Bump tough-cookie, @cypress/request and jest-puppeteer

Open dependabot[bot] opened this issue 2 years ago • 0 comments

Bumps tough-cookie to 4.1.3 and updates ancestor dependencies tough-cookie, @cypress/request and jest-puppeteer. These dependencies need to be updated together.

Updates tough-cookie from 4.1.2 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

Commits

4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
12d4747 Prevent prototype pollution in cookie memstore (#283)
f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
See full diff in compare view

Updates @cypress/request from 2.88.11 to 2.88.12

Release notes

Sourced from @cypress/request's releases.

v2.88.12

2.88.12 (2023-08-01)

Bug Fixes

request: update tough-cookie dep (0664780)

Commits

0664780 fix(request): update tough-cookie dep
30def80 Merge pull request #39 from cypress-io/jordanpowell88/update-pkg-version
6b79405 update package version
bfbb95f Merge pull request #32 from BreakBB/fix-cve-2023-26136
a67e132 pin 18.16
825485a revert back to yarn but v 18
3bce354 update workflow to use npm
4ceb20b Merge branch 'master' into fix-cve-2023-26136
228831e Merge pull request #38 from cypress-io/benm/github-workflows-update
f6ee03f chore: add in workflows for github. update workflow actions
Additional commits viewable in compare view

Updates jest-puppeteer from 4.4.0 to 9.0.0

Release notes

Sourced from jest-puppeteer's releases.

v9.0.0

Bug Fixes

expect-puppeteer: fix addSnapshotSerializer usage (826fd31), closes #552

jest-dev-server: no default host (c35e403)

jest-dev-server: properly detect if port is used, using both config.port and config.host options. (351720a), closes #555

types: fix environment global types (fb691f7)

types: fix missing jestPuppeteer global before setup (37e2294)

Features

drop Node.js v14 support (d7d9833)

BREAKING CHANGES

drop Node.js v14 support

jest-dev-server: default host is now undefined instead of "localhost"

v8.0.6

Bug Fixes

types: fix exports issues (861c07d), closes #545 #546

v8.0.5

Bug Fixes

spawnd: remove exit dependency (af2eb01), closes #541

v8.0.4

Bug Fixes

fix preset export (7d8d10c), closes #532

v8.0.3

Bug Fixes

avoid creating screenshots directory (d9e58fe), closes #521

jest-puppeteer: fix preset export (82e4163), closes #528

... (truncated)

Changelog

Sourced from jest-puppeteer's changelog.

9.0.0 (2023-05-24)

Features

drop Node.js v14 support (d7d9833)

BREAKING CHANGES

drop Node.js v14 support

8.0.6 (2023-03-24)

Bug Fixes

types: fix exports issues (861c07d), closes #545 #546

8.0.5 (2023-03-09)

Note: Version bump only for package jest-puppeteer

8.0.4 (2023-03-08)

Bug Fixes

fix preset export (7d8d10c), closes #532

8.0.3 (2023-03-07)

Bug Fixes

... (truncated)

Commits

e13d1dd v9.0.0
d7d9833 feat: drop Node.js v14 support
7becfaf chore: add ESLint plugins for Jest, TypeScript (#550)
f756dc3 v8.0.6
861c07d fix(types): fix exports issues
05992b2 v8.0.5
3c388a2 chore: upgrade deps
e9620e4 v8.0.4
7d8d10c fix: fix preset export
6723a11 v8.0.3
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

Note Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Sep 22 '23 22:09 dependabot[bot]