Loosen cookie name/value validation

[blakeembrey]

Closes #191. All keys and values are supported in Safari. Although older or other browsers may not support some of these characters, I don't think we should be restricting it unless it's a security issue.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (ba9e677) to head (8c9f866).
Report is 4 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##            master      #210   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            1         1           
  Lines          160       159    -1     
  Branches        69        69           
=========================================
- Hits           160       159    -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles

[ctcpip]

ignore previous comment, I was squinting wrongly at the regex

[benmccann]

A couple of questions about this:

• Is 1.0.2 fully backward compatible with the pre-1.0 releases?
• Is there any need to avoid cookies with special characters such as : still?

[blakeembrey]

Is 1.0.2 fully backward compatible with the pre-1.0 releases?

No, the breaking changes can be viewed here: https://github.com/jshttp/cookie/releases/tag/v1.0.0

Assuming you are only referring to this PR and pre-0.7 releases, still no. The regex is stricter than what was previously causing a security issue.

Is there any need to avoid cookies with special characters such as : still?

Cookies could contain :, but names were stricter following the RFC and didn't allow :. They now allow : again with this change.