-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
breaking: Upgrade @cypress/request to 3.0.0 #27495
Conversation
9 flaky tests on run #50358 ↗︎
Details:
cypress_api.cy.ts • 1 flaky test • 5x-driver-electron
commands/cookies.cy.ts • 1 flaky test • 5x-driver-electron
patches.cy.ts • 1 flaky test • 5x-driver-electron
commands/spies_stubs_clocks.cy.ts • 1 flaky test • 5x-driver-electron
commands/log.cy.ts • 1 flaky test • 5x-driver-electron
The first 5 flaky specs are shown, see all 7 specs in Cypress Cloud. This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. |
cli/CHANGELOG.md
Outdated
@@ -7,6 +7,9 @@ _Released 08/15/2023 (PENDING)_ | |||
|
|||
- Fixed an issue where having `cypress.config` in a nested directory would cause problems with locating the `component-index.html` file when using component testing. Fixes [#26400](https://github.com/cypress-io/cypress/issues/26400). | |||
|
|||
**Dependency Updates:** | |||
|
|||
- Upgraded [`@cypress/request`](https://www.npmjs.com/package/@cypress/request) from `^2.8.11` to `^3.0.0` and [`@cypress/request-promise`](https://www.npmjs.com/package/@cypress/request-promise) from `4.2.6` to `4.2.7`. Addressed in [#27495](https://github.com/cypress-io/cypress/pull/27495). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Apologies - it's the little person in me who gives me an itch when I spot the tiniest of typos :). Stumbled across this when searching for a better solution to update our cypress 9.5.3
to cover CVE-2023-26136. Dependabot is helpfully offering to patch package-lock.json
but that gives me the heebie-jeebies, as until this PR is merged, and we've upgraded to the latest Cypress, any changes will regress the alert.
- Upgraded [`@cypress/request`](https://www.npmjs.com/package/@cypress/request) from `^2.8.11` to `^3.0.0` and [`@cypress/request-promise`](https://www.npmjs.com/package/@cypress/request-promise) from `4.2.6` to `4.2.7`. Addressed in [#27495](https://github.com/cypress-io/cypress/pull/27495). | |
- Upgraded [`@cypress/request`](https://www.npmjs.com/package/@cypress/request) from `^2.88.11` to `^3.0.0` and [`@cypress/request-promise`](https://www.npmjs.com/package/@cypress/request-promise) from `4.2.6` to `4.2.7`. Addressed in [#27495](https://github.com/cypress-io/cypress/pull/27495). |
We can close in favor of #27515 (which addresses the binary failure and updates |
Looks like this is a breaking change and will need to get put in |
Without this PR, and executing
I would suggest to add GHSA-p8p7-x288-28g6 to the CHANGELOG, e.g.
The Common Vulnerabilities and Exposures article ID CVE-2023-28155 does not actually mention |
|
Released in This comment thread has been locked. If you are still experiencing this issue after upgrading to |
Additional details
Steps to test
How has the user experience changed?
PR Tasks
cypress-documentation
?type definitions
?