​colincasey insalesforce/tough-cookie#225
• [Snyk] Upgrade universalify from 0.1.2 to 0.2.0 by@​snyk-bot insalesforce/tough-cookie#228
• React Native Support by@​colincasey insalesforce/tough-cookie#227
• Adding Updating CODEOWNERS with ECCN as per Export Control Compliance by@​svc-scm insalesforce/tough-cookie#223
• fix: domain match routine by@​colincasey insalesforce/tough-cookie#236
• Stop using the internal NodeJS punycode module by@​gboer insalesforce/tough-cookie#238
• Initial documentation review by@​mcarey86 insalesforce/tough-cookie#234
• fix: distinguish between no samesite and samesite=none by@​colincasey insalesforce/tough-cookie#240
• Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move… by@​awaterma insalesforce/tough-cookie#242
• 4.1.0 release to NPM by@​awaterma insalesforce/tough-cookie#245

... (truncated)

• 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
• 12d4747 Prevent prototype pollution in cookie memstore (#283)
• f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
• b1a8898 fix: allow set cookies with localhost (#253)
• ec70796 4.1.1 Patch -- allow special use domains by default (#250)
• d4ac580 fix: allow special use domains by default (#249)
• 79c2f7d 4.1.0 release to NPM (#245)
• 4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...
• aa4396d fix: distinguish between no samesite and samesite=none (#240)
• b8d7511 Modernize README (#234)
• Additional commits viewable incompare view

This version was pushed to npm byawaterma, a new releaser for tough-cookie since your current version.

Sourced fromjsdom's releases.

Version 16.7.0

• AddedAbortSignal.abort(). (ninevra)
• Added dummyx andy properties to the return value ofgetBoundingClientRect(). (eiko)
• Implemented wrapping fortextareaEl.value if thewrap="" attribute is specified. (ninevra)
• Changed newline normalization in<textarea>s according torecent HTML Standard updates. (ninevra)
• Fixed some bad cascade computation ingetComputedStyle(). (romain-trotard)

Version 16.6.0

• AddedparentNode.replaceChildren(). (@​ninevra)
• Fixed jsdom's handling of when code running inside the jsdom throwsnull orundefined as an exception. (@​mbest)
• Removed the dependency on the deprecatedrequest package, in the process fixing several issues with theXMLHttpRequest implementation around header processing. Thanks go to@​tobyhinloopen,@​andrewaylett, and especially@​vegardbb, for completing this months-long effort!

Version 16.5.3

• Fixed infinite recursion when usingMutationObservers to observe elements inside aMutationObserver callback.

Version 16.5.2

• FixedAccess-Control-Allow-Headers: * to work withXMLHttpRequest. (silviot)
• Fixedxhr.response to strip any leading BOM whenxhr.responseType is"json".
• Fixednew Text() andnew Comment() constructors to properly set the resulting node'sownerDocument.
• FixedcustomElements.whenDefined() to resolve its returned promise with the custom element constructor, per recent spec updates. (ExE-Boss)
• Fixed parsing to ensure that<svg>\<template></template></svg> does not throw an exception, but instead correctly produces a SVG-namespace\<template> element.
• FixeddomParser.parseFromString() to treat<noscript> elements appropriately.
• Fixed form control validity checking when the control was outside the<form> element and instead associated using theform="" attribute.
• FixedlegendEl.form to return the correct result based on its parent<fieldset>.
• FixedoptionEl.text to exclude<script> descendants.
• Fixed radio buttons and checkboxes to not fireinput andchange events when disconnected.
• FixedinputEl.indeterminate to reset to its previous value when canceling aclick event on a checkbox or radio button.
• Fixed the behavior of event handler attributes (e.g.onclick="...code...") when there were global variables namedelement orformOwner. (ExE-Boss)
• On Node.js v14.6.0+ whereWeakRefs are available, fixedNodeIterator to no longer stop working when more than tenNodeIterator instances are created, and to use less memory due to inactiveNodeIterators sticking around. (ExE-Boss)

Version 16.5.1

• Fixed a regression that brokecustomElements.get() in v16.5.0. (fdesforges)
• Fixedwindow.event to have a setter which overwrites thewindow.event property with the given value, per the specification. This fixes an issue where after upgrading to jsdom v16.5.0 you would no longer be able to set a global variable namedevent in the jsdom context.

Version 16.5.0

• Addedwindow.queueMicrotask().
• Addedwindow.event.
• AddedinputEvent.inputType. (diegohaz)
• Removedondragexit fromWindow and friends, per a spec update.
• Fixed the URL ofabout:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
• Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
• Fixed thehidden="" attribute to causedisplay: none per the user-agent stylesheet. (ph-fritsche)
• Fixed thenew File() constructor to no longer convert/ to:, pera pending spec update.
• Fixed mutation observer callbacks to be called with theMutationObserver instance as theirthis value.
• Fixed<input type=checkbox> and<input type=radio> to be mutable even when disabled, pera spec update.
• FixedXMLHttpRequest to not fire a redundant finalprogress event if aprogress event was previously fired with the sameloaded value. This would usually occur with small files.
• FixedXMLHttpRequest to expose theContent-Length header on cross-origin responses.
• Fixedxhr.response to returnnull for failures that occur during the middle of the download.
• Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
• Fixed edge cases around the properties of proxy-like objects such aslocalStorage ordataset. (ExE-Boss)

... (truncated)

Sourced fromjsdom's changelog.

