Bump tough-cookie and less #63

dependabot · 2026-01-05T22:59:09Z

Bumps tough-cookie to 6.0.0 and updates ancestor dependency less. These dependencies need to be updated together.

Updates tough-cookie from 2.3.4 to 6.0.0

Release notes

v6.0.0

Summary

Breaking Changes

Localhost connections over http will now be considered secure by default. For more information, see the README documentation and API Docs for how to configure this feature.

Other Notable Changes

Dual publishing of ESM+CJS

What's Changed

Bump globals from 15.14.0 to 16.0.0 by @dependabot[bot] in salesforce/tough-cookie#504

Bump the dev-dependencies group with 10 updates by @dependabot[bot] in salesforce/tough-cookie#503

Bump tldts from 6.1.76 to 6.1.79 in the production-dependencies group by @dependabot[bot] in salesforce/tough-cookie#502

Bump tldts from 6.1.83 to 6.1.85 in the production-dependencies group by @dependabot[bot] in salesforce/tough-cookie#507

Bump the dev-dependencies group with 9 updates by @dependabot[bot] in salesforce/tough-cookie#508

Bump eslint-import-resolver-typescript from 3.8.3 to 4.3.1 by @dependabot[bot] in salesforce/tough-cookie#509

feat: Add RFC 6761–compliant localhost loopback checks so secure cookies work on localhost (fixes: #382) by @Chriss4123 in salesforce/tough-cookie#498

use ESM instead of CJS by @wjhsf in salesforce/tough-cookie#506

Switch from jest to vitest by @wjhsf in salesforce/tough-cookie#510

Bump vite from 6.2.6 to 6.3.4 by @dependabot[bot] in salesforce/tough-cookie#521

Bump the dev-dependencies group with 9 updates by @dependabot[bot] in salesforce/tough-cookie#522

Bump tldts from 6.1.85 to 7.0.5 by @dependabot[bot] in salesforce/tough-cookie#523

Prepare release v6.0.0-rc.0 by @colincasey in salesforce/tough-cookie#519

Bump the dev-dependencies group with 12 updates by @dependabot[bot] in salesforce/tough-cookie#525

Bump tldts from 7.0.5 to 7.0.8 in the production-dependencies group by @dependabot[bot] in salesforce/tough-cookie#524

Create CONTRIBUTING.md by @wjhsf in salesforce/tough-cookie#526

Bump tldts from 7.0.8 to 7.0.9 in the production-dependencies group by @dependabot[bot] in salesforce/tough-cookie#530

chore(deps): bump tldts from 7.0.9 to 7.0.10 in the production-dependencies group by @dependabot[bot] in salesforce/tough-cookie#532

Bump the dev-dependencies group with 12 updates by @dependabot[bot] in salesforce/tough-cookie#531

Reverts the check on the Secure attribute when setting a cookie by @colincasey in salesforce/tough-cookie#534

Prepare release v6.0.0-rc.1 by @colincasey in salesforce/tough-cookie#535

Bump the dev-dependencies group with 8 updates by @dependabot[bot] in salesforce/tough-cookie#537

Support publishing of both ESM and CJS by @colincasey in salesforce/tough-cookie#536

Prepare v6 by @colincasey in salesforce/tough-cookie#538

New Contributors

@Chriss4123 made their first contribution in salesforce/tough-cookie#498

Full Changelog: salesforce/tough-cookie@v5.1.2...v6.0.0

v5.1.2

What's Changed

Fix regression bug in domainMatch by @colincasey in salesforce/tough-cookie#500

Prepare v5.1.2 by @colincasey in salesforce/tough-cookie#501

Full Changelog: salesforce/tough-cookie@v5.1.1...v5.1.2

... (truncated)

Commits

62be1e4 Prepare v6 (#538)
5e2cf1c Support publishing of both ESM and CJS (#536)
d0c0ee8 Bump the dev-dependencies group with 8 updates (#537)
98c7726 6.0.0-rc.1 (#535)
c024d1d Reverts the check on the Secure attribute when setting a cookie (#534)
6d729f9 Bump the dev-dependencies group with 12 updates (#531)
eb872bf chore(deps): bump tldts in the production-dependencies group (#532)
e0a859d Bump tldts from 7.0.8 to 7.0.9 in the production-dependencies group (#530)
25e3e46 Create CONTRIBUTING.md (#526)
27582e8 Bump tldts from 7.0.5 to 7.0.8 in the production-dependencies group (#524)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.

Updates less from 2.7.3 to 4.5.1

Release notes

Sourced from less's releases.

v4.4.2

#4357 Migrate Less test data to use valid CSS (@matthew-dean)

#4363 Fix #4362 no spacing regression for function (@puckowski)

v4.4.1

#4342 Add support for CSS scroll state container queries (@puckowski)

#4349 Fix #4348 parse layer nesting syntax (@puckowski)

v4.4.0

#4337 Add support for layer at-rule (@puckowski)

#4340 Add support for import at-rule layer functionality (@puckowski)

#4346 Fix #4343 add color operands (@puckowski)

v4.3.0

#4319 Add deprecation warnings to Less output during parsing and new quiet flag (@matthew-dean) #4320 Update README.md to remove Lerna reference (@matthew-dean) #4322 Revise Playwright install method for CI stability (@puckowski) #4333 Add support for starting-style at rule. (@puckowski)

v4.2.2

less/less.js#4290 Fix less/less.js#4268 nested pseudo-selector parsing (@puckowski) less/less.js#4291 Enhance Less.js test environment setup (#4291) (@iChenLei) less/less.js#4295 Fix less/less.js#4252 container queries created via mixin evaluating variables incorrectly (@puckowski) less/less.js#4294 Fix less/less.js#3737 allow blank variable declarationd (@puckowski) less/less.js#4292 Fix less/less.js#4258 variable interpolation after math (@puckowski) less/less.js#4293 Fix less/less.js#4264 strip line comment from expression (@puckowski) less/less.js#4302 Fix less/less.js#4301 at-rule declarations missing (@puckowski) less/less.js#4309 Fix Node 23 CI (#4309) (@iChenLei)

v4.2.1

#4235 Fix container style queries extra space resolved (@puckowski)

v4.2.0

#3811 add support for container queries (@puckowski)

#3761 fix faulty source map generation with variables in selectors, fixes #3567 (@pgoldberg)

#3700 parsing variables fail when there is no trailing semicolon (@b-kelly)

#3719 modify this pointer so that it is not empty. (@lumburr)

#3649 fixes #2991 empty @media queries generated when compiling less file with (reference) to bootstrap (@MoonCoral)

v4.1.3

#3673 Feat: add support for case-insensitive attribute selectors (#3673) (@iChenLei)

#3710 Feat: add disablePluginRule flag for render() options (#3710) (@broofa @edhgoose)

#3656 Fix #3655 for param tag is null (#3658) (@langren1353)

#3658 Fix #3646 forcefully change unsupported input to strings (#3658) (@gzb1128)

#3668 Fix change keyword plugin and import regexp (#3668) (@iChenLei)

#3613 Fix #3591: refactor debugInfo from class to function (#3613) (@drdevlin)

#3716 Fix https failures on macOS (#3716) (@joeyparrish)

v4.1.2

... (truncated)

Changelog

Sourced from less's changelog.

Change Log

v4.4.2 (2025-08-27)

#4357 Migrate Less test data to use valid CSS (@matthew-dean)

#4363 Fix #4362 no spacing regression for function (@puckowski)

v4.4.1 (2025-07-25)

#4342 Add support for CSS scroll state container queries (@puckowski)

#4349 Fix #4348 parse layer nesting syntax (@puckowski)

v4.4.0 (2025-05-31)

#4337 Add support for layer at-rule (@puckowski)

#4340 Add support for import at-rule layer functionality (@puckowski)

#4346 Fix #4343 add color operands (@puckowski)

v4.3.0 (2025-04-04)

#4319 Add deprecation warnings to Less output during parsing and new quiet flag (@matthew-dean)

#4320 Update README.md to remove Lerna reference (@matthew-dean)

#4322 Revise Playwright install method for CI stability (@puckowski)

#4333 Add support for starting-style at rule. (@puckowski)

v4.2.2 (2025-01-04)

#4290 Fix #4268 nested pseudo-selector parsing (@puckowski)

#4291 Enhance Less.js test environment setup (#4291) (@iChenLei)

#4295 Fix #4252 container queries created via mixin evaluating variables incorrectly (@puckowski)

#4294 Fix #3737 allow blank variable declarationd (@puckowski)

#4292 Fix #4258 variable interpolation after math (@puckowski)

#4293 Fix #4264 strip line comment from expression (@puckowski)

#4302 Fix #4301 at-rule declarations missing (@puckowski)

#4309 Fix Node 23 CI (#4309) (@iChenLei)

v4.2.1 (2024-09-26)

#4237 Fix #4235 container style queries extra space resolved (@puckowski)

v4.2.0 (2023-08-06)

#3811 add support for container queries (@puckowski)

#3761 fix faulty source map generation with variables in selectors, fixes #3567 (@pgoldberg)

#3700 parsing variables fail when there is no trailing semicolon (@b-kelly)

#3719 modify this pointer so that it is not empty. (@lumburr)

#3649 fixes #2991 empty @media queries generated when compiling less file with (reference) to bootstrap (@MoonCoral)

v4.1.3 (2022-06-09)

#3673 Feat: add support for case-insensitive attribute selectors (#3673) (@iChenLei)

#3710 Feat: add disablePluginRule flag for render() options (#3710) (@broofa @edhgoose)

... (truncated)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for less since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) to 6.0.0 and updates ancestor dependency [less](https://github.com/less/less.js). These dependencies need to be updated together. Updates `tough-cookie` from 2.3.4 to 6.0.0 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.3.4...v6.0.0) Updates `less` from 2.7.3 to 4.5.1 - [Release notes](https://github.com/less/less.js/releases) - [Changelog](https://github.com/less/less.js/blob/master/CHANGELOG.md) - [Commits](https://github.com/less/less.js/commits) --- updated-dependencies: - dependency-name: tough-cookie dependency-version: 6.0.0 dependency-type: indirect - dependency-name: less dependency-version: 4.5.1 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jan 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump tough-cookie and less #63

Bump tough-cookie and less #63

Uh oh!

dependabot bot commented on behalf of github Jan 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump tough-cookie and less #63

Are you sure you want to change the base?

Bump tough-cookie and less #63

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 5, 2026

v6.0.0

Summary

Breaking Changes

Other Notable Changes

What's Changed

New Contributors

v5.1.2

What's Changed

v4.4.2

v4.4.1

v4.4.0

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.3

v4.1.2

Change Log

v4.4.2 (2025-08-27)

v4.4.1 (2025-07-25)

v4.4.0 (2025-05-31)

v4.3.0 (2025-04-04)

v4.2.2 (2025-01-04)

v4.2.1 (2024-09-26)

v4.2.0 (2023-08-06)

v4.1.3 (2022-06-09)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant