Skip to content

v4 and migration to Cypress 13 #316

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Open
5 of 22 tasks
FRSgit opened this issue Sep 14, 2024 · 1 comment
Open
5 of 22 tasks

v4 and migration to Cypress 13 #316

FRSgit opened this issue Sep 14, 2024 · 1 comment
Assignees

Comments

@FRSgit
Copy link
Member

FRSgit commented Sep 14, 2024

Hello again everyone! 👋

Sorry for being away for a while - I had simply not time to keep the library in a shape that I'd like it to be. My apologies!

As a part of repo cleaning up process, I'd started migration to Cypress 13. But because it's a release that drops support for Node@12 (so introducing a breaking change) - we need to raise the major number of this library as well.

To do a proper "major" release I've figure it'll be a good time to take care of some long-staging issues & PRs before releasing v4. I'll try to handle them in upcoming days, so bear with me for little more time! All changes will land firstly to the branch feat/release-4.0.0 - you can keep track of code changes there.

List of PRs/issues/discussions that need to be handled before v4 release:

List of postponed issues

@geroyche
Copy link

could you please do a patch release for v3 in the meantime?
3.3.10 has sharp version pinned which has a known CVE.
in your repo the bots already took care of the update.

npm audits solution would be to downgrade your plugin...

git:(main) ✗ npm audit
# npm audit report

sharp  <0.32.6
Severity: high
sharp vulnerability in libwebp dependency CVE-2023-4863 - https://github.com/advisories/GHSA-54xq-cgqr-rpm3
fix available via `npm audit fix --force`
Will install @frsource/cypress-plugin-visual-regression-diff@1.4.0, which is a breaking change
node_modules/sharp
  @frsource/cypress-plugin-visual-regression-diff  >=1.5.0
  Depends on vulnerable versions of sharp
  node_modules/@frsource/cypress-plugin-visual-regression-diff

2 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants