Bumpstough-cookie,jsdom and@semantic-release/npm. These dependencies needed to be updated together.
Updatestough-cookie from 2.4.3 to 4.1.3
Release notes
Sourced fromtough-cookie's releases.
4.1.3
Security fix for Prototype Pollution discovery in#282. This is a minor release, although output from theinspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.
4.1.2 -- Patch and Bugfix Release
What's Changed
Full Changelog:salesforce/tough-cookie@v4.1.1...v4.1.2
4.1.1
Patch Release
What's Changed
Full Changelog:salesforce/tough-cookie@v4.1.0...v4.1.1
4.1.0
v4.1.0
Minor release, focused mainly on resolving reported issues and some minor feature work.
What's Changed
... (truncated)
Commits
4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)12d4747 Prevent prototype pollution in cookie memstore (#283)f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...b1a8898 fix: allow set cookies with localhost (#253)ec70796 4.1.1 Patch -- allow special use domains by default (#250)d4ac580 fix: allow special use domains by default (#249)79c2f7d 4.1.0 release to NPM (#245)4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...aa4396d fix: distinguish between no samesite and samesite=none (#240)b8d7511 Modernize README (#234)- Additional commits viewable incompare view
Maintainer changes
This version was pushed to npm byawaterma, a new releaser for tough-cookie since your current version.
Updatesjsdom from 16.2.2 to 16.7.0
Release notes
Sourced fromjsdom's releases.
Version 16.7.0
- Added
AbortSignal.abort(). (ninevra) - Added dummy
x andy properties to the return value ofgetBoundingClientRect(). (eiko) - Implemented wrapping for
textareaEl.value if thewrap="" attribute is specified. (ninevra) - Changed newline normalization in
<textarea>s according torecent HTML Standard updates. (ninevra) - Fixed some bad cascade computation in
getComputedStyle(). (romain-trotard)
Version 16.6.0
- Added
parentNode.replaceChildren(). (@ninevra) - Fixed jsdom's handling of when code running inside the jsdom throws
null orundefined as an exception. (@mbest) - Removed the dependency on the deprecated
request package, in the process fixing several issues with theXMLHttpRequest implementation around header processing. Thanks go to@tobyhinloopen,@andrewaylett, and especially@vegardbb, for completing this months-long effort!
Version 16.5.3
- Fixed infinite recursion when using
MutationObservers to observe elements inside aMutationObserver callback.
Version 16.5.2
- Fixed
Access-Control-Allow-Headers: * to work withXMLHttpRequest. (silviot) - Fixed
xhr.response to strip any leading BOM whenxhr.responseType is"json". - Fixed
new Text() andnew Comment() constructors to properly set the resulting node'sownerDocument. - Fixed
customElements.whenDefined() to resolve its returned promise with the custom element constructor, per recent spec updates. (ExE-Boss) - Fixed parsing to ensure that
<svg>\<template></template></svg> does not throw an exception, but instead correctly produces a SVG-namespace\<template> element. - Fixed
domParser.parseFromString() to treat<noscript> elements appropriately. - Fixed form control validity checking when the control was outside the
<form> element and instead associated using theform="" attribute. - Fixed
legendEl.form to return the correct result based on its parent<fieldset>. - Fixed
optionEl.text to exclude<script> descendants. - Fixed radio buttons and checkboxes to not fire
input andchange events when disconnected. - Fixed
inputEl.indeterminate to reset to its previous value when canceling aclick event on a checkbox or radio button. - Fixed the behavior of event handler attributes (e.g.
onclick="...code...") when there were global variables namedelement orformOwner. (ExE-Boss) - On Node.js v14.6.0+ where
WeakRefs are available, fixedNodeIterator to no longer stop working when more than tenNodeIterator instances are created, and to use less memory due to inactiveNodeIterators sticking around. (ExE-Boss)
Version 16.5.1
- Fixed a regression that broke
customElements.get() in v16.5.0. (fdesforges) - Fixed
window.event to have a setter which overwrites thewindow.event property with the given value, per the specification. This fixes an issue where after upgrading to jsdom v16.5.0 you would no longer be able to set a global variable namedevent in the jsdom context.
