deprecated `qs@6.10.5` dependency of `@cypress/request` not reverted to `qs@6.10.4`

[MikeMcC399]

Current behavior

If a yarn.lock was generated before the release of @cypress/request@3.0.1 on Sept 6, 2023 it is possible for an installation of Cypress to continue to hold the deprecated qs@6.10.5 version instead of reverting to the supported qs@6.10.4 version.

• See also https://github.com/cypress-io/cypress/issues/27644#issuecomment-1711976935.

Desired behavior

Any installation of cypress@13.0.0 or later should cause the non-deprecated version qs@6.10.4, as a dependency of @cypress/request, to be installed. This should be independent of the previous history of installation according to any existing node_modules directory or package manager lock file.

It should not be necessary to uninstall Cypress and reinstall it in order to reach a supported configuration.

Test code to reproduce

npm install yarn@latest -g
git clone https://github.com/cypress-io/github-action
git checkout cdb79e380ec33758c5c7436e67a84243e1302c90
cd github-action/examples/yarn-classic
git clean -xfd
yarn install --frozen-lockfile
yarn add cypress@latest -D
yarn list --pattern qs

Cypress Version

13.13.0

Node version

v20.15.1 LTS

Operating System

Ubuntu 22.04.4 LTS

Debug Logs

$ yarn list --pattern qs
yarn list v1.22.22
└─ qs@6.10.5

$ yarn list --pattern cypress
yarn list v1.22.22
├─ @cypress/request@3.0.0
├─ @cypress/xvfb@1.2.4
└─ cypress@13.13.0

Other

Suggestion

In https://github.com/cypress-io/cypress/blob/develop/cli/package.json

https://github.com/cypress-io/cypress/blob/cbbc8ee21beea08ce0e347f9bb2e95da83b9849d/cli/package.json#L23

bump to "@cypress/request": "^3.0.1"

[MikeMcC399]

I will submit a PR to resolve this issue

[MikeMcC399]

• PR submitted to resolve this issue https://github.com/cypress-io/cypress/pull/29864

[cypress-bot[bot]]

Released in 13.13.2.

This comment thread has been locked. If you are still experiencing this issue after upgrading to Cypress v13.13.2, please open a new issue.