You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My organization (unfortunately) still makes use of some older packages that use tough-cookie@~2.5.0 as a dependency. Is there any possibility that the fix in https://github.com/salesforce/tough-cookie/pull/283/files can be backported as a patch to that minor version? I would be more than happy to make the pull request to do so, but don't see a branch that matches with 2.5.0.
The text was updated successfully, but these errors were encountered:
Affected versions of this package are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode.
You may have to confirm this against the version of request you're using but it's unlikely that they would have disabled this security feature.
My organization (unfortunately) still makes use of some older packages that use
tough-cookie@~2.5.0
as a dependency. Is there any possibility that the fix in https://github.com/salesforce/tough-cookie/pull/283/files can be backported as a patch to that minor version? I would be more than happy to make the pull request to do so, but don't see a branch that matches with2.5.0
.The text was updated successfully, but these errors were encountered: