[PR #488] [MERGED] Bump js-cookie and react-use #3337

Closed
opened 2026-07-15 02:02:33 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/mountain-loop/yaak/pull/488
Author: @dependabot[bot]
Created: 6/30/2026
Status: Merged
Merged: 6/30/2026
Merged by: @gschier

Base: mainHead: dependabot/npm_and_yarn/multi-8c8957879a


📝 Commits (1)

  • 6e65148 Bump js-cookie and react-use

📊 Changes

2 files changed (+13 additions, -13 deletions)

View changed files

📝 apps/yaak-client/package.json (+1 -1)
📝 package-lock.json (+12 -12)

📄 Description

Bumps js-cookie to 3.0.8 and updates ancestor dependency react-use. These dependencies need to be updated together.

Updates js-cookie from 2.2.1 to 3.0.8

Release notes

Sourced from js-cookie's releases.

v3.0.8

  • Restore ES5 compatibility, inadvertently broken in 3.0.7 - #959
  • Lift Node version restriction, inadvertently restricted to >= 20 in 3.0.7 - #956

v3.0.7

  • Prevent cookie attribute injection: CVE-2026-46625 (eb3c40e)
  • Add Partitioned attribute to readme (b994768)
  • Publish to npm registry via trusted publisher exclusively (4dc71be)
  • Ensure consistent behaviour for get('name') + get() (1953d30)

v3.0.5

  • Remove npm version restriction in package.json - #818

v3.0.4

  • Publish to npmjs.com with package provenance

v3.0.1

  • Make package.json accessible in export - #727

v3.0.0

  • Removed defaults in favor of a builder: now to supply an api instance with particular predefined (cookie) attributes there's Cookies.withAttributes(), e.g.:
const api = Cookies.withAttributes({
  path: '/',
  secure: true
})
api.set('key', 'value') // writes cookie with path: '/' and secure: true...
  • The attributes that an api instance is configured with are exposed as attributes property; it's an immutable object and unlike defaults cannot be changed to configure the api.
  • The mechanism to fall back to the standard, internal converter by returning a falsy value in a custom read converter has been removed. Instead the default converters are now exposed as Cookies.converter, which allows for implementing self-contained custom converters providing the same behavior:
const customReadConverter = (value, name) => {
  if (name === 'special') {
    return unescape(value)
  }
  return Cookies.converter.read(value)
}
  • withConverter() no longer accepts a function as argument to be turned into a read converter. It is now required to always pass an object with the explicit type(s) of converter(s):
const api = Cookies.withConverter({
  read: (value, name) => unescape(value)
})
  • The converter(s) that an api instance is configured with are exposed as converter property; it's an immutable object and cannot be changed to configure the api.
  • Started providing library as ES module, in addition to UMD module. The module field in package.json points to an ES module variant of the library.
  • Started using browser field instead of main in package.json (for the UMD variant of the library).
  • Dropped support for IE < 10.
  • Removed built-in JSON support, i.e. getJSON() and automatic stringifying in set(): use Cookies.set('foo', JSON.stringify({ ... })) and JSON.parse(Cookies.get('foo')) instead.
  • Removed support for Bower.

... (truncated)

Commits
  • d7a1096 Craft v3.0.8 release
  • 248e685 Use existing Chrome with puppeteer
  • fc04269 Remove QUnit related workaround in Grunt config
  • 265a685 Tidy up package lock file
  • 478e591 Disable Node deprecation DEP0044 for release workflow
  • 331d524 Fix node version config for E2E test job
  • 11d773d Ensure ECMAScript compatibility
  • d788646 Remove engines property from package
  • e7d9a4d Fix typo in test assertion message
  • b5fca24 Make credentials use explicit in release workflow
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for js-cookie since your current version.


Updates react-use from 17.6.0 to 17.6.1

Release notes

Sourced from react-use's releases.

v17.6.1

17.6.1 (2026-06-10)

Bug Fixes

  • deps: update dependency js-cookie to v3 (c0349d9)
Changelog

Sourced from react-use's changelog.

17.6.1 (2026-06-10)

Bug Fixes

  • deps: update dependency js-cookie to v3 (c0349d9)
Commits
  • fbe99c6 chore(release): 17.6.1 [skip ci]
  • a09536d Merge pull request #2100 from streamich/renovate/js-cookie-3.x
  • 41f6437 Merge branch 'master' into renovate/js-cookie-3.x
  • 9ef9535 chore(deps): update babel monorepo to v7.28.3 (#2666)
  • 68723a5 chore(deps): update dependency eslint-plugin-react to v7.37.5 (#2659)
  • e19a114 chore(deps): update dependency eslint-plugin-jsx-a11y to v6.10.2 (#2658)
  • 756784f chore(deps): update dependency eslint-plugin-import to v2.32.0 (#2657)
  • f6b9c35 chore(deps): update dependency babel-loader to v8.4.1 (#2656)
  • c60dda9 chore(deps): update babel monorepo (#2655)
  • b80305e chore(deps): update semantic-release monorepo (#2654)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/mountain-loop/yaak/pull/488 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 6/30/2026 **Status:** ✅ Merged **Merged:** 6/30/2026 **Merged by:** [@gschier](https://github.com/gschier) **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/multi-8c8957879a` --- ### 📝 Commits (1) - [`6e65148`](https://github.com/mountain-loop/yaak/commit/6e651483a5d877d2ad4a30b4021c782a5c7bca67) Bump js-cookie and react-use ### 📊 Changes **2 files changed** (+13 additions, -13 deletions) <details> <summary>View changed files</summary> 📝 `apps/yaak-client/package.json` (+1 -1) 📝 `package-lock.json` (+12 -12) </details> ### 📄 Description Bumps [js-cookie](https://github.com/js-cookie/js-cookie) to 3.0.8 and updates ancestor dependency [react-use](https://github.com/streamich/react-use). These dependencies need to be updated together. Updates `js-cookie` from 2.2.1 to 3.0.8 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/js-cookie/js-cookie/releases">js-cookie's releases</a>.</em></p> <blockquote> <h2>v3.0.8</h2> <ul> <li>Restore ES5 compatibility, inadvertently broken in 3.0.7 - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/959">#959</a></li> <li>Lift Node version restriction, inadvertently restricted to &gt;= 20 in 3.0.7 - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/956">#956</a></li> </ul> <h2>v3.0.7</h2> <ul> <li>Prevent cookie attribute injection: CVE-2026-46625 (eb3c40e)</li> <li>Add <code>Partitioned</code> attribute to readme (b994768)</li> <li>Publish to npm registry via trusted publisher exclusively (4dc71be)</li> <li>Ensure consistent behaviour for <code>get('name')</code> + <code>get()</code> (1953d30)</li> </ul> <h2>v3.0.5</h2> <ul> <li>Remove npm version restriction in package.json - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/818">#818</a></li> </ul> <h2>v3.0.4</h2> <ul> <li>Publish to npmjs.com with package provenance</li> </ul> <h2>v3.0.1</h2> <ul> <li>Make package.json accessible in export - <a href="https://redirect.github.com/js-cookie/js-cookie/issues/727">#727</a></li> </ul> <h2>v3.0.0</h2> <ul> <li>Removed <code>defaults</code> in favor of a builder: now to supply an api instance with particular predefined (cookie) attributes there's <code>Cookies.withAttributes()</code>, e.g.:</li> </ul> <pre lang="js"><code>const api = Cookies.withAttributes({ path: '/', secure: true }) api.set('key', 'value') // writes cookie with path: '/' and secure: true... </code></pre> <ul> <li>The attributes that an api instance is configured with are exposed as <code>attributes</code> property; it's an immutable object and unlike <code>defaults</code> cannot be changed to configure the api.</li> <li>The mechanism to fall back to the standard, internal converter by returning a falsy value in a custom read converter has been removed. Instead the default converters are now exposed as <code>Cookies.converter</code>, which allows for implementing self-contained custom converters providing the same behavior:</li> </ul> <pre lang="js"><code>const customReadConverter = (value, name) =&gt; { if (name === 'special') { return unescape(value) } return Cookies.converter.read(value) } </code></pre> <ul> <li><code>withConverter()</code> no longer accepts a function as argument to be turned into a read converter. It is now required to always pass an object with the explicit type(s) of converter(s):</li> </ul> <pre lang="js"><code>const api = Cookies.withConverter({ read: (value, name) =&gt; unescape(value) }) </code></pre> <ul> <li>The converter(s) that an api instance is configured with are exposed as <code>converter</code> property; it's an immutable object and cannot be changed to configure the api.</li> <li>Started providing library as ES module, in addition to UMD module. The <code>module</code> field in <code>package.json</code> points to an ES module variant of the library.</li> <li>Started using <code>browser</code> field instead of <code>main</code> in <code>package.json</code> (for the UMD variant of the library).</li> <li>Dropped support for IE &lt; 10.</li> <li>Removed built-in JSON support, i.e. <code>getJSON()</code> and automatic stringifying in <code>set()</code>: use <code>Cookies.set('foo', JSON.stringify({ ... }))</code> and <code>JSON.parse(Cookies.get('foo'))</code> instead.</li> <li>Removed support for Bower.