Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update webdriverio to 9.x, resolve ws advisory #17539

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

Update webdriverio to 9.x, resolve ws advisory #17539

wants to merge 2 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 16, 2024
edited
Loading

Bumps ws to 8.18.0 and updates ancestor dependencies ws, @wdio/browserstack-service, @wdio/cli, @wdio/local-runner and webdriverio. These dependencies need to be updated together.

Updates ws from 8.16.0 to 8.18.0

Release notes

Sourced from ws's releases.

8.18.0

Features

  • Added support for Blob (#2229).

8.17.1

Bug fixes

  • Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

... (truncated)

Commits
  • 976c53c [dist] 8.18.0
  • 59b9629 [feature] Add support for Blob (#2229)
  • 0d1b5e6 [security] Use more descriptive text for 2017 vulnerability link
  • 15f11a0 [security] Add new DoS vulnerability to SECURITY.md
  • 3c56601 [dist] 8.17.1
  • e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
  • 6a00029 [test] Increase code coverage
  • ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
  • b73b118 [dist] 8.17.0
  • 29694a5 [test] Use the highWaterMark variable
  • Additional commits viewable in compare view

Updates @wdio/browserstack-service from 8.40.2 to 9.0.2

Release notes

Sourced from @​wdio/browserstack-service's releases.

v9.0.2 (2024-08-16)

🐛 Bug Fix

Committers: 2

v9.0.1 (2024-08-15)

🐛 Bug Fix

Committers: 1

v9.0.0

💥 Breaking Change

  • wdio-cli, wdio-devtools-service, wdio-lighthouse-service, wdio-utils, webdriver, webdriverio
  • wdio-allure-reporter, wdio-appium-service, wdio-browser-runner, wdio-browserstack-service, wdio-cli, wdio-concise-reporter, wdio-config, wdio-cucumber-framework, wdio-devtools-service, wdio-firefox-profile-service, wdio-jasmine-framework, wdio-json-reporter, wdio-junit-reporter, wdio-local-runner, wdio-mocha-framework, wdio-reporter, wdio-runner, wdio-sauce-service, wdio-shared-store-service, wdio-spec-reporter, wdio-testingbot-service, wdio-types, wdio-utils, wdio-webdriver-mock-service, webdriver, webdriverio
  • @wdio/protocols

🚀 New Feature

🐛 Bug Fix

... (truncated)

Changelog

Sourced from @​wdio/browserstack-service's changelog.

v9.0.2 (2024-08-16)

🐛 Bug Fix

Committers: 2

v9.0.1 (2024-08-15)

🐛 Bug Fix

Committers: 1

v9.0.0 (2024-08-15)

💥 Breaking Change

  • wdio-cli, wdio-devtools-service, wdio-lighthouse-service, wdio-utils, webdriver, webdriverio
  • wdio-allure-reporter, wdio-appium-service, wdio-browser-runner, wdio-browserstack-service, wdio-cli, wdio-concise-reporter, wdio-config, wdio-cucumber-framework, wdio-devtools-service, wdio-firefox-profile-service, wdio-jasmine-framework, wdio-json-reporter, wdio-junit-reporter, wdio-local-runner, wdio-mocha-framework, wdio-reporter, wdio-runner, wdio-sauce-service, wdio-shared-store-service, wdio-spec-reporter, wdio-testingbot-service, wdio-types, wdio-utils, wdio-webdriver-mock-service, webdriver, webdriverio
  • @wdio/protocols

🚀 New Feature

🐛 Bug Fix

  • wdio-appium-service

... (truncated)

Commits

Updates @wdio/cli from 8.40.2 to 9.0.1

Release notes

Sourced from @​wdio/cli's releases.

v9.0.1 (2024-08-15)

🐛 Bug Fix

Committers: 1

v9.0.0

💥 Breaking Change

  • wdio-cli, wdio-devtools-service, wdio-lighthouse-service, wdio-utils, webdriver, webdriverio
  • wdio-allure-reporter, wdio-appium-service, wdio-browser-runner, wdio-browserstack-service, wdio-cli, wdio-concise-reporter, wdio-config, wdio-cucumber-framework, wdio-devtools-service, wdio-firefox-profile-service, wdio-jasmine-framework, wdio-json-reporter, wdio-junit-reporter, wdio-local-runner, wdio-mocha-framework, wdio-reporter, wdio-runner, wdio-sauce-service, wdio-shared-store-service, wdio-spec-reporter, wdio-testingbot-service, wdio-types, wdio-utils, wdio-webdriver-mock-service, webdriver, webdriverio
  • @wdio/protocols

🚀 New Feature

🐛 Bug Fix

💅 Polish

  • webdriver
  • wdio-cli, wdio-config, wdio-local-runner, wdio-runner, wdio-types, webdriverio

🏠 Internal

... (truncated)

Changelog

Sourced from @​wdio/cli's changelog.

v9.0.1 (2024-08-15)

🐛 Bug Fix

Committers: 1

v9.0.0 (2024-08-15)

💥 Breaking Change

  • wdio-cli, wdio-devtools-service, wdio-lighthouse-service, wdio-utils, webdriver, webdriverio
  • wdio-allure-reporter, wdio-appium-service, wdio-browser-runner, wdio-browserstack-service, wdio-cli, wdio-concise-reporter, wdio-config, wdio-cucumber-framework, wdio-devtools-service, wdio-firefox-profile-service, wdio-jasmine-framework, wdio-json-reporter, wdio-junit-reporter, wdio-local-runner, wdio-mocha-framework, wdio-reporter, wdio-runner, wdio-sauce-service, wdio-shared-store-service, wdio-spec-reporter, wdio-testingbot-service, wdio-types, wdio-utils, wdio-webdriver-mock-service, webdriver, webdriverio
  • @wdio/protocols

🚀 New Feature

🐛 Bug Fix

💅 Polish

  • webdriver
  • wdio-cli, wdio-config, wdio-local-runner, wdio-runner, wdio-types, webdriverio

🏠 Internal

... (truncated)

Commits
  • 2a869e5 v9.0.1
  • 9576934 v9.0.0
  • a19519f feat(webdriverio): support (se/de)serialization of execute parameters (#13333)
  • b4cb9e5 chore(deps): bump inquirer from 9.3.6 to 10.1.8 (#13348)
  • 80779bb breaking(build): migrate to Esbuild for bundling (#13338)
  • 6376d1e fix(docs): change file name of license from LICENSE-MIT to just LICENSE
  • 9dbc8bf fix(webdriverio): remove ts compile issue
  • 4ffb3b9 fix(ci): revert inquirer update
  • 65412c2 chore(deps): bump inquirer from 9.3.2 to 10.0.1 (#13168)
  • 43868ec fix(@​wdio/types): define browser and element type to namespace
  • Additional commits viewable in compare view

Updates @wdio/local-runner from 8.40.2 to 9.0.1

Release notes

Sourced from @​wdio/local-runner's releases.

v9.0.1 (2024-08-15)

🐛 Bug Fix

Committers: 1

v9.0.0

💥 Breaking Change

  • wdio-cli, wdio-devtools-service, wdio-lighthouse-service, wdio-utils, webdriver, webdriverio
  • wdio-allure-reporter, wdio-appium-service, wdio-browser-runner, wdio-browserstack-service, wdio-cli, wdio-concise-reporter, wdio-config, wdio-cucumber-framework, wdio-devtools-service, wdio-firefox-profile-service, wdio-jasmine-framework, wdio-json-reporter, wdio-junit-reporter, wdio-local-runner, wdio-mocha-framework, wdio-reporter, wdio-runner, wdio-sauce-service, wdio-shared-store-service, wdio-spec-reporter, wdio-testingbot-service, wdio-types, wdio-utils, wdio-webdriver-mock-service, webdriver, webdriverio
  • @wdio/protocols

🚀 New Feature

🐛 Bug Fix

💅 Polish

  • webdriver
  • wdio-cli, wdio-config, wdio-local-runner, wdio-runner, wdio-types, webdriverio

🏠 Internal

... (truncated)

Changelog

Sourced from @​wdio/local-runner's changelog.

v9.0.1 (2024-08-15)

🐛 Bug Fix

Committers: 1

v9.0.0 (2024-08-15)

💥 Breaking Change

  • wdio-cli, wdio-devtools-service, wdio-lighthouse-service, wdio-utils, webdriver, webdriverio
  • wdio-allure-reporter, wdio-appium-service, wdio-browser-runner, wdio-browserstack-service, wdio-cli, wdio-concise-reporter, wdio-config, wdio-cucumber-framework, wdio-devtools-service, wdio-firefox-profile-service, wdio-jasmine-framework, wdio-json-reporter, wdio-junit-reporter, wdio-local-runner, wdio-mocha-framework, wdio-reporter, wdio-runner, wdio-sauce-service, wdio-shared-store-service, wdio-spec-reporter, wdio-testingbot-service, wdio-types, wdio-utils, wdio-webdriver-mock-service, webdriver, webdriverio
  • @wdio/protocols

🚀 New Feature

🐛 Bug Fix

💅 Polish

  • webdriver
  • wdio-cli, wdio-config, wdio-local-runner, wdio-runner, wdio-types, webdriverio

🏠 Internal

... (truncated)

Commits
  • 2a869e5 v9.0.1
  • 9576934 v9.0.0
  • a19519f feat(webdriverio): support (se/de)serialization of execute parameters (#13333)
  • 80779bb breaking(build): migrate to Esbuild for bundling (#13338)
  • c81171c chore(testing): update Vitest to v2
  • 6376d1e fix(docs): change file name of license from LICENSE-MIT to just LICENSE
  • 3a7b08e breaking(*): better type definitions for capabilities (#12987)
  • c18713b chore(@​wdio/local-runner): fix linting
  • 963ddb9 feat: replace ts-node with tsx, remove autoCompileOpts (#12752)
  • a46cea2 Support mocking interface for Bidi (#12598)
  • Additional commits viewable in compare view

Updates webdriverio from 8.40.2 to 9.0.1

Release notes

Sourced from webdriverio's releases.

v9.0.1 (2024-08-15)

🐛 Bug Fix

Committers: 1

v9.0.0

💥 Breaking Change

  • wdio-cli, wdio-devtools-service, wdio-lighthouse-service, wdio-utils, webdriver, webdriverio
  • wdio-allure-reporter, wdio-appium-service, wdio-browser-runner, wdio-browserstack-service, wdio-cli, wdio-concise-reporter, wdio-config, wdio-cucumber-framework, wdio-devtools-service, wdio-firefox-profile-service, wdio-jasmine-framework, wdio-json-reporter, wdio-junit-reporter, wdio-local-runner, wdio-mocha-framework, wdio-reporter, wdio-runner, wdio-sauce-service, wdio-shared-store-service, wdio-spec-reporter, wdio-testingbot-service, wdio-types, wdio-utils, wdio-webdriver-mock-service, webdriver, webdriverio
  • @wdio/protocols

🚀 New Feature

🐛 Bug Fix

💅 Polish

  • webdriver
  • wdio-cli, wdio-config, wdio-local-runner, wdio-runner, wdio-types, webdriverio

🏠 Internal

... (truncated)

Changelog

Sourced from webdriverio's changelog.

v9.0.1 (2024-08-15)

🐛 Bug Fix

Committers: 1

v9.0.0 (2024-08-15)

💥 Breaking Change

  • wdio-cli, wdio-devtools-service, wdio-lighthouse-service, wdio-utils, webdriver, webdriverio
  • wdio-allure-reporter, wdio-appium-service, wdio-browser-runner, wdio-browserstack-service, wdio-cli, wdio-concise-reporter, wdio-config, wdio-cucumber-framework, wdio-devtools-service, wdio-firefox-profile-service, wdio-jasmine-framework, wdio-json-reporter, wdio-junit-reporter, wdio-local-runner, wdio-mocha-framework, wdio-reporter, wdio-runner, wdio-sauce-service, wdio-shared-store-service, wdio-spec-reporter, wdio-testingbot-service, wdio-types, wdio-utils, wdio-webdriver-mock-service, webdriver, webdriverio
  • @wdio/protocols

🚀 New Feature

🐛 Bug Fix

  • wdio-appium-service

@dependabot dependabot bot added A-deps Area: Dependencies javascript Pull requests that update Javascript code labels Aug 16, 2024
@dependabot dependabot bot mentioned this pull request Aug 16, 2024
Closed
@danielhjacobs danielhjacobs mentioned this pull request Aug 16, 2024
Open
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 5857258 to 75b408f Compare August 16, 2024 15:15
@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 75b408f to 5680a02 Compare August 16, 2024 15:34
@torokati44
Copy link
Member

torokati44 commented Aug 16, 2024
edited
Loading

Added ChainablePromiseElement.getElement() calls manually due to API change.

@danielhjacobs
Copy link
Contributor

danielhjacobs commented Aug 16, 2024
edited
Loading

There's a lot more files that would need to be changed. A simpler way to fix this might be to change all the functions in https://github.com/ruffle-rs/ruffle/blob/master/web/packages/selfhosted/test/utils.ts that take a WebdriverIO.Element to take a ChainablePromiseElement, and then add a .getElement to the start of each of those functions.

@danielhjacobs
Copy link
Contributor

The other needed change is .getHTML(false); should now be .getHTML({"includeSelectorTag": false});. According to https://github.com/webdriverio/webdriverio/blob/e8ae5d8c577c514f571ae8760df43ea0a17ae7e3/packages/webdriverio/src/commands/element/getHTML.ts#L79, they intended backwards compatibility, but the type definitions don't actually lend themselves to that.

@danielhjacobs
Copy link
Contributor

danielhjacobs commented Aug 16, 2024
edited
Loading

Linux command for that change could maybe be this:

grep -rl 'getHTML(false' | xargs sed -i 's/getHTML(false/getHTML({"includeSelectorTag": false}/g'

@danielhjacobs
Copy link
Contributor

While we can change the code to use the new definitions for getHTML, I did open webdriverio/webdriverio#13378

@torokati44
Copy link
Member

Is it possible that the ChainablePromiseElement type is not exported? 🤔
I can't see it mentioned in the API reference, or in @wdio/types...

@danielhjacobs
Copy link
Contributor

danielhjacobs commented Aug 16, 2024
edited
Loading

You can use ChainablePromiseElement, it's not WebdriverIO.ChainablePromiseElement

https://github.com/webdriverio/webdriverio/blob/main/packages/webdriverio/src/types.ts#L70

@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 5680a02 to 7c52db6 Compare August 16, 2024 16:11
@danielhjacobs
Copy link
Contributor

wdio.conf.ts(218,5): error TS2353: Object literal may only specify known properties, and 'capabilities' does not exist in type 'Testrunner'.

We'll need to consult the documentation for this one. https://github.com/webdriverio/webdriverio/releases/tag/v9.0.0 does mention better type definitions for capabilities as a breaking change.

@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 7c52db6 to e59bcfa Compare August 16, 2024 16:39
@torokati44
Copy link
Member

We'll need to consult the documentation for this one. https://github.com/webdriverio/webdriverio/releases/tag/v9.0.0 does mention better type definitions for capabilities as a breaking change.

Yep, and all the examples I've seen for this use a plain object for config, but still with a capabilities key that is an array of objects...

@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch 2 times, most recently from bee03b9 to 8dc02c5 Compare August 16, 2024 17:02
@danielhjacobs
Copy link
Contributor

Errors seem to be:

Can't transform classic selector tag name to Bidi selector

@danielhjacobs
Copy link
Contributor

Technically, ruffle-player is a valid CSS selector, not <ruffle-player>, so maybe that's the issue. Totally untested though.

@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 8dc02c5 to 35becf4 Compare August 16, 2024 18:09
@torokati44
Copy link
Member

Let's try that!

@danielhjacobs
Copy link
Contributor

danielhjacobs commented Aug 16, 2024
edited
Loading

Note: If that's the issue, the same will be true of <ruffle-object /> and <ruffle-embed /> and <ruffle-object>

@danielhjacobs
Copy link
Contributor

danielhjacobs commented Aug 16, 2024
edited
Loading

Nah, the error seems unrelated to that: https://github.com/ruffle-rs/ruffle/actions/runs/10424284257/job/28872786614?pr=17539#step:11:16287:

message: 'no such element: Unable to locate element: {"method":"tag name","selector":"ruffle-object"}

I also tried these commands locally:

cd web/packages/selfhosted/test/

grep -rl '<ruffle-object />' | xargs sed -i 's/<ruffle-object \/>/ruffle-object/g'

grep -rl '<ruffle-embed />' | xargs sed -i 's/<ruffle-embed \/>/ruffle-embed/g'

grep -rl '<ruffle-object>' | xargs sed -i 's/<ruffle-object>/ruffle-object/g'

After that, I tested this locally with this command:

npm run wdio --headless --chrome

I still got errors.

@danielhjacobs
Copy link
Contributor

Actually, my errors are as follows:

[chrome-headless-shell 127.0.6533.119 linux #0-40] AssertionError: expected { error: { …(5) } } to deeply equal [ 'test' ]
[chrome-headless-shell 127.0.6533.119 linux #0-40]     at Context.<anonymous> (/home/dj/work/rust/ruffle_source/ruffle/web/packages/selfhosted/test/integration_tests/external_interface/test.ts:251:32)
[chrome-headless-shell 127.0.6533.119 linux #0-40]
[chrome-headless-shell 127.0.6533.119 linux #0-40] 4) ExternalInterface supports calling a method that doesn't exist
[chrome-headless-shell 127.0.6533.119 linux #0-40] expected 'callMethodWithDelay called with 2 arg…' to deeply equal 'callMethodWithDelay called with 1 arg…'

Which is different to the current errors.

@danielhjacobs
Copy link
Contributor

danielhjacobs commented Aug 16, 2024
edited
Loading

Required commands:

cd web/packages/selfhosted/test/

grep -rl '<ruffle-object />' | xargs sed -i 's/<ruffle-object \/>/ruffle-object/g'

grep -rl '<ruffle-embed />' | xargs sed -i 's/<ruffle-embed \/>/ruffle-embed/g'

grep -rl '<ruffle-object>' | xargs sed -i 's/<ruffle-object>/ruffle-object/g'

grep -rl '<div />' | xargs sed -i 's/<div \/>/div/g'

grep -rl 'includeSelectorTag: false' | xargs sed -i 's/includeSelectorTag: false/includeSelectorTag: false, pierceShadowRoot: false/g'

npm run format

Even then, some things still need updates.

@danielhjacobs
Copy link
Contributor

danielhjacobs commented Aug 16, 2024
edited
Loading

These are the failing files after those changes.

@danielhjacobs danielhjacobs force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 94770db to a067ead Compare August 16, 2024 20:50
@torokati44 torokati44 mentioned this pull request Aug 19, 2024
Merged
This was referenced Sep 30, 2024
Closed
Closed
Closed
@danielhjacobs danielhjacobs force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch 7 times, most recently from 8a94ccc to 7fc9598 Compare September 30, 2024 16:16
@torokati44 torokati44 mentioned this pull request Oct 1, 2024
Closed
@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch 2 times, most recently from 7317fc5 to 165c569 Compare October 10, 2024 00:15
@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 592fdaa to b168fda Compare October 10, 2024 14:16
@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch 2 times, most recently from 840af5f to 51f9f82 Compare October 11, 2024 10:41
@torokati44
Copy link
Member

torokati44 commented Oct 11, 2024
edited
Loading

We're down to one unresolved upstream issue, with a workaround for it in a single commit that should be easily revertable later, affecting just 4 2 tests.

@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 51f9f82 to 71206eb Compare October 13, 2024 18:46
This was referenced Oct 14, 2024
Closed
Closed
Closed
@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 71206eb to 8569a83 Compare October 14, 2024 10:47
torokati44 and others added 2 commits October 14, 2024 17:05
@torokati44
build(deps): bump ws, @wdio/browserstack-service, @wdio/cli, @wdio/lo…
de8b3f1 
…cal-runner and webdriverio

Plus manual changes:
 - Follow getHTML() API change.
 - Take ChainablePromiseElement in utils.ts functions.
 - Make config typeless.
 - Use switchFrame instead of switchToFrame.
@danielhjacobs @torokati44
web: Work around webdriverio frame-switching bug with selectors
c00bffc
@torokati44 torokati44 force-pushed the dependabot/npm_and_yarn/web/multi-4318a9323b branch from 2cb3e47 to c00bffc Compare October 14, 2024 15:06
@danielhjacobs
Copy link
Contributor

Note: This is now waiting on a fix for webdriverio/webdriverio#13763

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@torokati44 torokati44 torokati44 left review comments

@danielhjacobs danielhjacobs danielhjacobs left review comments

Assignees
No one assigned
Labels
A-deps Area: Dependencies javascript Pull requests that update Javascript code T-chore Type: Chore (like updating a dependency, it's gotta be done)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@torokati44 @danielhjacobs @Dinnerbone