Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(*): Update dependency @simonsmith/cypress-image-snapshot to v8 [SECURITY] #3049

Merged
merged 4 commits into from
Dec 31, 2024
Merged

chore(*): Update dependency @simonsmith/cypress-image-snapshot to v8 [SECURITY] #3049

merged 4 commits into from
Dec 31, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 6, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@simonsmith/cypress-image-snapshot 6.1.1 -> 8.0.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-38695

Impact

It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example:

  cy.get('h1').matchImageSnapshot('../../../ignore-relative-dirs')

The above will create an ignore-relative-dirs.png three levels up

Patches

Fixed in 8.0.2

Workarounds

Validate all the existing uses of matchImageSnapshot to ensure correct use of the filename argument. Example:

    // snapshot name will be the test title
    cy.matchImageSnapshot();

    // snapshot name will be the name passed in
    cy.matchImageSnapshot('login');

References

https://github.com/simonsmith/cypress-image-snapshot/issues/15

Release Notes

simonsmith/cypress-image-snapshot (@​simonsmith/cypress-image-snapshot)

v8.0.2

Compare Source

Bug Fixes

v8.0.1

Compare Source

Bug Fixes
  • rename e2eSpecFolder -> e2eSpecDir (106af6c)

v8.0.0

Compare Source

Bug Fixes
  • requireSnapshots should work with retries (ebfc8be)
Features
  • normalise directory output for snapshots (1939e25)
BREAKING CHANGES
  • This uses the Cypress.spec.relative option to
    generate the snapshot directory and changes the folder structure.

It should now match the directory structure found in the cypress/e2e/
directory

Updating to this change may mean committing new snapshot paths and
removing old ones in your project (especially with component testing)

See the section "Snapshot paths" in the README for more information

v7.0.0

Compare Source

Bug Fixes
Features
  • add recording of snapshot result (488ae4b)
  • add semantic release (b1b063b)
  • allow default options to be passed into addMatchImageSnapshotCommand (405afcb)
BREAKING CHANGES
  • removed fork of original package

This is a rewrite of the original library, now with full support for
TypeScript and improved testing.

Notes:

  • The API for matchImageSnapshot remains the same, as well as all the
    import paths
  • The behavior of the plugin is exactly the same, as are the default
    options

TypeScript types are exported under @simonsmith/cypress-image-snapshot/types.
These should be used instead of the package on DefinitelyTyped

Removed:

  • The reporter is not supported in this version.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies ready-to-be-merged Allow Mergify to merge this PR labels Aug 6, 2024
@Liu233w
Copy link
Owner

Liu233w commented Dec 29, 2024

@Mergifyio rebase

@mergify Mergify
Copy link
Contributor

mergify bot commented Dec 29, 2024

rebase

✅ Branch has been successfully rebased

@Liu233w Liu233w force-pushed the renovate/npm-simonsmith-cypress-image-snapshot-vulnerability branch from c9c39b8 to abd887f Compare December 29, 2024 05:24
@Liu233w
Copy link
Owner

Liu233w commented Dec 29, 2024

@Mergifyio rebase

@mergify Mergify
Copy link
Contributor

mergify bot commented Dec 29, 2024

rebase

✅ Branch has been successfully rebased

@Liu233w Liu233w force-pushed the renovate/npm-simonsmith-cypress-image-snapshot-vulnerability branch from abd887f to 2830751 Compare December 29, 2024 10:34
@renovate renovate bot force-pushed the renovate/npm-simonsmith-cypress-image-snapshot-vulnerability branch from 2830751 to 2295f7d Compare December 30, 2024 03:37
@Liu233w
build(e2e): update docker compose exe
03604fe 
The workflow of e2e tests are not updated. docker-compose -> docker compose
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Dec 31, 2024

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@Liu233w
test(e2e): drop the image snapshot reporter
7ee1118 
It is dropped in the newest version.
@Liu233w
Copy link
Owner

Liu233w commented Dec 31, 2024

/update-e2e-snapshot

@Liu233w Liu233w removed the ready-to-be-merged Allow Mergify to merge this PR label Dec 31, 2024
@github-actions GitHub Actions
Copy link

Update E2E Snapshot Triggered!
Address: https://github.com/Liu233w/acm-statistics/actions/runs/12554579831

@cypress Cypress
Copy link

cypress bot commented Dec 31, 2024
edited
Loading

acm-statistics    Run #7732

Run Properties:  status check passed Passed #7732  •  git commit 6e44246c2f: null
Project acm-statistics
Branch Review refs/heads/renovate/npm-simonsmith-cypress-image-snapshot-vulnerability
Run status status check passed Passed #7732
Run duration 06m 22s
Commit git commit 6e44246c2f: null
Committer null
View all properties for this run ↗︎
Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 0
Tests that did not run due to a developer annotating a test with .skip  Pending 1
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 54
View all changes introduced in this branch ↗︎

@Liu233w
test(e2e): update snapshot
6e44246 
Move the snapshots.

After upgrading the plugin, the snapshots are in another location.
@Liu233w Liu233w force-pushed the renovate/npm-simonsmith-cypress-image-snapshot-vulnerability branch from df69106 to 6e44246 Compare December 31, 2024 04:36
@Liu233w Liu233w added the ready-to-be-merged Allow Mergify to merge this PR label Dec 31, 2024
@mergify mergify bot merged commit 097f4a0 into master Dec 31, 2024
22 checks passed
@mergify mergify bot deleted the renovate/npm-simonsmith-cypress-image-snapshot-vulnerability branch December 31, 2024 05:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies ready-to-be-merged Allow Mergify to merge this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Liu233w