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/js-cookie/js-cookie/commit/d7a10966e3f2cbcbfa96e34e7544d23aab9e3372"><code>d7a1096</code></a> Craft v3.0.8 release</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/248e685e20c7aa9553453f0084f14a62173462d2"><code>248e685</code></a> Use existing Chrome with puppeteer</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/fc04269d83cae5536c08fdb71c9fd1d35e148f7a"><code>fc04269</code></a> Remove QUnit related workaround in Grunt config</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/265a6853d04eefa6f7a4d8acdd118d3f5c4dddc3"><code>265a685</code></a> Tidy up package lock file</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/478e59129f8f1e5c80fc71fecd37b04cd8ed1575"><code>478e591</code></a> Disable Node deprecation DEP0044 for release workflow</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/331d5240db232da6748abbdde7a35823f681e9a7"><code>331d524</code></a> Fix node version config for E2E test job</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/11d773d413f680a4ccf23a5375e82fa14df1b7a7"><code>11d773d</code></a> Ensure ECMAScript compatibility</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/d78864600f3ee9c3780c3f3d0072342beb722f45"><code>d788646</code></a> Remove <code>engines</code> property from package</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/e7d9a4dff0d5ebc51a200819e3ab3a2dbe87979a"><code>e7d9a4d</code></a> Fix typo in test assertion message</li> <li><a href="https://github.com/js-cookie/js-cookie/commit/b5fca24b9bc03b20e8751f7eea6c14c40095f7e8"><code>b5fca24</code></a> Make credentials use explicit in release workflow</li> <li>Additional commits viewable in <a href="https://github.com/js-cookie/js-cookie/compare/v2.2.1...v3.0.8">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for js-cookie since your current version.</p> </details> <br /> Updates `react-use` from 17.6.0 to 17.6.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/streamich/react-use/releases">react-use's releases</a>.</em></p> <blockquote> <h2>v17.6.1</h2> <h2><a href="https://github.com/streamich/react-use/compare/v17.6.0...v17.6.1">17.6.1</a> (2026-06-10)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update dependency js-cookie to v3 (<a href="https://github.com/streamich/react-use/commit/c0349d93be68db192f72293f8d9d0bbaf01d9829">c0349d9</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/streamich/react-use/blob/master/CHANGELOG.md">react-use's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/streamich/react-use/compare/v17.6.0...v17.6.1">17.6.1</a> (2026-06-10)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update dependency js-cookie to v3 (<a href="https://github.com/streamich/react-use/commit/c0349d93be68db192f72293f8d9d0bbaf01d9829">c0349d9</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/streamich/react-use/commit/fbe99c6327e6af94df03bc8bd6ecc5e3ff04fbcc"><code>fbe99c6</code></a> chore(release): 17.6.1 [skip ci]</li> <li><a href="https://github.com/streamich/react-use/commit/a09536d41017f966669b147261eb2e0f6f163f5c"><code>a09536d</code></a> Merge pull request <a href="https://redirect.github.com/streamich/react-use/issues/2100">#2100</a> from streamich/renovate/js-cookie-3.x</li> <li><a href="https://github.com/streamich/react-use/commit/41f6437e3e7500963952f7e7a41a645ef86bd44b"><code>41f6437</code></a> Merge branch 'master' into renovate/js-cookie-3.x</li> <li><a href="https://github.com/streamich/react-use/commit/9ef95352e459dd2920b0492c63c39863024ee852"><code>9ef9535</code></a> chore(deps): update babel monorepo to v7.28.3 (<a href="https://redirect.github.com/streamich/react-use/issues/2666">#2666</a>)</li> <li><a href="https://github.com/streamich/react-use/commit/68723a56829e95b3609b75e1fa4f1c0c7b57d2d1"><code>68723a5</code></a> chore(deps): update dependency eslint-plugin-react to v7.37.5 (<a href="https://redirect.github.com/streamich/react-use/issues/2659">#2659</a>)</li> <li><a href="https://github.com/streamich/react-use/commit/e19a1141c7b7d47bbc03f7ba7f60ad95b855fc12"><code>e19a114</code></a> chore(deps): update dependency eslint-plugin-jsx-a11y to v6.10.2 (<a href="https://redirect.github.com/streamich/react-use/issues/2658">#2658</a>)</li> <li><a href="https://github.com/streamich/react-use/commit/756784fe15d495276fb28dc66c0f100ee7e08b88"><code>756784f</code></a> chore(deps): update dependency eslint-plugin-import to v2.32.0 (<a href="https://redirect.github.com/streamich/react-use/issues/2657">#2657</a>)</li> <li><a href="https://github.com/streamich/react-use/commit/f6b9c3583323aed41347e78d89727419f649597e"><code>f6b9c35</code></a> chore(deps): update dependency babel-loader to v8.4.1 (<a href="https://redirect.github.com/streamich/react-use/issues/2656">#2656</a>)</li> <li><a href="https://github.com/streamich/react-use/commit/c60dda95dbd30fd92394b4fbb4b9b2f2f25dddad"><code>c60dda9</code></a> chore(deps): update babel monorepo (<a href="https://redirect.github.com/streamich/react-use/issues/2655">#2655</a>)</li> <li><a href="https://github.com/streamich/react-use/commit/b80305e6cd759007f3283bb2241446ffe6ee0e53"><code>b80305e</code></a> chore(deps): update semantic-release monorepo (<a href="https://redirect.github.com/streamich/react-use/issues/2654">#2654</a>)</li> <li>Additional commits viewable in <a href="https://github.com/streamich/react-use/compare/v17.6.0...v17.6.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mountain-loop/yaak/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-07-15 02:02:33 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/yaak#3337