Update dependency tough-cookie to v6 (main)#233120
Merged
elena-shostak merged 3 commits intomainfrom Aug 29, 2025
Merged
Conversation
elastic-renovate-prod
bot
added
backport:all-open
Contributor
|
Pinging @elastic/kibana-security (Team:Security) |
Contributor
Author
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
Contributor
|
/ci |
Contributor
💚 Build Succeeded
Metrics [docs]
History
|
elena-shostak
approved these changes
Aug 29, 2025
Contributor
|
Starting backport for target branches: 8.18, 8.19, 9.0, 9.1 https://github.com/elastic/kibana/actions/runs/17322166897 |
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
Aug 29, 2025
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [tough-cookie](https://github.com/salesforce/tough-cookie) | devDependencies | major | [`^5.1.2` -> `^6.0.0`](https://renovatebot.com/diffs/npm/tough-cookie/5.1.2/6.0.0) | --- ### Release Notes <details> <summary>salesforce/tough-cookie (tough-cookie)</summary> ### [`v6.0.0`](https://github.com/salesforce/tough-cookie/releases/tag/v6.0.0) [Compare Source](https://github.com/salesforce/tough-cookie/compare/v5.1.2...v6.0.0) #### Summary ##### Breaking Changes - Localhost connections over `http` will now be considered secure by default. For more information, see the [README documentation](https://github.com/salesforce/tough-cookie?tab=readme-ov-file#potentially-trustworthy-origins-are-considered-secure) and [API Docs](https://github.com/salesforce/tough-cookie/blob/master/api/docs/tough-cookie.createcookiejaroptions.md) for how to configure this feature. ##### Other Notable Changes - Dual publishing of ESM+CJS #### What's Changed - Bump globals from 15.14.0 to 16.0.0 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/504](https://github.com/salesforce/tough-cookie/pull/504)4 - Bump the dev-dependencies group with 10 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/503](https://github.com/salesforce/tough-cookie/pull/503)3 - Bump tldts from 6.1.76 to 6.1.79 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/502](https://github.com/salesforce/tough-cookie/pull/502)2 - Bump tldts from 6.1.83 to 6.1.85 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/507](https://github.com/salesforce/tough-cookie/pull/507)7 - Bump the dev-dependencies group with 9 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/508](https://github.com/salesforce/tough-cookie/pull/508)8 - Bump eslint-import-resolver-typescript from 3.8.3 to 4.3.1 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/509](https://github.com/salesforce/tough-cookie/pull/509)9 - feat: Add RFC 6761–compliant localhost loopback checks so secure cookies work on localhost (fixes: [#&elastic#8203;382](https://github.com/salesforce/tough-cookie/issues/382)) by [@&elastic#8203;Chriss4123](https://github.com/Chriss4123) in [https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498) - use ESM instead of CJS by [@&elastic#8203;wjhsf](https://github.com/wjhsf) in [https://github.com/salesforce/tough-cookie/pull/506](https://github.com/salesforce/tough-cookie/pull/506) - Switch from jest to vitest by [@&elastic#8203;wjhsf](https://github.com/wjhsf) in [https://github.com/salesforce/tough-cookie/pull/510](https://github.com/salesforce/tough-cookie/pull/510) - Bump vite from 6.2.6 to 6.3.4 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/521](https://github.com/salesforce/tough-cookie/pull/521)1 - Bump the dev-dependencies group with 9 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/522](https://github.com/salesforce/tough-cookie/pull/522)2 - Bump tldts from 6.1.85 to 7.0.5 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/523](https://github.com/salesforce/tough-cookie/pull/523)3 - Prepare release v6.0.0-rc.0 by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/519](https://github.com/salesforce/tough-cookie/pull/519) - Bump the dev-dependencies group with 12 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/525](https://github.com/salesforce/tough-cookie/pull/525)5 - Bump tldts from 7.0.5 to 7.0.8 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/524](https://github.com/salesforce/tough-cookie/pull/524)4 - Create CONTRIBUTING.md by [@&elastic#8203;wjhsf](https://github.com/wjhsf) in [https://github.com/salesforce/tough-cookie/pull/526](https://github.com/salesforce/tough-cookie/pull/526) - Bump tldts from 7.0.8 to 7.0.9 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/530](https://github.com/salesforce/tough-cookie/pull/530)0 - chore(deps): bump tldts from 7.0.9 to 7.0.10 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/532](https://github.com/salesforce/tough-cookie/pull/532)2 - Bump the dev-dependencies group with 12 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/531](https://github.com/salesforce/tough-cookie/pull/531)1 - Reverts the check on the Secure attribute when setting a cookie by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/534](https://github.com/salesforce/tough-cookie/pull/534) - Prepare release v6.0.0-rc.1 by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/535](https://github.com/salesforce/tough-cookie/pull/535) - Bump the dev-dependencies group with 8 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/537](https://github.com/salesforce/tough-cookie/pull/537)7 - Support publishing of both ESM and CJS by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/536](https://github.com/salesforce/tough-cookie/pull/536) - Prepare v6 by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/538](https://github.com/salesforce/tough-cookie/pull/538) #### New Contributors - [@&elastic#8203;Chriss4123](https://github.com/Chriss4123) made their first contribution in [https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498) **Full Changelog**: salesforce/tough-cookie@v5.1.2...v6.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOlNlY3VyaXR5IiwiYmFja3BvcnQ6YWxsLW9wZW4iLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Larry Gregory <larry.gregory@elastic.co> Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com> (cherry picked from commit e900394)
Contributor
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
kibanamachine
added a commit
that referenced
this pull request
Aug 29, 2025
# Backport This will backport the following commits from `main` to `9.1`: - [Update dependency tough-cookie to v6 (main) (#233120)](#233120) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"elastic-renovate-prod[bot]","email":"174716857+elastic-renovate-prod[bot]@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-08-29T11:07:43Z","message":"Update dependency tough-cookie to v6 (main) (#233120)\n\nThis PR contains the following updates:\n\n| Package | Type | Update | Change |\n|---|---|---|---|\n| [tough-cookie](https://github.com/salesforce/tough-cookie) |\ndevDependencies | major | [`^5.1.2` ->\n`^6.0.0`](https://renovatebot.com/diffs/npm/tough-cookie/5.1.2/6.0.0) |\n\n---\n\n### Release Notes\n\n<details>\n<summary>salesforce/tough-cookie (tough-cookie)</summary>\n\n###\n[`v6.0.0`](https://github.com/salesforce/tough-cookie/releases/tag/v6.0.0)\n\n[Compare\nSource](https://github.com/salesforce/tough-cookie/compare/v5.1.2...v6.0.0)\n\n#### Summary\n\n##### Breaking Changes\n\n- Localhost connections over `http` will now be considered secure by\ndefault. For more information, see the [README\ndocumentation](https://github.com/salesforce/tough-cookie?tab=readme-ov-file#potentially-trustworthy-origins-are-considered-secure)\nand [API\nDocs](https://github.com/salesforce/tough-cookie/blob/master/api/docs/tough-cookie.createcookiejaroptions.md)\nfor how to configure this feature.\n\n##### Other Notable Changes\n\n- Dual publishing of ESM+CJS\n\n#### What's Changed\n\n- Bump globals from 15.14.0 to 16.0.0 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/504](https://github.com/salesforce/tough-cookie/pull/504)4\n- Bump the dev-dependencies group with 10 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/503](https://github.com/salesforce/tough-cookie/pull/503)3\n- Bump tldts from 6.1.76 to 6.1.79 in the production-dependencies group\nby [@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/502](https://github.com/salesforce/tough-cookie/pull/502)2\n- Bump tldts from 6.1.83 to 6.1.85 in the production-dependencies group\nby [@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/507](https://github.com/salesforce/tough-cookie/pull/507)7\n- Bump the dev-dependencies group with 9 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/508](https://github.com/salesforce/tough-cookie/pull/508)8\n- Bump eslint-import-resolver-typescript from 3.8.3 to 4.3.1 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/509](https://github.com/salesforce/tough-cookie/pull/509)9\n- feat: Add RFC 6761–compliant localhost loopback checks so secure\ncookies work on localhost (fixes:\n[#​382](https://github.com/salesforce/tough-cookie/issues/382))\nby [@​Chriss4123](https://github.com/Chriss4123) in\n[https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498)\n- use ESM instead of CJS by\n[@​wjhsf](https://github.com/wjhsf) in\n[https://github.com/salesforce/tough-cookie/pull/506](https://github.com/salesforce/tough-cookie/pull/506)\n- Switch from jest to vitest by\n[@​wjhsf](https://github.com/wjhsf) in\n[https://github.com/salesforce/tough-cookie/pull/510](https://github.com/salesforce/tough-cookie/pull/510)\n- Bump vite from 6.2.6 to 6.3.4 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/521](https://github.com/salesforce/tough-cookie/pull/521)1\n- Bump the dev-dependencies group with 9 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/522](https://github.com/salesforce/tough-cookie/pull/522)2\n- Bump tldts from 6.1.85 to 7.0.5 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/523](https://github.com/salesforce/tough-cookie/pull/523)3\n- Prepare release v6.0.0-rc.0 by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/519](https://github.com/salesforce/tough-cookie/pull/519)\n- Bump the dev-dependencies group with 12 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/525](https://github.com/salesforce/tough-cookie/pull/525)5\n- Bump tldts from 7.0.5 to 7.0.8 in the production-dependencies group by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/524](https://github.com/salesforce/tough-cookie/pull/524)4\n- Create CONTRIBUTING.md by\n[@​wjhsf](https://github.com/wjhsf) in\n[https://github.com/salesforce/tough-cookie/pull/526](https://github.com/salesforce/tough-cookie/pull/526)\n- Bump tldts from 7.0.8 to 7.0.9 in the production-dependencies group by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/530](https://github.com/salesforce/tough-cookie/pull/530)0\n- chore(deps): bump tldts from 7.0.9 to 7.0.10 in the\nproduction-dependencies group by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/532](https://github.com/salesforce/tough-cookie/pull/532)2\n- Bump the dev-dependencies group with 12 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/531](https://github.com/salesforce/tough-cookie/pull/531)1\n- Reverts the check on the Secure attribute when setting a cookie by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/534](https://github.com/salesforce/tough-cookie/pull/534)\n- Prepare release v6.0.0-rc.1 by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/535](https://github.com/salesforce/tough-cookie/pull/535)\n- Bump the dev-dependencies group with 8 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/537](https://github.com/salesforce/tough-cookie/pull/537)7\n- Support publishing of both ESM and CJS by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/536](https://github.com/salesforce/tough-cookie/pull/536)\n- Prepare v6 by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/538](https://github.com/salesforce/tough-cookie/pull/538)\n\n#### New Contributors\n\n- [@​Chriss4123](https://github.com/Chriss4123) made\ntheir first contribution in\n[https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498)\n\n**Full Changelog**:\nhttps://github.com/salesforce/tough-cookie/compare/v5.1.2...v6.0.0\n\n</details>\n\n---\n\n### Configuration\n\n📅 **Schedule**: Branch creation - At any time (no schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\nrebase/retry checkbox.\n\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\nagain.\n\n---\n\n- [ ] If you want to rebase/retry this PR, check\nthis box\n\n---\n\nThis PR has been generated by [Renovate\nBot](https://github.com/renovatebot/renovate).\n\n\n\nCo-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by: Larry Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>","sha":"e9003940290fb561cfb14bc74541dae7abb6ad85","branchLabelMapping":{"^v9.2.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","backport:all-open","v9.2.0"],"title":"Update dependency tough-cookie to v6 (main)","number":233120,"url":"https://github.com/elastic/kibana/pull/233120","mergeCommit":{"message":"Update dependency tough-cookie to v6 (main) (#233120)\n\nThis PR contains the following updates:\n\n| Package | Type | Update | Change |\n|---|---|---|---|\n| [tough-cookie](https://github.com/salesforce/tough-cookie) |\ndevDependencies | major | [`^5.1.2` ->\n`^6.0.0`](https://renovatebot.com/diffs/npm/tough-cookie/5.1.2/6.0.0) |\n\n---\n\n### Release Notes\n\n<details>\n<summary>salesforce/tough-cookie (tough-cookie)</summary>\n\n###\n[`v6.0.0`](https://github.com/salesforce/tough-cookie/releases/tag/v6.0.0)\n\n[Compare\nSource](https://github.com/salesforce/tough-cookie/compare/v5.1.2...v6.0.0)\n\n#### Summary\n\n##### Breaking Changes\n\n- Localhost connections over `http` will now be considered secure by\ndefault. For more information, see the [README\ndocumentation](https://github.com/salesforce/tough-cookie?tab=readme-ov-file#potentially-trustworthy-origins-are-considered-secure)\nand [API\nDocs](https://github.com/salesforce/tough-cookie/blob/master/api/docs/tough-cookie.createcookiejaroptions.md)\nfor how to configure this feature.\n\n##### Other Notable Changes\n\n- Dual publishing of ESM+CJS\n\n#### What's Changed\n\n- Bump globals from 15.14.0 to 16.0.0 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/504](https://github.com/salesforce/tough-cookie/pull/504)4\n- Bump the dev-dependencies group with 10 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/503](https://github.com/salesforce/tough-cookie/pull/503)3\n- Bump tldts from 6.1.76 to 6.1.79 in the production-dependencies group\nby [@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/502](https://github.com/salesforce/tough-cookie/pull/502)2\n- Bump tldts from 6.1.83 to 6.1.85 in the production-dependencies group\nby [@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/507](https://github.com/salesforce/tough-cookie/pull/507)7\n- Bump the dev-dependencies group with 9 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/508](https://github.com/salesforce/tough-cookie/pull/508)8\n- Bump eslint-import-resolver-typescript from 3.8.3 to 4.3.1 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/509](https://github.com/salesforce/tough-cookie/pull/509)9\n- feat: Add RFC 6761–compliant localhost loopback checks so secure\ncookies work on localhost (fixes:\n[#​382](https://github.com/salesforce/tough-cookie/issues/382))\nby [@​Chriss4123](https://github.com/Chriss4123) in\n[https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498)\n- use ESM instead of CJS by\n[@​wjhsf](https://github.com/wjhsf) in\n[https://github.com/salesforce/tough-cookie/pull/506](https://github.com/salesforce/tough-cookie/pull/506)\n- Switch from jest to vitest by\n[@​wjhsf](https://github.com/wjhsf) in\n[https://github.com/salesforce/tough-cookie/pull/510](https://github.com/salesforce/tough-cookie/pull/510)\n- Bump vite from 6.2.6 to 6.3.4 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/521](https://github.com/salesforce/tough-cookie/pull/521)1\n- Bump the dev-dependencies group with 9 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/522](https://github.com/salesforce/tough-cookie/pull/522)2\n- Bump tldts from 6.1.85 to 7.0.5 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/523](https://github.com/salesforce/tough-cookie/pull/523)3\n- Prepare release v6.0.0-rc.0 by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/519](https://github.com/salesforce/tough-cookie/pull/519)\n- Bump the dev-dependencies group with 12 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/525](https://github.com/salesforce/tough-cookie/pull/525)5\n- Bump tldts from 7.0.5 to 7.0.8 in the production-dependencies group by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/524](https://github.com/salesforce/tough-cookie/pull/524)4\n- Create CONTRIBUTING.md by\n[@​wjhsf](https://github.com/wjhsf) in\n[https://github.com/salesforce/tough-cookie/pull/526](https://github.com/salesforce/tough-cookie/pull/526)\n- Bump tldts from 7.0.8 to 7.0.9 in the production-dependencies group by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/530](https://github.com/salesforce/tough-cookie/pull/530)0\n- chore(deps): bump tldts from 7.0.9 to 7.0.10 in the\nproduction-dependencies group by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/532](https://github.com/salesforce/tough-cookie/pull/532)2\n- Bump the dev-dependencies group with 12 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/531](https://github.com/salesforce/tough-cookie/pull/531)1\n- Reverts the check on the Secure attribute when setting a cookie by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/534](https://github.com/salesforce/tough-cookie/pull/534)\n- Prepare release v6.0.0-rc.1 by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/535](https://github.com/salesforce/tough-cookie/pull/535)\n- Bump the dev-dependencies group with 8 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/537](https://github.com/salesforce/tough-cookie/pull/537)7\n- Support publishing of both ESM and CJS by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/536](https://github.com/salesforce/tough-cookie/pull/536)\n- Prepare v6 by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/538](https://github.com/salesforce/tough-cookie/pull/538)\n\n#### New Contributors\n\n- [@​Chriss4123](https://github.com/Chriss4123) made\ntheir first contribution in\n[https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498)\n\n**Full Changelog**:\nhttps://github.com/salesforce/tough-cookie/compare/v5.1.2...v6.0.0\n\n</details>\n\n---\n\n### Configuration\n\n📅 **Schedule**: Branch creation - At any time (no schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\nrebase/retry checkbox.\n\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\nagain.\n\n---\n\n- [ ] If you want to rebase/retry this PR, check\nthis box\n\n---\n\nThis PR has been generated by [Renovate\nBot](https://github.com/renovatebot/renovate).\n\n\n\nCo-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by: Larry Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>","sha":"e9003940290fb561cfb14bc74541dae7abb6ad85"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.2.0","branchLabelMappingKey":"^v9.2.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/233120","number":233120,"mergeCommit":{"message":"Update dependency tough-cookie to v6 (main) (#233120)\n\nThis PR contains the following updates:\n\n| Package | Type | Update | Change |\n|---|---|---|---|\n| [tough-cookie](https://github.com/salesforce/tough-cookie) |\ndevDependencies | major | [`^5.1.2` ->\n`^6.0.0`](https://renovatebot.com/diffs/npm/tough-cookie/5.1.2/6.0.0) |\n\n---\n\n### Release Notes\n\n<details>\n<summary>salesforce/tough-cookie (tough-cookie)</summary>\n\n###\n[`v6.0.0`](https://github.com/salesforce/tough-cookie/releases/tag/v6.0.0)\n\n[Compare\nSource](https://github.com/salesforce/tough-cookie/compare/v5.1.2...v6.0.0)\n\n#### Summary\n\n##### Breaking Changes\n\n- Localhost connections over `http` will now be considered secure by\ndefault. For more information, see the [README\ndocumentation](https://github.com/salesforce/tough-cookie?tab=readme-ov-file#potentially-trustworthy-origins-are-considered-secure)\nand [API\nDocs](https://github.com/salesforce/tough-cookie/blob/master/api/docs/tough-cookie.createcookiejaroptions.md)\nfor how to configure this feature.\n\n##### Other Notable Changes\n\n- Dual publishing of ESM+CJS\n\n#### What's Changed\n\n- Bump globals from 15.14.0 to 16.0.0 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/504](https://github.com/salesforce/tough-cookie/pull/504)4\n- Bump the dev-dependencies group with 10 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/503](https://github.com/salesforce/tough-cookie/pull/503)3\n- Bump tldts from 6.1.76 to 6.1.79 in the production-dependencies group\nby [@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/502](https://github.com/salesforce/tough-cookie/pull/502)2\n- Bump tldts from 6.1.83 to 6.1.85 in the production-dependencies group\nby [@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/507](https://github.com/salesforce/tough-cookie/pull/507)7\n- Bump the dev-dependencies group with 9 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/508](https://github.com/salesforce/tough-cookie/pull/508)8\n- Bump eslint-import-resolver-typescript from 3.8.3 to 4.3.1 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/509](https://github.com/salesforce/tough-cookie/pull/509)9\n- feat: Add RFC 6761–compliant localhost loopback checks so secure\ncookies work on localhost (fixes:\n[#​382](https://github.com/salesforce/tough-cookie/issues/382))\nby [@​Chriss4123](https://github.com/Chriss4123) in\n[https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498)\n- use ESM instead of CJS by\n[@​wjhsf](https://github.com/wjhsf) in\n[https://github.com/salesforce/tough-cookie/pull/506](https://github.com/salesforce/tough-cookie/pull/506)\n- Switch from jest to vitest by\n[@​wjhsf](https://github.com/wjhsf) in\n[https://github.com/salesforce/tough-cookie/pull/510](https://github.com/salesforce/tough-cookie/pull/510)\n- Bump vite from 6.2.6 to 6.3.4 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/521](https://github.com/salesforce/tough-cookie/pull/521)1\n- Bump the dev-dependencies group with 9 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/522](https://github.com/salesforce/tough-cookie/pull/522)2\n- Bump tldts from 6.1.85 to 7.0.5 by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/523](https://github.com/salesforce/tough-cookie/pull/523)3\n- Prepare release v6.0.0-rc.0 by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/519](https://github.com/salesforce/tough-cookie/pull/519)\n- Bump the dev-dependencies group with 12 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/525](https://github.com/salesforce/tough-cookie/pull/525)5\n- Bump tldts from 7.0.5 to 7.0.8 in the production-dependencies group by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/524](https://github.com/salesforce/tough-cookie/pull/524)4\n- Create CONTRIBUTING.md by\n[@​wjhsf](https://github.com/wjhsf) in\n[https://github.com/salesforce/tough-cookie/pull/526](https://github.com/salesforce/tough-cookie/pull/526)\n- Bump tldts from 7.0.8 to 7.0.9 in the production-dependencies group by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/530](https://github.com/salesforce/tough-cookie/pull/530)0\n- chore(deps): bump tldts from 7.0.9 to 7.0.10 in the\nproduction-dependencies group by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/532](https://github.com/salesforce/tough-cookie/pull/532)2\n- Bump the dev-dependencies group with 12 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/531](https://github.com/salesforce/tough-cookie/pull/531)1\n- Reverts the check on the Secure attribute when setting a cookie by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/534](https://github.com/salesforce/tough-cookie/pull/534)\n- Prepare release v6.0.0-rc.1 by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/535](https://github.com/salesforce/tough-cookie/pull/535)\n- Bump the dev-dependencies group with 8 updates by\n[@​dependabot](https://github.com/dependabot)\\[bot]\nin[https://github.com/salesforce/tough-cookie/pull/537](https://github.com/salesforce/tough-cookie/pull/537)7\n- Support publishing of both ESM and CJS by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/536](https://github.com/salesforce/tough-cookie/pull/536)\n- Prepare v6 by\n[@​colincasey](https://github.com/colincasey) in\n[https://github.com/salesforce/tough-cookie/pull/538](https://github.com/salesforce/tough-cookie/pull/538)\n\n#### New Contributors\n\n- [@​Chriss4123](https://github.com/Chriss4123) made\ntheir first contribution in\n[https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498)\n\n**Full Changelog**:\nhttps://github.com/salesforce/tough-cookie/compare/v5.1.2...v6.0.0\n\n</details>\n\n---\n\n### Configuration\n\n📅 **Schedule**: Branch creation - At any time (no schedule defined),\nAutomerge - At any time (no schedule defined).\n\n🚦 **Automerge**: Disabled by config. Please merge this manually once you\nare satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the\nrebase/retry checkbox.\n\n🔕 **Ignore**: Close this PR and you won't be reminded about this update\nagain.\n\n---\n\n- [ ] If you want to rebase/retry this PR, check\nthis box\n\n---\n\nThis PR has been generated by [Renovate\nBot](https://github.com/renovatebot/renovate).\n\n\n\nCo-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>\nCo-authored-by: Larry Gregory <larry.gregory@elastic.co>\nCo-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>","sha":"e9003940290fb561cfb14bc74541dae7abb6ad85"}}]}] BACKPORT--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Larry Gregory <larry.gregory@elastic.co> Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
ymao1
pushed a commit
to ymao1/kibana
that referenced
this pull request
Aug 29, 2025
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [tough-cookie](https://github.com/salesforce/tough-cookie) | devDependencies | major | [`^5.1.2` -> `^6.0.0`](https://renovatebot.com/diffs/npm/tough-cookie/5.1.2/6.0.0) | --- ### Release Notes <details> <summary>salesforce/tough-cookie (tough-cookie)</summary> ### [`v6.0.0`](https://github.com/salesforce/tough-cookie/releases/tag/v6.0.0) [Compare Source](https://github.com/salesforce/tough-cookie/compare/v5.1.2...v6.0.0) #### Summary ##### Breaking Changes - Localhost connections over `http` will now be considered secure by default. For more information, see the [README documentation](https://github.com/salesforce/tough-cookie?tab=readme-ov-file#potentially-trustworthy-origins-are-considered-secure) and [API Docs](https://github.com/salesforce/tough-cookie/blob/master/api/docs/tough-cookie.createcookiejaroptions.md) for how to configure this feature. ##### Other Notable Changes - Dual publishing of ESM+CJS #### What's Changed - Bump globals from 15.14.0 to 16.0.0 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/504](https://github.com/salesforce/tough-cookie/pull/504)4 - Bump the dev-dependencies group with 10 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/503](https://github.com/salesforce/tough-cookie/pull/503)3 - Bump tldts from 6.1.76 to 6.1.79 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/502](https://github.com/salesforce/tough-cookie/pull/502)2 - Bump tldts from 6.1.83 to 6.1.85 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/507](https://github.com/salesforce/tough-cookie/pull/507)7 - Bump the dev-dependencies group with 9 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/508](https://github.com/salesforce/tough-cookie/pull/508)8 - Bump eslint-import-resolver-typescript from 3.8.3 to 4.3.1 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/509](https://github.com/salesforce/tough-cookie/pull/509)9 - feat: Add RFC 6761–compliant localhost loopback checks so secure cookies work on localhost (fixes: [#&elastic#8203;382](https://github.com/salesforce/tough-cookie/issues/382)) by [@&elastic#8203;Chriss4123](https://github.com/Chriss4123) in [https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498) - use ESM instead of CJS by [@&elastic#8203;wjhsf](https://github.com/wjhsf) in [https://github.com/salesforce/tough-cookie/pull/506](https://github.com/salesforce/tough-cookie/pull/506) - Switch from jest to vitest by [@&elastic#8203;wjhsf](https://github.com/wjhsf) in [https://github.com/salesforce/tough-cookie/pull/510](https://github.com/salesforce/tough-cookie/pull/510) - Bump vite from 6.2.6 to 6.3.4 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/521](https://github.com/salesforce/tough-cookie/pull/521)1 - Bump the dev-dependencies group with 9 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/522](https://github.com/salesforce/tough-cookie/pull/522)2 - Bump tldts from 6.1.85 to 7.0.5 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/523](https://github.com/salesforce/tough-cookie/pull/523)3 - Prepare release v6.0.0-rc.0 by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/519](https://github.com/salesforce/tough-cookie/pull/519) - Bump the dev-dependencies group with 12 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/525](https://github.com/salesforce/tough-cookie/pull/525)5 - Bump tldts from 7.0.5 to 7.0.8 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/524](https://github.com/salesforce/tough-cookie/pull/524)4 - Create CONTRIBUTING.md by [@&elastic#8203;wjhsf](https://github.com/wjhsf) in [https://github.com/salesforce/tough-cookie/pull/526](https://github.com/salesforce/tough-cookie/pull/526) - Bump tldts from 7.0.8 to 7.0.9 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/530](https://github.com/salesforce/tough-cookie/pull/530)0 - chore(deps): bump tldts from 7.0.9 to 7.0.10 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/532](https://github.com/salesforce/tough-cookie/pull/532)2 - Bump the dev-dependencies group with 12 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/531](https://github.com/salesforce/tough-cookie/pull/531)1 - Reverts the check on the Secure attribute when setting a cookie by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/534](https://github.com/salesforce/tough-cookie/pull/534) - Prepare release v6.0.0-rc.1 by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/535](https://github.com/salesforce/tough-cookie/pull/535) - Bump the dev-dependencies group with 8 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/537](https://github.com/salesforce/tough-cookie/pull/537)7 - Support publishing of both ESM and CJS by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/536](https://github.com/salesforce/tough-cookie/pull/536) - Prepare v6 by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/538](https://github.com/salesforce/tough-cookie/pull/538) #### New Contributors - [@&elastic#8203;Chriss4123](https://github.com/Chriss4123) made their first contribution in [https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498) **Full Changelog**: salesforce/tough-cookie@v5.1.2...v6.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOlNlY3VyaXR5IiwiYmFja3BvcnQ6YWxsLW9wZW4iLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Larry Gregory <larry.gregory@elastic.co> Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
jkelas
pushed a commit
to jkelas/kibana
that referenced
this pull request
Sep 2, 2025
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [tough-cookie](https://github.com/salesforce/tough-cookie) | devDependencies | major | [`^5.1.2` -> `^6.0.0`](https://renovatebot.com/diffs/npm/tough-cookie/5.1.2/6.0.0) | --- ### Release Notes <details> <summary>salesforce/tough-cookie (tough-cookie)</summary> ### [`v6.0.0`](https://github.com/salesforce/tough-cookie/releases/tag/v6.0.0) [Compare Source](https://github.com/salesforce/tough-cookie/compare/v5.1.2...v6.0.0) #### Summary ##### Breaking Changes - Localhost connections over `http` will now be considered secure by default. For more information, see the [README documentation](https://github.com/salesforce/tough-cookie?tab=readme-ov-file#potentially-trustworthy-origins-are-considered-secure) and [API Docs](https://github.com/salesforce/tough-cookie/blob/master/api/docs/tough-cookie.createcookiejaroptions.md) for how to configure this feature. ##### Other Notable Changes - Dual publishing of ESM+CJS #### What's Changed - Bump globals from 15.14.0 to 16.0.0 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/504](https://github.com/salesforce/tough-cookie/pull/504)4 - Bump the dev-dependencies group with 10 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/503](https://github.com/salesforce/tough-cookie/pull/503)3 - Bump tldts from 6.1.76 to 6.1.79 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/502](https://github.com/salesforce/tough-cookie/pull/502)2 - Bump tldts from 6.1.83 to 6.1.85 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/507](https://github.com/salesforce/tough-cookie/pull/507)7 - Bump the dev-dependencies group with 9 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/508](https://github.com/salesforce/tough-cookie/pull/508)8 - Bump eslint-import-resolver-typescript from 3.8.3 to 4.3.1 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/509](https://github.com/salesforce/tough-cookie/pull/509)9 - feat: Add RFC 6761–compliant localhost loopback checks so secure cookies work on localhost (fixes: [#&elastic#8203;382](https://github.com/salesforce/tough-cookie/issues/382)) by [@&elastic#8203;Chriss4123](https://github.com/Chriss4123) in [https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498) - use ESM instead of CJS by [@&elastic#8203;wjhsf](https://github.com/wjhsf) in [https://github.com/salesforce/tough-cookie/pull/506](https://github.com/salesforce/tough-cookie/pull/506) - Switch from jest to vitest by [@&elastic#8203;wjhsf](https://github.com/wjhsf) in [https://github.com/salesforce/tough-cookie/pull/510](https://github.com/salesforce/tough-cookie/pull/510) - Bump vite from 6.2.6 to 6.3.4 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/521](https://github.com/salesforce/tough-cookie/pull/521)1 - Bump the dev-dependencies group with 9 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/522](https://github.com/salesforce/tough-cookie/pull/522)2 - Bump tldts from 6.1.85 to 7.0.5 by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/523](https://github.com/salesforce/tough-cookie/pull/523)3 - Prepare release v6.0.0-rc.0 by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/519](https://github.com/salesforce/tough-cookie/pull/519) - Bump the dev-dependencies group with 12 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/525](https://github.com/salesforce/tough-cookie/pull/525)5 - Bump tldts from 7.0.5 to 7.0.8 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/524](https://github.com/salesforce/tough-cookie/pull/524)4 - Create CONTRIBUTING.md by [@&elastic#8203;wjhsf](https://github.com/wjhsf) in [https://github.com/salesforce/tough-cookie/pull/526](https://github.com/salesforce/tough-cookie/pull/526) - Bump tldts from 7.0.8 to 7.0.9 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/530](https://github.com/salesforce/tough-cookie/pull/530)0 - chore(deps): bump tldts from 7.0.9 to 7.0.10 in the production-dependencies group by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/532](https://github.com/salesforce/tough-cookie/pull/532)2 - Bump the dev-dependencies group with 12 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/531](https://github.com/salesforce/tough-cookie/pull/531)1 - Reverts the check on the Secure attribute when setting a cookie by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/534](https://github.com/salesforce/tough-cookie/pull/534) - Prepare release v6.0.0-rc.1 by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/535](https://github.com/salesforce/tough-cookie/pull/535) - Bump the dev-dependencies group with 8 updates by [@&elastic#8203;dependabot](https://github.com/dependabot)\[bot] in[https://github.com/salesforce/tough-cookie/pull/537](https://github.com/salesforce/tough-cookie/pull/537)7 - Support publishing of both ESM and CJS by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/536](https://github.com/salesforce/tough-cookie/pull/536) - Prepare v6 by [@&elastic#8203;colincasey](https://github.com/colincasey) in [https://github.com/salesforce/tough-cookie/pull/538](https://github.com/salesforce/tough-cookie/pull/538) #### New Contributors - [@&elastic#8203;Chriss4123](https://github.com/Chriss4123) made their first contribution in [https://github.com/salesforce/tough-cookie/pull/498](https://github.com/salesforce/tough-cookie/pull/498) **Full Changelog**: salesforce/tough-cookie@v5.1.2...v6.0.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOlNlY3VyaXR5IiwiYmFja3BvcnQ6YWxsLW9wZW4iLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com> Co-authored-by: Larry Gregory <larry.gregory@elastic.co> Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^5.1.2->^6.0.0Release Notes
salesforce/tough-cookie (tough-cookie)
v6.0.0Compare Source
Summary
Breaking Changes
httpwill now be considered secure by default. For more information, see the README documentation and API Docs for how to configure this feature.Other Notable Changes
What's Changed
New Contributors
Full Changelog: salesforce/tough-cookie@v5.1.2...v6.0.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.