v6.0.0

Summary

Breaking Changes

• Localhost connections over http will now be considered secure by default. For more information, see the README documentation and API Docs for how to configure this feature.

Other Notable Changes

• Dual publishing of ESM+CJS

What's Changed

• Bump globals from 15.14.0 to 16.0.0 by @dependabot[bot] in #504
• Bump the dev-dependencies group with 10 updates by @dependabot[bot] in #503
• Bump tldts from 6.1.76 to 6.1.79 in the production-dependencies group by @dependabot[bot] in #502
• Bump tldts from 6.1.83 to 6.1.85 in the production-dependencies group by @dependabot[bot] in #507
• Bump the dev-dependencies group with 9 updates by @dependabot[bot] in #508
• Bump eslint-import-resolver-typescript from 3.8.3 to 4.3.1 by @dependabot[bot] in #509
• feat: Add RFC 6761–compliant localhost loopback checks so secure cookies work on localhost (fixes: #382) by @Chriss4123 in #498
• use ESM instead of CJS by @wjhsf in #506
• Switch from jest to vitest by @wjhsf in #510
• Bump vite from 6.2.6 to 6.3.4 by @dependabot[bot] in #521
• Bump the dev-dependencies group with 9 updates by @dependabot[bot] in #522
• Bump tldts from 6.1.85 to 7.0.5 by @dependabot[bot] in #523
• Prepare release v6.0.0-rc.0 by @colincasey in #519
• Bump the dev-dependencies group with 12 updates by @dependabot[bot] in #525
• Bump tldts from 7.0.5 to 7.0.8 in the production-dependencies group by @dependabot[bot] in #524
• Create CONTRIBUTING.md by @wjhsf in #526
• Bump tldts from 7.0.8 to 7.0.9 in the production-dependencies group by @dependabot[bot] in #530
• chore(deps): bump tldts from 7.0.9 to 7.0.10 in the production-dependencies group by @dependabot[bot] in #532
• Bump the dev-dependencies group with 12 updates by @dependabot[bot] in #531
• Reverts the check on the Secure attribute when setting a cookie by @colincasey in #534
• Prepare release v6.0.0-rc.1 by @colincasey in #535
• Bump the dev-dependencies group with 8 updates by @dependabot[bot] in #537
• Support publishing of both ESM and CJS by @colincasey in #536
• Prepare v6 by @colincasey in #538

New Contributors

• @Chriss4123 made their first contribution in #498

Full Changelog: v5.1.2...v6.0.0

v5.1.2

What's Changed

• Fix regression bug in domainMatch by @colincasey in #500
• Prepare v5.1.2 by @colincasey in #501

Full Changelog: v5.1.1...v5.1.2

v5.1.1

What's Changed

• chore: avoid nodejs modules by @wjhsf in #487
• Bump the dev-dependencies group with 7 updates by @dependabot in #490
• Bump tldts from 6.1.71 to 6.1.76 in the production-dependencies group by @dependabot in #489
• Bump eslint-config-prettier from 9.1.0 to 10.0.1 by @dependabot in #491
• isolated modules and almost isolated declarations by @wjhsf in #486
• chore: auto-close spam PRs by @wjhsf in #493

Full Changelog: v5.1.0...v5.1.1

v5.1.0

What's Changed

• Scheduled integration test with jsdom by @colincasey in #450
• Update README.md by @colincasey in #454
• fix: remove cookies that expire at epoch time of 0 by @colincasey in #457
• Restore missing expiryDate method by @colincasey in #459
• Bump tldts from 6.1.41 to 6.1.48 in the production-dependencies group by @dependabot in #461
• Bump the dev-dependencies group with 7 updates by @dependabot in #462
• fix(path-match): avoid parsing path as regex by @wjhsf in #465
• Bump tldts from 6.1.48 to 6.1.57 in the production-dependencies group by @dependabot in #466
• Bump the dev-dependencies group with 8 updates by @dependabot in #467
• Bump tldts from 6.1.57 to 6.1.65 in the production-dependencies group by @dependabot in #468
• Bump the dev-dependencies group across 1 directory with 8 updates by @dependabot in #471
• chore: streamline package publishing by @wjhsf in #453
• Bump the dev-dependencies group across 1 directory with 8 updates by @dependabot in #476
• Bump tldts from 6.1.65 to 6.1.71 in the production-dependencies group across 1 directory by @dependabot in #478
• Fix npm token config for publish by @colincasey in #482
• Give permissions for provenance generation by @colincasey in #483
• revert: use runtime-agnostic domainToASCII by @wjhsf in #480
• Prepare release v5.1.0 by @colincasey in #484

Full Changelog: v5.0.0...v5.1.0

v5.1.0-rc.0

What's Changed

• Scheduled integration test with jsdom by @colincasey in #450
• Update README.md by @colincasey in #454
• fix: remove cookies that expire at epoch time of 0 by @colincasey in #457
• Restore missing expiryDate method by @colincasey in #459
• Bump tldts from 6.1.41 to 6.1.48 in the production-dependencies group by @dependabot in #461
• Bump the dev-dependencies group with 7 updates by @dependabot in #462
• fix(path-match): avoid parsing path as regex by @wjhsf in #465
• Bump tldts from 6.1.48 to 6.1.57 in the production-dependencies group by @dependabot in #466
• Bump the dev-dependencies group with 8 updates by @dependabot in #467
• Bump tldts from 6.1.57 to 6.1.65 in the production-dependencies group by @dependabot in #468
• Bump the dev-dependencies group across 1 directory with 8 updates by @dependabot in #471
• chore: streamline package publishing by @wjhsf in #453
• Bump the dev-dependencies group across 1 directory with 8 updates by @dependabot in #476
• Bump tldts from 6.1.65 to 6.1.71 in the production-dependencies group across 1 directory by @dependabot in #478
• Fix npm token config for publish by @colincasey in #482
• Give permissions for provenance generation by @colincasey in #483

Full Changelog: v5.0.0...v5.1.0-rc.0

v5.0.0

Summary

Breaking Changes

• We've migrated the project to TypeScript! First-party types are now available.
• The minimum supported version of node is v18.
• We no longer provide official support for non-node enviroments.

API Changes

• We've standardized most of our exposed interfaces to accept both null and undefined and return only undefined.
• getCookie and getCookies now accept a string or URL as a parameter.
• We've removed the inspect function in favor of node's util.inspect.custom symbol. Cookies may appear different when logged in non-node environments.

Other Changes

• Fixed the expiry time not updating when a cookie is updating.
• Fixed validation errors not getting called in some callbacks.
• New documentation that is always kept up to date!
• Performance improvements.

What's Changed

• Typescript support by @colincasey in #264
• [v5] Update config by @wjhsf in #269
• Fix prettier in eslint config by @wjhsf in #274
• Updated dev tooling by @colincasey in #271
• Port 283 fix to v5 by @colincasey in #287
• Remove some @ts-ignore directives. by @wjhsf in #288
• Clean up validate function. by @wjhsf in #275
• Changes to support full eslint rule configurations by @colincasey in #289
• Split giant cookie.ts into multiple files. by @wjhsf in #296
• Merge branch 'master' into v5 by @wjhsf in #300
• Merge v5 into master by @colincasey in #303
• Preparing for release 5.0.0-rc.0 by @colincasey in #304
• Bump @babel/traverse from 7.21.3 to 7.23.2 by @dependabot in #305
• Configure dependabot and codeowners by @colincasey in #306
• Bump @typescript-eslint/parser from 5.58.0 to 5.62.0 by @dependabot in #310
• Bump eslint-config-prettier from 8.8.0 to 9.0.0 by @dependabot in #311
• Bump async from 2.6.4 to 3.2.4 by @dependabot in #313
• Avoid using arguments by @wjhsf in #316
• Configure dependabot to ignore @types/node. by @wjhsf in #319
• Bump dependencies. by @wjhsf in #323
• Bump the dev-dependencies group with 6 updates by @dependabot in #342
• Bump the dev-dependencies group with 1 update by @dependabot in #344
• Bump the dev-dependencies group with 3 updates by @dependabot in #347
• docs: use correct memstore file link by @alissonsleal in #349
• Bump the dev-dependencies group with 3 updates by @dependabot in #351
• Bump the dev-dependencies group with 2 updates by @dependabot in #354
• Fix expiry time not updating when cookie is updated by @colincasey in #345
• Change dependabot to monthly by @wjhsf in #355
• Bump the dev-dependencies group with 5 updates by @dependabot in #358
• Avoid void by @wjhsf in #331
• Replace psl with tldts by @colincasey in #346
• Bump the production-dependencies group with 1 update by @dependabot in #362
• Bump the dev-dependencies group with 4 updates by @dependabot in #363
• docs: fix JSON.serialize -> JSON.stringify by @zavan in #361
• Remove workarounds for util in non-node environments by @wjhsf in #359
• Accept URL parameter in getCookies and setCookie by @colincasey in #364
• Remove community cookie store links by @colincasey in #367
• Handle unlikely edge case in unimportant util by @wjhsf in #366
• Fix allow listed files for what to include in npm package by @colincasey in #368
• fix #256 by @hrueger in #297
• Preparing for release 5.0.0-rc.1 by @colincasey in #369
• Bump @typescript-eslint/eslint-plugin from 6.20.0 to 7.0.0 by @dependabot in #373
• Bump the production-dependencies group with 1 update by @dependabot in #370
• Fixes eslint plugin dev upgrades by @colincasey in #375
• restore parse export that was accidentally removed by @wjhsf in #376
• Clean up cookie creation by @wjhsf in #381
• Enforce explicit function return type by @wjhsf in #383
• patch removed util methods for vows by @wjhsf in #389
• clean up usage of null/undefined by @wjhsf in #380
• Bump the dev-dependencies group with 2 updates by @dependabot in #404
• Bump the production-dependencies group with 1 update by @dependabot in #403
• Remove @types/psl from dev dependencies by @colincasey in #406
• Bump tldts from 6.1.16 to 6.1.18 in the production-dependencies group by @dependabot in #411
• Bump the dev-dependencies group with 2 updates by @dependabot in #412
• Bump ejs from 3.1.9 to 3.1.10 by @dependabot in #413
• Update v5 docs by @colincasey in #384
• Enable strict type checked rules by @wjhsf in #392
• Preparing for release 5.0.0-rc.2 by @colincasey in #414
• Bump the dev-dependencies group with 4 updates by @dependabot in #417
• Bump @eslint/js from 8.57.0 to 9.4.0 by @dependabot in #419
• Bump tldts from 6.1.18 to 6.1.24 in the production-dependencies group across 1 directory by @dependabot in #420
• chore: update deps by @wjhsf in #421
• Use latest TypeScript version by @wjhsf in #423
• Update contributors by @colincasey in #425
• Bump tldts from 6.1.28 to 6.1.30 in the production-dependencies group by @dependabot in #426
• Bump the dev-dependencies group with 4 updates by @dependabot in #427
• Fix validation errors not calling callbacks by @colincasey in #424
• Preparing for release 5.0.0-rc.3 by @colincasey in #430
• Remove url-parse and punycode by @wjhsf in #429
• Checks structure instead of instanceof for URL test by @colincasey in #431
• pre-release cleanup by @wjhsf in #428
• Preparing for release 5.0.0-rc.4 by @colincasey in #432
• use domainToASCII(str) instead of new URL(str).hostName by @wjhsf in #433
• Bump tldts from 6.1.32 to 6.1.37 in the production-dependencies group by @dependabot in #436
• Bump the dev-dependencies group across 1 directory with 6 updates by @dependabot in #439
• Bump tldts from 6.1.37 to 6.1.41 in the production-dependencies group by @dependabot in #443
• Bump the dev-dependencies group with 6 updates by @dependabot in #444
• upgrade typescript-eslint to 8.0.1 by @wjhsf in #440
• Bump the dev-dependencies group with 2 updates by @dependabot in #448
• Bump eslint from 8.57.0 to 9.9.1 by @dependabot in #449
• Prepare v5 by @colincasey in #451

New Contributors

• ...

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

• Add local alias for toString by @corvidism in #409
• Fix incorrect string validation for URL by @coditva in #261

New Contributors

• @corvidism made their first contribution in #409
• @coditva made their first contribution in #261

Full Changelog: v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

• fix: allow set cookies with localhost by @colincasey in #253

Full Changelog: v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

• fix: allow special use domains by default by @colincasey in #249
• 4.1.1 Patch -- allow special use domains by default by @awaterma in #250

Full Changelog: v4.1.0...v4.1.1