Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @playwright/test from 1.19.0-alpha-1643749494000 to 1.44.0 #1218

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ARUMAIS
Copy link
Owner

@ARUMAIS ARUMAIS commented Jun 12, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade @playwright/test from 1.19.0-alpha-1643749494000 to 1.44.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 1486 versions ahead of your current version.

  • The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
506 Proof of Concept
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
506 Proof of Concept
high severity Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864
506 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-JPEGJS-2859218
506 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
506 No Known Exploit
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
506 Proof of Concept
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
506 Proof of Concept
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
506 Proof of Concept
medium severity Server-Side Request Forgery (SSRF)
SNYK-JS-IP-7148531
506 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856
506 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856
506 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
506 No Known Exploit
Release notes
Package name: @playwright/test
  • 1.44.0 - 2024-05-06

    New APIs

    Accessibility assertions

    • expect(locator).toHaveAccessibleName() checks if the element has the specified accessible name:

      const locator = page.getByRole('button');
      await expect(locator).toHaveAccessibleName('Submit');
    • expect(locator).toHaveAccessibleDescription() checks if the element has the specified accessible description:

      const locator = page.getByRole('button');
      await expect(locator).toHaveAccessibleDescription('Upload a photo');
    • expect(locator).toHaveRole() checks if the element has the specified ARIA role:

      const locator = page.getByTestId('save-button');
      await expect(locator).toHaveRole('button');

    Locator handler

    • After executing the handler added with page.addLocatorHandler(), Playwright will now wait until the overlay that triggered the handler is not visible anymore. You can opt-out of this behavior with the new noWaitAfter option.
    • You can use new times option in page.addLocatorHandler() to specify maximum number of times the handler should be run.
    • The handler in page.addLocatorHandler() now accepts the locator as argument.
    • New page.removeLocatorHandler() method for removing previously added locator handlers.
    const locator = page.getByText('This interstitial covers the button');
    await page.addLocatorHandler(locator, async overlay => {
      await overlay.locator('#close').click();
    }, { times: 3, noWaitAfter: true });
    // Run your tests that can be interrupted by the overlay.
    // ...
    await page.removeLocatorHandler(locator);

    Miscellaneous options

    • multipart option in apiRequestContext.fetch() now accepts FormData and supports repeating fields with the same name.

      const formData = new FormData();
      formData.append('file', new File(['let x = 2024;'], 'f1.js', { type: 'text/javascript' }));
      formData.append('file', new File(['hello'], 'f2.txt', { type: 'text/plain' }));
      context.request.post('https://example.com/uploadFiles', {
        multipart: formData
      });
    • expect(callback).toPass({ intervals }) can now be configured by expect.toPass.inervals option globally in testConfig.expect or per project in testProject.expect.

    • expect(page).toHaveURL(url) now supports ignoreCase option.

    • testProject.ignoreSnapshots allows to configure per project whether to skip screenshot expectations.

    Reporter API

    • New method suite.entries() returns child test suites and test cases in their declaration order. suite.type and testCase.type can be used to tell apart test cases and suites in the list.
    • Blob reporter now allows overriding report file path with a single option outputFile. The same option can also be specified as PLAYWRIGHT_BLOB_OUTPUT_FILE environment variable that might be more convenient on CI/CD.
    • JUnit reporter now supports includeProjectInTestName option.

    Command line

    • --last-failed CLI option for running only tests that failed in the previous run.

      First run all tests:

      test

      Running 103 tests using 5 workers
      ...
      2 failed
      [chromium] › my-test.spec.ts:8:5 › two ─────────────────────────────────────────────────────────
      [chromium] › my-test.spec.ts:13:5 › three ──────────────────────────────────────────────────────
      101 passed (30.0s)

      Now fix the failing tests and run Playwright again with --last-failed option:

      test --last-failed

      Running 2 tests using 2 workers
      2 passed (1.2s)

    Browser Versions

    • Chromium 125.0.6422.14
    • Mozilla Firefox 125.0.1
    • WebKit 17.4

    This version was also tested against the following stable channels:

    • Google Chrome 124
    • Microsoft Edge 124
  • 1.44.0-beta-1716306049000 - 2024-05-21
  • 1.44.0-beta-1716285871000 - 2024-05-21
  • 1.44.0-beta-1715802478000 - 2024-05-15
  • 1.44.0-beta-1715791608000 - 2024-05-15
  • 1.44.0-beta-1715706051000 - 2024-05-14
  • 1.44.0-beta-1715189091000 - 2024-05-08
  • 1.44.0-beta-1715020014000 - 2024-05-06
  • 1.44.0-beta-1715018865000 - 2024-05-06
  • 1.44.0-beta-1714753004000 - 2024-05-06
  • 1.44.0-beta-1714435420000 - 2024-04-30
  • 1.44.0-beta-1714434520000 - 2024-04-29
  • 1.44.0-alpha-2024-04-29 - 2024-04-29
  • 1.44.0-alpha-2024-04-28 - 2024-04-28
  • 1.44.0-alpha-2024-04-27 - 2024-04-27
  • 1.44.0-alpha-2024-04-26 - 2024-04-26
  • 1.44.0-alpha-2024-04-25 - 2024-04-25
  • 1.44.0-alpha-2024-04-24 - 2024-04-24
  • 1.44.0-alpha-2024-04-23 - 2024-04-23
  • 1.44.0-alpha-2024-04-22 - 2024-04-22
  • 1.44.0-alpha-2024-04-19 - 2024-04-19
  • 1.44.0-alpha-2024-04-18 - 2024-04-18
  • 1.44.0-alpha-2024-04-17 - 2024-04-17
  • 1.44.0-alpha-2024-04-16 - 2024-04-16
  • 1.44.0-alpha-2024-04-15 - 2024-04-15
  • 1.44.0-alpha-2024-04-14 - 2024-04-14
  • 1.44.0-alpha-2024-04-13 - 2024-04-13
  • 1.44.0-alpha-2024-04-12 - 2024-04-12
  • 1.44.0-alpha-2024-04-11 - 2024-04-11
  • 1.44.0-alpha-2024-04-10 - 2024-04-10
  • 1.44.0-alpha-2024-04-09 - 2024-04-09
  • 1.44.0-alpha-2024-04-08 - 2024-04-08
  • 1.44.0-alpha-2024-04-07 - 2024-04-07
  • 1.44.0-alpha-2024-04-06 - 2024-04-06
  • 1.44.0-alpha-2024-04-05 - 2024-04-05
  • 1.44.0-alpha-2024-04-04 - 2024-04-04
  • 1.44.0-alpha-2024-04-03 - 2024-04-03
  • 1.44.0-alpha-2024-04-02 - 2024-04-02
  • 1.44.0-alpha-2024-04-01 - 2024-04-01
  • 1.44.0-alpha-2024-03-31 - 2024-03-31
  • 1.44.0-alpha-2024-03-30 - 2024-03-30
  • 1.44.0-alpha-2024-03-29 - 2024-03-29
  • 1.44.0-alpha-2024-03-28 - 2024-03-28
  • 1.44.0-alpha-2024-03-27 - 2024-03-27
  • 1.44.0-alpha-1714168971000 - 2024-04-26
  • 1.44.0-alpha-1711994091000 - 2024-04-01
  • 1.43.1 - 2024-04-12

    Highlights

    #30300 - [REGRESSION]: UI mode restarts if keep storage state
    #30339 - [REGRESSION]: Brand new install of playwright, unable to run chromium with show browser using vscode

    Browser Versions

    • Chromium 124.0.6367.29
    • Mozilla Firefox 124.0
    • WebKit 17.4

    This version was also tested against the following stable channels:

    • Google Chrome 123
    • Microsoft Edge 123
  • 1.43.1-beta-1712942342000 - 2024-04-12
  • 1.43.0 - 2024-04-04

    New APIs

    • Method browserContext.clearCookies() now supports filters to remove only some cookies.

      // Clear all cookies.
      await context.clearCookies();
      // New: clear cookies with a particular name.
      await context.clearCookies({ name: 'session-id' });
      // New: clear cookies for a particular domain.
      await context.clearCookies({ domain: 'my-origin.com' });
    • New mode retain-on-first-failure for testOptions.trace. In this mode, trace is recorded for the first run of each test, but not for retires. When test run fails, the trace file is retained, otherwise it is removed.

      import { defineConfig } from '@ playwright/test';

      export default defineConfig({
      use: {
      trace: 'retain-on-first-failure',
      },
      });

    • New property testInfo.tags exposes test tags during test execution.

      test('example', async ({ page }) => {
        console.log(test.info().tags);
      });
    • New method locator.contentFrame() converts a Locator object to a FrameLocator. This can be useful when you have a Locator object obtained somewhere, and later on would like to interact with the content inside the frame.

      const locator = page.locator('iframe[name="embedded"]');
      // ...
      const frameLocator = locator.contentFrame();
      await frameLocator.getByRole('button').click();
    • New method frameLocator.owner() converts a FrameLocator object to a Locator. This can be useful when you have a FrameLocator object obtained somewhere, and later on would like to interact with the iframe element.

      const frameLocator = page.frameLocator('iframe[name="embedded"]');
      // ...
      const locator = frameLocator.owner();
      await expect(locator).toBeVisible();

    UI Mode Updates

    Playwright UI Mode

    • See tags in the test list.
    • Filter by tags by typing @ fast or clicking on the tag itself.
    • New shortcuts:
      • F5 to run tests.
      • Shift F5 to stop running tests.
      • Ctrl ` to toggle test output.

    Browser Versions

    • Chromium 124.0.6367.29
    • Mozilla Firefox 124.0
    • WebKit 17.4

    This version was also tested against the following stable channels:

    • Google Chrome 123
    • Microsoft Edge 123
  • 1.43.0-beta-1712871607000 - 2024-04-11
  • 1.43.0-beta-1712860105000 - 2024-04-11
  • 1.43.0-beta-1712646596000 - 2024-04-09
  • 1.43.0-beta-1712258732000 - 2024-04-04
  • 1.43.0-beta-1712217576000 - 2024-04-04
  • 1.43.0-beta-1712173949000 - 2024-04-03
  • 1.43.0-beta-1712010778000 - 2024-04-01
  • 1.43.0-beta-1711849714000 - 2024-03-31
  • 1.43.0-beta-1711742093000 - 2024-03-29
  • 1.43.0-beta-1711653598000 - 2024-03-28
  • 1.43.0-beta-1711554436000 - 2024-03-27
  • 1.43.0-beta-1711493485000 - 2024-03-26
  • 1.43.0-beta-1711484700000 - 2024-03-26
  • 1.43.0-beta-1709675102000 - 2024-03-05
  • 1.43.0-alpha-2024-03-26 - 2024-03-26
  • 1.43.0-alpha-2024-03-25 - 2024-03-25
  • 1.43.0-alpha-2024-03-24 - 2024-03-24
  • 1.43.0-alpha-2024-03-23 - 2024-03-23
  • 1.43.0-alpha-2024-03-22 - 2024-03-22
  • 1.43.0-alpha-2024-03-21 - 2024-03-21
  • 1.43.0-alpha-2024-03-20 - 2024-03-20
  • 1.43.0-alpha-2024-03-19 - 2024-03-19
  • 1.43.0-alpha-2024-03-18 - 2024-03-18
  • 1.43.0-alpha-2024-03-17 - 2024-03-17
  • 1.43.0-alpha-2024-03-16 - 2024-03-16
  • 1.43.0-alpha-2024-03-15 - 2024-03-15
  • 1.43.0-alpha-2024-03-14 - 2024-03-14
  • 1.43.0-alpha-2024-03-13 - 2024-03-13
  • 1.43.0-alpha-2024-03-12 - 2024-03-12
  • 1.43.0-alpha-2024-03-11 - 2024-03-11
  • 1.43.0-alpha-2024-03-10 - 2024-03-10
  • 1.43.0-alpha-2024-03-09 - 2024-03-09
  • 1.43.0-alpha-2024-03-08 - 2024-03-08
  • 1.43.0-alpha-2024-03-07 - 2024-03-07
  • 1.43.0-alpha-2024-03-06 - 2024-03-06
  • 1.43.0-alpha-2024-03-05 - 2024-03-05
  • 1.43.0-alpha-2024-03-04 - 2024-03-04
  • 1.43.0-alpha-2024-03-03 - 2024-03-03
  • 1.43.0-alpha-2024-03-02 - 2024-03-02
  • 1.43.0-alpha-2024-03-01 - 2024-03-01
  • 1.43.0-alpha-2024-02-29 - 2024-02-29
  • 1.43.0-alpha-2024-02-28 - 2024-02-28
  • 1.43.0-alpha-1711470013000 - 2024-03-26
  • 1.43.0-alpha-1711027602000 - 2024-03-21
  • 1.43.0-alpha-1710520846000 - 2024-03-15
  • 1.43.0-alpha-1709847741000 - 2024-03-07
  • 1.43.0-alpha-1709823751000 - 2024-03-07
  • 1.42.1 - 2024-03-02

    Highlights

    #29732 - [Regression]: HEAD requests to webServer.url since v1.42.0
    #29746 - [Regression]: Playwright CT CLI scripts fail due to broken initializePlugin import
    #29739 - [Bug]: Component tests fails when imported a module with a dot in a name
    #29731 - [Regression]: 1.42.0 breaks some import statements
    #29760 - [Bug]: Possible regression with chained locators in v1.42

    Browser Versions

    • Chromium 123.0.6312.4
    • Mozilla Firefox 123.0
    • WebKit 17.4

    This version was also tested against the following stable channels:

    • Google Chrome 122
    • Microsoft Edge 123
  • 1.42.1-beta-1710270182000 - 2024-03-12
  • 1.42.1-beta-1710200485000 - 2024-03-11
  • 1.42.1-beta-1710181789000 - 2024-03-11
  • 1.42.1-beta-1709718680000 - 2024-03-06
  • 1.42.1-beta-1709332975000 - 2024-03-01
  • 1.42.0 - 2024-02-27

    New APIs

    • Test tags

      New tag syntax for adding tags to the tests (@-tokens in the test title are still supported).

      test('test customer login', { tag: ['@ fast', '@ login'] }, async ({ page }) => {
        // ...
      });

      Use --grep command line option to run only tests with certain tags.

      npx playwright test --grep @ fast
    • Annotating skipped tests

      New annotation syntax for test annotations allows annotating the tests that do not run.

      test('test full report', {
        annotation: [
          { type: 'issue', description: 'https://github.com/microsoft/playwright/issues/23180' },
          { type: 'docs', description: 'https://playwright.dev/docs/test-annotations#tag-tests' },
        ],
      }, async ({ page }) => {
        // ...
      });
    • page.addLocatorHandler()

    Warning

    This feature is experimental, we are actively looking for the feedback based on your scenarios.

    New method page.addLocatorHandler() registers a callback that will be invoked when specified element becomes visible and may block Playwright actions. The callback can get rid of the overlay. Here is an example that closes a cookie dialog when it appears.

    // Setup the handler.
    await page.addLocatorHandler(
        page.getByRole('heading', { name: 'Hej! You are in control of your cookies.' }),
        async () => {
          await page.getByRole('button', { name: 'Accept all' }).click();
        });
    // Write the test as usual.
    await page.goto('https://www.ikea.com/');
    await page.getByRole('link', { name: 'Collection of blue and white' }).click();
    await expect(page.getByRole('heading', { name: 'Light and easy' })).toBeVisible();
    • Project wildcard filter
      Playwright command line flag now supports '*' wildcard when filtering by project.

      npx playwright test --project='*mobile*'
    • Other APIs

      • expect(callback).toPass({ timeout })
        The timeout can now be configured by expect.toPass.timeout option globally or in project config

      • electronApplication.on('console')
        electronApplication.on('console') event is emitted when Electron main process calls console API methods.

        electronApp.on('console', async msg => {
          const values = [];
          for (const arg of msg.args())
            values.push(await arg.jsonValue());
          console.log(...values);
        });
        await electronApp.evaluate(() => console.log('hello', 5, { foo: 'bar' }));
      • page.pdf() accepts two new options tagged and outline.

    Breaking changes

    Mixing the test instances in the same suite is no longer supported. Allowing it was an oversight as it makes reasoning about the semantics unnecessarily hard.

    const test = baseTest.extend({ item: async ({}, use) => {} });
    baseTest.describe('Admin user', () => {
      test('1', async ({ page, item }) => {});
      test('2', async ({ page, item }) => {});
    });

    Announcements

    • ⚠️ Ubuntu 18 is not supported anymore.

    Browser Versions

    • Chromium 123.0.6312.4
    • Mozilla Firefox 123.0
    • WebKit 17.4

    This version was also tested against the following stable channels:

    • Google Chrome 122
    • Microsoft Edge 123
  • 1.42.0-beta-1709320822000 - 2024-03-01
  • 1.42.0-beta-1709314844000 - 2024-03-01
  • 1.42.0-beta-1709314651000 - 2024-03-01
  • 1.42.0-beta-1709262915000 - 2024-03-01
  • 1.42.0-beta-1709254258000 - 2024-03-01
  • 1.42.0-beta-1709239763000 - 2024-02-29
  • 1.42.0-beta-1709226226000 - 2024-02-29
  • 1.42.0-beta-1709198925000 - 2024-02-29
  • 1.42.0-beta-1709158069000 - 2024-02-28
  • 1.42.0-beta-1709060724000 - 2024-02-27
  • 1.42.0-beta-1709049149000 - 2024-02-27
  • 1.42.0-beta-1708998235000 - 2024-02-27
  • 1.42.0-beta-1708998003000 - 2024-02-27
  • 1.42.0-beta-1708994059000 - 2024-02-27
  • 1.42.0-beta-1708467899000 - 2024-02-21
  • 1.42.0-alpha-jan-18-2024 - 2024-01-18
  • 1.42.0-alpha-jan-17-2024 - 2024-01-17
  • 1.42.0-alpha-jan-16-2024 - 2024-01-16
  • 1.42.0-alpha-jan-15-2024 - 2024-01-15
  • 1.42.0-alpha-jan-14-2024 - 2024-01-14
  • 1.42.0-alpha-jan-13-2024 - 2024-01-13
  • 1.42.0-alpha-2024-02-27 - 2024-02-27
  • 1.42.0-alpha-2024-02-26 - 2024-02-26
  • 1.42.0-alpha-2024-02-25 - 2024-02-25
  • 1.42.0-alpha-2024-02-24 - 2024-02-24
  • 1.42.0-alpha-2024-02-23 - 2024-02-23
  • 1.42.0-alpha-2024-02-22 - 2024-02-22
  • 1.42.0-alpha-2024-02-21 - 2024-02-21
  • 1.42.0-alpha-2024-02-20 - 2024-02-20
  • 1.42.0-alpha-2024-02-19 - 2024-02-19
  • 1.42.0-alpha-2024-02-18 - 2024-02-18
  • 1.42.0-alpha-2024-02-17 - 2024-02-17
  • 1.42.0-alpha-2024-02-16 - 2024-02-16
  • 1.42.0-alpha-2024-02-15 - 2024-02-15
  • 1.42.0-alpha-2024-02-14 - 2024-02-14
  • 1.42.0-alpha-2024-02-13 - 2024-02-13
  • 1.42.0-alpha-2024-02-12 - 2024-02-12
  • 1.42.0-alpha-2024-02-11 - 2024-02-11
  • 1.42.0-alpha-2024-02-10 - 2024-02-10
  • 1.42.0-alpha-2024-02-09 - 2024-02-09
  • 1.42.0-alpha-2024-02-08 - 2024-02-08
  • 1.42.0-alpha-2024-02-07 - 2024-02-07
  • 1.42.0-alpha-2024-02-06 - 2024-02-06
  • 1.42.0-alpha-2024-02-05 - 2024-02-05
  • 1.42.0-alpha-2024-02-04 - 2024-02-04
  • 1.42.0-alpha-2024-02-03 - 2024-02-03
  • 1.42.0-alpha-2024-02-02 - 2024-02-02
  • 1.42.0-alpha-2024-02-01 - 2024-02-01
  • 1.42.0-alpha-2024-01-31 - 2024-01-31
  • 1.42.0-alpha-2024-01-30 - 2024-01-30
  • 1.42.0-alpha-1708140911000 - 2024-02-17
  • 1.42.0-alpha-1707967288000 - 2024-02-15
  • 1.42.0-alpha-1707816346000 - 2024-02-13
  • 1.42.0-alpha-1706562895000 - 2024-01-29
  • 1.41.2 - 2024-02-01

    Highlights

    #29123 - [REGRESSION] route.continue: Protocol error (Fetch.continueRequest): Invalid InterceptionId.

    Browser Versions

    • Chromium 121.0.6167.57
    • Mozilla Firefox 121.0
    • WebKit 17.4

    This version was also tested against the following stable channels:

    • Google Chrome 120
    • Microsoft Edge 120
  • 1.41.2-beta-1706815456000 - 2024-02-01
  • 1.41.1 - 2024-01-19

    Highlights

    #29067 - [REGRESSION] Codegen/Recorder: not all clicks are being actioned nor recorded
    #29028 - [REGRESSION] React component tests throw type error when passing null/undefined to component
    #29027 - [REGRESSION] React component tests not passing Date prop values
    #29023 - [REGRESSION] React component tests not rendering children prop
    #29019 - [REGRESSION] trace.playwright.dev does not currently support the loading from URL

    Browser Versions

    • Chromium 121.0.6167.57
    • Mozilla Firefox 121.0
    • WebKit 17.4

    This version was also tested against the following stable channels:

    • Google Chrome 120
    • Microsoft Edge 120
  • 1.41.1-beta-1706807510000 - 2024-02-01
  • 1.41.1-beta-1706549589000 - 2024-01-29
  • 1.41.1-beta-1705705504000 - 2024-01-19
  • 1.41.0 - 2024-01-16

    New APIs

    Browser Versions

    • Chromium 121.0.6167.57
    • Mozilla Firefox 121.0
    • WebKit 17.4

    This version was also tested against the following stable channels:

    • Google Chrome 120
    • Microsoft Edge 120
  • 1.41.0-beta-1705698523000 - 2024-01-19
  • 1.41.0-beta-1705691527000 - 2024-01-19
  • 1.41.0-beta-1705607048000 - 2024-01-18
  • 1.41.0-beta-1705568792000 - 2024-01-18
  • 1.41.0-beta-1705516904000 - 2024-01-17
  • 1.41.0-beta-1705429643000 - 2024-01...

Snyk has created this PR to upgrade @playwright/test from 1.19.0-alpha-1643749494000 to 1.44.0.

See this package in npm:
@playwright/test

See this project in Snyk:
https://app.snyk.io/org/l00163425/project/81e8fe7d-ceaa-41cb-97a0-1afdb66407ba?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants