From 4755bd9012f2c81246ec24ec6c4c8632386bc95a Mon Sep 17 00:00:00 2001 From: Jennifer Shehane Date: Fri, 12 Jul 2024 22:53:00 -0400 Subject: [PATCH] dependency: Replace jsonlint with json-parse-even-better-errors (#29673) * dependency: Replace jsonlint with json-parse-even-better-errors * run on windows * add changelog entry * Update changelog entry * Update changelog entry * yarn lock * changelog update + lock --- .circleci/workflows.yml | 9 ++-- cli/CHANGELOG.md | 2 + packages/server/lib/fixture.js | 4 +- packages/server/package.json | 2 +- packages/server/test/unit/fixture_spec.js | 26 +---------- yarn.lock | 53 ++--------------------- 6 files changed, 15 insertions(+), 81 deletions(-) diff --git a/.circleci/workflows.yml b/.circleci/workflows.yml index 0e8e091eab61..36b3a114b9f6 100644 --- a/.circleci/workflows.yml +++ b/.circleci/workflows.yml @@ -30,7 +30,7 @@ mainBuildFilters: &mainBuildFilters - /^release\/\d+\.\d+\.\d+$/ # use the following branch as well to ensure that v8 snapshot cache updates are fully tested - 'update-v8-snapshot-cache-on-develop' - - 'investigate/darwin-ci-build-order' + - 'remove-json-lint' - 'publish-binary' - 'fix/element_highlighting_origin_test_replay' @@ -43,8 +43,7 @@ macWorkflowFilters: &darwin-workflow-filters - equal: [ develop, << pipeline.git.branch >> ] # use the following branch as well to ensure that v8 snapshot cache updates are fully tested - equal: [ 'update-v8-snapshot-cache-on-develop', << pipeline.git.branch >> ] - - equal: [ 'fix/element_highlighting_origin_test_replay', << pipeline.git.branch >> ] - - equal: [ 'investigate/darwin-ci-build-order', << pipeline.git.branch >> ] + - equal: [ 'remove-json-lint', << pipeline.git.branch >> ] - matches: pattern: /^release\/\d+\.\d+\.\d+$/ value: << pipeline.git.branch >> @@ -55,7 +54,7 @@ linuxArm64WorkflowFilters: &linux-arm64-workflow-filters - equal: [ develop, << pipeline.git.branch >> ] # use the following branch as well to ensure that v8 snapshot cache updates are fully tested - equal: [ 'update-v8-snapshot-cache-on-develop', << pipeline.git.branch >> ] - - equal: [ 'fix/element_highlighting_origin_test_replay', << pipeline.git.branch >> ] + - equal: [ 'remove-json-lint', << pipeline.git.branch >> ] - matches: pattern: /^release\/\d+\.\d+\.\d+$/ value: << pipeline.git.branch >> @@ -154,7 +153,7 @@ commands: name: Set environment variable to determine whether or not to persist artifacts command: | echo "Setting SHOULD_PERSIST_ARTIFACTS variable" - echo 'if ! [[ "$CIRCLE_BRANCH" != "develop" && "$CIRCLE_BRANCH" != "release/"* && "$CIRCLE_BRANCH" != "fix/element_highlighting_origin_test_replay" ]]; then + echo 'if ! [[ "$CIRCLE_BRANCH" != "develop" && "$CIRCLE_BRANCH" != "release/"* && "$CIRCLE_BRANCH" != "remove-json-lint" ]]; then export SHOULD_PERSIST_ARTIFACTS=true fi' >> "$BASH_ENV" # You must run `setup_should_persist_artifacts` command and be using bash before running this command diff --git a/cli/CHANGELOG.md b/cli/CHANGELOG.md index e1e8684347d3..d5ba6a321b56 100644 --- a/cli/CHANGELOG.md +++ b/cli/CHANGELOG.md @@ -12,6 +12,7 @@ _Released 7/16/2024 (PENDING)_ **Dependency Updates:** - Updated `jquery` from `3.1.1` to `3.4.1`. Addresses [#29822](https://github.com/cypress-io/cypress/issues/29822). Addressed in [#29837](https://github.com/cypress-io/cypress/pull/29837). +- Replaced `json-lint` with `json-parse-even-better-errors`. This removes the CVE-2021-23358 vulnerability being reported in security scans. Addresses [#28207](https://github.com/cypress-io/cypress/issues/28207). - Updated `minimatch` from `3.0.4` to `3.1.2`. Addressed in [#29821](https://github.com/cypress-io/cypress/pull/29821). ## 13.13.0 @@ -33,6 +34,7 @@ _Released 7/01/2024_ **Dependency Updates:** +- Replaced `json-lint` with `json-parse-even-better-errors`. This removes the CVE-2021-23358 vulnerability being reported in security scans. Addresses [#28207](https://github.com/cypress-io/cypress/issues/28207). - Updated `launch-editor` from `2.3.0` to `2.8.0`. Addressed in [#29770](https://github.com/cypress-io/cypress/pull/29770). - Updated `memfs` from `3.4.12` to `3.5.3`. Addressed in [#29746](https://github.com/cypress-io/cypress/pull/29746). - Updated `tmp` from `0.2.1` to `0.2.3`. Addresses [#29693](https://github.com/cypress-io/cypress/issues/29693). diff --git a/packages/server/lib/fixture.js b/packages/server/lib/fixture.js index 121fe269c8db..19668b37b436 100644 --- a/packages/server/lib/fixture.js +++ b/packages/server/lib/fixture.js @@ -3,7 +3,7 @@ const check = require('syntax-error') const debug = require('debug')('cypress:server:fixture') const coffee = require('coffeescript') const Promise = require('bluebird') -const jsonlint = require('jsonlint') +const jsonParseBetterErrors = require('json-parse-even-better-errors') const stripAnsi = require('strip-ansi') const errors = require('./errors') @@ -29,7 +29,7 @@ const extensions = [ const queue = {} const friendlyJsonParse = function (s) { - jsonlint.parse(s) // might throw good error + jsonParseBetterErrors(s) // should throw an error with better formatting return JSON.parse(s) // actually parses correctly all the edge cases } diff --git a/packages/server/package.json b/packages/server/package.json index b7857d197333..1104f6aa6b1c 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -83,7 +83,7 @@ "is-html": "2.0.0", "jimp": "0.22.12", "jose": "^4.15.5", - "jsonlint": "1.6.3", + "json-parse-even-better-errors": "^3.0.2", "launch-editor": "2.8.0", "lazy-ass": "1.6.0", "lockfile": "1.0.4", diff --git a/packages/server/test/unit/fixture_spec.js b/packages/server/test/unit/fixture_spec.js index e1867ac9e62e..ddcd9dee73b9 100644 --- a/packages/server/test/unit/fixture_spec.js +++ b/packages/server/test/unit/fixture_spec.js @@ -6,12 +6,6 @@ const fixture = require(`../../lib/fixture`) const { fs } = require(`../../lib/util/fs`) const FixturesHelper = require('@tooling/system-tests') const { getCtx } = require(`../../lib/makeDataContext`) -const os = require('os') -const eol = require('eol') - -const isWindows = () => { - return os.platform() === 'win32' -} let ctx @@ -75,29 +69,13 @@ describe('lib/fixture', () => { context('json files', () => { it('throws when json is invalid', function () { const e = - `\ -'bad_json.json' is not valid JSON. -Parse error on line 2: -{ "bad": "json" "should": "not parse -------------------^ -Expecting 'EOF', '}', ':', ',', ']', got 'STRING'\ -` + `\'bad_json.json\' is not valid JSON.\nUnexpected string in JSON at position 20 while parsing near "{\\n \\"bad\\": \\"json\\"\\n \\"should\\": \\"not parse..."` return fixture.get(this.fixturesFolder, 'bad_json.json') .then(() => { throw new Error('should have failed but did not') }).catch((err) => { - if (isWindows()) { - // there is weird trailing whitespace in the lines - // of the error message on Windows - expect(err.message).to.include('\'bad_json.json\' is not valid JSON.') - expect(err.message).to.include('Parse error on line 2:') - - expect(err.message).to.include('Expecting \'EOF\', \'}\', \':\', \',\', \']\', got \'STRING\'') - } else { - // on other platforms can match the error directly - expect(eol.auto(err.message)).to.eq(eol.auto(e)) - } + expect(err.message).to.eq(e) }) }) diff --git a/yarn.lock b/yarn.lock index 26ca3b02d910..403e4865de28 100644 --- a/yarn.lock +++ b/yarn.lock @@ -9374,11 +9374,6 @@ JSONStream@^1.0.4: jsonparse "^1.2.0" through ">=2.2.7 <3" -JSV@^4.0.x: - version "4.0.2" - resolved "https://registry.yarnpkg.com/JSV/-/JSV-4.0.2.tgz#d077f6825571f82132f9dffaed587b4029feff57" - integrity sha1-0Hf2glVx+CEy+d/67Vh7QCn+/1c= - abbrev@1, abbrev@^1.0.0, abbrev@~1.1.1: version "1.1.1" resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8" @@ -9745,11 +9740,6 @@ ansi-styles@^6.1.0: resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-6.2.1.tgz#0e62320cf99c21afff3b3012192546aacbfb05c5" integrity sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug== -ansi-styles@~1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-1.0.0.tgz#cb102df1c56f5123eab8b67cd7b98027a0279178" - integrity sha1-yxAt8cVvUSPquLZ817mAJ6AnkXg= - ansi-to-html@0.6.14: version "0.6.14" resolved "https://registry.yarnpkg.com/ansi-to-html/-/ansi-to-html-0.6.14.tgz#65fe6d08bba5dd9db33f44a20aec331e0010dad8" @@ -11750,15 +11740,6 @@ chalk@^4.0.0, chalk@^4.0.2, chalk@^4.1.0, chalk@^4.1.1, chalk@^4.1.2: ansi-styles "^4.1.0" supports-color "^7.1.0" -chalk@~0.4.0: - version "0.4.0" - resolved "https://registry.yarnpkg.com/chalk/-/chalk-0.4.0.tgz#5199a3ddcd0c1efe23bc08c1b027b06176e0c64f" - integrity sha1-UZmj3c0MHv4jvAjBsCewYXbgxk8= - dependencies: - ansi-styles "~1.0.0" - has-color "~0.1.0" - strip-ansi "~0.1.0" - change-case-all@1.0.14: version "1.0.14" resolved "https://registry.yarnpkg.com/change-case-all/-/change-case-all-1.0.14.tgz#bac04da08ad143278d0ac3dda7eccd39280bfba1" @@ -17909,11 +17890,6 @@ has-binary2@~1.0.2: dependencies: isarray "2.0.1" -has-color@~0.1.0: - version "0.1.7" - resolved "https://registry.yarnpkg.com/has-color/-/has-color-0.1.7.tgz#67144a5260c34fc3cca677d041daf52fe7b78b2f" - integrity sha1-ZxRKUmDDT8PMpnfQQdr1L+e3iy8= - has-cors@1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/has-cors/-/has-cors-1.1.0.tgz#5e474793f7ea9843d1bb99c23eef49ff126fff39" @@ -19936,10 +19912,10 @@ json-parse-even-better-errors@^2.3.0, json-parse-even-better-errors@^2.3.1: resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz#7c47805a94319928e05777405dc12e1f7a4ee02d" integrity sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w== -json-parse-even-better-errors@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-3.0.0.tgz#2cb2ee33069a78870a0c7e3da560026b89669cf7" - integrity sha512-iZbGHafX/59r39gPwVPRBGw0QQKnA7tte5pSMrhWOW7swGsVvVTjmfyAV9pNqk8YGT7tRCdxRu8uzcgZwoDooA== +json-parse-even-better-errors@^3.0.0, json-parse-even-better-errors@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/json-parse-even-better-errors/-/json-parse-even-better-errors-3.0.2.tgz#b43d35e89c0f3be6b5fbbe9dc6c82467b30c28da" + integrity sha512-fi0NG4bPjCHunUJffmLd0gxssIgkNmArMvis4iNah6Owg1MCJjWhEcDLmsK6iGkJq3tHwbDkTlce70/tmXN4cQ== json-schema-traverse@^0.4.1: version "0.4.1" @@ -20066,14 +20042,6 @@ jsonify@~0.0.0: resolved "https://registry.yarnpkg.com/jsonify/-/jsonify-0.0.0.tgz#2c74b6ee41d93ca51b7b5aaee8f503631d252a73" integrity sha1-LHS27kHZPKUbe1qu6PUDYx0lKnM= -jsonlint@1.6.3: - version "1.6.3" - resolved "https://registry.yarnpkg.com/jsonlint/-/jsonlint-1.6.3.tgz#cb5e31efc0b78291d0d862fbef05900adf212988" - integrity sha512-jMVTMzP+7gU/IyC6hvKyWpUU8tmTkK5b3BPNuMI9U8Sit+YAWLlZwB6Y6YrdCxfg2kNz05p3XY3Bmm4m26Nv3A== - dependencies: - JSV "^4.0.x" - nomnom "^1.5.x" - jsonparse@^1.2.0, jsonparse@^1.3.1: version "1.3.1" resolved "https://registry.yarnpkg.com/jsonparse/-/jsonparse-1.3.1.tgz#3f4dae4a91fac315f71062f8521cc239f1366280" @@ -23103,14 +23071,6 @@ node-uuid@^1.4.1: resolved "https://registry.yarnpkg.com/node-uuid/-/node-uuid-1.4.8.tgz#b040eb0923968afabf8d32fb1f17f1167fdab907" integrity sha1-sEDrCSOWivq/jTL7HxfxFn/auQc= -nomnom@^1.5.x: - version "1.8.1" - resolved "https://registry.yarnpkg.com/nomnom/-/nomnom-1.8.1.tgz#2151f722472ba79e50a76fc125bb8c8f2e4dc2a7" - integrity sha1-IVH3Ikcrp55Qp2/BJbuMjy5Nwqc= - dependencies: - chalk "~0.4.0" - underscore "~1.6.0" - noop-logger@^0.1.1: version "0.1.1" resolved "https://registry.yarnpkg.com/noop-logger/-/noop-logger-0.1.1.tgz#94a2b1633c4f1317553007d8966fd0e841b6a4c2" @@ -30481,11 +30441,6 @@ underscore.string@3.3.6, underscore.string@^3.3.6: sprintf-js "^1.1.1" util-deprecate "^1.0.2" -underscore@~1.6.0: - version "1.6.0" - resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.6.0.tgz#8b38b10cacdef63337b8b24e4ff86d45aea529a8" - integrity sha1-izixDKze9jM3uLJOT/htRa6lKag= - undertaker-registry@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/undertaker-registry/-/undertaker-registry-1.0.1.tgz#5e4bda308e4a8a2ae584f9b9a4359a499825cc50"