cypress-io / request Goto Github PK
View Code? Open in Web Editor NEWThis project forked from request/request
ππΎ Simplified HTTP request client.
License: Apache License 2.0
This project forked from request/request
ππΎ Simplified HTTP request client.
License: Apache License 2.0
Being a fork of the original request
package, @cypress/request
is vulnerable to CVE-2023-28155 (SSRF via insecure redirects). There is an issue and an open PR in the request
repo, but the fix is unlikely to be merged since request
is long abandoned. This fork is the second most popular fork, it would be great to have it patched.
The CircleCI workflow .circleci/config.yml produces a warning on the CircleCI pipeline when run.
The warning is
"Youβre using a deprecated Docker convenience image. Upgrade to a next-gen Docker convenience image."
The posting (deprecated Docker convenience image) from August 2021 says:
"Moving from a legacy to next-gen image requires a change to the namespace. All legacy images have a Docker namespace of circleci
, while next-gen images have a Docker namespace of cimg
."
The outdated workflow lines of code are:
Lines 3 to 5 in 3c458f1
Apart from circleci/node:14
being a deprecated CircleCI Docker image, it is also using Node.js 14
which entered end-of-life on April 30, 2023.
Update the CircleCI workflow .circleci/config.yml to use a supported CircleCI Docker image which uses a supported version of Node.js.
When @cypress/[email protected]
is installed with Yarn Classic, then the following deprecation notice is output:
warning @cypress/request > [email protected]: when using stringify with arrayFormat comma,
[]
is appended on single-item arrays. Upgrade to v6.11.0 or downgrade to v6.10.4 to fix.
The deprecation notice is not displayed if npm or pnpm is used to install @cypress/[email protected]
. This is because these other package managers prefer non-deprecated versions to deprecated versions and therefore they select the alternative, non-deprecated, [email protected]
version instead of selecting the deprecated [email protected]
version.
yarn add @cypress/request
When @cypress/request
is installed using Yarn, then no deprecation notice should be displayed.
The warning suggests:
Upgrade to v6.11.0 or downgrade to v6.10.4 to fix.
see qs
CHANGELOG
software | version |
---|---|
@cypress/request | 3.0.0 |
node | v18.16.1 |
npm | n/a |
Yarn | 1.22.19 |
Operating System | Ubuntu 22.04.3 LTS |
$ yarn add @cypress/request
yarn add v1.22.19
info No lockfile found.
[1/4] Resolving packages...
warning @cypress/request > [email protected]: when using stringify with arrayFormat comma, `[]` is appended on single-item arrays. Upgrade to v6.11.0 or downgrade to v6.10.4 to fix.
[2/4] Fetching packages...
[3/4] Linking dependencies...
[4/4] Building fresh packages...
success Saved lockfile.
success Saved 47 new dependencies.
info Direct dependencies
ββ @cypress/[email protected]
info All dependencies
ββ @cypress/[email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
ββ [email protected]
Done in 1.60s.
cypress-io/request
is configured with
"qs": "~6.10.3"
Line 43 in 99338c8
npm view [email protected]
shows the deprecation notice
$ npm view [email protected]
[email protected] | BSD-3-Clause | deps: 1 | versions: 108
A querystring parser that supports nesting and arrays, with a depth limit
https://github.com/ljharb/qs
DEPRECATED β οΈ - when using stringify with arrayFormat comma, `[]` is appended on single-item arrays. Upgrade to v6.11.0 or downgrade to v6.10.4 to fix.
This is a deprecation notice, not a vulnerability warning. There are currently no vulnerabilities detected in @cypress/request
:
$ yarn audit
yarn audit v1.22.19
0 vulnerabilities found - Packages audited: 52
Done in 0.36s.
The version of the qs package in use is 6.5.2, which is not the latest and is vulnerable to CVE-2021-44907
This should be updated to 6.10.3 (at time of writing latest version). The main cypress release should then also be updated to include this new release of request.
https://nvd.nist.gov/vuln/detail/CVE-2021-44907
https://github.com/ljharb/qs/releases/tag/v6.10.3
Package:
https://github.com/cypress-io/request/blob/master/package.json
https://nvd.nist.gov/vuln/detail/CVE-2021-44907
Upgrade qs package
request({
method: 'GET',
url: 'http://example.com', // a public URL that we can hit to reproduce, if possible
more: { 'options': 'here' }
},
software | version |
---|---|
request | |
node | |
npm | |
Operating System |
This vulnerability revealed by snyk
Keep an eye on this PR which fixes the dependency and upgrade accordingly.
Using old crypto and causing firewall to block all of cypress due to this dependency.
Please see the sonar explanation below (specifically root cause).
You can see the 2 year old use of SHA1 all throughout that lib\oauth.js
file.
The request package is vulnerable to Weak Authentication Algorithm. The function function in oauth.js uses SHA-1 for authentication which is no longer considered cryptographically secure. With enough resources an attacker might be able to crack the authentication mechanism and cause security attacks.
The application is vulnerable by using this component.
There is no non vulnerable version of this component/package. We recommend investigating alternative components or a potential mitigating control.
request-2.88.5.tgz <= package/lib/oauth.js : [2.56.0 , )
karma
is a web server generally used for tests, and it's included along with a series of helpers. However, it does not seem to be really used. It's not invoked from any script. Browser tests seem to be skipped.
Run git grep "karma start"
for instance. There might be other ways of checking it, but unless it's used internally (or was used), I don't see how it's checked nowadays.
It should be used, possibly for browser tests. It does not seem to have been substituted by anything else.
npm run test-browser
just skips the test.
Eliminate karma
and all browser tests, since they don't seem to be used at all. Alternatively, get it back to work...
karma*
introduce several vulnerabilities, and they're simply dead code, apparently. If it's not used, it's best to eliminate it.
Many packages seem to be a few majors behind their current release; karma
is an example.
I found this while doing npm uninstall har-validator
which effectively does not seem to be used. This revealed a karma*
conflict, which revealed several vulnerabilities when upgrading:
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE package: '[email protected]',
npm WARN EBADENGINE required: { node: '0.10 || 0.12 || 4 || 5 || 6' },
npm WARN EBADENGINE current: { node: 'v16.2.0', npm: '7.19.1' }
npm WARN EBADENGINE }
npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated [email protected]: this library is no longer supported
npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated [email protected]: The sprintf package is deprecated in favor of sprintf-js.
npm WARN deprecated [email protected]: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated [email protected]: CircularJSON is in maintenance only, flatted is its successor.
npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies.
npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead.
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: this package is now deprecated
npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
npm WARN deprecated [email protected]: This module is no longer maintained, try this instead:
npm WARN deprecated npm i nyc
npm WARN deprecated Visit https://istanbul.js.org/integrations for other alternatives.
npm WARN deprecated [email protected]: https://about.codecov.io/blog/codecov-uploader-deprecation-plan/
npm WARN deprecated [email protected]: core-js@<3.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.
added 880 packages, and audited 883 packages in 60s
46 packages are looking for funding
run `npm fund` for details
36 vulnerabilities (2 low, 16 moderate, 9 high, 9 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
Even if it's not a production library in most modules, I would expect some maintenance updates.
Upgrade of all dependencies, and corresponding testing
This is causing deprecated warnings, as well as snyk alerts, up and down the line.
software | version |
---|---|
request | HEAD in master |
node | 16.8 |
npm | 8.0 |
Operating System | linux |
https://www.npmjs.com/package/har-validator
node version 16.13.0
npm version 8.1.0
master
branch failed. π¨I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.
You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. Iβm sure you can fix this πͺ.
Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.
Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master
branch. You can also manually restart the failed CI job that runs semantic-release.
If you are not sure how to resolve this, here are some links that can help you:
If those donβt help, or if this issue is reporting something you think isnβt right, you can always ask the humans behind semantic-release.
The npm token configured in the NPM_TOKEN
environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/
.
If you are using Two Factor Authentication for your account, set its level to "Authorization only" in your account settings. semantic-release cannot publish with the default "
Authorization and writes" level.
Please make sure to set the NPM_TOKEN
environment variable in your CI with the exact value of the npm token.
Good luck with your project β¨
Your semantic-release bot π¦π
When @cypress/request
is run in a Node.js 21.x
or 22.x
environment, a deprecation notice is output:
[DEP0040] DeprecationWarning: The
punycode
module is deprecated. Please use a userland alternative instead.
punycode
has been deprecated in Node.js since v7.0.0
. Starting with Node.js 21.x
the deprecation is actively announced at run-time (see nodejs/node#47202).
The linked deprecation notice contains the text:
"The version of the punycode
module bundled in Node.js is being deprecated. In a future major version of Node.js this module will be removed."
This poses a risk for the future use of @cypress/request
.
Create the following file as request_test.js
const request = require('@cypress/request');
request('https://github.com/cypress-io/request');
In a Node.js 22.x
environment, install @cypress/request
and execute with
node --trace-deprecation request_test.js
Alternatively execute the following in a clone of this repo:
npm install
export NODE_OPTIONS=--trace-deprecation
npm run test-ci
No deprecation warning should be produced when using @cypress/request
under Node.js 22.x
When Node.js v21.0.0
is used, then running the test produces a deprecation warning:
$ node --trace-deprecation request_test.js
(node:3952) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
at node:punycode:3:9
at BuiltinModule.compileForInternalLoader (node:internal/bootstrap/realm:397:7)
at BuiltinModule.compileForPublicLoader (node:internal/bootstrap/realm:333:10)
at loadBuiltinModule (node:internal/modules/helpers:101:7)
at Module._load (node:internal/modules/cjs/loader:1006:17)
at Module.require (node:internal/modules/cjs/loader:1237:19)
at require (node:internal/modules/helpers:176:18)
at Object.<anonymous> (/home/mike/github/request_test/node_modules/psl/index.js:5:16)
at Module._compile (node:internal/modules/cjs/loader:1378:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1437:10)
showing that [email protected] is the problematic call.
$ npm ls psl
βββ¬ @cypress/[email protected]
βββ¬ [email protected]
βββ [email protected]
The Node.js punycode deprecation notice contains hints on how to update to a supported environment. It seems that this will not be possible to implement for @cypress/request
without major changes.
punycode
is not used directly by @cypress/request
so the issue could only be solved by updating dependencies. Since [email protected] is already the latest version and codecov
has been deprecated. At first glance that would seem to block resolving the issue through simple version update of dependencies.
Some dependencies are proposed for update through PR #45, however this does not solve the issue. It would require quite some effort to dig into each of the dependencies to check their relationship with this issue.
The repo request/request from which @cypress/request
is forked, was already deprecated on Feb 11, 2020 and therefore there will be no resolution available from the upstream repo.
$ npm ls punycode
@cypress/[email protected]
βββ¬ [email protected]
β βββ [email protected]
β βββ¬ [email protected]
β βββ [email protected] deduped
βββ¬ [email protected]
β βββ¬ [email protected]
β βββ¬ [email protected]
β βββ [email protected] deduped
βββ¬ [email protected]
β βββ¬ [email protected]
β βββ¬ [email protected]
β β βββ¬ [email protected]
β β βββ¬ [email protected]
β β βββ [email protected]
β βββ¬ [email protected]
β βββ [email protected]
βββ¬ [email protected]
β βββ¬ [email protected]
β βββ¬ [email protected]
β βββ [email protected] deduped
βββ¬ [email protected]
β βββ¬ [email protected]
β β βββ¬ [email protected]
β β βββ [email protected]
β βββ¬ [email protected]
β βββ¬ [email protected]
β βββ [email protected]
βββ¬ [email protected]
βββ [email protected]
βββ¬ [email protected]
β βββ [email protected]
β βββ¬ [email protected]
β βββ [email protected] deduped
browserify current version is [email protected]
published 3 years ago.
