[Snyk] Upgrade: , , , prettier, prettier-plugin-svelte, svelte, vitest #782
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- @clack/prompts from 0.6.3 to 0.7.0.
See this package in npm: https://www.npmjs.com/package/@clack/prompts
- @playwright/test from 1.30.0 to 1.46.1.
See this package in npm: https://www.npmjs.com/package/@playwright/test
- @types/gitignore-parser from 0.0.0 to 0.0.3.
See this package in npm: https://www.npmjs.com/package/@types/gitignore-parser
- prettier from 2.8.8 to 3.3.3.
See this package in npm: https://www.npmjs.com/package/prettier
- prettier-plugin-svelte from 2.10.1 to 3.2.6.
See this package in npm: https://www.npmjs.com/package/prettier-plugin-svelte
- svelte from 3.59.2 to 4.2.19.
See this package in npm: https://www.npmjs.com/package/svelte
- vitest from 0.31.4 to 2.0.5.
See this package in npm: https://www.npmjs.com/package/vitest
See this project in Snyk:
https://app.snyk.io/org/leonardoadame/project/25aa252e-e361-451a-a3de-c216888bf2db?utm_source=github&utm_medium=referral&page=upgrade-pr
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@clack/prompts
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
⚠️ This is a major version upgrade, and may be a breaking change | 21 days ago
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
from 0.6.3 to 0.7.0 | 1 version ahead of your current version | a year ago
on 2023-08-09
@playwright/test
from 1.30.0 to 1.46.1 | 907 versions ahead of your current version | a month ago
on 2024-08-16
@types/gitignore-parser
from 0.0.0 to 0.0.3 | 3 versions ahead of your current version | 10 months ago
on 2023-11-07
prettier
from 2.8.8 to 3.3.3 | 29 versions ahead of your current version
on 2024-07-13
prettier-plugin-svelte
from 2.10.1 to 3.2.6 | 14 versions ahead of your current version
on 2024-07-17
svelte
from 3.59.2 to 4.2.19 | 33 versions ahead of your current version
on 2024-08-23
vitest
from 0.31.4 to 2.0.5 | 58 versions ahead of your current version
on 2024-07-31
Issues fixed by the recommended upgrade:
SNYK-JS-SVELTE-7856103
Release notes
Package name: @clack/prompts
-
0.7.0 - 2023-08-09
- b27a701: add maxItems option to select prompt
- 89371be: added a new method called
- 52183c4: Fix
- ab51d29: Fixes cases where the note title length was miscalculated due to ansi characters
- Updated dependencies [cd79076]
- @ clack/core@0.3.3
-
0.6.3 - 2023-03-06
- c96eda5: Enable hard line-wrapping behavior for long words without spaces
- Updated dependencies [c96eda5]
- @ clack/core@0.3.2
from @clack/prompts GitHub release notesMinor Changes
spinner.message(msg: string)Patch Changes
spinnerconflict with terminal on error betweenspinner.start()andspinner.stop()Patch Changes
Package name: @playwright/test
Highlights
#32004 - [REGRESSION]: Client Certificates don't work with Microsoft IIS
#32004 - [REGRESSION]: Websites stall on TLS handshake errors when using Client Certificates
#32146 - [BUG]: Credential scanners warn about internal socks-proxy TLS certificates
#32056 - [REGRESSION]: 1.46.0 (TypeScript) - custom fixtures extend no longer chainable
#32070 - [Bug]: --only-changed flag and project dependencies
#32188 - [Bug]: --only-changed with shallow clone throws "unknown revision" error
Browser Versions
This version was also tested against the following stable channels:
TLS Client Certificates
Playwright now allows to supply client-side certificates, so that server can verify them, as specified by TLS Client Authentication.
When client certificates are specified, all browser traffic is routed through a proxy that establishes the secure TLS connection, provides client certificates to the server and validates server certificates.
The following snippet sets up a client certificate for
https://example.com:export default defineConfig({
// ...
use: {
clientCertificates: [{
origin: 'https://example.com',
certPath: './cert.pem',
keyPath: './key.pem',
passphrase: 'mysecretpassword',
}],
},
// ...
});
You can also provide client certificates to a particular test project or as a parameter of browser.newContext() and apiRequest.newContext().
--only-changedcli optionNew CLI option
--only-changedallows to only run test files that have been changed since the last git commit or from a specific git "ref".npx playwright test --only-changed
# Only run test files changed relative to the "main" branch
npx playwright test --only-changed=main
Component Testing: New
routerfixtureThis release introduces an experimental
routerfixture to intercept and handle network requests in component testing.There are two ways to use the router fixture:
router.route(url, handler)that behaves similarly to page.route().router.use(handlers)and pass MSW library request handlers to it.Here is an example of reusing your existing MSW handlers in the test.
test.beforeEach(async ({ router }) => {
// install common handlers before each test
await router.use(...handlers);
});
test('example test', async ({ mount }) => {
// test as usual, your handlers are active
// ...
});
This fixture is only available in component tests.
UI Mode / Trace Viewer Updates
baseURL.Miscellaneous
maxRetriesoption in apiRequestContext.fetch() which retries on theECONNRESETnetwork error.Possibly breaking change
Fixture values that are array of objects, when specified in the
test.use()block, may require being wrapped into a fixture tuple. This is best seen on the example:// Define an option fixture that has an "array of objects" value
type User = { name: string, password: string };
const test = base.extend<{ users: User[] }>({
users: [ [], { option: true } ],
});
// Specify option value in the test.use block.
test.use({
// WRONG: this syntax may not work for you
users: [
{ name: 'John Doe', password: 'secret' },
{ name: 'John Smith', password: 's3cr3t' },
],
// CORRECT: this syntax will work. Note extra [] around the value, and the "scope" property.
users: [[
{ name: 'John Doe', password: 'secret' },
{ name: 'John Smith', password: 's3cr3t' },
], { scope: 'test' }],
});
test('example test', async () => {
// ...
});
Browser Versions
This version was also tested against the following stable channels:
Highlights
#31764 - [Bug]: some actions do not appear in the trace file
microsoft/playwright-java#1617 - [Bug]: Traceviewer not reporting all actions
Browser Versions
This version was also tested against the following stable channels:
Highlights
#31613 - [REGRESSION]: Trace is not showing any screenshots nor test name
#31601 - [REGRESSION]: missing trace for 2nd browser
#31541 - [REGRESSION]: Failing tests have a trace with no images and with steps missing
Browser Versions
This version was also tested against the following stable channels:
Highlights
#31473 - [REGRESSION]: Playwright raises an error ENOENT: no such file or directory, open 'test-results/.playwright-artifacts-0/hash.zip' with Electron
#31442 - [REGRESSION]: Locators of elements changing from/to hidden have operations hanging when using
--disable-web-security#31431 - [REGRESSION]: NewTab doesn't work properly with Chrome with
--disable-web-security#31425 - [REGRESSION]: beforeEach hooks are not skipped when describe condition depends on fixtures
#31491 - [REGRESSION]:
@ playwright/experimental-ct-reactdoesn't work with VSCode extension and PNPMBrowser Versions
This version was also tested against the following stable channels:
Clock
Utilizing the new Clock API allows to manipulate and control time within tests to verify time-related behavior. This API covers many common scenarios, including:
await page.clock.install({ time: new Date('2024-02-02T08:00:00') });
await page.goto('http://localhost:3333');
// Pretend that the user closed the laptop lid and opened it again at 10am,
// Pause the time once reached that point.
await page.clock.pauseAt(new Date('2024-02-02T10:00:00'));
// Assert the page state.
await expect(page.getByTestId('current-time')).toHaveText('2/2/2024, 10:00:00 AM');
// Close the laptop lid again and open it at 10:30am.
await page.clock.fastForward('30:00');
await expect(page.getByTestId('current-time')).toHaveText('2/2/2024, 10:30:00 AM');
See the clock guide for more details.
