Bumps tough-cookie from 2.3.2 to 2.3.4. This update includes security fixes.
Vulnerabilities fixed
*Sourced from The GitHub Security Advisory Database.*
> **High severity vulnerability that affects tough-cookie**
> A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
>
> Affected versions: < 2.3.3
*Sourced from The GitHub Security Advisory Database.*
> **High severity vulnerability that affects tough-cookie**
> A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
>
> Affected versions: <2.3.3
Commits
- [`e4dfb0a`](https://github.com/salesforce/tough-cookie/commit/e4dfb0aec5d25e9e982805417a5d936071badc17) 2.3.4
- [`7d66ffd`](https://github.com/salesforce/tough-cookie/commit/7d66ffde12af5cbad40c3642f3c339fa82e6e381) Update public suffix list
- [`7564c06`](https://github.com/salesforce/tough-cookie/commit/7564c0637e6674d8847a1b84979536930eb9b170) Merge pull request [#100](https://github-redirect.dependabot.com/salesforce/tough-cookie/issues/100) from salesforce/no-re-parser
- [`751da6d`](https://github.com/salesforce/tough-cookie/commit/751da6dadfeddb916b7dc5f524715afd4b02969c) Document removal of 256 space limit
- [`8452ccd`](https://github.com/salesforce/tough-cookie/commit/8452ccdf02853fb011a5f654f206a698a659889a) Convert date-time parser from regexp, expand tests
- [`8614dbf`](https://github.com/salesforce/tough-cookie/commit/8614dbf439d3eee71a32ff4a5ae9fad7a562d7c2) More String#repeat polyfill
- [`2a4775c`](https://github.com/salesforce/tough-cookie/commit/2a4775c28f88c794b9ca05533b5537b7be6d7395) Avoid unbounded Regexp parts in date parsing
- [`c9bd79d`](https://github.com/salesforce/tough-cookie/commit/c9bd79dd358ec8bb7ea82bea328b2449168736fc) Parse cookie-pair part without regexp
- [`12d4266`](https://github.com/salesforce/tough-cookie/commit/12d426678f77bd34dd1234b7acbf47b299f50439) 2.3.3
- [`98e0916`](https://github.com/salesforce/tough-cookie/commit/98e0916d7b017669c93855d831c6e0b19c14141e) Merge pull request [#97](https://github-redirect.dependabot.com/salesforce/tough-cookie/issues/97) from salesforce/spaces-ReDoS
- Additional commits viewable in [compare view](https://github.com/salesforce/tough-cookie/compare/v2.3.2...v2.3.4)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
- `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com):
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
Finally, you can contact us by mentioning @dependabot.
Bumps tough-cookie from 2.3.2 to 2.3.4. This update includes security fixes.
Vulnerabilities fixed
*Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects tough-cookie** > A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU. > > Affected versions: < 2.3.3 *Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects tough-cookie** > A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU. > > Affected versions: <2.3.3Commits
- [`e4dfb0a`](https://github.com/salesforce/tough-cookie/commit/e4dfb0aec5d25e9e982805417a5d936071badc17) 2.3.4 - [`7d66ffd`](https://github.com/salesforce/tough-cookie/commit/7d66ffde12af5cbad40c3642f3c339fa82e6e381) Update public suffix list - [`7564c06`](https://github.com/salesforce/tough-cookie/commit/7564c0637e6674d8847a1b84979536930eb9b170) Merge pull request [#100](https://github-redirect.dependabot.com/salesforce/tough-cookie/issues/100) from salesforce/no-re-parser - [`751da6d`](https://github.com/salesforce/tough-cookie/commit/751da6dadfeddb916b7dc5f524715afd4b02969c) Document removal of 256 space limit - [`8452ccd`](https://github.com/salesforce/tough-cookie/commit/8452ccdf02853fb011a5f654f206a698a659889a) Convert date-time parser from regexp, expand tests - [`8614dbf`](https://github.com/salesforce/tough-cookie/commit/8614dbf439d3eee71a32ff4a5ae9fad7a562d7c2) More String#repeat polyfill - [`2a4775c`](https://github.com/salesforce/tough-cookie/commit/2a4775c28f88c794b9ca05533b5537b7be6d7395) Avoid unbounded Regexp parts in date parsing - [`c9bd79d`](https://github.com/salesforce/tough-cookie/commit/c9bd79dd358ec8bb7ea82bea328b2449168736fc) Parse cookie-pair part without regexp - [`12d4266`](https://github.com/salesforce/tough-cookie/commit/12d426678f77bd34dd1234b7acbf47b299f50439) 2.3.3 - [`98e0916`](https://github.com/salesforce/tough-cookie/commit/98e0916d7b017669c93855d831c6e0b19c14141e) Merge pull request [#97](https://github-redirect.dependabot.com/salesforce/tough-cookie/issues/97) from salesforce/spaces-ReDoS - Additional commits viewable in [compare view](https://github.com/salesforce/tough-cookie/compare/v2.3.2...v2.3.4)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.