v5.0.0

Summary

Breaking Changes

• We've migrated the project to TypeScript! First-party types are now available.
• The minimum supported version of node is v18.
• We no longer provide official support for non-node enviroments.

API Changes

• We've standardized most of our exposed interfaces to accept both null and undefined and return only undefined.
• getCookie and getCookies now accept a string or URL as a parameter.
• We've removed the inspect function in favor of node's util.inspect.custom symbol. Cookies may appear different when logged in non-node environments.

Other Changes

• Fixed the expiry time not updating when a cookie is updating.
• Fixed validation errors not getting called in some callbacks.
• New documentation that is always kept up to date!
• Performance improvements.

What's Changed

• Typescript support by @colincasey in #264
• [v5] Update config by @wjhsf in #269
• Fix prettier in eslint config by @wjhsf in #274
• Updated dev tooling by @colincasey in #271
• Port 283 fix to v5 by @colincasey in #287
• Remove some @ts-ignore directives. by @wjhsf in #288
• Clean up validate function. by @wjhsf in #275
• Changes to support full eslint rule configurations by @colincasey in #289
• Split giant cookie.ts into multiple files. by @wjhsf in #296
• Merge branch 'master' into v5 by @wjhsf in #300
• Merge v5 into master by @colincasey in #303
• Preparing for release 5.0.0-rc.0 by @colincasey in #304
• Bump @babel/traverse from 7.21.3 to 7.23.2 by @dependabot in #305
• Configure dependabot and codeowners by @colincasey in #306
• Bump @typescript-eslint/parser from 5.58.0 to 5.62.0 by @dependabot in #310
• Bump eslint-config-prettier from 8.8.0 to 9.0.0 by @dependabot in #311
• Bump async from 2.6.4 to 3.2.4 by @dependabot in #313
• Avoid using arguments by @wjhsf in #316
• Configure dependabot to ignore @types/node. by @wjhsf in #319
• Bump dependencies. by @wjhsf in #323
• Bump the dev-dependencies group with 6 updates by @dependabot in #342
• Bump the dev-dependencies group with 1 update by @dependabot in #344
• Bump the dev-dependencies group with 3 updates by @dependabot in #347
• docs: use correct memstore file link by @alissonsleal in #349
• Bump the dev-dependencies group with 3 updates by @dependabot in #351
• Bump the dev-dependencies group with 2 updates by @dependabot in #354
• Fix expiry time not updating when cookie is updated by @colincasey in #345
• Change dependabot to monthly by @wjhsf in #355
• Bump the dev-dependencies group with 5 updates by @dependabot in #358
• Avoid void by @wjhsf in #331
• Replace psl with tldts by @colincasey in #346
• Bump the production-dependencies group with 1 update by @dependabot in #362
• Bump the dev-dependencies group with 4 updates by @dependabot in #363
• docs: fix JSON.serialize -> JSON.stringify by @zavan in #361
• Remove workarounds for util in non-node environments by @wjhsf in #359
• Accept URL parameter in getCookies and setCookie by @colincasey in #364
• Remove community cookie store links by @colincasey in #367
• Handle unlikely edge case in unimportant util by @wjhsf in #366
• Fix allow listed files for what to include in npm package by @colincasey in #368
• fix #256 by @hrueger in #297
• Preparing for release 5.0.0-rc.1 by @colincasey in #369
• Bump @typescript-eslint/eslint-plugin from 6.20.0 to 7.0.0 by @dependabot in #373
• Bump the production-dependencies group with 1 update by @dependabot in #370
• Fixes eslint plugin dev upgrades by @colincasey in #375
• restore parse export that was accidentally removed by @wjhsf in #376
• Clean up cookie creation by @wjhsf in #381
• Enforce explicit function return type by @wjhsf in #383
• patch removed util methods for vows by @wjhsf in #389
• clean up usage of null/undefined by @wjhsf in #380
• Bump the dev-dependencies group with 2 updates by @dependabot in #404
• Bump the production-dependencies group with 1 update by @dependabot in #403
• Remove @types/psl from dev dependencies by @colincasey in #406
• Bump tldts from 6.1.16 to 6.1.18 in the production-dependencies group by @dependabot in #411
• Bump the dev-dependencies group with 2 updates by @dependabot in #412
• Bump ejs from 3.1.9 to 3.1.10 by @dependabot in #413
• Update v5 docs by @colincasey in #384
• Enable strict type checked rules by @wjhsf in #392
• Preparing for release 5.0.0-rc.2 by @colincasey in #414
• Bump the dev-dependencies group with 4 updates by @dependabot in #417
• Bump @eslint/js from 8.57.0 to 9.4.0 by @dependabot in #419
• Bump tldts from 6.1.18 to 6.1.24 in the production-dependencies group across 1 directory by @dependabot in #420
• chore: update deps by @wjhsf in #421
• Use latest TypeScript version by @wjhsf in #423
• Update contributors by @colincasey in #425
• Bump tldts from 6.1.28 to 6.1.30 in the production-dependencies group by @dependabot in #426
• Bump the dev-dependencies group with 4 updates by @dependabot in #427
• Fix validation errors not calling callbacks by @colincasey in #424
• Preparing for release 5.0.0-rc.3 by @colincasey in #430
• Remove url-parse and punycode by @wjhsf in #429
• Checks structure instead of instanceof for URL test by @colincasey in #431
• pre-release cleanup by @wjhsf in #428
• Preparing for release 5.0.0-rc.4 by @colincasey in #432
• use domainToASCII(str) instead of new URL(str).hostName by @wjhsf in #433
• Bump tldts from 6.1.32 to 6.1.37 in the production-dependencies group by @dependabot in #436
• Bump the dev-dependencies group across 1 directory with 6 updates by @dependabot in #439
• Bump tldts from 6.1.37 to 6.1.41 in the production-dependencies group by @dependabot in #443
• Bump the dev-dependencies group with 6 updates by @dependabot in #444
• upgrade typescript-eslint to 8.0.1 by @wjhsf in #440
• Bump the dev-dependencies group with 2 updates by @dependabot in #448
• Bump eslint from 8.57.0 to 9.9.1 by @dependabot in #449
• Prepare v5 by @colincasey in #451

New Contributors

• ...

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

• Add local alias for toString by @corvidism in #409
• Fix incorrect string validation for URL by @coditva in #261

New Contributors

• @corvidism made their first contribution in #409
• @coditva made their first contribution in #261

Full Changelog: v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

• fix: allow set cookies with localhost by @colincasey in #253

Full Changelog: v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

• fix: allow special use domains by default by @colincasey in #249
• 4.1.1 Patch -- allow special use domains by default by @awaterma in #250

Full Changelog: v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

• Create CHANGELOG.md by @ShivanKaul in #189
• Missing param validation issue145 by @medelibero-sfdc in #193
• Create SECURITY.md by @ShivanKaul in #201
• Create CODE_OF_CONDUCT.md by @ShivanKaul in #200
• Fix for issue #195 by @medelibero-sfdc in #202
• Add explanation and more special-use domains by @ShivanKaul in #203
• Sync of constructor options for serialization by @medelibero-sfdc in #204
• Returned null in case of empty cookie value by @vsin12 in #196
• 132 str trim not a function by @awaterma in #209
• Fix for issue #153 by @medelibero-sfdc in #210
• Fix permuteDomain with trailing dot by @ruoho-sfdc in #216
• Issue #213 -- added gh-actions flow for building and testing tough-co… by @awaterma in #218
• Issue #210 -- Updated workflow to use npm install. by @awaterma in #220
• @GH-215 -- Tests that document localhost behavior when set as domain. by @awaterma in #221
• fix: MemoryCookieStore methods should exist on the prototype, not on the class. by @wjhsf in #226
• Unit test cases for allowSpecialUseDomain option by @colincasey in #225
• [Snyk] Upgrade universalify from 0.1.2 to 0.2.0 by @snyk-bot in #228
• React Native Support by @colincasey in #227
• Adding Updating CODEOWNERS with ECCN as per Export Control Compliance by @svc-scm in #223
• fix: domain match routine by @colincasey in #236
• Stop using the internal NodeJS punycode module by @gboer in #238
• Initial documentation review by @mcarey86 in #234
• fix: distinguish between no samesite and samesite=none by @colincasey in #240
• Prepare tough-cookie 4.1 for publishing (updated GitHub actions, move… by @awaterma in #242
• 4.1.0 release to NPM by @awaterma in #245

New Contributors

• @vsin12 made their first contribution in #196
• @ruoho-sfdc made their first contribution in #216
• @wjhsf made their first contribution in #226
• @colincasey made their first contribution in #225
• @snyk-bot made their first contribution in #228
• @svc-scm made their first contribution in #223
• @gboer made their first contribution in #238
• @mcarey86 made their first contribution in #234

Full Changelog: v4.0.0...v4.1.0

Version 4.0.0

Breaking Changes (Major Version)

• Modernized JS Syntax
  • Use ESLint and Prettier to apply consistent, modern formatting (add dependency on universalify, eslint and prettier)
• Upgraded version dependencies for psl and async
• Re-order parameters for findCookies() - callback fn has to be last in order to comply with universalify
• Use Classes instead of function prototypes to define classes
  • Might break people using .call() to do inheritance using function prototypes

Minor Changes

• SameSite cookie support
• Cookie prefix support
• Support for promises
• '.local' support
• Numerous bug fixes!