Bump the npm_and_yarn group across 4 directories with 19 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the /contracts directory: secp256k1 and braces.
Bumps the npm_and_yarn group with 3 updates in the /contracts/examples/hello-world directory: braces, ws and @solana/web3.js.
Bumps the npm_and_yarn group with 13 updates in the /gauntlet directory:

Package	From	To
secp256k1	4.0.2	4.0.4
json5	2.2.0	2.2.3
node-fetch	2.6.6	2.6.7
ws	7.5.5	7.5.10
@solana/web3.js	1.50.1	1.50.2
pkg	5.4.1	5.8.1
protobufjs	6.11.2	6.11.4
@babel/traverse	7.16.3	7.26.4
@sideway/formula	3.0.0	3.0.1
decode-uri-component	0.2.0	0.2.2
follow-redirects	1.14.9	1.15.9
tough-cookie	4.0.0	4.1.4
word-wrap	1.2.3	1.2.5

Bumps the npm_and_yarn group with 11 updates in the /ts directory:

Package	From	To
braces	3.0.2	3.0.3
json5	2.2.1	2.2.3
minimatch	3.0.4	3.1.2
ws	7.5.7	7.5.10
@solana/web3.js	1.91.1	1.91.3
@babel/traverse	7.17.3	7.26.4
cross-spawn	7.0.3	7.0.6
micromatch	4.0.4	4.0.8
semver	6.3.0	6.3.1
tough-cookie	4.0.0	4.1.4
word-wrap	1.2.3	1.2.5

Updates secp256k1 from 4.0.3 to 4.0.4

Commits

• 756fce1 4.0.4
• 8bd6446 elliptic: fix key verification in loadCompressedPublicKey
• 840834e Update elliptic to 6.5.7 (CVE-2024-42461) (#206)
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates elliptic from 6.5.5 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• See full diff in compare view

Updates braces from 3.0.2 to 3.0.3

Commits

• 74b2db2 3.0.3
• 88f1429 update eslint. lint, fix unit tests.
• 415d660 Snyk js braces 6838727 (#40)
• 190510f fix tests, skip 1 test in test/braces.expand
• 716eb9f readme bump
• a5851e5 Merge pull request #37 from coderaiser/fix/vulnerability
• 2092bd1 feature: braces: add maxSymbols (https://github.com/micromatch/braces/issues/...
• 9f5b4cf fix: vulnerability (https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727)
• 98414f9 remove funding file
• 665ab5d update keepEscaping doc (#27)
• Additional commits viewable in compare view

Updates ws from 7.5.9 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

• Backported e55e5106 to the 7.x release line (22c28763).

Commits

• d962d70 [dist] 7.5.10
• 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
• See full diff in compare view

Updates @solana/web3.js from 1.91.1 to 1.95.8

Release notes

Sourced from @​solana/web3.js's releases.

v1.95.8

1.95.8 (2024-12-03)

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 2, 2024.

These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished.

We are asking all Solana app developers to upgrade to version 1.95.8. Developers pinned to latest should also upgrade to 1.95.8.

Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on.

v1.95.5

1.95.5 (2024-11-20)

Bug Fixes

• added programId field in TokenBalance type (#3592) (526ce5f)

v1.95.4

1.95.4 (2024-10-17)

Bug Fixes

• log JSON-RPC subscription errors to the console (#3392) (e345937)

v1.95.3

1.95.3 (2024-08-21)

Bug Fixes

• compare pubkey values not references (#3119) (99aa3c8)

v1.95.2

1.95.2 (2024-07-26)

Bug Fixes

• correct import for getSetComputeUnitLimitInstruction helper (#2992) (a61a732)

v1.95.1

1.95.1 (2024-07-17)

Bug Fixes

• apply default memcmp encoding (base58) when not supplied (#2945) (8ea5794)

v1.95.0

1.95.0 (2024-07-08)

Features

... (truncated)

Commits

• 52e144a chore: bump mocha from 10.8.2 to 11.0.1 (#3667)
• 5b37988 chore: bump typedoc from 0.27.1 to 0.27.2 (#3657)
• 01d4664 chore: bump rollup from 4.27.4 to 4.28.0 (#3656)
• 6b14de8 chore: bump typedoc from 0.27.0 to 0.27.1 (#3647)
• 1799cb9 chore: bump mockttp from 3.15.4 to 3.15.5 (#3646)
• 6bbf467 chore: bump prettier from 3.4.0 to 3.4.1 (#3635)
• ef27bf5 chore: bump typedoc from 0.26.11 to 0.27.0 (#3634)
• d6e0aec chore: bump prettier from 3.3.3 to 3.4.0 (#3627)
• 0d21830 chore: bump jayson from 4.1.2 to 4.1.3 (#3626)
• 4907d7e chore: bump @​noble/hashes from 1.5.0 to 1.6.1 (#3623)
• Additional commits viewable in compare view

Updates secp256k1 from 4.0.2 to 4.0.4

Commits

• 756fce1 4.0.4
• 8bd6446 elliptic: fix key verification in loadCompressedPublicKey
• 840834e Update elliptic to 6.5.7 (CVE-2024-42461) (#206)
• See full diff in compare view

Updates elliptic from 6.5.4 to 6.6.1

Commits

• 9b77436 6.6.1
• 04cb6f5 Merge commit from fork
• b8a7edd 6.6.0
• 34c8534 fix: signature verification due to leading zeros
• 3e46a48 6.5.7
• accb61e lib: DER signature decoding correction
• 03e06e1 6.5.6
• 7ac5360 Merge commit from fork
• See full diff in compare view

Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates node-fetch from 2.6.6 to 2.6.7

Release notes

Sourced from node-fetch's releases.

v2.6.7

Security patch release

Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th party host while a redirect occurred

What's Changed

• fix: don't forward secure headers to 3th party by @​jimmywarting in node-fetch/node-fetch#1453

Full Changelog: node-fetch/node-fetch@v2.6.6...v2.6.7

Commits

• 1ef4b56 backport of #1449 (#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (#1310)
• See full diff in compare view

Updates ws from 7.5.5 to 7.5.10

Release notes

Sourced from ws's releases.

7.5.10

Bug fixes

• Backported e55e5106 to the 7.x release line (22c28763).

Commits

• d962d70 [dist] 7.5.10
• 22c2876 [security] Fix crash when the Upgrade header cannot be read (#2231)
• See full diff in compare view

Updates @solana/web3.js from 1.50.1 to 1.50.2

Release notes

Sourced from @​solana/web3.js's releases.

v1.95.8

1.95.8 (2024-12-03)

Earlier today, a publish-access account was compromised for @solana/web3.js, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 2, 2024.

These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished.

We are asking all Solana app developers to upgrade to version 1.95.8. Developers pinned to latest should also upgrade to 1.95.8.

Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on.

v1.95.5

1.95.5 (2024-11-20)

Bug Fixes

• added programId field in TokenBalance type (#3592) (526ce5f)

v1.95.4

1.95.4 (2024-10-17)

Bug Fixes

• log JSON-RPC subscription errors to the console (#3392) (e345937)

v1.95.3

1.95.3 (2024-08-21)

Bug Fixes

• compare pubkey values not references (#3119) (99aa3c8)

v1.95.2

1.95.2 (2024-07-26)

Bug Fixes

• correct import for getSetComputeUnitLimitInstruction helper (#2992) (a61a732)

v1.95.1

1.95.1 (2024-07-17)

Bug Fixes

• apply default memcmp encoding (base58) when not supplied (#2945) (8ea5794)

v1.95.0

1.95.0 (2024-07-08)

Features

... (truncated)

Commits

• 52e144a chore: bump mocha from 10.8.2 to 11.0.1 (#3667)
• 5b37988 chore: bump typedoc from 0.27.1 to 0.27.2 (#3657)
• 01d4664 chore: bump rollup from 4.27.4 to 4.28.0 (#3656)
• 6b14de8 chore: bump typedoc from 0.27.0 to 0.27.1 (#3647)
• 1799cb9 chore: bump mockttp from 3.15.4 to 3.15.5 (#3646)
• 6bbf467 chore: bump prettier from 3.4.0 to 3.4.1 (#3635)
• ef27bf5 chore: bump typedoc from 0.26.11 to 0.27.0 (#3634)
• d6e0aec chore: bump prettier from 3.3.3 to 3.4.0 (#3627)
• 0d21830 chore: bump jayson from 4.1.2 to 4.1.3 (#3626)
• 4907d7e chore: bump @​noble/hashes from 1.5.0 to 1.6.1 (#3623)
• Additional commits viewable in compare view

Updates pkg from 5.4.1 to 5.8.1

Release notes

Sourced from pkg's releases.

5.8.1

Patches

• Producer: properly call "prebuild-install" if N-API is used: dd9de59c9fca2751bf5d22b57bd9b03d43e85e80
• Chore: clean up obsolete eslint disable comments: #1760
• Chore: add prettier check in linting step: #1764
• Chore: separate individual test scripts: #1759
• Chore: use @types/babel__generator package: #1755
• Chore: remove unused entry: #1766
• Chore: upgrade actions runners: #1767
• Style: fix typo in test-99-#1192/main.js: #1790
• Chore: bump [email protected]: #1788
• Fix: add force flag to codesign to avoid already signed error: #1756

Credits

Huge thanks to @​ignatiusmb, @​eltociear, @​PraveenAnaparthi, and @​brianunlam for helping!

5.8.0

Highlights

• Support more language features, including but not limited to classPrivateMethods (#1248, #1249)
  • Note: pkg uses Babel to trace dependencies. It does NOT transform your sources. You should make sure that your code can run on the target Node.js version.

What's Changed

• Bump to vercel/[email protected] by @​jesec in vercel/pkg#1693
  • Add Node 14.20.0, 16.16.0 and 18.5.0 binaries
  • https://nodejs.org/en/blog/vulnerability/july-2022-security-releases
• detector: use Babel AST and default plugins by @​jesec in vercel/pkg#1648
• test: rearrange and fix order by @​jesec in vercel/pkg#1650
• fix: typo in fabricator.ts by @​eltociear in vercel/pkg#1661

New Contributors

• @​eltociear made their first contribution in vercel/pkg#1661

Full Changelog: vercel/pkg@5.7.0...5.8.0

5.7.0

Highlights

• Node 18 is now supported!

What's Changed

• Bump to vercel/[email protected] by @​jesec in vercel/pkg#1616
  • No longer take NODE_OPTIONS from the environment of the end-user. Only the users (developers who use pkg to package their project) should have control over the flags via the "bake in" (--options) mechanism (Fixes: vercel/pkg#954, vercel/pkg#989, vercel/pkg#1194, vercel/pkg#1517)
  • Patched Node: bump to 16.15.0, add 18.1.0 and drop 17
• fix broken tests on node 12; latest pnpm requires node >= 14.19 by @​kldzj in vercel/pkg#1613
• dependencies: bump (minor) by @​jesec in vercel/pkg#1615
• fix(bootstrap): prevent to override existing node addon file by @​renkei in vercel/pkg#1611

New Contributors

... (truncated)

Commits

• 5dc987b 5.8.1
• f19285d fix: add force flag to codesign to avoid already signed error (#1756)
• e3ac490 chore: bump [email protected] (#1788)
• be1123c style: fix typo in test-99-#1192/main.js (#1790)
• 614c02a chore: upgrade actions runners (#1767)
• 39e9985 chore: remove unused entry (#1766)
• b8deba4 chore: use @types/babel__generator package (#1755)
• 332c7d9 chore: separate individual test scripts (#1759)
• 6efa7cf chore: add prettier check in linting step (#1764)
• 56135b5 chore: clean up obsolete eslint disable comments (#1760)
• Additional commits viewable in compare view

Updates protobufjs from 6.11.2 to 6.11.4

Commits

• See full diff in compare view

Updates @babel/traverse from 7.16.3 to 7.26.4

Release notes

Sourced from @​babel/traverse's releases.

v7.26.4 (2024-12-05)

↩️ Revert

• babel-traverse
  • #17005 Revert "perf: Improve scope information collection performance" (@​JLHwung)

Committers: 2

• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)

v7.26.3 (2024-12-04)

🐛 Bug Fix

• babel-generator
  • #16958 [preserveFormat] force semicolons when invalidating ASI (@​nicolo-ribaudo)

🏠 Internal

• babel-helper-builder-binary-assignment-operator-visitor, babel-plugin-transform-exponentiation-operator
  • #16895 Remove helper-builder-binary-assignment-operator-visitor (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-generator
  • #16959 perf: Reduce the use of temporary objects (@​liuxingbaoyu)
• babel-traverse
  • #16923 perf: Improve scope information collection performance (@​liuxingbaoyu)
  • #16964 perf: Avoid repeated traversal when creating scope (@​liuxingbaoyu)
• babel-plugin-transform-modules-commonjs
  • #16954 perf: Remove use of simplifyAccess (@​liuxingbaoyu)

Committers: 4

• Babel Bot (@​babel-bot)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

v7.26.2 (2024-10-30)

🐛 Bug Fix

• babel-parser
  • #16903 fix: Parse placeholder for TS namespace (@​liuxingbaoyu)
  • #16937 fix: Account for offsets when creating new Position instances (@​DylanPiercey)
• babel-generator
  • #16948 Fix mapping of tokens with generated nodes in between (@​nicolo-ribaudo)

Committers: 6

• Babel Bot (@​babel-bot)
• Dylan Piercey (@​DylanPiercey)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.26.4 (2024-12-05)

↩️ Revert

• babel-traverse
  • #17005 Revert "perf: Improve scope information collection performance" (@​JLHwung)

v7.26.3 (2024-12-04)

🐛 Bug Fix

• babel-generator
  • #16958 [preserveFormat] force semicolons when invalidating ASI (@​nicolo-ribaudo)

🏠 Internal

• babel-helper-builder-binary-assignment-operator-visitor, babel-plugin-transform-exponentiation-operator
  • #16895 Remove helper-builder-binary-assignment-operator-visitor (@​nicolo-ribaudo)

🏃‍♀️ Performance

• babel-generator
  • #16959 perf: Reduce the use of temporary objects (@​liuxingbaoyu)
• babel-traverse
  • #16923 perf: Improve scope information collection performance (@​liuxingbaoyu)
  • #16964 perf: Avoid repeated traversal when creating scope (@​liuxingbaoyu)
• babel-plugin-transform-modules-commonjs
  • #16954 perf: Remove use of simplifyAccess (@​liuxingbaoyu)

v7.26.2 (2024-10-30)

🐛 Bug Fix

• babel-parser
  • #16903 fix: Parse placeholder for TS namespace (@​liuxingbaoyu)
  • #16937 fix: Account for offsets when creating new Position instances (@​DylanPiercey)
• babel-generator
  • #16948 Fix mapping of tokens with generated nodes in between (@​nicolo-ribaudo)

v7.26.1 (2024-10-25)

🐛 Bug Fix

• babel-parser
  • #16936 fix(parser): offset internal index locations by startIndex (@​DylanPiercey)

v7.26.0 (2024-10-25)

🚀 New Feature

• babel-core, babel-generator, babel-parser, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-preset-env, babel-standalone, babel-types
  • #16850 Enable import attributes parsing by default (@​nicolo-ribaudo)
• babel-core
  • #16862 feat: support async plugin's pre/post (@​timofei-iatsenko)
• babel-compat-data, babel-plugin-proposal-regexp-modifiers, babel-plugin-transform-regexp-modifiers, babel-preset-env, babel-standalone
  • #16692 Add transform-regexp-modifiers to preset-env (@​JLHwung)
• babel-parser
  • #16849 feat: add startIndex parser option (@​DylanPiercey)
• babel-generator, babel-parser, babel-plugin-syntax-flow
  • #16841 Always enable parsing of Flow enums (@​nicolo-ribaudo)
• babel-helpers, babel-preset-typescript, babel-runtime-corejs3

... (truncated)

Commits

• cf7b9cd v7.26.4
• f33704a Revert "perf: Improve scope information collection performance" (#17005)
• 36ca8fa v7.26.3
• ded1571 perf: Improve scope information collection performance (#16923)
• 943bdfe perf: Avoid repeated traversal when creating scope (#16964)
• b07957e v7.25.9
• af91759 fix: Accidentally publishing useless files (#16917)
• 2533cfb v7.25.7
• 611d958 [babel 8] Create TSClassImplements|TSInterfaceHeritage nodes (#16731)
• 506bf91 Remove BABEL_TYPES_8_BREAKING flag and enable it by default (#16817)
• Additional commits viewable in compare view

Updates @sideway/formula from 3.0.0 to 3.0.1

Commits

• 5b44c1b 3.0.1
• 9fbc20a chore: better number regex
• 41ae98e Cleanup
• c59f35e Move to Sideway
• See full diff in compare view

Maintainer changes

This version was pushed to npm by marsup, a new releaser for @​sideway/formula since your current version.

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

• Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

• Switch to GitHub workflows 76abc93
• Fix issue where decode throws - fixes #6 746ca5d
• Update license (#1) 486d7e2
• Tidelift tasks a650457
• Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

• a0eea46 0.2.2
• 980e0bf Prevent overwriting previously decoded tokens
• 3c8a373 0.2.1
• 76abc93 Switch to GitHub workflows
• 746ca5d Fix issue where decode throws - fixes #6
• 486d7e2 Update license (#1)
• a650457 Tidelift tasks
• 66e1c28 Meta tweaks
• See full diff in compare view

Updates follow-redirects from 1.14.9 to 1.15.9

Commits

• e4e55c7 Release version 1.15.9 of the npm package.
• 31a1abf Attempt much more gentle detection.
• d2aaa97 Fix url field.
• 62558f0 Release version 1.15.8 of the npm package.
• a8d1cee Return subtlety.
• 458ca8e Fix native URL test for Node 20.
• ca49e44 Handle KeepAlive connections in tests.
• f3711d7 Test on Node 20 and 22.
• fda0faf Fix typo.
• 760757f Release version 1.15.7 of the npm package.
• Additional commits viewable in compare view

Updates tough-cookie from 4.0.0 to 4.1.4

Release notes

Sourced from tough-cookie's releases.

v4.1.4

https://www.npmjs.com/package/tough-cookie/v/4.1.4

What's Changed

• Add local alias for toString by @​corvidism in salesforce/tough-cookie#409
• Fix incorrect string validation for URL by @​coditva in salesforce/tough-cookie#261

New Contributors

• @​corvidism made their first contribution in salesforce/tough-cookie#409
• @​coditva made their first contribution in salesforce/tough-cookie#261

Full Changelog: salesforce/tough-cookie@v4.1.3...v4.1.4

4.1.3

Security fix for Prototype Pollution discovery in #282. This is a minor release, although output from the inspect utility is affected by this change, we felt this change was important enough to be pushed into the next patch.

4.1.2 -- Patch and Bugfix Release

What's Changed

• fix: allow set cookies with localhost by @​colincasey in salesforce/tough-cookie#253

Full Changelog: salesforce/tough-cookie@v4.1.1...v4.1.2

4.1.1

Patch Release

What's Changed

• fix: allow special use domains by default by @​colincasey in salesforce/tough-cookie#249
• 4.1.1 Patch -- allow special use domains by default by @​awaterma in salesforce/tough-cookie#250

Full Changelog: salesforce/tough-cookie@v4.1.0...v4.1.1

4.1.0

v4.1.0

Minor release, focused mainly on resolving reported issues and some minor feature work.

What's Changed

• Create CHANGELOG.md by @​ShivanKaul in salesforce/tough-cookie#189
• Missing param validation issue145 by @​medelibero-sfdc in salesforce/tough-cookie#193
• Create SECURITY.md by @​ShivanKaul in salesforce/tough-cookie#201
• Create CODE_OF_CONDUCT.md by @​ShivanKaul in salesforce/tough-cookie#200
• Fix for issue #195 by @​medelibero-sfdc in salesforce/tough-cookie#202
• Add explanation and more special-use domains by @​ShivanKaul in salesforce/tough-cookie#203
• Sync of constructor options for serialization by @​medelibero-sfdc in salesforce/tough-cookie#204
• Returned null in case of empty cookie value by @​vsin12 in salesforce/tough-cookie#196
• 132 str trim not a function by @​awaterma in salesforce/tough-cookie#209
• Fix for issue #153 by @​medelibero-sfdc in salesforce/tough-cookie#210
• Fix permuteDomain with trailing dot by @​ruoho-sfdc in salesforce/tough-cookie#216
• Issue #213 -- added gh-actions flow for building and testing tough-co… by @​awaterma in salesforce/tough-cookie#218

... (truncated)

Commits

• cacbc37 Bump version to 4.1.4