import-map-overrides
import-map-overrides copied to clipboard
single-spa
Bump cookie from 0.6.0 to 0.7.0
Bumps cookie from 0.6.0 to 0.7.0.
Release notes
Sourced from cookie's releases.
0.7.0
- perf: parse cookies ~10% faster (#144 by
@kurtextremand #170)- fix: narrow the validation of cookies to match RFC6265 (#167 by
@bewinsnw)- fix: add
maintopackage.jsonfor rspack (#166 by@proudparrot2)
Commits
ab057d60.7.05f02ca8Migrate history to GitHub releasesa5d591cMigrate history to GitHub releases51968f9Skip isNaN9e7ca51perf(parse): cache length, return early (#144)d6f39b0Fix tests for old node6bb701fRemove failing scorecardca70da4test(serialize): additional tests for name, domain and path RFC validations (...47917c9Iterate whitespace for perf (#170)927d48aAddmaintopackage.json(#166)- Additional commits viewable in compare view
Maintainer changes
This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
⚠️ No Changeset found
Latest commit: 4a6e2dd4283c3a3b57b5d499da2246cbccbe1b4f
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
![changeset-bot[bot] avatar](https://avatars.githubusercontent.com/in/28616?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi! There is a vulnerability in the cookie library, which was fixed in version 0.7.0. Unfortunately, in the import-map-overrides library, the cookie version is specified as ^0.6.0, which does not include version 0.7.0. Therefore, we cannot update the cookie version in our project (except for the workaround using npm overrides/yarn resolutions).
Is an update for cookie planned?
I'm open to this change, but a changeset is needed and tests need to be added to verify that import-map-overrides-server.js is still functioning