16.7.0

• AddedAbortSignal.abort(). (ninevra)
• Added dummyx andy properties to the return value ofgetBoundingClientRect(). (eiko)
• Implemented wrapping fortextareaEl.value if thewrap="" attribute is specified. (ninevra)
• Changed newline normalization in<textarea>s according torecent HTML Standard updates. (ninevra)
• Fixed some bad cascade computation ingetComputedStyle(). (romain-trotard)

16.6.0

• AddedparentNode.replaceChildren(). (ninevra)
• Fixed jsdom's handling of when code running inside the jsdom throwsnull orundefined as an exception. (mbest)
• Removed the dependency on the deprecatedrequest package, in the process fixing several issues with theXMLHttpRequest implementation around header processing. Special thanks to vegardbb for completing this months-long effort!

16.5.3

• Fixed infinite recursion when usingMutationObservers to observe elements inside aMutationObserver callback.

16.5.2

• FixedAccess-Control-Allow-Headers: * to work withXMLHttpRequest. (silviot)
• Fixedxhr.response to strip any leading BOM whenxhr.responseType is"json".
• Fixednew Text() andnew Comment() constructors to properly set the resulting node'sownerDocument.
• FixedcustomElements.whenDefined() to resolve its returned promise with the custom element constructor, per recent spec updates. (ExE-Boss)
• Fixed parsing to ensure that<svg>\<template></template></svg> does not throw an exception, but instead correctly produces a SVG-namespace\<template> element.
• FixeddomParser.parseFromString() to treat<noscript> elements appropriately.
• Fixed form control validity checking when the control was outside the<form> element and instead associated using theform="" attribute.
• FixedlegendEl.form to return the correct result based on its parent<fieldset>.
• FixedoptionEl.text to exclude<script> descendants.
• Fixed radio buttons and checkboxes to not fireinput andchange events when disconnected.
• FixedinputEl.indeterminate to reset to its previous value when canceling aclick event on a checkbox or radio button.
• Fixed the behavior of event handler attributes (e.g.onclick="...code...") when there were global variables namedelement orformOwner. (ExE-Boss)
• On Node.js v14.6.0+ whereWeakRefs are available, fixedNodeIterator to no longer stop working when more than tenNodeIterator instances are created, and to use less memory due to inactiveNodeIterators sticking around. (ExE-Boss)

16.5.1

• Fixed a regression that brokecustomElements.get() in v16.5.0. (fdesforges)
• Fixedwindow.event to have a setter which overwrites thewindow.event property with the given value, per the specification. This fixes an issue where after upgrading to jsdom v16.5.0 you would no longer be able to set a global variable namedevent in the jsdom context.

16.5.0

• Addedwindow.queueMicrotask().
• Addedwindow.event.
• AddedinputEvent.inputType. (diegohaz)
• Removedondragexit fromWindow and friends, per a spec update.
• Fixed the URL ofabout:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
• Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
• Fixed thehidden="" attribute to causedisplay: none per the user-agent stylesheet. (ph-fritsche)
• Fixed thenew File() constructor to no longer convert/ to:, pera pending spec update.
• Fixed mutation observer callbacks to be called with theMutationObserver instance as theirthis value.

... (truncated)

• 1aa3cbc Version 16.7.0
• df1f551 Don't run WebSocketStream tests
• eb105b2 Fix browser tests by enabling SharedArrayBuffer
• 0dedfc0 Fix some bad cascade computation in getComputedStyle()
• 8021a56 Fix "configuation" typo (#3213)
• a7febe3 Fix typo in level2/html.js (#3222)
• c9896c0 Return x, y properties from Element.getBoundingClientRect (#3187)
• 346ea98 Update web-platform tests (#3203)
• 364c77d Bump to ws 7.4.6
• 93ba6a0 We are now on Matrix (#3207)
• Additional commits viewable incompare view

Sourced from@​semantic-release/npm's releases.

v7.1.3

7.1.3 (2021-05-04)

Bug Fixes

• use NPM_CONFIG_USERCONFIG in get-registry to match auth (#362) (13200ca)

v7.1.2

7.1.2 (2021-05-04)

Bug Fixes

• deps: update dependency fs-extra to v10 (80fde1e)

v7.1.1

7.1.1 (2021-04-08)

Bug Fixes

• deps: update dependency normalize-url to v6 (97ca719)

v7.1.0

7.1.0 (2021-03-30)

Features

• use npm v7 (#304) (a15c017)

v7.0.10

7.0.10 (2021-01-17)

Bug Fixes

• improve error message text for npm tokens (#323) (88e5862)

v7.0.9

7.0.9 (2020-12-03)

Bug Fixes

• deps: update dependency execa to v5 (#299) (d4e5bb2)

v7.0.8

7.0.8 (2020-11-17)

... (truncated)

• 13200ca fix: use NPM_CONFIG_USERCONFIG in get-registry to match auth (#362)
• a8b1026 chore(deps): lock file maintenance (#358)
• 80fde1e fix(deps): update dependency fs-extra to v10
• 97ca719 fix(deps): update dependency normalize-url to v6
• adc5c49 chore(deps): lock file maintenance (#352)
• 60de512 chore(deps): lock file maintenance (#350)
• a15c017 feat: use npm v7 (#304)
• 7338fc2 chore(deps): lock file maintenance (#348)
• cc771b8 docs(readme): fix postpublish script suggestion (#346)
• 1800e75 chore(deps): update dependency p-retry to v4.4.0 (#345)
• Additional commits viewable incompare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from theSecurity Alerts page.