The Dependency tough-cookie need to be upgraded

[haven2world]

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

Could we upgrade to version tough-cookie@4.1.3?

[astegmaier]

The vulnerability in tough-cookie versions before 4.1.3 is tracked here: https://nvd.nist.gov/vuln/detail/CVE-2023-26136 This is generating alerts in our component governance that I suspect will be hit by others as well.

[haven2world]

Looking forward to the new release. Before that I'm going to override the version of tough-cookie as a workaround locally. I ran the UT locally and it looked well. Do you have any concern?
Thanks!