diff --git a/cli/CHANGELOG.md b/cli/CHANGELOG.md index 5699a876774a..c53d651390e4 100644 --- a/cli/CHANGELOG.md +++ b/cli/CHANGELOG.md @@ -58,6 +58,7 @@ _Released 06/20/2023_ **Dependency Updates:** +- Upgraded [`@cypress/request`](https://www.npmjs.com/package/@cypress/request) from `2.88.10` to `2.88.11` to address [CVE-2022-24999](https://www.cve.org/CVERecord?id=CVE-2022-24999) security vulnerability. Addressed in [#27005](https://github.com/cypress-io/cypress/pull/27005). - Removed [`@cypress/mocha-teamcity-reporter`](https://www.npmjs.com/package/@cypress/mocha-teamcity-reporter) as this package was no longer being referenced. Addressed in [#26938](https://github.com/cypress-io/cypress/pull/26938). ## 12.14.0 diff --git a/cli/package.json b/cli/package.json index 0308e78ddbcf..df22f47d7c01 100644 --- a/cli/package.json +++ b/cli/package.json @@ -20,7 +20,7 @@ "unit": "cross-env BLUEBIRD_DEBUG=1 NODE_ENV=test mocha --reporter mocha-multi-reporters --reporter-options configFile=../mocha-reporter-config.json" }, "dependencies": { - "@cypress/request": "^2.88.10", + "@cypress/request": "^2.88.11", "@cypress/xvfb": "^1.2.4", "@types/node": "^14.14.31", "@types/sinonjs__fake-timers": "8.1.1", diff --git a/package.json b/package.json index 900c11021283..ac96cb180320 100644 --- a/package.json +++ b/package.json @@ -70,7 +70,7 @@ "devDependencies": { "@aws-sdk/credential-providers": "3.53.0", "@cypress/questions-remain": "1.0.1", - "@cypress/request": "2.88.10", + "@cypress/request": "^2.88.11", "@cypress/request-promise": "4.2.6", "@electron/fuses": "1.6.1", "@fellow/eslint-plugin-coffee": "0.4.13", diff --git a/packages/https-proxy/package.json b/packages/https-proxy/package.json index 94ba24039ab5..cfced69e0409 100644 --- a/packages/https-proxy/package.json +++ b/packages/https-proxy/package.json @@ -24,7 +24,7 @@ }, "devDependencies": { "@cypress/debugging-proxy": "2.0.1", - "@cypress/request": "2.88.10", + "@cypress/request": "^2.88.11", "@cypress/request-promise": "4.2.6", "@packages/network": "0.0.0-development", "@packages/ts": "0.0.0-development", diff --git a/packages/network/package.json b/packages/network/package.json index c31934ec5802..27f22173a2b4 100644 --- a/packages/network/package.json +++ b/packages/network/package.json @@ -26,7 +26,7 @@ }, "devDependencies": { "@cypress/debugging-proxy": "2.0.1", - "@cypress/request": "2.88.10", + "@cypress/request": "^2.88.11", "@cypress/request-promise": "4.2.6", "@packages/https-proxy": "0.0.0-development", "@packages/socket": "0.0.0-development", diff --git a/packages/proxy/package.json b/packages/proxy/package.json index 6616bef4ddff..dc5615dba58c 100644 --- a/packages/proxy/package.json +++ b/packages/proxy/package.json @@ -27,7 +27,7 @@ "utf8-stream": "0.0.0" }, "devDependencies": { - "@cypress/request": "2.88.10", + "@cypress/request": "^2.88.11", "@cypress/request-promise": "4.2.6", "@cypress/sinon-chai": "2.9.1", "@packages/resolve-dist": "0.0.0-development", diff --git a/packages/server/package.json b/packages/server/package.json index 5d86d1249f64..e22f91a3823d 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -25,7 +25,7 @@ "@benmalka/foxdriver": "0.4.1", "@cypress/commit-info": "2.2.0", "@cypress/get-windows-proxy": "1.6.2", - "@cypress/request": "2.88.10", + "@cypress/request": "^2.88.11", "@cypress/request-promise": "4.2.6", "@cypress/vite-dev-server": "0.0.0-development", "@cypress/webpack-batteries-included-preprocessor": "0.0.0-development", diff --git a/system-tests/package.json b/system-tests/package.json index 4ead46329acf..8f636e8bb98f 100644 --- a/system-tests/package.json +++ b/system-tests/package.json @@ -21,7 +21,7 @@ "@cypress/commit-info": "2.2.0", "@cypress/debugging-proxy": "2.0.1", "@cypress/json-schemas": "5.39.0", - "@cypress/request": "2.88.10", + "@cypress/request": "^2.88.11", "@cypress/request-promise": "4.2.6", "@cypress/sinon-chai": "2.9.1", "@cypress/webpack-preprocessor": "0.0.0-development", diff --git a/yarn.lock b/yarn.lock index b0115b8a0f33..8a119951f003 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2360,10 +2360,10 @@ stealthy-require "^1.1.1" tough-cookie "^2.3.3" -"@cypress/request@2.88.10", "@cypress/request@^2.88.10": - version "2.88.10" - resolved "https://registry.yarnpkg.com/@cypress/request/-/request-2.88.10.tgz#b66d76b07f860d3a4b8d7a0604d020c662752cce" - integrity sha512-Zp7F+R93N0yZyG34GutyTNr+okam7s/Fzc1+i3kcqOP8vk6OuajuE9qZJ6Rs+10/1JFtXFYMdyarnU1rZuJesg== +"@cypress/request@^2.88.11": + version "2.88.11" + resolved "https://registry.yarnpkg.com/@cypress/request/-/request-2.88.11.tgz#5a4c7399bc2d7e7ed56e92ce5acb620c8b187047" + integrity sha512-M83/wfQ1EkspjkE2lNWNV5ui2Cv7UCv1swW1DqljahbzLVWltcsexQh8jYtuS/vzFXP+HySntGM83ZXA9fn17w== dependencies: aws-sign2 "~0.7.0" aws4 "^1.8.0" @@ -2378,7 +2378,7 @@ json-stringify-safe "~5.0.1" mime-types "~2.1.19" performance-now "^2.1.0" - qs "~6.5.2" + qs "~6.10.3" safe-buffer "^5.1.2" tough-cookie "~2.5.0" tunnel-agent "^0.6.0" @@ -24450,10 +24450,10 @@ qs@6.9.7: resolved "https://registry.yarnpkg.com/qs/-/qs-6.9.7.tgz#4610846871485e1e048f44ae3b94033f0e675afe" integrity sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw== -qs@^6.4.0, qs@^6.5.1, qs@^6.9.4: - version "6.10.1" - resolved "https://registry.yarnpkg.com/qs/-/qs-6.10.1.tgz#4931482fa8d647a5aab799c5271d2133b981fb6a" - integrity sha512-M528Hph6wsSVOBiYUnGf+K/7w0hNshs/duGsNXPUCLH5XAqjEtiPGwNONLV0tBH8NoGb0mvD5JubnUTrujKDTg== +qs@^6.4.0, qs@^6.5.1, qs@^6.9.4, qs@~6.10.3: + version "6.10.5" + resolved "https://registry.yarnpkg.com/qs/-/qs-6.10.5.tgz#974715920a80ff6a262264acd2c7e6c2a53282b4" + integrity sha512-O5RlPh0VFtR78y79rgcgKK4wbAI0C5zGVLztOIdpWX6ep368q5Hv6XRxDvXuZ9q3C6v+e3n8UfZZJw7IIG27eQ== dependencies: side-channel "^1.0.4"