[DEPENDABOT][SHARED] Weekly npm updates(deps): Bump js-cookie from 3.0.5 to 3.0.7

[dependabot]

Bumps js-cookie from 3.0.5 to 3.0.7.

Release notes

Sourced from js-cookie's releases.

v3.0.7

• Prevent cookie attribute injection: CVE-2026-46625 (eb3c40e)
• Add Partitioned attribute to readme (b994768)
• Publish to npm registry via trusted publisher exclusively (4dc71be)
• Ensure consistent behaviour for get('name') + get() (1953d30)

Commits

• 17bacba Craft v3.0.7 release
• adb823c Fix release workflow halting at git tag
• 5f9e759 May remove Git user config from release workflow
• 6ac9211 Fix release workflow not able to push commit + tag
• 2278bc5 Fix missing package version bump
• eb3c40e Prevent cookie attribute injection
• f6f157f Bump globals from 17.5.0 to 17.6.0
• f409d02 Bump eslint from 10.2.0 to 10.3.0
• a686883 Bump protobufjs in the npm_and_yarn group across 1 directory
• c6112d2 Bump @​protobufjs/utf8 in the npm_and_yarn group across 1 directory
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for js-cookie since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
filecoin-site	Ready	Preview, Comment	May 21, 2026 10:08pm

3 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
ffdweb-site	Skipped		May 21, 2026 10:08pm
filecoin-foundation-site	Skipped		May 21, 2026 10:08pm
filecoin-foundation-uxit	Skipped		May 21, 2026 10:08pm

[github-actions]

🔍 PR Change Explainer

This automated summary helps you understand what this PR changes and how it affects the website.

📊 Quick Stats

Files changed	2
Lines added	+8
Lines removed	-8

🌐 Affected Websites

• filecoin.io (filecoin-site)

📝 What Changed (Plain Language)

This is a configuration change. It modifies build settings, dependencies, or project configuration.

📂 Detailed File Breakdown

Click to expand full file list

filecoin.io (filecoin-site)

Config:

• apps/filecoin-site/package.json

Root / Config

• package-lock.json

🚀 Preview & Next Steps

1. Wait for the Vercel preview — a preview link will appear in this PR as a separate comment from the Vercel bot
2. Click the preview link to see exactly how your changes look on the live site
3. Test your changes:
4. Check the status checks below — all checks should pass (green checkmarks) before merging
5. When ready, request a review or merge the PR

📖 Glossary (click to expand)

Term	What it means
PR (Pull Request)	A proposed set of changes waiting to be merged into the main website
Preview deployment	A temporary version of the website showing your changes (not public)
Merge	Applying your changes to the main website — this triggers a production deploy
Build	The process of converting code into a working website
Status checks	Automated tests that verify your changes don't break anything
Content file (.md)	A Markdown file containing text content (blog posts, events, etc.)
Component (.tsx)	A reusable piece of the website's UI (buttons, cards, headers, etc.)
Frontmatter	The metadata at the top of content files (title, date, description, etc.)
Shared package	Code used by multiple websites — changes here affect all sites

---

🤖 This comment was generated automatically to help explain PR changes. If something looks wrong, ask a developer for help.