Skip to content

dependency: pbkdf2 vulnerability inside @cypress/webpack-batteries-included-preprocessor #31941

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 26, 2025
Merged

dependency: pbkdf2 vulnerability inside @cypress/webpack-batteries-included-preprocessor #31941

merged 2 commits into from
Jun 26, 2025
+113 −59

Conversation

AtofStryker
Copy link
Contributor

@AtofStryker AtofStryker commented Jun 26, 2025
edited
Loading

  • Closes N/A

Additional details

Updates pbkdf2 from 3.1.1 to 3.1.3 to resolve https://security.snyk.io/vuln/SNYK-JS-PBKDF2-10495498

Steps to test

How has the user experience changed?

PR Tasks

@AtofStryker AtofStryker mentioned this pull request Jun 26, 2025
Closed
@AtofStryker AtofStryker changed the title chore: fix pbkdf2 vulnerability fix: fix pbkdf2 vulnerability inside @cypress/webpack-batteries-included-preprocessor Jun 26, 2025
@AtofStryker AtofStryker force-pushed the chore/fix_pbkdf2_vul branch from 320eed7 to 75edb7c Compare June 26, 2025 14:47
@AtofStryker AtofStryker changed the title fix: fix pbkdf2 vulnerability inside @cypress/webpack-batteries-included-preprocessor fix: pbkdf2 vulnerability inside @cypress/webpack-batteries-included-preprocessor Jun 26, 2025
@AtofStryker AtofStryker force-pushed the chore/fix_pbkdf2_vul branch from 75edb7c to 267bcc1 Compare June 26, 2025 14:49
@AtofStryker AtofStryker self-assigned this Jun 26, 2025
@jennifer-shehane jennifer-shehane changed the title fix: pbkdf2 vulnerability inside @cypress/webpack-batteries-included-preprocessor dependency: pbkdf2 vulnerability inside @cypress/webpack-batteries-included-preprocessor Jun 26, 2025
@cypress Cypress
Copy link

cypress bot commented Jun 26, 2025
edited
Loading

cypress    Run #63313

Run Properties:  status check failed Failed #63313  •  git commit 4547ee2a28: dedupe lock file
Project cypress
Branch Review chore/fix_pbkdf2_vul
Run status status check failed Failed #63313
Run duration 18m 46s
Commit git commit 4547ee2a28: dedupe lock file
Committer Bill Glesias
View all properties for this run ↗︎
Test results
Tests that failed  Failures 3
Tests that were flaky  Flaky 11
Tests that did not run due to a developer annotating a test with .skip  Pending 1232
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 32180
View all changes introduced in this branch ↗︎
UI Coverage  45.83%
  Untested elements 190  
  Tested elements 165  
Accessibility  92.73%
  Failed rules  3 critical   9 serious   2 moderate   2 minor
  Failed elements 697  

Tests for review

Failed  e2e/origin/cookie_login.cy.ts • 1 failed test • 5x-driver-cdp-firefox

View Output

Test Artifacts
cy.origin - cookie login > general behavior > handles browser-sent cookies being overridden by server-kept cookies 
    </td>
  </tr></table>
Failed  runner/ui-states.cy.ts • 2 failed tests • app-e2e

View Output

Test Artifacts
src/cypress/runner ui states > status codes Test Replay Screenshots
src/cypress/runner ui states > errors > long error Test Replay Screenshots
Flakiness  e2e/service-worker.cy.js • 1 flaky test • 5x-driver-electron

View Output

Test Artifacts
service workers > supports aborted listeners Test Replay
Flakiness  issues/28527.cy.ts • 1 flaky test • 5x-driver-electron

View Output

Test Artifacts
issue 28527 > fails and then retries and verifies about:blank is not displayed Test Replay Screenshots
Flakiness  commands/net_stubbing.cy.ts • 1 flaky test • 5x-driver-firefox

View Output

Test Artifacts
... > stops waiting when an xhr request is canceled 
    </td>
  </tr></table>
Flakiness  issues/28527.cy.ts • 1 flaky test • 5x-driver-firefox

View Output

Test Artifacts
issue 28527 > fails and then retries and verifies about:blank is not displayed Screenshots
Flakiness  commands/net_stubbing.cy.ts • 1 flaky test • 5x-driver-chrome:beta

View Output

Test Artifacts
... > stops waiting when an fetch request is canceled Test Replay

The first 5 flaky specs are shown, see all 11 specs in Cypress Cloud.

@AtofStryker AtofStryker merged commit 69bb7ef into develop Jun 26, 2025
81 of 88 checks passed
@AtofStryker AtofStryker deleted the chore/fix_pbkdf2_vul branch June 26, 2025 23:46
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Jul 1, 2025

Released in 14.5.1.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v14.5.1, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Jul 1, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jennifer-shehane jennifer-shehane jennifer-shehane approved these changes

Assignees

@AtofStryker AtofStryker

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AtofStryker @jennifer-shehane