dependabot[bot] opened a new pull request, #13214: URL: https://github.com/apache/cloudstack/pull/13214
Bumps [js-cookie](https://github.com/js-cookie/js-cookie) from 2.2.1 to 3.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/js-cookie/js-cookie/releases";>js-cookie's releases</a>.</em></p> <blockquote> <h2>v3.0.7</h2> <ul> <li>Prevent cookie attribute injection: CVE-2026-46625 (eb3c40e)</li> <li>Add <code>Partitioned</code> attribute to readme (b994768)</li> <li>Publish to npm registry via trusted publisher exclusively (4dc71be)</li> <li>Ensure consistent behaviour for <code>get('name')</code> + <code>get()</code> (1953d30)</li> </ul> <h2>v3.0.5</h2> <ul> <li>Remove npm version restriction in package.json - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/818";>#818</a></li> </ul> <h2>v3.0.4</h2> <ul> <li>Publish to npmjs.com with package provenance</li> </ul> <h2>v3.0.1</h2> <ul> <li>Make package.json accessible in export - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/727";>#727</a></li> </ul> <h2>v3.0.0</h2> <ul> <li>Removed <code>defaults</code> in favor of a builder: now to supply an api instance with particular predefined (cookie) attributes there's <code>Cookies.withAttributes()</code>, e.g.:</li> </ul> <pre lang="js"><code>const api = Cookies.withAttributes({ path: '/', secure: true }) api.set('key', 'value') // writes cookie with path: '/' and secure: true... </code></pre> <ul> <li>The attributes that an api instance is configured with are exposed as <code>attributes</code> property; it's an immutable object and unlike <code>defaults</code> cannot be changed to configure the api.</li> <li>The mechanism to fall back to the standard, internal converter by returning a falsy value in a custom read converter has been removed. Instead the default converters are now exposed as <code>Cookies.converter</code>, which allows for implementing self-contained custom converters providing the same behavior:</li> </ul> <pre lang="js"><code>const customReadConverter = (value, name) => { if (name === 'special') { return unescape(value) } return Cookies.converter.read(value) } </code></pre> <ul> <li><code>withConverter()</code> no longer accepts a function as argument to be turned into a read converter. It is now required to always pass an object with the explicit type(s) of converter(s):</li> </ul> <pre lang="js"><code>const api = Cookies.withConverter({ read: (value, name) => unescape(value) }) </code></pre> <ul> <li>The converter(s) that an api instance is configured with are exposed as <code>converter</code> property; it's an immutable object and cannot be changed to configure the api.</li> <li>Started providing library as ES module, in addition to UMD module. The <code>module</code> field in <code>package.json</code> points to an ES module variant of the library.</li> <li>Started using <code>browser</code> field instead of <code>main</code> in <code>package.json</code> (for the UMD variant of the library).</li> <li>Dropped support for IE < 10.</li> <li>Removed built-in JSON support, i.e. <code>getJSON()</code> and automatic stringifying in <code>set()</code>: use <code>Cookies.set('foo', JSON.stringify({ ... }))</code> and <code>JSON.parse(Cookies.get('foo'))</code> instead.</li> <li>Removed support for Bower.</li> <li>Added minified versions to package - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/501";>#501</a></li> <li>Improved support for url encoded cookie values (support case insensitive encoding) - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/466";>#466</a>, <a href="https://redirect.github.com/js-cookie/js-cookie/issues/530";>#530</a></li> <li>Expose default path via API - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/541";>#541</a></li> <li>Handle falsy arguments passed to getters - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/399";>#399</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/js-cookie/js-cookie/commit/17bacba0171dd022728d8fdeba3203c60791bf58";><code>17bacba</code></a> Craft v3.0.7 release</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/adb823cb7e95ead47f3af4d4951e589acbde2077";><code>adb823c</code></a> Fix release workflow halting at <code>git tag</code></li> <li><a href="https://github.com/js-cookie/js-cookie/commit/5f9e759b07d2752e8407a3a43fb5f879bf384c5e";><code>5f9e759</code></a> May remove Git user config from release workflow</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/6ac921184c7b3b7d9431c88707f56521acd72ab4";><code>6ac9211</code></a> Fix release workflow not able to push commit + tag</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/2278bc55e1804c4c2d9bd2110a9b449949a52751";><code>2278bc5</code></a> Fix missing package version bump</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/eb3c40e89731e99b8970faaf35ddad249c6c0020";><code>eb3c40e</code></a> Prevent cookie attribute injection</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/f6f157f430d707d2ffd0c9c9138227a6cea564e5";><code>f6f157f</code></a> Bump globals from 17.5.0 to 17.6.0</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/f409d022da50a0c6fa8724f087fbc50fab9a9533";><code>f409d02</code></a> Bump eslint from 10.2.0 to 10.3.0</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/a686883c03a754c04546cfc1653911a70a640b40";><code>a686883</code></a> Bump protobufjs in the npm_and_yarn group across 1 directory</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/c6112d2d4f2881a12aaf89d9e2996ef6870eb6d0";><code>c6112d2</code></a> Bump <code>@​protobufjs/utf8</code> in the npm_and_yarn group across 1 directory</li> <li>Additional commits viewable in <a href="https://github.com/js-cookie/js-cookie/compare/v2.2.1...v3.0.7";>compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions";>GitHub Actions</a>, a new releaser for js-cookie since your current version.</p> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/cloudstack/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
