Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bumps webdriverio and vulnerable dependencies elliptic, ws, and express #67

Merged
merged 14 commits into from
Oct 10, 2024

Conversation

mhassan1
Copy link
Collaborator

@mhassan1 mhassan1 commented Sep 16, 2024

This PR resolves npm audit findings for elliptic, ws, and express. As part of this, it bumps webdriverio from v8 to v9, which requires some minor configuration changes.

@mhassan1
Copy link
Collaborator Author

I'm seeing increased incidence of ECONNREFUSED in the pipeline, which may be caused by webdriverio/webdriverio#13553. Let's wait for that issue to be resolved and see if the problem goes away.

@romainmenke
Copy link
Member

Apparently still not fixed: webdriverio/webdriverio#13553 (comment)

@mhassan1 mhassan1 mentioned this pull request Oct 5, 2024
@mhassan1
Copy link
Collaborator Author

mhassan1 commented Oct 8, 2024

@romainmenke Do you have any idea what's going on with the BrowserStack test failures? I see a mix of error messages in different steps. Do you think we should give up on the webdriverio upgrade, for now?

@romainmenke
Copy link
Member

This seems problematic and something that should be configurable for our use case: https://github.com/webdriverio/webdriverio/blob/74346f930b035a475733748974dcec8893c08865/packages/webdriverio/src/index.ts#L86-L90

Webdriver should not be applying their own polyfills as that makes it impossible for us to test polyfills.

So I think we should reach out and try to resolve those issues.


I will try to do a run with those things manually disabled and check if tests start to pass.

@mhassan1
Copy link
Collaborator Author

mhassan1 commented Oct 9, 2024

Webdriver should not be applying their own polyfills as that makes it impossible for us to test polyfills.

It looks like we can skip polyfills by not using BiDi: https://github.com/webdriverio/webdriverio/blob/74346f930b035a475733748974dcec8893c08865/packages/webdriverio/src/polyfill.ts#L33

I will try that.

@mhassan1
Copy link
Collaborator Author

mhassan1 commented Oct 9, 2024

I am also opening an issue with webdriverio to see if they will use a safer polyfill.

@mhassan1
Copy link
Collaborator Author

mhassan1 commented Oct 9, 2024

Here's a PR against webdriverio to fix NAME_POLYFILL for old browsers: webdriverio/webdriverio#13751.

@mhassan1 mhassan1 changed the title Bumps vulnerable dependencies elliptic, ws, and express Bumps webdriverio and vulnerable dependencies elliptic, ws, and express Oct 10, 2024
@mhassan1 mhassan1 marked this pull request as ready for review October 10, 2024 12:40
@mhassan1
Copy link
Collaborator Author

mhassan1 commented Oct 10, 2024

@romainmenke This PR is ready for review.

Copy link
Member

@romainmenke romainmenke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Thank you for working on this 🙇

@mhassan1 mhassan1 merged commit 5443ae0 into main Oct 10, 2024
17 checks passed
@mhassan1 mhassan1 deleted the bump-deps branch October 10, 2024 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants