Merge pull request #32 from BreakBB/fix-cve-2023-26136

Ben M · web-flow · commit bfbb95fa1b37 · 2023-08-01T12:07:50.000-04:00
security: update tough-cookie dependency to 4.1.3
diff --git a/.github/workflows/yarn.yaml b/.github/workflows/yarn.yaml
@@ -1,11 +1,13 @@
 name: Check with yarn
-on: [push, pull_request ]
+on: [push, pull_request]
 jobs:
   build:
     name: Install and test with yarn
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-node@v3
+        with:
+          node-version: "18.16"
       - run: yarn install
       - run: yarn test
diff --git a/package.json b/package.json
@@ -42,7 +42,7 @@
     "performance-now": "^2.1.0",
     "qs": "~6.10.3",
     "safe-buffer": "^5.1.2",
-    "tough-cookie": "~2.5.0",
+    "tough-cookie": "^4.1.3",
     "tunnel-agent": "^0.6.0",
     "uuid": "^8.3.2"
   },
