search

FRSOURCE / cypress-plugin-visual-regression-diff

Perform visual regression test with a nice GUI as help. 💅 Only for Cypress!
MIT License
167 stars 22 forks source link

v4 and migration to Cypress 13 #316

Open FRSgit opened 1 month ago

FRSgit commented 1 month ago

Hello again everyone! 👋

Sorry for being away for a while - I had simply not time to keep the library in a shape that I'd like it to be. My apologies!

As a part of repo cleaning up process, I'd started migration to Cypress 13. But because it's a release that drops support for Node@12 (so introducing a breaking change) - we need to raise the major number of this library as well.

To do a proper "major" release I've figure it'll be a good time to take care of some long-staging issues & PRs before releasing v4. I'll try to handle them in upcoming days, so bear with me for little more time! All changes will land firstly to the branch feat/release-4.0.0 - you can keep track of code changes there.

List of PRs/issues/discussions that need to be handled before v4 release:

List of postponed issues

geroyche commented 1 month ago

could you please do a patch release for v3 in the meantime? 3.3.10 has sharp version pinned which has a known CVE. in your repo the bots already took care of the update.

npm audits solution would be to downgrade your plugin...

git:(main) ✗ npm audit
# npm audit report

sharp  <0.32.6
Severity: high
sharp vulnerability in libwebp dependency CVE-2023-4863 - https://github.com/advisories/GHSA-54xq-cgqr-rpm3
fix available via `npm audit fix --force`
Will install @frsource/cypress-plugin-visual-regression-diff@1.4.0, which is a breaking change
node_modules/sharp
  @frsource/cypress-plugin-visual-regression-diff  >=1.5.0
  Depends on vulnerable versions of sharp
  node_modules/@frsource/cypress-plugin-visual-regression-diff

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force