Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cypress-multi-repoters: upgrade mocha dependency (inflight vulnerability) #1253

Closed
maximegheraille opened this issue Jan 14, 2025 · 4 comments · Fixed by #1254
Closed

cypress-multi-repoters: upgrade mocha dependency (inflight vulnerability) #1253

maximegheraille opened this issue Jan 14, 2025 · 4 comments · Fixed by #1254

Comments

@maximegheraille
Copy link

maximegheraille commented Jan 14, 2025
edited
Loading

Hi,

I recently saw that checkmarx was complaining about a vulnerability of type High for cypress-multi-repoters.

glob@9.0.0 was the first available version that removed inflight from it dependencies. This means the minimum version for mocha would be 11.0.1.

Are there any plans on updating the dependency for cypress-multi-repoters ?

Screenshot 2025-01-14 at 21 19 18
@YOU54F
Copy link
Owner

YOU54F commented Jan 20, 2025
edited
Loading

Hey dude, sorry been busy on other projects.

I’ll happily accept pull requests for dep updates if you fancy giving it a go.

If its outside your comfort zone or you get stuck, feel free to holla

@maximegheraille
Copy link
Author

Hi, I did try locally to upgrade to the latest version required for the vulnerability to be removed, but there seems to be breaking changes starting with mocha v10.

`#multi-reporter
  ✔ #test-1
  1) #test-2

      1) should have 1 test failure

#multi-reporter
  - #test-1
  - #test-2

      2) should have 1 test pending
  1) Uncaught error outside test suite


  20 passing (177ms)
  2 failing

  1) lib/MultiReporters
       #test
         should have 1 test failure:
     Uncaught TypeError: Cannot read properties of undefined (reading 'passes')
      at Object.onceWrapper (node:events:633:28)
      at Runner.emit (node:events:531:35)
      at process.processImmediate (node:internal/timers:478:21)

  2) lib/MultiReporters
       #test
         should have 1 test pending:
     Uncaught TypeError: Cannot read properties of undefined (reading 'passes')
      at Object.onceWrapper (node:events:633:28)
      at Runner.emit (node:events:531:35)
      at process.processImmediate (node:internal/timers:478:21)`

Not really sure what is wrong, this is a bit out my expertise. If you could have a look when you have some time, it would be appreciated.

@YOU54F
Copy link
Owner

YOU54F commented Jan 27, 2025
edited
Loading

Sure,

Applying this diff worked for me

stanleyhlng/mocha-multi-reporters#110

tl;dr it relates to changes introduced in mocha6 and my previously applied semver check didn't work for 10.0.0+ so wasn't instantiating the required stats collector in moch6

@YOU54F YOU54F mentioned this issue Jan 27, 2025
Merged
@YOU54F
Copy link
Owner

YOU54F commented Jan 27, 2025

Hey @maximegheraille

New version now released

https://www.npmjs.com/package/cypress-multi-reporters/v/2.0.5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Cypress multi reporters mocha 10+ YOU54F/cypress-plugins
2 participants
@YOU54F @maximegheraille