Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update tough cookie #27515

Merged
merged 10 commits into from
Aug 11, 2023
Merged

chore: update tough cookie #27515

merged 10 commits into from
Aug 11, 2023

Conversation

jordanpowell88
Copy link
Contributor

@jordanpowell88 jordanpowell88 commented Aug 10, 2023
edited
Loading

Additional details

  • This patches @cypress/request, @cypress/request-promise and start-server-and-test which have dependencies on a vulnerable version of tough-cookie. It DOES leave ONE instance of tough-cookie left at 2.5 in packages/icons. This one will be difficult to patch since it is a peer dep of @packages#icons#to-ico#resize-img#jimp#request and to-ico hasn't been updated in over 5 years

Steps to test

How has the user experience changed?

PR Tasks

This was referenced Aug 10, 2023
Closed
Closed
@jordanpowell88 jordanpowell88 marked this pull request as ready for review August 10, 2023 11:58
@jordanpowell88 jordanpowell88 mentioned this pull request Aug 10, 2023
Merged
@MikeMcC399 MikeMcC399 mentioned this pull request Aug 10, 2023
Closed
jordanpowell88
jordanpowell88 commented Aug 10, 2023
View reviewed changes
packages/web-config/node-jsdom-setup.ts Outdated
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version of jsdom we were using was using tough-cookie 2.5 but after further investigation this was the only file using jsdom and that it wasn't anywhere in the monorepo. I don't think we need this anymore

jordanpowell88
jordanpowell88 commented Aug 10, 2023
View reviewed changes
package.json
@@ -198,7 +198,6 @@
"shelljs": "0.8.5",
"sinon": "7.3.2",
"snap-shot-it": "7.9.3",
"start-server-and-test": "1.10.8",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

start-server-and-test version 1 depends upon tough-cookie 2.5 but I don't see any use of start-server-and-test in the repo. I think we can remove this

@cypress
Copy link

cypress bot commented Aug 10, 2023
edited
Loading

4 flaky tests on run #49801 ↗︎

0 5537 101 0 Flakiness 4

Details:

remove uneeded deps
Project: cypress Commit: 8ad0a1905a
Status: Passed Duration: 13:30 💡
Started: Aug 11, 2023 5:28 PM Ended: Aug 11, 2023 5:42 PM
Flakiness  commands/net_stubbing.cy.ts • 1 flaky test • 5x-driver-chrome:beta

View Output Video

Test Artifacts
network stubbing > intercepting request > can delay and throttle a StaticResponse Output Video
Flakiness  cypress/cypress.cy.js • 3 flaky tests • 5x-driver-chrome:beta

View Output Video

Test Artifacts
... > correctly returns currentRetry Output Video
... > correctly returns currentRetry Output Video
... > correctly returns currentRetry Output Video

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.

jordanpowell88
jordanpowell88 commented Aug 10, 2023
View reviewed changes
patches/whatwg-url+7.1.0.dev.patch Outdated
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We were getting this error in CI saying that we don't need this patch anymore. Removing it appears to be the fix.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Guess we figured out what was updating the hoisted dep. Thank you for removing this patch! We needed it for the webpack v5 update and glad it was shortlived.

@jordanpowell88 jordanpowell88 force-pushed the chore/update_tough_cookie branch from fa7100f to 65a131f Compare August 10, 2023 14:18
AtofStryker
AtofStryker reviewed Aug 10, 2023
View reviewed changes
cli/CHANGELOG.md Outdated Show resolved Hide resolved
@jordanpowell88 jordanpowell88 changed the title fix: update tough cookie chore: update tough cookie Aug 10, 2023
@jordanpowell88 jordanpowell88 force-pushed the chore/update_tough_cookie branch from 6c4ebfb to 025c0a1 Compare August 10, 2023 15:47
@AtofStryker AtofStryker self-requested a review August 10, 2023 18:15
@MikeMcC399 MikeMcC399 mentioned this pull request Aug 10, 2023
Closed
1 task
AtofStryker and others added 9 commits August 11, 2023 10:33
@jordanpowell88 jordanpowell88 force-pushed the chore/update_tough_cookie branch from aad0894 to 5ef6752 Compare August 11, 2023 14:52
@jordanpowell88 jordanpowell88 force-pushed the chore/update_tough_cookie branch from 6aac3b1 to 8ad0a19 Compare August 11, 2023 16:39
@nagash77 nagash77 merged commit 1061f85 into develop Aug 11, 2023
@nagash77 nagash77 deleted the chore/update_tough_cookie branch August 11, 2023 17:42
@robertdeniszczyc2 robertdeniszczyc2 mentioned this pull request Aug 15, 2023
Closed
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Aug 15, 2023

Released in 12.17.4.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v12.17.4, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Aug 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@AtofStryker AtofStryker AtofStryker approved these changes

@chrisbreiding chrisbreiding chrisbreiding approved these changes

@ryanthemanuel ryanthemanuel Awaiting requested review from ryanthemanuel

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@jordanpowell88 @chrisbreiding @AtofStryker @nagash77 @ryanthemanuel