The allowInsecureRedirect is false by default, which may cause issues if your usage relies on insecure redirects. For the former behavior, you can opt in to insecure redirects by setting the option to true, but it is not recommended.
Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.
This version was pushed to npm by awaterma, a new releaser for tough-cookie since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/c4a8-web/shared-components/network/alerts).
Bumps the npm_and_yarn group with 3 updates: @cypress/request, cypress and tough-cookie.
Updates
@cypress/request
from 2.88.11 to 3.0.1Release notes
Sourced from
@cypress/request
's releases.Changelog
Sourced from
@cypress/request
's changelog.... (truncated)
Commits
ca62f3a
Merge pull request #44 from MikeMcC399/peg/qsfb9f625
fix(deps): peg qs to 6.10.499338c8
chore: updates related to release process (#41)c5bcf21
feat: Add allowInsecureRedirect option0664780
fix(request): update tough-cookie dep30def80
Merge pull request #39 from cypress-io/jordanpowell88/update-pkg-version6b79405
update package versionbfbb95f
Merge pull request #32 from BreakBB/fix-cve-2023-26136a67e132
pin 18.16825485a
revert back to yarn but v 18Updates
cypress
from 12.14.0 to 13.7.1Release notes
Sourced from cypress's releases.
... (truncated)
Commits
f17fa4c
chore: release 13.7.1 (#29184)9c27c37
fix: patch new tab creation for firefox 124 and up to fix issue where… (#29179)ef66293
chore: skip rerun tests inside driver integration for chromium browse… (#29182)75eba1e
fix: fixing issue with blurring shadow dom elements (#29125)7735405
chore: skip flaky tests (#29149)fe97eec
chore: keep example app/assets in yarn autoclean (#29159)e9b3d43
chore: Update v8 snapshot cache (#29152)9a3e25c
docs: correct link from examples readme to pr contributing (#29163)85b85dd
docs: add more details to the@packages/example
deploy process (#29136)9f1ef29
chore: Update v8 snapshot cache (#29140)Updates
tough-cookie
from 2.5.0 to 4.1.3Release notes
Sourced from tough-cookie's releases.
... (truncated)
Commits
4ff4d29
4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)12d4747
Prevent prototype pollution in cookie memstore (#283)f06b72d
Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...b1a8898
fix: allow set cookies with localhost (#253)ec70796
4.1.1 Patch -- allow special use domains by default (#250)d4ac580
fix: allow special use domains by default (#249)79c2f7d
4.1.0 release to NPM (#245)4fafc17
Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...aa4396d
fix: distinguish between no samesite and samesite=none (#240)b8d7511
Modernize README (#234)Maintainer changes
This version was pushed to npm by awaterma, a new releaser for tough-cookie since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show