search

brianlovin / security-checklist

A checklist for staying safe on the internet
https://brianlovin.com/security
MIT License
923 stars 76 forks source link

Bump cypress from 4.5.0 to 4.6.0 #528

Closed dependabot-preview[bot] closed 4 years ago

dependabot-preview[bot] commented 4 years ago

Bumps cypress from 4.5.0 to 4.6.0.

Release notes

Sourced from cypress's releases.

4.6.0

Released 5/20/2020

Features:

  • Errors in the Test Runner now display a code frame to preview where the failure occurred with the relevant file, line number, and column number highlighted. Clicking on the file link will open the file in your preferred file opener and highlight the line and column in editors that support it. Addresses #3762.
  • Cypress now utilizes source maps to enhance the error experience. Stack traces are translated so that your source files are shown instead of the generated file that is loaded by the browser. Cypress will include an inline source map in your spec file. If you modify the preprocessor, ensure that inline source maps are enabled to get the same experience. Users of @cypress/webpack-preprocessor should upgrade to v5.4.1 or later of the package which will correctly inline source maps. Addresses #881, #1761 and #3966.
  • Cypress now enables AST-based JS/HTML rewriting when setting the experimentalSourceRewriting configuration option to true. Addresses #5273.
  • Number arguments passed to have.text, have.id, have.data, have.value, and have.attr assertions chainers are now automatically cast to strings for comparison. Addresses #7314.

Bugfixes:

  • Default TypeScript options are now set to module: commonJS which Node.js and the browser expect. This fixes a situation where setting a different module in a tsconfig.json would cause errors to throw if you had export, import or async keywords in your code. Fixes #7005, #7011, #7043, and #7151.
  • When experimentalSourceRewriting is enabled, setting location or location.href to a relative href, or using location.replace or location.assign with a relative href will no longer navigate the AUT to the wrong URL. Fixes #3975 and #3994.
  • When experimentalSourceRewriting is enabled, the use of window.top and window.parent will no longer cause the AUT to break out of the Cypress iframe. Fixes #5271 and #1467.
  • When experimentalSourceRewriting is enabled, calls to window.frames, window.parent.frames, and other frames will no longer point to the wrong reference after being proxied through Cypress. Fixes #2664.
  • When experimentalSourceRewriting is enabled, scripts using the integrity attribute for sub-resource integrity (SRI) will now load after being proxied through Cypress. Fixes #2393.
  • When experimentalSourceRewriting is enabled, the use of document.location to set the URL will no longer navigate the AUT to the wrong URL. Fixes #7402.
  • Type definitions will no longer conflict when running Cypress in a project with Jest. Fixes #3536.
  • We increased the timeout for launching Firefox from 2.5 seconds to 50 seconds. Previously, users hitting this limit would encounter a "cannot open socket" error; now, the error will be wrapped. Fixes #7159.
  • .click will now click in the correct coordinates when either x or y coordinate options are zero. Fixes #7319.
  • Cypress no longer displays onError is not a function when a browser can't connect. Fixes #7217.
  • You can now pass the force: true option to .select() to select options within a disabled <select>. Addresses #107.
  • We now throw an error when attempting to .select() an <option> within a disabled <optgroup>. Fixes #7226.
  • We fixed a regression in 4.3.0 where the message output during errors were not formatted correctly. Fixes #6924.
  • Using Cypress._.capitalize now correctly behaves the same as Lodash's capitalize method. Fixes #7222.
  • When experimentalComponentTesting is enabled, clicking on a component spec now watches the correct file without assuming it is an integration file. Fixes #7244.
  • Firefox video recording no longer crashes Cypress when running very short spec files. Fixes #6408.
  • Applications containing a DOM element with an id attribute containing 'jquery' will no longer throw an error during cy.visit(). Fixes #6193.
  • Long errors generated when compiling or bundling the test file are now horizontally scrollable. Fixes #6898.

Misc:

  • Cypress no longer requires write access to the root of the project, it instead will display a warning when no write access is given. Addresses #1281.
  • We increased the timeout for launching Chrome from 20 seconds to 50 seconds. Addressed in #7372.
  • We increased the timeout for macOS or Linux to exit from a --version command when looking for available browsers from 5 seconds to 30 seconds. Addressed in #7366.
  • We improved error handling when Cypress launches Chromium-family browsers. Addresses #6518.
  • We now export Cypress.ConfigOptions types as a partial of the full options interface. Addresses #7238.
  • We're continuing to make progress in converting our codebase from CoffeeScript to JavaScript. Addresses #2690 in #7162, #7216, #7227, #7320, #7232, and #7345.

Dependency Updates:

  • Upgraded @cypress/browserify-preprocessor from 2.2.2 to 2.2.3. Addressed in #7291.
  • Upgraded cookie-parser from 1.4.4 to 1.4.5. Addressed in #7389.
  • Upgraded cypress-multi-reporters from 1.2.4 to 1.4.0. Addressed in #7431.
  • Upgraded electron from 8.2.3 to 8.3.0. Addressed in #7236 and #7387.
  • Upgraded image-size from 0.7.4 to 0.8.3. Addressed in #7236.
  • Upgraded jimp from 0.9.3 to 0.12.0. Addressed in #7408.
  • Upgraded return-deep-diff from 0.3.0 to 0.4.0. Addressed in #7292.
Commits
  • 83856c3 release 4.6.0 [skip ci]
  • 68ec0bb chore(deps): Update dependency cypress-multi-reporters to version 1.4.0 🌟 (#7...
  • 208b01c Add note to contributing about yarn bug + instructions for adding on links (#...
  • a3fbab0 Handle webpack protocol file opening (#7296)
  • 82fcae5 chore(tests): only run 1 e2e test with forced SameSite support (#7399)
  • 96c551c fix(rewriter): rewrite accesses to document.location (#7418)
  • 4d5c308 Fix long error in the app iframe cannot be fully scrolled (#7203)
  • 5299e83 Fix flaky internal test: e2e domain passes [firefox] (#7410)
  • 8b4ded8 fix(deps): Update dependency image-size to version 0.8.3 🌟 (#7408)
  • b43fd10 cast numbers to strings when accessing assertions which always yield string s...
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If all status checks pass Dependabot will automatically merge this pull request.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Pull request limits (per update run and/or open at any time) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired)
vercel[bot] commented 4 years ago

This pull request is being automatically deployed with Vercel (learn more). To see the status of your deployment, click below or on the icon next to each commit.

πŸ” Inspect: https://vercel.com/brianlovin/security-checklist/pce5chwah βœ… Preview: https://security-checklist-git-dependabot-npmandyarncypress-460.brianlovin.now.sh