Skip to content

Bump js-cookie and amazon-cognito-identity-js#64

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-80aa6360ce
Open

Bump js-cookie and amazon-cognito-identity-js#64
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-80aa6360ce

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps js-cookie to 3.0.8 and updates ancestor dependency amazon-cognito-identity-js. These dependencies need to be updated together.

Updates js-cookie from 2.2.1 to 3.0.8

Release notes

Sourced from js-cookie's releases.

v3.0.8

  • Restore ES5 compatibility, inadvertently broken in 3.0.7 - #959
  • Lift Node version restriction, inadvertently restricted to >= 20 in 3.0.7 - #956

v3.0.7

  • Prevent cookie attribute injection: CVE-2026-46625 (eb3c40e)
  • Add Partitioned attribute to readme (b994768)
  • Publish to npm registry via trusted publisher exclusively (4dc71be)
  • Ensure consistent behaviour for get('name') + get() (1953d30)

v3.0.5

  • Remove npm version restriction in package.json - #818

v3.0.4

  • Publish to npmjs.com with package provenance

v3.0.1

  • Make package.json accessible in export - #727

v3.0.0

  • Removed defaults in favor of a builder: now to supply an api instance with particular predefined (cookie) attributes there's Cookies.withAttributes(), e.g.:
const api = Cookies.withAttributes({
  path: '/',
  secure: true
})
api.set('key', 'value') // writes cookie with path: '/' and secure: true...
  • The attributes that an api instance is configured with are exposed as attributes property; it's an immutable object and unlike defaults cannot be changed to configure the api.
  • The mechanism to fall back to the standard, internal converter by returning a falsy value in a custom read converter has been removed. Instead the default converters are now exposed as Cookies.converter, which allows for implementing self-contained custom converters providing the same behavior:
const customReadConverter = (value, name) => {
  if (name === 'special') {
    return unescape(value)
  }
  return Cookies.converter.read(value)
}
  • withConverter() no longer accepts a function as argument to be turned into a read converter. It is now required to always pass an object with the explicit type(s) of converter(s):
const api = Cookies.withConverter({
  read: (value, name) => unescape(value)
})
  • The converter(s) that an api instance is configured with are exposed as converter property; it's an immutable object and cannot be changed to configure the api.
  • Started providing library as ES module, in addition to UMD module. The module field in package.json points to an ES module variant of the library.
  • Started using browser field instead of main in package.json (for the UMD variant of the library).
  • Dropped support for IE < 10.
  • Removed built-in JSON support, i.e. getJSON() and automatic stringifying in set(): use Cookies.set('foo', JSON.stringify({ ... })) and JSON.parse(Cookies.get('foo')) instead.
  • Removed support for Bower.

... (truncated)

Commits
  • d7a1096 Craft v3.0.8 release
  • 248e685 Use existing Chrome with puppeteer
  • fc04269 Remove QUnit related workaround in Grunt config
  • 265a685 Tidy up package lock file
  • 478e591 Disable Node deprecation DEP0044 for release workflow
  • 331d524 Fix node version config for E2E test job
  • 11d773d Ensure ECMAScript compatibility
  • d788646 Remove engines property from package
  • e7d9a4d Fix typo in test assertion message
  • b5fca24 Make credentials use explicit in release workflow
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for js-cookie since your current version.


Updates amazon-cognito-identity-js from 6.3.16 to 6.3.18

Commits
  • 69166f4 chore(release): Publish [ci skip]
  • b17999d fix: complete partial v5-stable LTS release (publish remaining packages) (#14...
  • 1214d61 chore(release): Publish [ci skip]
  • 74c4ee2 fix(datastore): load react-native-get-random-values for uuid v11 on React Nat...
  • 95e8163 ci: remove Amazon Lex V1 interactions e2e tests (Lex V1 end of support) (#14840)
  • 08eb8c4 fix(deps): resolve uuid to ^11.1.1 to address CVE-2026-41907 in v5 (#14839)
  • 7b1f9af fix: resolve dependency security vulnerabilities (axios, js-cookie, fast-xml-...
  • 1947d00 chore: bump node from 18/22 to 24 (#14784)
  • a0a7b5e fix: upgrade fast-xml-parser to 5.5.7 (#14775)
  • e6c569f fix: upgrade axios to 1.15.0 to address NO_PROXY SSRF vulnerability (#14774)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [js-cookie](https://github.com/js-cookie/js-cookie) to 3.0.8 and updates ancestor dependency [amazon-cognito-identity-js](https://github.com/aws-amplify/amplify-js). These dependencies need to be updated together.


Updates `js-cookie` from 2.2.1 to 3.0.8
- [Release notes](https://github.com/js-cookie/js-cookie/releases)
- [Commits](js-cookie/js-cookie@v2.2.1...v3.0.8)

Updates `amazon-cognito-identity-js` from 6.3.16 to 6.3.18
- [Release notes](https://github.com/aws-amplify/amplify-js/releases)
- [Commits](https://github.com/aws-amplify/amplify-js/compare/amazon-cognito-identity-js@6.3.16...amazon-cognito-identity-js@6.3.18)

---
updated-dependencies:
- dependency-name: js-cookie
  dependency-version: 3.0.8
  dependency-type: indirect
- dependency-name: amazon-cognito-identity-js
  dependency-version: 6.3.18
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants