-
Notifications
You must be signed in to change notification settings - Fork 376
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curl: command not found #649
Comments
If you need curl you can always run |
All new images created for 12.3.0 and 12.4.0 which have a much longer names such as cypress-12.4.0-node-16.18.1-chrome-109.0.5414.74-1-ff-109.0-edge-109.0.1518.52-1 don't include cURL because the Cypress team apparently uses their new "factory" image which cleans up some packages: https://github.com/cypress-io/cypress-docker-images/blob/master/factory/factory.Dockerfile. I'm not sure if those "long" image names are just some tests but this is not practical when using "renovate" to update the reference to the Cypress image. We cannot guess how the name of the image will be once they update the included browsers. Also I'm not sure why they would clean such a small package out of the "included" image (don't think that 8 MB matter when the image is much bigger anyway). In this case I wonder why I should even build my own image with the "factory" docker image if I need to reinstall cURL anyway? Seems to be a missing feature in the docker/linux universe where you could just define dependencies and they are installed automatically if they are missing :-P |
Curl has been re-introduced to the package: #834 Any new docker containers released (or built by the factory) will contain curl by default. Normally we don't include dependencies not directly used by cypress, but the curl dep is tiny and will help users out. @mirobo Also we are now tagging the cypress/included docker images with both the long name including the node and browser versions and the short cypress only version. The reason we include the long name is that without it you don't have any awareness of what browser versions you're testing with, nor would we have the ability to re-release a cypress/included version where the cypress version remains the same, but the browser version has changed. https://hub.docker.com/repository/docker/cypress/included/tags?page=1&ordering=last_updated |
Thank you so much! |
Unfortunately we're going to have to remove curl for the time being to mitigate a CVE: #852 Sorry all. |
For now to add curl in for your workflows you'll have to extend our docker image and install curl yourselves. |
@mjhenkes any update on this? It is causing major problems with Slack notifications etc (orbs in CircleCI that require curl) The fix appears to be to add curl manually, but this is a bit of a frustration and gotcha for people |
@Phonesis we have decided to exclude curl in our docker images due to the CVE: #852 Unfortunately there is not a solution here that makes everyone happy as some users want curl and others say the CVE is a deal breaker. As such we have chosen to go the route of leaving curl out and suggesting folks add curl in as part of their Dockerfile if their specific use case requires it. |
cypress/included:9.5.1
cypress/included:9.5.2
cypress/included:9.5.3
cypress/included:9.5.4
The text was updated successfully, but these errors were encountered: