[Snyk] Upgrade js-cookie from 3.0.1 to 3.0.5

[colorado392]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade js-cookie from 3.0.1 to 3.0.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.
• The recommended version was released 9 months ago, on 2023-04-24.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	294/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0006, Social Trends: No, Days since published: 117, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 12.6, Likelihood: 2.33, Score Version: V5	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	294/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0006, Social Trends: No, Days since published: 117, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: Critical, Provider Urgency: Critical, Package Popularity Score: 99, Impact: 12.6, Likelihood: 2.33, Score Version: V5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: js-cookie

• 3.0.5 - 2023-04-24
  
  • Remove npm version restriction in package.json - #818
• 3.0.4 - 2023-04-21
  
  • Publish to npmjs.com with package provenance
• 3.0.3 - 2023-04-21
• 3.0.2 - 2023-04-21
• 3.0.1 - 2021-09-01
  
  • Make package.json accessible in export - #727

from js-cookie GitHub release notes

Commit messages

Package name: js-cookie

• 39a0f40 Remove npm version restriction
• 08eb825 Stop distribution via GitHub releases
• f44d125 Revert "Allow skipping npm publishing for releasing"
• ef94a67 Revert "Add cli flag required to actually skip npm publish"
• 3f8542c Reword readme section regarding releasing
• 0e8eb66 Add cli flag required to actually skip npm publish
• c740408 Allow skipping npm publishing for releasing
• 089e42b Add keyless commit signing to release workflow
• 97dca93 Craft v3.0.4 release
• ed914cc Craft v3.0.3 release
• 1074ef8 Adapt git user in release workflow
• b838df8 Craft v3.0.2 release
• 2d06dec Add missing git user config for release workflow
• ee043b4 Fix test for boolean input
• 30dd761 Prevent `npm whoami` check for release-it
• ada4b3b Add missing GitHub token for releasing
• 75c8aa5 Streamline checking out repo for releasing
• 9a2bf3f Add missing whitespace in command
• 715aaa0 Add missing flag for npm publishing
• d8af3b2 Fix yaml formatting in workflow file
• 8d7b07e Rename copy&paste job name
• 4f201eb Add workflow for releasing w/ package provenance
• f2f5646 Adapt branch name in readme
• c5ec0f7 Bump grunt-contrib-nodeunit from 4.0.0 to 5.0.0

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs