Skip to content

[Snyk] Upgrade codeceptjs from 3.4.1 to 3.7.3 #1075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade codeceptjs from 3.4.1 to 3.7.3 #1075

wants to merge 1 commit into from

Conversation

mhilty
Copy link

@mhilty mhilty commented Apr 28, 2025

snyk-top-banner

Snyk has created this PR to upgrade codeceptjs from 3.4.1 to 3.7.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 90 versions ahead of your current version.

  • The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-AXIOS-6144788		 300 No Known Exploit
high severity Server-side Request Forgery (SSRF)
SNYK-JS-AXIOS-7361793		 300 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 300 No Known Exploit
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 300 Proof of Concept
high severity Excessive Platform Resource Consumption within a Loop
SNYK-JS-BRACES-6838727		 300 Proof of Concept
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-CROSSSPAWN-8303230		 300 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607		 300 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-NANOID-8492085		 300 No Known Exploit
Release notes
Package name: codeceptjs
  • 3.7.3 - 2025-03-19

    3.7.3

    ❤️ Thanks all to those who contributed to make this release! ❤️

    🛩️ Features

    http://localhost",
    ...">
    ➜  helloworld npx codeceptjs info
    
Environment information:
    

    codeceptVersion:  "3.7.2"
    
nodeInfo:  18.19.0
    
osInfo:  macOS 14.4
    
cpuInfo:  (8) x64 Apple M1 Pro
    
osBrowsers:  "chrome: 133.0.6943.143, edge: 133.0.3065.92, firefox: not installed, safari: 17.4"
    
playwrightBrowsers:  "chromium: 133.0.6943.16, firefox: 134.0, webkit: 18.2"
    
helpers:  {
    
"Playwright": {
    
"url": "http://localhost",
    
...

    🐛 Bug Fixes

    New Contributors

    Full Changelog: 3.7.2...3.7.3

  • 3.7.2 - 2025-02-12

    3.7.2

    ❤️ Thanks all to those who contributed to make this release! ❤️

    🛩️ Features

    • feat(playwright): Clear cookie by name (#4693) - by @ ngraf

    🐛 Bug Fixes

    • fix(stepByStepReport): no records html is generated when running with run-workers (#4638)
    • fix(webdriver): bidi error in log with webdriver (#4850)
    • fix(types): TS types of methods (Feature|Scenario)Config.config (#4851)
    • fix: redundant popup log (#4830)
    • fix(webdriver): grab browser logs using bidi protocol (#4754)
    • fix(webdriver): screenshots for sessions (#4748)

    📖 Documentation

  • 3.7.2-beta.2 - 2025-02-12
  • 3.7.2-beta.1 - 2025-02-11
  • 3.7.1 - 2025-02-10
  • 3.7.1-beta.1 - 2025-02-10
  • 3.7.0 - 2025-02-10
  • 3.7.0-rc.1 - 2025-02-05
  • 3.7.0-beta.19 - 2025-02-06
  • 3.7.0-beta.18 - 2025-02-06
  • 3.7.0-beta.17 - 2025-02-06
  • 3.7.0-beta.16 - 2025-02-06
  • 3.7.0-beta.15 - 2025-02-05
  • 3.7.0-beta.14 - 2025-01-31
  • 3.7.0-beta.13 - 2025-01-31
  • 3.7.0-beta.12 - 2025-01-30
  • 3.7.0-beta.11 - 2025-01-29
  • 3.7.0-beta.10 - 2025-01-29
  • 3.7.0-beta.9 - 2025-01-29
  • 3.7.0-beta.8 - 2025-01-24
  • 3.7.0-beta.7 - 2025-01-22
  • 3.7.0-beta.6 - 2025-01-17
  • 3.7.0-beta.5 - 2025-01-14
  • 3.7.0-beta.4 - 2025-01-14
  • 3.7.0-beta.3 - 2025-01-10
  • 3.7.0-beta.2 - 2025-01-09
  • 3.7.0-beta.1 - 2025-01-08
  • 3.6.10 - 2024-12-11

    What's Changed

    Full Changelog: 3.6.9...3.6.10

  • 3.6.10-beta.1 - 2024-12-11
  • 3.6.9 - 2024-12-10

    What's Changed

    3.6.8

    ❤️ Thanks all to those who contributed to make this release! ❤️

    🛩️ Features

    #4493) - by @ schaudhary111
I.sendDeleteRequestWithPayload('/api/users/1', { author: 'john' });

🐛 Bug Fixes

  • fix(playwright): Different behavior of see* and waitFor* when used in within (#4557) - by @ kobenguyent
  • fix(cli): dry run returns no tests when using a regex grep (#4608) - by @ kobenguyent
> codeceptjs dry-run --steps --grep "(?=.*Checkout process)"
Add hint to "I.seeEmailAttachment" that under the hood parameter is treated as RegExp. 
When you don't know it, it can cause a lot of pain, wondering why your test fails with I.seeEmailAttachment('Attachment(1).pdf') although it looks just fine, but actually I.seeEmailAttachment('Attachment\\(1\\).pdf is required to make the test green, in case the attachment is called "Attachment(1).pdf" with special character in it.

📖 Documentation

New Contributors

Full Changelog: 3.6.6...3.6.9

  • 3.6.8 - 2024-12-10

    What's Changed

    3.6.8

    ❤️ Thanks all to those who contributed to make this release! ❤️

    🛩️ Features

    #4493) - by @ schaudhary111
    • I.sendDeleteRequestWithPayload('/api/users/1', { author: 'john' });

    🐛 Bug Fixes

    • fix(playwright): Different behavior of see* and waitFor* when used in within (#4557) - by @ kobenguyent
    • fix(cli): dry run returns no tests when using a regex grep (#4608) - by @ kobenguyent
    > codeceptjs dry-run --steps --grep "(?=.*Checkout process)"
    Add hint to "I.seeEmailAttachment" that under the hood parameter is treated as RegExp. 
When you don't know it, it can cause a lot of pain, wondering why your test fails with I.seeEmailAttachment('Attachment(1).pdf') although it looks just fine, but actually I.seeEmailAttachment('Attachment\\(1\\).pdf is required to make the test green, in case the attachment is called "Attachment(1).pdf" with special character in it.

    📖 Documentation

    New Contributors

    Full Changelog: 3.6.6...3.6.8

  • 3.6.8-beta.1 - 2024-10-25
  • 3.6.7 - 2024-09-23
  • 3.6.6 - 2024-09-17

    What's Changed

    3.6.6

    ❤️ Thanks all to those who contributed to make this release! ❤️

    🛩️ Features

    Zero-configuration when paired with other helpers like REST, Playwright:

    // inside codecept.conf.js
{
  helpers: {
    Playwright: {...},
    SoftExpectHelper: {},
  }
}
    // in scenario
I.softExpectEqual('a', 'b')
I.flushSoftAssertions() // Throws an error if any soft assertions have failed. The error message contains all the accumulated failures.
    • feat(cli): print failed hooks (#4476) - by @ kobenguyent

      • run command
        Screenshot 2024-09-02 at 15 25 20

      • run workers command
        Screenshot 2024-09-02 at 15 24 53

    🐛 Bug Fixes

    // fix the validation of httpAgent config. we could now pass ca, instead of key/cert.
{
  helpers: {
    REST: {
      endpoint: 'http://site.com/api',
      prettyPrintJson: true,
      httpAgent: {
         ca: fs.readFileSync(__dirname + '/path/to/ca.pem'),
         rejectUnauthorized: false,
         keepAlive: true
      }
    }
  }
}

    📖 Documentation

    New Contributors

    Full Changelog: 3.6.5...3.6.6

  • 3.6.6-beta.6 - 2024-09-04
  • 3.6.6-beta.5 - 2024-09-03
  • 3.6.6-beta.4 - 2024-09-03
  • 3.6.6-beta.3 - 2024-09-03
  • 3.6.6-beta.2 - 2024-09-03
  • 3.6.6-beta.1 - 2024-09-02
  • 3.6.5 - 2024-07-31

    3.6.5

    ❤️ Thanks all to those who contributed to make this release! ❤️

    🛩️ Features

    it('should wait for input text field to be disabled', () =>
      I.amOnPage('/form/wait_disabled').then(() => I.waitForDisabled('#text', 1)))
    it('should wait for input text field to be enabled by xpath', () =>
      I.amOnPage('/form/wait_disabled').then(() => I.waitForDisabled("//*[@ name = 'test']", 1)))
    it('should wait for a button to be disabled', () =>
      I.amOnPage('/form/wait_disabled').then(() => I.waitForDisabled('#text', 1)))
Waits for element to become disabled (by default waits for 1sec).
Element can be located by CSS or XPath.
@ param {CodeceptJS.LocatorOrString} locator element located by CSS|XPath|strict locato...
    •

    @snyk-bot
    fix: upgrade codeceptjs from 3.4.1 to 3.7.3
    6f2951f 
    Snyk has created this PR to upgrade codeceptjs from 3.4.1 to 3.7.3.

See this package in npm:
codeceptjs

See this project in Snyk:
https://app.snyk.io/org/plan-x/project/57526151-cfa8-48f0-960a-87f99621ed32?utm_source=github&utm_medium=referral&page=upgrade-pr
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

    Reviewers

    No reviews

    Assignees

    No one assigned

    Labels

    None yet

    Projects

    None yet

    Milestone

    No milestone

    Development

    Successfully merging this pull request may close these issues.

    2 participants

    @mhilty @snyk-bot