Dependency Version Resolution Failures

Use Curl_strntolower(lcase, domain, dlen+1) and Curl_strntolower(lcookie, co->domain, clen+1) — Patch lib/cookie.c around lines 1031-1048. Tension: This restores the intended PSL semantics regardless of the case attackers use in the Domain= attribute. Outcome: pass the normalized buffers to PSL. | acceptable = psl_is_cookie_domain_acceptable(psl, domain, co->domain);. Outcome: the PSL test never sees the canonical 'co.uk'. | curl will accept and store the super-cookie — In lib/cookie.c, Curl_cookie_add() guards against setting cookies whose Domain attribute is a Public Suffix. Tension: libpsl's matching is case-sensitive against its lowercase PSL data. Outcome: the PSL test never sees the canonical 'co.uk'.