βββ¬ [email protected]
β βββ¬ [email protected]
β βββ¬ [email protected]
β βββ [email protected] deduped
[email protected] is the latest version and the package has been deprecated.
βββ¬ [email protected]
β βββ¬ [email protected]
β βββ¬ [email protected]
β βββ [email protected] deduped
karma-browserify current version is [email protected] published 2 years ago.
https://nodejs.org/dist/latest-v21.x/docs/api/punycode.html#punycode
Since the version of the punycode
module bundled in Node.js is being deprecated and it will be removed in a future major version of Node.js, there is a risk that at some time in the future @cypress/request
will no longer work.
software | version |
---|---|
@cypress/request | 3.0.1 |
node | v21.0.0 v21.6.1 |
npm | 10.2.0 10.2.4 |
Operating System | Ubuntu 22.04.3 LTS |
Version:
@cypress/[email protected]
@cypress/[email protected]
@cypress/[email protected]
yarn install
yarn test
is successful for Node.js 18.16.1
and fails for 18.17.1
& 20.7.0
running on Ubuntu 22.04.3
LTS.
18.16.1
runs successfully (with some warnings), tested locally, on Node.js 18.16.1
:
Suites: β54 passedβ, β54 of 54 completedβ
Asserts: βββ1500 passedβ, βof 1500β
18.17.0
18.17.1
(LTS)fails tested locally, on Node.js 18.17.1
:
Suites: β1 failedβ, β53 passedβ, β54 of 54 completedβ
Asserts: βββ1 failedβ, β1478 passedβ, βof 1479β
20.5.0
, 20.5.1
20.6.1
20.7.0
fails tested locally, on Node.js 20.7.0
:
Suites: β2 failedβ, β52 passedβ, β54 of 54 completedβ
Asserts: βββ3 failedβ, β1480 passedβ, βof 1483β
Edit: Updated and retested with @cypress/[email protected]
Updated and retested with @cypress/[email protected]. Node.js 16
results removed, since this version is now end-of-life.
The GitHub Actions workflow .github/workflows/yarn.yaml fails when run.
1..54
# failed 1 of 54 tests
See job 15513946632
.github/workflows/yarn.yaml does not specify any particular version of Node.js to install and therefore runs against the default version Node.js 18.17.0
of the GitHub ubuntu-latest
(ubuntu-22.04) runner.
Hi,
I have cypress UI tests running successfully until few days ago when our authentication team has made a change that redirects the page twice, previously only once. This change has caused my tests to fail at cy.visit('/') with error
"We attempted to make an http request to this url but the request failed without a response
https://mybetawebsite/
We received this error at network level
Error: Exceeded maxRedirects. Probably stuck in a redirect loop https://mybetawebsite/redirect=signin&redirect=signin
at processRedirect (/private/var/folders/.........../Cypress.app/Contents/Resources/app/packages/server/node_modules/@cypress/request/lib/redirect.js:104:24..........."
When I asked them about this error, they told me to follow the redirect a second time.
"Just follow the same redirects a second time. You'll need to update your tests to follow the redirects a second time over."
I know cy.visit follows redirects (https://docs.cypress.io/api/commands/visit#Redirects) , but it does only once or multiple times?
Previously, when my tests were passing, I could see 302(redirection) at cy.visit (to different url for auth) and test used to continue and pass.
in my cypress.json, baseUrl: https://mybetawebsite/
How do I handle second redirect?
I have tried
1.increasing redirectionLimit in cypress.json (dinot work),
2. cy.intercept , but I cannot mention a url to redirect to because it is dynamic and comes from the another team
3. cypress retries ( i don't think this is the solution and it didnot work either)
the "if(self.redirectsFollowed >= self.maxRedirects)" in node_modules/@cypress/request/lib/redirect.js:104:24 is generating the issue. But how do I increase this maxRedirects
The request
package through 2.88.2 for Node.js and the @cypress/request
package through 2.88.11 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).
NOTE: The request
package is no longer supported by the maintainer.
The dependency on har-validator
was removed in #11, but it is still referenced at https://github.com/cypress-io/request/blob/master/lib/har.js#L5
Install cypress as a dependency using yarn
.
yarn
install succeeds.
yarn
install fails with an error similar to the following:
[5/5] Building fresh packages...
--
Β | error /var/www/node_modules/cypress: Command failed.
Β | Exit code: 1
Β | Command: node index.js --exec install
Β | Arguments:
Β | Directory: /var/www/node_modules/cypress
Β | Output:
Β | internal/modules/cjs/loader.js:905
Β | throw err;
Β | ^
Β | Β
Β | Error: Cannot find module 'har-validator'
Β | Require stack:
Β | - /var/www/node_modules/@cypress/request/lib/har.js
Β | - /var/www/node_modules/@cypress/request/request.js
Β | - /var/www/node_modules/@cypress/request/index.js
Β | - /var/www/node_modules/cypress/lib/tasks/download.js
Β | - /var/www/node_modules/cypress/lib/tasks/install.js
Β | - /var/www/node_modules/cypress/index.js
Β | at Function.Module._resolveFilename (internal/modules/cjs/loader.js:902:15)
Β | at Function.Module._load (internal/modules/cjs/loader.js:746:27)
Β | at Module.require (internal/modules/cjs/loader.js:974:19)
Β | at require (internal/modules/cjs/helpers.js:93:18)
Β | at Object.<anonymous> (/var/www/node_modules/@cypress/request/lib/har.js:5:16)
Β | at Module._compile (internal/modules/cjs/loader.js:1085:14)
Β | at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
Β | at Module.load (internal/modules/cjs/loader.js:950:32)
Β | at Function.Module._load (internal/modules/cjs/loader.js:790:12)
Β | at Module.require (internal/modules/cjs/loader.js:974:19)
Β | at require (internal/modules/cjs/helpers.js:93:18)
Β | at Object.<anonymous> (/var/www/node_modules/@cypress/request/request.js:23:11)
Β | at Module._compile (internal/modules/cjs/loader.js:1085:14)
Β | at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
Β | at Module.load (internal/modules/cjs/loader.js:950:32)
Β | at Function.Module._load (internal/modules/cjs/loader.js:790:12) {
Β | code: 'MODULE_NOT_FOUND',
Β | requireStack: [
Β | '/var/www/node_modules/@cypress/request/lib/har.js',
Β | '/var/www/node_modules/@cypress/request/request.js',
Β | '/var/www/node_modules/@cypress/request/index.js',
Β | '/var/www/node_modules/cypress/lib/tasks/download.js',
Β | '/var/www/node_modules/cypress/lib/tasks/install.js',
Β | '/var/www/node_modules/cypress/index.js'
Β | ]
Β | }
Reinstate har-validator
as a dependency until its references can be updated or removed.
software | version |
---|---|
request | |
node | 14.18.1 |
npm | N/A |
Operating System | macOS |
master
branch failed. π¨I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.
You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. Iβm sure you can fix this πͺ.
Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.
Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master
branch. You can also manually restart the failed CI job that runs semantic-release.
If you are not sure how to resolve this, here are some links that can help you:
If those donβt help, or if this issue is reporting something you think isnβt right, you can always ask the humans behind semantic-release.
semantic-release cannot push the version tag to the branch master
on the remote Git repository with URL https://[secure]@github.com/cypress-io/request.git
.
This can be caused by:
Good luck with your project β¨
Your semantic-release bot π¦π
Version:
npm install yarn@latest -g
git clone https://github.com/cypress-io/request
cd request
yarn install
node ./tests/test-form-data.js
fails for Node.js 20.8.0
20.12.1
running on Ubuntu 22.04.3
22.04.4
LTS.
The test succeeds with Node.js 18.18.1
18.20.1
LTS.
Other tests called by yarn test
succeed on Node.js 18.x
and 20.x
$ node ./tests/test-form-data.js
TAP version 13
# multipart formData
ok 1 should be truthy
ok 2 should be truthy
ok 3 should be truthy
ok 4 should be truthy
ok 5 should be truthy
ok 6 should be truthy
ok 7 should be truthy
ok 8 should be truthy
ok 9 should be truthy
ok 10 should be truthy
ok 11 should be truthy
ok 12 should be truthy
ok 13 should be truthy
ok 14 should be truthy
ok 15 should be truthy
ok 16 should be truthy
ok 17 should be truthy
ok 18 should be truthy
ok 19 should be equal
ok 20 should be equal
ok 21 should be equivalent
# multipart formData + JSON
ok 22 should be truthy
ok 23 should be truthy
ok 24 should be truthy
ok 25 should be truthy
ok 26 should be truthy
ok 27 should be truthy
ok 28 should be truthy
ok 29 should be truthy
ok 30 should be truthy
ok 31 should be truthy
ok 32 should be truthy
ok 33 should be truthy
ok 34 should be truthy
ok 35 should be truthy
ok 36 should be truthy
ok 37 should be truthy
ok 38 should be truthy
ok 39 should be truthy
ok 40 should be equal
ok 41 should be equal
ok 42 should be equivalent
# multipart formData + basic auth
ok 43 should be equal
not ok 44 should be equal
---
operator: equal
expected: 200
actual: 400
at: Request._callback (/home/mike/github/cypress-io/request/tests/test-form-data.js:114:9)
stack: |-
Error: should be equal
at Test.assert [as _assert] (/home/mike/github/cypress-io/request/node_modules/tape/lib/test.js:443:48)
at Test.bound [as _assert] (/home/mike/github/cypress-io/request/node_modules/tape/lib/test.js:89:17)
at Test.equal (/home/mike/github/cypress-io/request/node_modules/tape/lib/test.js:604:7)
at Test.bound [as equal] (/home/mike/github/cypress-io/request/node_modules/tape/lib/test.js:89:17)
at Request._callback (/home/mike/github/cypress-io/request/tests/test-form-data.js:114:9)
at self.callback (/home/mike/github/cypress-io/request/request.js:183:22)
at Request.emit (node:events:514:28)
at Request.<anonymous> (/home/mike/github/cypress-io/request/request.js:1156:10)
at Request.emit (node:events:514:28)
at IncomingMessage.<anonymous> (/home/mike/github/cypress-io/request/request.js:1070:12)
...
not ok 45 should be equivalent
---
operator: deepEqual
expected: 'done'
actual: ''
at: Request._callback (/home/mike/github/cypress-io/request/tests/test-form-data.js:115:9)
stack: |-
Error: should be equivalent
at Test.assert [as _assert] (/home/mike/github/cypress-io/request/node_modules/tape/lib/test.js:443:48)
at Test.bound [as _assert] (/home/mike/github/cypress-io/request/node_modules/tape/lib/test.js:89:17)
at Test.tapeDeepEqual (/home/mike/github/cypress-io/request/node_modules/tape/lib/test.js:641:7)
at Test.bound [as deepEqual] (/home/mike/github/cypress-io/request/node_modules/tape/lib/test.js:89:17)
at Request._callback (/home/mike/github/cypress-io/request/tests/test-form-data.js:115:9)
at self.callback (/home/mike/github/cypress-io/request/request.js:183:22)
at Request.emit (node:events:514:28)
at Request.<anonymous> (/home/mike/github/cypress-io/request/request.js:1156:10)
at Request.emit (node:events:514:28)
at IncomingMessage.<anonymous> (/home/mike/github/cypress-io/request/request.js:1070:12)
...
1..45
# tests 45
# pass 43
# fail 2
The version of tough-cookie
package in use is 2.5.0, which is old version and is vulnerable to CVE-2023-26136
This should be updated to 4.1.3 (or higher). The main cypress release should then also be updated to include this new release of request.
https://www.cve.org/CVERecord?id=CVE-2023-26136
Package:
https://github.com/cypress-io/request/blob/master/package.json
https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.