Version 16.5.0
- Added
window.queueMicrotask(). - Added
window.event. - Added
inputEvent.inputType. (diegohaz) - Removed
ondragexit fromWindow and friends, per a spec update. - Fixed the URL of
about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller) - Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
- Fixed the
hidden="" attribute to causedisplay: none per the user-agent stylesheet. (ph-fritsche) - Fixed the
new File() constructor to no longer convert/ to:, pera pending spec update. - Fixed mutation observer callbacks to be called with the
MutationObserver instance as theirthis value. - Fixed
<input type=checkbox> and<input type=radio> to be mutable even when disabled, pera spec update. - Fixed
XMLHttpRequest to not fire a redundant finalprogress event if aprogress event was previously fired with the sameloaded value. This would usually occur with small files. - Fixed
XMLHttpRequest to expose theContent-Length header on cross-origin responses. - Fixed
xhr.response to returnnull for failures that occur during the middle of the download. - Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
- Fixed edge cases around the properties of proxy-like objects such as
localStorage ordataset. (ExE-Boss)
... (truncated)
Changelog
Sourced fromjsdom's changelog.
16.7.0
- Added
AbortSignal.abort(). (ninevra) - Added dummy
x andy properties to the return value ofgetBoundingClientRect(). (eiko) - Implemented wrapping for
textareaEl.value if thewrap="" attribute is specified. (ninevra) - Changed newline normalization in
<textarea>s according torecent HTML Standard updates. (ninevra) - Fixed some bad cascade computation in
getComputedStyle(). (romain-trotard)
16.6.0
- Added
parentNode.replaceChildren(). (ninevra) - Fixed jsdom's handling of when code running inside the jsdom throws
null orundefined as an exception. (mbest) - Removed the dependency on the deprecated
request package, in the process fixing several issues with theXMLHttpRequest implementation around header processing. Special thanks to vegardbb for completing this months-long effort!
16.5.3
- Fixed infinite recursion when using
MutationObservers to observe elements inside aMutationObserver callback.
16.5.2
- Fixed
Access-Control-Allow-Headers: * to work withXMLHttpRequest. (silviot) - Fixed
xhr.response to strip any leading BOM whenxhr.responseType is"json". - Fixed
new Text() andnew Comment() constructors to properly set the resulting node'sownerDocument. - Fixed
customElements.whenDefined() to resolve its returned promise with the custom element constructor, per recent spec updates. (ExE-Boss) - Fixed parsing to ensure that
<svg>\<template></template></svg> does not throw an exception, but instead correctly produces a SVG-namespace\<template> element. - Fixed
domParser.parseFromString() to treat<noscript> elements appropriately. - Fixed form control validity checking when the control was outside the
<form> element and instead associated using theform="" attribute. - Fixed
legendEl.form to return the correct result based on its parent<fieldset>. - Fixed
optionEl.text to exclude<script> descendants. - Fixed radio buttons and checkboxes to not fire
input andchange events when disconnected. - Fixed
inputEl.indeterminate to reset to its previous value when canceling aclick event on a checkbox or radio button. - Fixed the behavior of event handler attributes (e.g.
onclick="...code...") when there were global variables namedelement orformOwner. (ExE-Boss) - On Node.js v14.6.0+ where
WeakRefs are available, fixedNodeIterator to no longer stop working when more than tenNodeIterator instances are created, and to use less memory due to inactiveNodeIterators sticking around. (ExE-Boss)
16.5.1
- Fixed a regression that broke
customElements.get() in v16.5.0. (fdesforges) - Fixed
window.event to have a setter which overwrites thewindow.event property with the given value, per the specification. This fixes an issue where after upgrading to jsdom v16.5.0 you would no longer be able to set a global variable namedevent in the jsdom context.
16.5.0
- Added
window.queueMicrotask(). - Added
window.event. - Added
inputEvent.inputType. (diegohaz) - Removed
ondragexit fromWindow and friends, per a spec update. - Fixed the URL of
about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller) - Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
- Fixed the
hidden="" attribute to causedisplay: none per the user-agent stylesheet. (ph-fritsche) - Fixed the
new File() constructor to no longer convert/ to:, pera pending spec update. - Fixed mutation observer callbacks to be called with the
MutationObserver instance as theirthis value.
... (truncated)
Commits
Updates@semantic-release/npm from 7.0.5 to 7.1.3
Release notes
Sourced from@semantic-release/npm's releases.
v7.1.3
7.1.3 (2021-05-04)
Bug Fixes
- use NPM_CONFIG_USERCONFIG in get-registry to match auth (#362) (13200ca)
v7.1.2
7.1.2 (2021-05-04)
Bug Fixes
- deps: update dependency fs-extra to v10 (80fde1e)
v7.1.1
7.1.1 (2021-04-08)
Bug Fixes
- deps: update dependency normalize-url to v6 (97ca719)
v7.1.0
7.1.0 (2021-03-30)
Features
v7.0.10
7.0.10 (2021-01-17)
Bug Fixes
- improve error message text for npm tokens (#323) (88e5862)
v7.0.9
7.0.9 (2020-12-03)
Bug Fixes
v7.0.8
7.0.8 (2020-11-17)
... (truncated)
Commits
13200ca fix: use NPM_CONFIG_USERCONFIG in get-registry to match auth (#362)a8b1026 chore(deps): lock file maintenance (#358)80fde1e fix(deps): update dependency fs-extra to v1097ca719 fix(deps): update dependency normalize-url to v6adc5c49 chore(deps): lock file maintenance (#352)60de512 chore(deps): lock file maintenance (#350)a15c017 feat: use npm v7 (#304)7338fc2 chore(deps): lock file maintenance (#348)cc771b8 docs(readme): fix postpublish script suggestion (#346)1800e75 chore(deps): update dependency p-retry to v4.4.0 (#345)- Additional commits viewable incompare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from theSecurity Alerts page.
Uh oh!
There was an error while loading.Please reload this page.
Bumpstough-cookie,jsdom and@semantic-release/npm. These dependencies needed to be updated together.
Updates
tough-cookiefrom 2.4.3 to 4.1.3Release notes
Sourced fromtough-cookie's releases.
... (truncated)
Commits
4ff4d294.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)12d4747Prevent prototype pollution in cookie memstore (#283)f06b72dFix documentation for store.findCookies, missing allowSpecialUseDomain proper...b1a8898fix: allow set cookies with localhost (#253)ec707964.1.1 Patch -- allow special use domains by default (#250)d4ac580fix: allow special use domains by default (#249)79c2f7d4.1.0 release to NPM (#245)4fafc17Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...aa4396dfix: distinguish between no samesite and samesite=none (#240)b8d7511Modernize README (#234)Maintainer changes
This version was pushed to npm byawaterma, a new releaser for tough-cookie since your current version.
Updates
jsdomfrom 16.2.2 to 16.7.0Release notes
Sourced fromjsdom's releases.
... (truncated)
Changelog
Sourced fromjsdom's changelog.
... (truncated)
Commits
1aa3cbcVersion 16.7.0df1f551Don't run WebSocketStream testseb105b2Fix browser tests by enabling SharedArrayBuffer0dedfc0Fix some bad cascade computation in getComputedStyle()8021a56Fix "configuation" typo (#3213)a7febe3Fix typo in level2/html.js (#3222)c9896c0Return x, y properties from Element.getBoundingClientRect (#3187)346ea98Update web-platform tests (#3203)364c77dBump to ws 7.4.693ba6a0We are now on Matrix (#3207)Updates
@semantic-release/npmfrom 7.0.5 to 7.1.3Release notes
Sourced from
@semantic-release/npm's releases.... (truncated)
Commits
13200cafix: use NPM_CONFIG_USERCONFIG in get-registry to match auth (#362)a8b1026chore(deps): lock file maintenance (#358)80fde1efix(deps): update dependency fs-extra to v1097ca719fix(deps): update dependency normalize-url to v6adc5c49chore(deps): lock file maintenance (#352)60de512chore(deps): lock file maintenance (#350)a15c017feat: use npm v7 (#304)7338fc2chore(deps): lock file maintenance (#348)cc771b8docs(readme): fix postpublish script suggestion (#346)1800e75chore(deps): update dependency p-retry to v4.4.0 (#345)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from theSecurity Alerts page.