Test runner
New CLI option
--fail-on-flaky-teststhat sets exit code to1upon any flaky tests. Note that by default, the test runner exits with code0when all failed tests recovered upon a retry. With this option, the test run will fail in such case.New enviroment variable
PLAYWRIGHT_FORCE_TTYcontrols whether built-inlist,lineanddotreporters assume a live terminal. For example, this could be useful to disable tty behavior when your CI environment does not handle ANSI control sequences well. Alternatively, you can enable tty behavior even when to live terminal is present, if you plan to post-process the output and handle control sequences.PLAYWRIGHT_FORCE_TTY=0 npx playwright test
# Enable TTY features, assuming a terminal width 80
PLAYWRIGHT_FORCE_TTY=80 npx playwright test
New options testConfig.respectGitIgnore and testProject.respectGitIgnore control whether files matching
.gitignorepatterns are excluded when searching for tests.New property
timeoutis now available for custom expect matchers. This property takes into accountplaywright.config.tsandexpect.configure().export const expect = baseExpect.extend({
async toHaveAmount(locator: Locator, expected: number, options?: { timeout?: number }) {
// When no timeout option is specified, use the config timeout.
const timeout = options?.timeout ?? this.timeout;
// ... implement the assertion ...
},
});
Miscellaneous
Method locator.setInputFiles() now supports uploading a directory for
<input type=file webkitdirectory>elements.Multiple methods like locator.click() or locator.press() now support a
ControlOrMetamodifier key. This key maps toMetaon macOS and maps toControlon Windows and Linux.New property
httpCredentials.sendin apiRequest.newContext() that allows to either always send theAuthorizationheader or only send it in response to401 Unauthorized.New option
reasonin apiRequestContext.dispose() that will be included in the error message of ongoing operations interrupted by the context disposal.New option
hostin browserType.launchServer() allows to accept websocket connections on a specific address instead of unspecified0.0.0.0.Playwright now supports Chromium, Firefox and WebKit on Ubuntu 24.04.
v1.45 is the last release to receive WebKit update for macOS 12 Monterey. Please update macOS to keep using the latest WebKit.
Browser Versions
This version was also tested against the following stable channels:
Highlights
#30779 - [REGRESSION]: When using
video: 'on'with VSCode extension the browser got closed#30755 - [REGRESSION]: Electron launch with spaces inside executablePath didn't work
#30770 - [REGRESSION]: Mask elements outside of viewport when creating fullscreen screenshots didn't work
#30858 - [REGRESSION]: ipv6 got shown instead of localhost in show-trace/show-report
Browser Versions
This version was also tested against the following stable channels:
New APIs
Accessibility assertions
expect(locator).toHaveAccessibleName() checks if the element has the specified accessible name:
expect(locator).toHaveAccessibleDescription() checks if the element has the specified accessible description:
expect(locator).toHaveRole() checks if the element has the specified ARIA role:
Locator handler
noWaitAfteroption.timesoption in page.addLocatorHandler() to specify maximum number of times the handler should be run.Miscellaneous options
multipartoption inapiRequestContext.fetch()now acceptsFormDataand supports repeating fields with the same name.expect(callback).toPass({ intervals })can now be configured byexpect.toPass.inervalsoption globally in testConfig.expect or per project in testProject.expect.expect(page).toHaveURL(url)now supportsignoreCaseoption.testProject.ignoreSnapshots allows to configure per project whether to skip screenshot expectations.
Reporter API
outputFile. The same option can also be specified asPLAYWRIGHT_BLOB_OUTPUT_FILEenvironment variable that might be more convenient on CI/CD.includeProjectInTestNameoption.Command line
--last-failedCLI option for running only tests that failed in the previous run.First run all tests: