chore(deps): bump the npm_and_yarn group across 2 directories with 15 updates

[dependabot]

Bumps the npm_and_yarn group with 13 updates in the / directory:

Package	From	To
@ory/integrations	1.1.5	1.2.1
@ory/client	1.4.2	1.14.3
casbin.js	0.5.1	1.0.1
recharts	2.1.12	2.12.7
postcss	8.4.31	8.4.32
@adobe/css-tools	4.3.1	4.4.0
braces	3.0.2	3.0.3
d3-color	2.0.0	3.1.0
ejs	3.1.9	3.1.10
express	4.18.2	4.19.2
follow-redirects	1.15.3	1.15.6
ws	8.14.2	8.18.0
ws	6.2.2	8.18.0
ws	7.5.9	8.18.0
webpack-dev-middleware	6.1.1	6.1.3
webpack-dev-middleware	5.3.3	6.1.3

Bumps the npm_and_yarn group with 1 update in the /e2e directory: braces.

Updates @ory/integrations from 1.1.5 to 1.2.1

Release notes

Sourced from @​ory/integrations's releases.

v1.2.1

What's Changed

• chore(actions): upgrade release workflow to use node v18 by @​dan-j in ory/integrations#63

New Contributors

• @​dan-j made their first contribution in ory/integrations#63

Full Changelog: ory/integrations@v1.2.0...v1.3.0

1.2.0

What's Changed

• fix: update packages & replace request dependency by @​t1nky in ory/integrations#60

New Contributors

• @​t1nky made their first contribution in ory/integrations#60

Full Changelog: ory/integrations@1.1.5...v1.2.0

Commits

• 781878c chore(actions): upgrade release workflow to use node v18 (#63)
• 31e745b fix: update packages & replace request dependency (#60)
• See full diff in compare view

Updates @ory/client from 1.4.2 to 1.14.3

Commits

• See full diff in compare view

Updates casbin.js from 0.5.1 to 1.0.1

Changelog

Sourced from casbin.js's changelog.

1.0.1 (2021-10-30)

Bug Fixes

• update doc and release channel (da52e9b)

1.0.0 (2021-10-30)

Features

• convert node-casbin to pure javascript project as casbin.js v1

1.0.0-beta.5 (2021-09-29)

Features

• RBAC with Domains API (5e49b41)

1.0.0-beta.4 (2021-08-31)

Features

• Extend multiple sections type of escapeAssertion (#180) (4a8cc10)

1.0.0-beta.3 (2021-08-28)

Features

• Multiple sections type (2635601)

1.0.0-beta.2 (2021-08-22)

Bug Fixes

• fix ts4 build configuration (a5034c8)

1.0.0-beta.1 (2021-08-22)

Features

• convert node-casbin to casbin.js as pure JavaScript
• remove fs module
• remove the API with file operations
• add sync mode (70e4e12)

Commits

• 60d7758 chore(release): 1.0.1 [skip ci]
• 8c57d84 Merge pull request #241 from nodece/release_v1
• da52e9b fix: update doc and release channel
• e607a30 chore(release): 1.0.0 [skip ci]
• 1064933 Merge pull request #240 from nodece/master
• b2369ef ci: remove v1 branch limit
• 4a17ff8 Merge pull request #227 from nodece/v1
• dea6c17 build: output ESM and UMD
• 23b069f chore(release): 1.0.0-beta.5 [skip ci]
• de676e7 Merge pull request #214 from Gabriel-403/RBAC_with_Domains_API
• Additional commits viewable in compare view

Updates recharts from 2.1.12 to 2.12.7

Release notes

Sourced from recharts's releases.

v2.12.7

Whats changed

Fix

• Area: re-add calculated area points to the areaDot callback props when it is a function. This was accidentally removed in v2.3. Fixes #4480
• Brush: guard against undefined property access error when an ariaLabel is not specified. Follow up from recharts/recharts#2093

Full Changelog: recharts/recharts@v2.12.6...v2.12.7

v2.12.6

What's Changed

Fix

• Tooltip: fix glitch where Tooltip always rendered in the top left even if animation was disabled by @​HHongSeungWoo in recharts/recharts#4425 fixes recharts/recharts#4424

Chore

• CI/Build fix: Added proper .js suffixes to main module and jsnext:main paths in package.json by @​dobosalparbc in recharts/recharts#4431 fixes recharts/recharts#2858

Full Changelog: recharts/recharts@v2.12.5...v2.12.6

v2.12.5

Small fixes while working on v3 continued...

What's Changed

Feat

• BarChart: support percentage (of chart) for barSize. Helps set size of bar when there are few datapoints Fixes #3640 by @​graup in recharts/recharts#4407

Fix

Address recharts/recharts#4382

A recent release of @types/react broke some builds because they removed certain (unused) events from common event handler attributes. recharts was unknowingly enumerating keys of SVGProps in the Layer component with the old types and causing a type error on tsc with skipLibCheck: false

• typescript - Layer: use SVGAttributes instead of SVGProps in forwardRef components by @​ckifer in recharts/recharts#4413
• typescript - Pie: fix Pie ref which was cast to HTMLElement when the ref is actually referring to SVGGElement. This gave false information to whoever is using ref on the Pie component

Full Changelog: recharts/recharts@v2.12.4...v2.12.5

v2.12.4

What's Changed

Small fixes while working on v3 continued...

... (truncated)

Changelog

Sourced from recharts's changelog.

⚠️ Next versions change notes are available only on the GitHub Releases page ⚠️

2.2.0 (Dec 8, 2022)

feat

• Support keyboard navigation in pie chart (#2923)
• Allow reversing the tooltip direction (#3056)

fix

• fix rounding leading to hairline gaps (#3075)
• fix: do not override zero brush end index (#3076)
• fix: allow dragging brush when the mouse is outside (#3072)
• fix: add label type to line props (#3068)
• Ensure LabelList generic extends Data interface (#2954)

2.1.16 (Oct 29, 2022)

fix

• Fix incorrect date in CHAGELOG (#3016)
• Let formatter function run even when value is falsy (#3026)
• Fix(Sankey): update tooltip active state by trigger type(hover/click) (#3021)
• Fix Area's baseValue prop (#3013)

2.1.15 (Oct 12, 2022)

fix

• Fix scroll on hover
• DefaultTooltipContent.tsx Solving type error for entry.value and entry.name

chore

• Revert D3 version

2.1.14 (Sep 7, 2022)

fix

• Add inactiveShape prop to Pie component (#2900)
• Revert "chore: move type deps into devDependencies (#2843)" (#2942)
• Fix typing of default tooltip formatter (#2924)
• Take letter-spacing and font-size into consideration while rendering ticks (#2898)
• Add formatter function type to tooltip props (#2916)
• doc: Update CHANGELOG.md about d3 7.x (#2919)

2.1.13 (Jul 26, 2022)

fix

• set animate flag before chart data update (#2911)
• Error bar domain fix (#2863)
• fix: fix "recharts@… doesn't provide prop-types, requested by react-smooth" warning (#2895)

chore

... (truncated)

Commits

• 2074e2e 2.12.7
• 1e9e032 fix: guard against accidental undefined access in Brush
• 239b3ae fix(area-dot): regressionon in parameters passed to custom area dot
• 22064ed 2.12.6
• 504518d Added js suffix to main module and jsnext:main paths in package json (#4431)
• a705024 fix: The box size of the Tooltip is 0 at the first rendering of TooltipBoundi...
• bdad6ec 2.12.5
• ed95633 fix(layer-types): use SVGAttributes instead of SVGProps in forwardRef compone...
• 3d2e8b9 feat(BarChart): support percentage for barSize. Fixes #3640 (#4407)
• 981eb8f 2.12.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ckifer, a new releaser for recharts since your current version.

Updates postcss from 8.4.31 to 8.4.32

Release notes

Sourced from postcss's releases.

8.4.32

• Fixed postcss().process() types (by @​ferreira-tb).

Changelog

Sourced from postcss's changelog.

8.4.32

• Fixed postcss().process() types (by Andrew Ferreira).

Commits

• a0d9f10 Release 8.4.32 version
• 0146b3e Add Node.js 21 to CI
• 2398534 Update dependencies
• 1918533 Merge pull request #1902 from ferreira-tb/main
• 395e6dc Fix ProcessOptions interface
• fa8cd15 Update dependencies
• 199a7c4 Typo
• 2528047 Update EM link
• See full diff in compare view

Updates @adobe/css-tools from 4.3.1 to 4.4.0

Changelog

Sourced from @​adobe/css-tools's changelog.

4.4.0 / 2024-06-05

• add support for @​starting-style #319

4.3.3 / 2024-01-24

• Update export property #271

4.3.2 / 2023-11-28

• Fix redos vulnerability with specific crafted css string - CVE-2023-48631
• Fix Problem parsing with :is() and nested :nth-child() #211

Commits

• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates d3-color from 2.0.0 to 3.1.0

Release notes

Sourced from d3-color's releases.

v3.1.0

• Add rgb.clamp and hsl.clamp. #102
• Add color.formatHex8. #103
• Fix color.formatHsl to clamp values to the expected range. #83
• Fix catastrophic backtracking when parsing colors. #89 #97 #99 #100 SNYK-JS-D3COLOR-1076592

v3.0.1

• Make build reproducible.

v3.0.0

• Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits

• 7a1573e 3.1.0
• 75c19c4 update LICENSE
• ef94e01 update dependencies
• 5e9f757 method shorthand
• e4bc34e formatHex8 (#103)
• ac660c6 {rgb,hsl}.clamp() (#102)
• 70e3a04 clamp HSL format (#101)
• 994d8fd avoid backtracking (#100)
• 7d61bbe 3.0.1
• 93bc4ff related d3/d33; extract copyrights from LICENSE
• Additional commits viewable in compare view

Updates d3-interpolate from 2.0.1 to 3.0.1

Release notes

Sourced from d3-interpolate's releases.

v3.0.1

• Update dependencies.
• Make build reproducible.

v3.0.0

• Adopt type: module.

This package now requires Node.js 12 or higher. For more, please read Sindre Sorhus’s FAQ.

Commits

• 6562b85 3.0.1
• f5f6b74 update dependencies
• 9569bdb related d3/d33; extract copyrights from LICENSE
• 38346a4 3.0.0
• 47f9564 Adopt type=module (#93)
• e8cddfd Update README.
• See full diff in compare view

Updates ejs from 3.1.9 to 3.1.10

Release notes

Sourced from ejs's releases.

v3.1.10

Version 3.1.10

Commits

• d3f807d Version 3.1.10
• 9ee26dd Mocha TDD
• e469741 Basic pollution protection
• 715e950 Merge pull request #756 from Jeffrey-mu/main
• cabe314 Include advanced usage examples
• 29b076c Added header
• 11503c7 Merge branch 'main' of github.com:mde/ejs into main
• 7690404 Added security banner to README
• f47d7ae Update SECURITY.md
• 828cea1 Update SECURITY.md
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.19.2

Release notes

Sourced from express's releases.

4.19.2

What's Changed

• Improved fix for open redirect allow list bypass

Full Changelog: expressjs/express@4.19.1...4.19.2

4.19.1

What's Changed

• Fix ci after location patch by @​wesleytodd in expressjs/express#5552
• fixed un-edited version in history.md for 4.19.0 by @​wesleytodd in expressjs/express#5556

Full Changelog: expressjs/express@4.19.0...4.19.1

4.19.0

What's Changed

• fix typo in release date by @​UlisesGascon in expressjs/express#5527
• docs: nominating @​wesleytodd to be project captian by @​wesleytodd in expressjs/express#5511
• docs: loosen TC activity rules by @​wesleytodd in expressjs/express#5510
• Add note on how to update docs for new release by @​crandmck in expressjs/express#5541
• Prevent open redirect allow list bypass due to encodeurl
• Release 4.19.0 by @​wesleytodd in expressjs/express#5551

New Contributors

• @​crandmck made their first contribution in expressjs/express#5541

Full Changelog: expressjs/express@4.18.3...4.19.0

4.18.3

Main Changes

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]

Other Changes

• Use https: protocol instead of deprecated git: protocol by @​vcsjones in expressjs/express#5032
• build: [email protected] and [email protected] by @​abenhamdine in expressjs/express#5034
• ci: update actions/checkout to v3 by @​armujahid in expressjs/express#5027
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5124
• Remove unused originalIndex from acceptParams by @​raksbisht in expressjs/express#5119
• Fixed typos by @​raksbisht in expressjs/express#5117
• examples: remove unused params by @​raksbisht in expressjs/express#5113
• fix: parameter str is not described in JSDoc by @​raksbisht in expressjs/express#5130
• fix: typos in History.md by @​raksbisht in expressjs/express#5131
• build : add [email protected] by @​abenhamdine in expressjs/express#5028
• test: remove unused function arguments in params by @​raksbisht in expressjs/express#5137

... (truncated)

Changelog

Sourced from express's changelog.

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

Commits

• 04bc627 4.19.2
• da4d763 Improved fix for open redirect allow list bypass
• 4f0f6cc 4.19.1
• a003cfa Allow passing non-strings to res.location with new encoding handling checks f...
• a1fa90f fixed un-edited version in history.md for 4.19.0
• 11f2b1d build: fix build due to inconsistent supertest behavior in older versions
• 084e365 4.19.0
• 0867302 Prevent open redirect allow list bypass due to encodeurl
• 567c9c6 Add note on how to update docs for new release (#5541)
• 69a4cf2 deps: [email protected]
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by wesleytodd, a new releaser for express since your current version.

Updates follow-redirects from 1.15.3 to 1.15.6

Commits

• 35a517c Release version 1.15.6 of the npm package.
• c4f847f Drop Proxy-Authorization across hosts.
• 8526b4a Use GitHub for disclosure.
• b1677ce Release version 1.15.5 of the npm package.
• d8914f7 Preserve fragment in responseUrl.
• 6585820 Release version 1.15.4 of the npm package.
• 7a6567e Disallow bracketed hostnames.
• 05629af Prefer native URL instead of deprecated url.parse.
• 1cba8e8 Prefer native URL instead of legacy url.resolve.
• 72bc2a4 Simplify _processResponse error handling.
• Additional commits viewable in compare view

Updates ws from 8.14.2 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• Additional commits viewable in compare view

Updates ws from 6.2.2 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• Additional commits viewable in compare view

Updates ws from 7.5.9 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

• Added support for Blob (#2229).

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits

• 976c53c [dist] 8.18.0
• 59b9629 [feature] Add support for Blob (#2229)
• 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
• 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• Additional commits viewable in compare view

Updates tough-cookie from 2.5.0 to 4.1.3

Release notes

Sourced from tough-cookie's releases.

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

• fix: allow set cookies with localhost by @​colincasey in salesforce/tough-cookie#253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

• fix: allow special use domains by default by @​colincasey in salesforce/tough-cookie#249
• 4.1.1 Patch -- allow special use domains by default by @​awaterma in salesforce/tough-cookie#250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

• Create CHANGELOG.md by @​ShivanKaul in salesforce/tough-cookie#189
• Missing param validation issue145 by @​medelibero-sfdc in salesforce/tough-cookie#193
• Create SECURITY.md by @​ShivanKaul in salesforce/tough-cookie#201
• Create CODE_OF_CONDUCT.md by @​ShivanKaul in salesforce/tough-cookie#200
• Fix for issue #195 by @​medelibero-sfdc in salesforce/tough-cookie#202
• Add explanation and more special-use domains by @​ShivanKaul in salesforce/tough-cookie#203
• Sync of constructor options for serialization by @​medelibero-sfdc in salesforce/tough-cookie#204
• Returned null in case of empty cookie value by @​vsin12 in salesforce/tough-cookie#196
• 132 str trim not a function by @​awaterma in salesforce/tough-cookie#209
• Fix for issue #153 by @​medelibero-sfdc in salesforce/tough-cookie#210
• Fix permuteDomain with trailing dot by @​ruoho-sfdc in salesforce/tough-cookie#216
• Issue #213 -- added gh-actions flow for building and testing tough-co… by @​awaterma in salesforce/tough-cookie#218
• Issue #210 -- Updated workflow to use npm install. by @​awaterma in salesforce/tough-cookie#220
• @GH-215 -- Tests that document localhost behavior when set as domain. by @​awaterma in salesforce/tough-cookie#221
• fix: MemoryCookieStore methods should exist on the prototype, not on the class. by @​wjhsf in salesforce/tough-cookie#226
• Unit test cases for allowSpecialUseDomain option by @​colincasey in salesforce/tough-cookie#225
• [Snyk] Upgrade universalify from 0.1.2 to 0.2.0 by @​snyk-bot in salesforce/tough-cookie#228
• React Native Support by @​colincasey in salesforce/tough-cookie#227
• Adding Updating CODEOWNERS with ECCN as per Export Control Compliance by @​svc-scm in salesforce/tough-cookie#223
• fix: domain match routine by @​colincasey in salesforce/tough-cookie#236
• Stop using the internal NodeJS punycode module by @​gboer in salesforce/tough-cookie#238
• Initial documentation review by @​mcarey86 in salesforce/tough-cookie#234
• fix: distinguish between no samesite and samesite=none by @​colincasey in salesforce/tough-cookie#240
• Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move… by @​awaterma in salesforce/tough-cookie#242
• 4.1.0 release to NPM by @​awaterma in salesforce/tough-cookie#245

... (truncated)

Commits

• 4ff4d29 4.1.3 release preparation, update the package and lib/version to 4.1.3. (#284)
• 12d4747 Prevent prototype pollution in cookie memstore (#283)
• f06b72d Fix documentation for store.findCookies, missing allowSpecialUseDomain proper...
• b1a8898 fix: allow set cookies with localhost (#253)
• ec70796 4.1.1 Patch -- allow special use domains by default (#250)
• d4ac580 fix: allow special use domains by default (#249)
• 79c2f7d 4.1.0 release to NPM (#245)
• 4fafc17 Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move Dockerf...
• aa4396d fix: distinguish between no samesite and samesite=none (#240)
• b8d7511 Modernize README (#234)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by awaterma, a new releaser for tough-cookie since your current version.

Updates webpack-dev-middleware from 6.1.1 to 6.1.3

Release notes

Sourced from webpack-dev-middleware's releases.

v6.1.3

6.1.3 (2024-03-29)

Bug Fixes

• security problem (#1799) (5a4d9e8)

v6.1.2

6.1.2 (2024-03-20)

Bug Fixes

• security: do not allow to read files above (#1778) (

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
aws-preview	❌ Failed (Inspect)		Aug 9, 2024 9:05am
flanksource-ui	❌ Failed (Inspect)		Aug 9, 2024 9:05am

[netlify]

❌ Deploy Preview for flanksource-demo-stable failed.

Name	Link
🔨 Latest commit	11aca7d
🔍 Latest deploy log	https://app.netlify.com/sites/flanksource-demo-stable/deploys/66b5c736865e2b000847c82c

[netlify]

❌ Deploy Preview for goofy-euclid-75956c failed.

Name	Link
🔨 Latest commit	11aca7d
🔍 Latest deploy log	https://app.netlify.com/sites/goofy-euclid-75956c/deploys/66b5c73629b18a0008f63335

[netlify]

❌ Deploy Preview for clerk-saas-ui failed.

Name	Link
🔨 Latest commit	11aca7d
🔍 Latest deploy log	https://app.netlify.com/sites/clerk-saas-ui/deploys/66b5c73629b18a0008f63337

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.