build(deps): bump jshttp/cookie from 0.6.0 to 0.7.1

[klobucar]

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

📋 Changes

This bumps jshttp/cookie from 0.6.0 -> 0.7.1 due to low severity security issue

📎 References

• GHSA-pxg6-pf52-xh8x
• fix: narrow the validation of cookies to match RFC6265 jshttp/cookie#167

🎯 Testing

Ran unit tests with npm test , and all passed

[klobucar]

The audit breaks in other projects I work on, however can be illustrated here when run in the project as well.

There is more stuff, but that is only developer dependencies. It would be good to clean that up though just to make the audit report everything is clean. Can populate that in a different PR.

$ npm audit
<outputs of dev deps truncated>
cookie  <0.7.0
cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/cookie

[uss-makenzie]

thanks @klobucar. Could we get this reviewed?

[nicoalonsop]

Would it be possible to release this in version 3.5.1, as it addresses a security-related issue?

https://security.snyk.io/vuln/SNYK-JS-COOKIE-8163060
https://www.cve.org/CVERecord?id=CVE-2024-47764

Also, there are new versions of cookie, 0.7.2, 1.0.0 and 1.0.1 happy to help by creating a PR with any of those versions.
https://github.com/jshttp/cookie/releases

[tusharpandey13]

LGTM
@nicoalonsop sure, please go ahead and create a PR for later versions of cookie.
@klobucar thanks, a PR would be helpful 👍
Meanwhile, we will see if we can make a minor release of NextJS SDK for these.

[klobucar]

Some of these checks are failing in really interesting ways.

Test Suites: 61 passed, 61 total
Tests:       704 passed, 704 total
Snapshots:   0 total
Time:        57.367 s
Ran all test suites matching /tests/i in 2 projects.
Error: Process completed with exit code 1.