chore(*): Update dependency @simonsmith/cypress-image-snapshot to v8 [SECURITY] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@simonsmith/cypress-image-snapshot	6.1.1 -> 8.0.2

GitHub Vulnerability Alerts

CVE-2023-38695

Impact

It's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. Example:

  cy.get('h1').matchImageSnapshot('../../../ignore-relative-dirs')

The above will create an ignore-relative-dirs.png three levels up

Patches

Fixed in 8.0.2

Workarounds

Validate all the existing uses of matchImageSnapshot to ensure correct use of the filename argument. Example:

    // snapshot name will be the test title
    cy.matchImageSnapshot();

    // snapshot name will be the name passed in
    cy.matchImageSnapshot('login');

References

https://github.com/simonsmith/cypress-image-snapshot/issues/15

---

Release Notes

simonsmith/cypress-image-snapshot (@​simonsmith/cypress-image-snapshot)

v8.0.2

Compare Source

Bug Fixes

• sanitise snapshot filenames (ef49519), closes #​15

v8.0.1

Compare Source

Bug Fixes

• rename e2eSpecFolder -> e2eSpecDir (106af6c)

v8.0.0

Compare Source

Bug Fixes

• requireSnapshots should work with retries (ebfc8be)

Features

• normalise directory output for snapshots (1939e25)

BREAKING CHANGES

• This uses the Cypress.spec.relative option to
  generate the snapshot directory and changes the folder structure.

It should now match the directory structure found in the cypress/e2e/
directory

Updating to this change may mean committing new snapshot paths and
removing old ones in your project (especially with component testing)

See the section "Snapshot paths" in the README for more information

v7.0.0

Compare Source

Bug Fixes

• ensure files are packaged in root (c0816dc)
• move @​types/jest-image-snapshot (5e65567)
• release from root directory (e0bab6a)

Features

• add recording of snapshot result (488ae4b)
• add semantic release (b1b063b)
• allow default options to be passed into addMatchImageSnapshotCommand (405afcb)

BREAKING CHANGES

• removed fork of original package

This is a rewrite of the original library, now with full support for
TypeScript and improved testing.

Notes:

• The API for matchImageSnapshot remains the same, as well as all the
  import paths
• The behavior of the plugin is exactly the same, as are the default
  options

TypeScript types are exported under @simonsmith/cypress-image-snapshot/types.
These should be used instead of the package on DefinitelyTyped

Removed:

• The reporter is not supported in this version.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

Patch and project coverage have no change.

Comparison is base (6d022bf) 79.71% compared to head (9f6bf32) 79.71%.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3001   +/-   ##
=======================================
  Coverage   79.71%   79.71%           
=======================================
  Files         118      118           
  Lines        2504     2504           
  Branches       68       68           
=======================================
  Hits         1996     1996           
  Misses        503      503           
  Partials        5        5           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.