chore(deps): update dependency codeceptjs to v3.7.5 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
codeceptjs (source)	3.7.3 -> 3.7.5

GitHub Vulnerability Alerts

CVE-2025-57285

CodeceptJS versions 3.5.0 through 3.7.5-beta.18 contain a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.

---

Release Notes

Codeception/codeceptjs (codeceptjs)

v3.7.5

Compare Source

❤️ Thanks all to those who contributed to make this release! ❤️

v3.7.4

Compare Source

❤️ Thanks all to those who contributed to make this release! ❤️

🛩️ Features

• Test Suite Shuffling: Randomize test execution order to discover test dependencies and improve test isolation (#​5051) - by @​NivYarmus

  # Shuffle tests to find order-dependent failures using lodash.shuffle algorithm
  npx codeceptjs run --shuffle
  
  # Combined with grep and other options
  npx codeceptjs run --shuffle --grep "@​smoke" --steps

• Enhanced Interactive Debugging: Better logging for I.grab* methods in live interactive mode for clearer debugging output (#​4986) - by @​owenizedd

  // Interactive pause() now shows detailed grab results with JSON formatting
  I.amOnPage('/checkout')
  pause()  // Interactive shell started
  > I.grabTextFrom('.price')
  Result $res= "Grabbed text: $29.99"  // Pretty-printed JSON output
  > I.grabValueFrom('input[name="email"]')
  {"value":"[email protected]"}  // Structured JSON response

  🐛 Bug Fixes

• Playwright Session Traces: Fixed trace file naming convention and improved error handling for multi-session test scenarios (#​5073) - by @​julien-ft-64 @​kobenguyent

  // Example outputs:
  // - a1b2c3d4-e5f6_checkout_login_test.failed.zip
  // - b2c3d4e5-f6g7_admin_dashboard_test.failed.zip

  Trace files use UUID prefixes with sessionName_testTitle.status.zip format

• Worker Data Injection: Resolved proxy object serialization preventing data sharing between parallel test workers (#​5072) - by @​kobenguyent

  // Fixed: Complex objects can now be properly shared and injected between workers
  // Bootstrap data sharing in codecept.conf.js:
  exports.config = {
    bootstrap() {
      share({
        userData: { id: 123, preferences: { theme: 'dark' } },
        apiConfig: { baseUrl: 'https://api.test.com', timeout: 5000 },
      })
    },
  }
  
  // In tests across different workers:
  const testData = inject()
  console.log(testData.userData.preferences.theme) // 'dark' - deep nesting works
  console.log(Object.keys(testData)) // ['userData', 'apiConfig'] - key enumeration works
  
  // Dynamic sharing during test execution:
  share({ newData: 'shared across workers' })

• Hook Exit Codes: Fixed improper exit codes when test hooks fail, ensuring CI/CD pipelines properly detect failures (#​5058) - by @​kobenguyent

  # Before: Exit code 0 even when beforeEach/afterEach failed
  # After: Exit code 1 when any hook fails, properly failing CI builds

• TypeScript Effects Support: Added complete TypeScript definitions for effects functionality (#​5027) - by @​kobenguyent

  // Import effects with full TypeScript type definitions
  import { tryTo, retryTo, within } from 'codeceptjs/effects'
  
  // tryTo returns Promise<boolean> for conditional actions
  const success: boolean = await tryTo(async () => {
    await I.see('Cookie banner')
    await I.click('Accept')
  })
  
  // retryTo with typed parameters for reliability
  await retryTo(() => {
    I.click('Submit')
    I.see('Success')
  }, 3) // retry up to 3 times

  Note: Replaces deprecated global plugins - import from 'codeceptjs/effects' module

• Mochawesome Screenshot Uniqueness: Fixed screenshot naming to prevent test failures from being overwritten when multiple tests run at the same time (#​4959) - by @​Lando1n

  // Problem: When tests run in parallel, screenshots had identical names
  // This caused later test screenshots to overwrite earlier ones
  
  // Before: All failed tests saved as "screenshot.png"
  // Result: Only the last failure screenshot was kept
  
  // After: Each screenshot gets a unique name with timestamp
  // Examples:
  // - "login_test_1645123456.failed.png"
  // - "checkout_test_1645123789.failed.png"
  // - "profile_test_1645124012.failed.png"
  
  // Configuration in codecept.conf.js:
  helpers: {
    Mochawesome: {
      uniqueScreenshotNames: true // Enable unique naming
    }
  }

  Ensures every failed test keeps its own screenshot for easier debugging

📖 Documentation

• Fixed Docker build issues and improved container deployment process (#​4980) - by @​thomashohn
• Updated dependency versions to maintain security and compatibility (#​4957, #​4950, #​4943) - by @​thomashohn
• Fixed automatic documentation generation system for custom plugins (#​4973) - by @​Lando1n

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.