coveralls
commented
5 years ago Coverage remained the same at 79.31% when pulling 40dcc69c697c0972c00f85828c2c6541fa6180bf on dependabot/npm_and_yarn/tough-cookie-2.3.4 into 57b66dd40ffe5f44d2cf553d1d1ecfd47973c567 on master.
Bumps tough-cookie from 2.3.2 to 2.3.4. This update includes security fixes.
Vulnerabilities fixed
*Sourced from The GitHub Security Advisory Database.* > **High severity vulnerability that affects tough-cookie** > A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU. > > Affected versions: <2.3.3 *Sourced from [The Sonatype OSS Index](https://ossindex.sonatype.org/vuln/c7f185ea-1ec3-4b0c-aa8c-2381f8e18058).* > **CWE-185: Incorrect Regular Expression** > The software specifies a regular expression in a way that causes data to be improperly matched or compared. > > Affected versions: >=0.9.1 <2.3.3Commits
- [`e4dfb0a`](https://github.com/salesforce/tough-cookie/commit/e4dfb0aec5d25e9e982805417a5d936071badc17) 2.3.4 - [`7d66ffd`](https://github.com/salesforce/tough-cookie/commit/7d66ffde12af5cbad40c3642f3c339fa82e6e381) Update public suffix list - [`7564c06`](https://github.com/salesforce/tough-cookie/commit/7564c0637e6674d8847a1b84979536930eb9b170) Merge pull request [#100](https://github-redirect.dependabot.com/salesforce/tough-cookie/issues/100) from salesforce/no-re-parser - [`751da6d`](https://github.com/salesforce/tough-cookie/commit/751da6dadfeddb916b7dc5f524715afd4b02969c) Document removal of 256 space limit - [`8452ccd`](https://github.com/salesforce/tough-cookie/commit/8452ccdf02853fb011a5f654f206a698a659889a) Convert date-time parser from regexp, expand tests - [`8614dbf`](https://github.com/salesforce/tough-cookie/commit/8614dbf439d3eee71a32ff4a5ae9fad7a562d7c2) More String#repeat polyfill - [`2a4775c`](https://github.com/salesforce/tough-cookie/commit/2a4775c28f88c794b9ca05533b5537b7be6d7395) Avoid unbounded Regexp parts in date parsing - [`c9bd79d`](https://github.com/salesforce/tough-cookie/commit/c9bd79dd358ec8bb7ea82bea328b2449168736fc) Parse cookie-pair part without regexp - [`12d4266`](https://github.com/salesforce/tough-cookie/commit/12d426678f77bd34dd1234b7acbf47b299f50439) 2.3.3 - [`98e0916`](https://github.com/salesforce/tough-cookie/commit/98e0916d7b017669c93855d831c6e0b19c14141e) Merge pull request [#97](https://github-redirect.dependabot.com/salesforce/tough-cookie/issues/97) from salesforce/spaces-ReDoS - Additional commits viewable in [compare view](https://github.com/salesforce/tough-cookie/compare/v2.3.2...v2.3.4)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.