chore(deps): bump tmp, cypress and selenium-webdriver#46
chore(deps): bump tmp, cypress and selenium-webdriver#46dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [tmp](https://github.com/raszi/node-tmp) to 0.2.7 and updates ancestor dependencies [tmp](https://github.com/raszi/node-tmp), [cypress](https://github.com/cypress-io/cypress) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium). These dependencies need to be updated together. Updates `tmp` from 0.0.24 to 0.2.7 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.0.24...v0.2.7) Updates `cypress` from 3.8.3 to 15.16.0 - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](cypress-io/cypress@v3.8.3...v15.16.0) Updates `selenium-webdriver` from 2.53.3 to 4.44.0 - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Commits](https://github.com/SeleniumHQ/selenium/commits/selenium-4.44.0) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.7 dependency-type: indirect - dependency-name: cypress dependency-version: 15.16.0 dependency-type: direct:development - dependency-name: selenium-webdriver dependency-version: 4.44.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
📝 WalkthroughWalkthroughThis PR updates two test automation devDependencies: cypress from version 3.3.1 to 15.16.0, and selenium-webdriver from version 2.53.2 to 4.44.0. Both upgrades span multiple major versions. ChangesTest Dependencies
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@package.json`:
- Line 66: The test hook in test/security/profile-test.js still uses
selenium-webdriver/testing and a non-async test.before that calls webDriver.get,
webDriver.sleep, webDriver.findElement(...).sendKeys(...), click, and
webDriver.quit without awaiting results; update the hook to be async (change
test.before(function() { ... }) to test.before(async function() { ... })) and
add await before each webdriver asynchronous call (await webDriver.get(...),
await webDriver.sleep(...), await webDriver.findElement(...).sendKeys(...),
await element.click(), await webDriver.quit()) or return the promise chain so
each operation completes in order and avoid using selenium-webdriver/testing
helpers incompatible with v4.44.0.
- Line 51: package.json was upgraded to Cypress ^15.16.0 but the repo still uses
the old cypress.json and pluginsFile; create a new cypress.config.js and migrate
settings: move supportFile and fixturesFolder (and any other supported keys)
under the e2e config block, replace integrationFolder with specPattern to locate
specs, and implement setupNodeEvents in cypress.config.js that imports/executes
the existing test/e2e/plugins/index.js logic (including setting config.baseUrl)
instead of using pluginsFile; ensure the exported defineConfig (or default
export) mirrors prior behavior so test:e2e and test:ci continue to find specs
and initialize node events.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 023a9e22-93eb-4e56-9ded-911a82fab326
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json
| "async": "^2.0.0-rc.4", | ||
| "cross-env": "^7.0.2", | ||
| "cypress": "^3.3.1", | ||
| "cypress": "^15.16.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify whether Cypress config was migrated for v10+ (required for v15).
set -euo pipefail
echo "== Cypress dependency version =="
rg -n '"cypress"\s*:' package.json
echo
echo "== Legacy Cypress config files/keys =="
fd -HI '^cypress\.json$|^cypress\.config\.(js|cjs|mjs|ts)$'
rg -n '"(integrationFolder|pluginsFile|supportFile|fixturesFolder|videosFolder|screenshotsFolder)"' cypress.json test/e2e || true
echo
echo "== Node event/plugin migration signals =="
rg -n 'setupNodeEvents|defineConfig|module\.exports\s*=|Cypress\.on|cy\.task' test cypress.config.* cypress.json || trueRepository: cliff-security/NodeGoat
Length of output: 731
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== package.json scripts (cypress) =="
rg -n '"scripts"\s*:\s*\{' -n package.json || true
python3 - <<'PY'
import json
with open('package.json','r') as f:
pkg=json.load(f)
for k,v in pkg.get('scripts',{}).items():
if 'cypress' in v:
print(f"{k}: {v}")
PY
echo
echo "== cypress.json =="
if [ -f cypress.json ]; then
nl -ba cypress.json | sed -n '1,120p'
else
echo "cypress.json not found"
fi
echo
echo "== test/e2e/plugins/index.js (plugin export shape) =="
if [ -f test/e2e/plugins/index.js ]; then
nl -ba test/e2e/plugins/index.js | sed -n '1,160p'
else
echo "test/e2e/plugins/index.js not found"
fiRepository: cliff-security/NodeGoat
Length of output: 322
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Confirm presence of cypress.config.* =="
fd -HI 'cypress\.config\.(js|cjs|mjs|ts)$' . || true
echo
echo "== package.json scripts (cypress) =="
python3 - <<'PY'
import json
with open('package.json','r',encoding='utf-8') as f:
pkg=json.load(f)
for k,v in pkg.get('scripts',{}).items():
if isinstance(v,str) and 'cypress' in v:
print(f"{k}: {v}")
PY
echo
echo "== cypress.json (first ~120 lines) =="
if [ -f cypress.json ]; then
cat -n cypress.json | sed -n '1,120p'
else
echo "cypress.json not found"
fi
echo
echo "== test/e2e/plugins/index.js (first ~240 lines) =="
if [ -f test/e2e/plugins/index.js ]; then
cat -n test/e2e/plugins/index.js | sed -n '1,240p'
else
echo "test/e2e/plugins/index.js not found"
fiRepository: cliff-security/NodeGoat
Length of output: 1708
🌐 Web query:
Cypress v15 cypress.json support fixturesFolder integrationFolder pluginsFile supportFile compatibility setupNodeEvents
💡 Result:
Cypress v15 config-file/option compatibility (as of 2026-05-28) 1) cypress.json support - Cypress does not support cypress.json; support was removed since Cypress v10. [1] - You must use cypress.config.js or cypress.config.ts. [1][2] 2) fixturesFolder (still supported) - The configuration option fixturesFolder exists in Cypress configuration, with default cypress/fixtures; you can set it to a custom directory or pass false to disable. [2] - Cypress also supports using the same folder for fixtures and integration/spec files (when you configure it that way). [3] 3) integrationFolder (removed / not supported) - integrationFolder is no longer used and has been removed completely; attempting to set integrationFolder results in an error when Cypress loads. [4] - Cypress moved to specPattern for locating specs. [4] 4) pluginsFile (removed / replaced) - The plugins file concept was replaced by setupNodeEvents in the configuration. [2] - setupNodeEvents is described as taking the place of the removed pluginFile option. [2] 5) supportFile (still supported) - supportFile config lets you include code before your spec files load; it can be pointed to another file or disabled (set to false). [5] - The Configuration reference lists supportFile with the default cypress/support/e2e.{js,jsx,ts,tsx} for E2E (and it varies by testing type). [2] 6) setupNodeEvents (still supported; in v15 use this instead of pluginsFile) - setupNodeEvents is a function that receives (on, config) and can register node event handlers; it can also return a Promise/object to modify resolved config. [6] - Cypress documentation notes setupNodeEvents takes the place of the removed plugins file option. [2] Practical “compatibility matrix” for the exact items you listed - fixturesFolder: supported (custom path; can be false). [2] - integrationFolder: not supported; removed (error if set). [4] - pluginsFile: not supported; replaced by setupNodeEvents. [2] - supportFile: supported (custom path or false). [5][2] - setupNodeEvents: supported (use this). [2][6] Example Cypress v15-style config (single file) - Use cypress.config.js / cypress.config.ts, and put these keys under e2e or component. top-level shape: - e2e: { fixturesFolder, supportFile, setupNodeEvents, specPattern } (Do not use integrationFolder or pluginsFile.) [2][4]
Citations:
- 1: https://docs.cypress.io/app/references/migration-guide
- 2: https://docs.cypress.io/app/references/configuration
- 3: fix: allow fixtures folder to be the same as integration folder cypress-io/cypress#14234
- 4: chore(unify): Remove References to integrationFolder cypress-io/cypress#20821
- 5: https://docs.cypress.io/app/core-concepts/writing-and-organizing-tests
- 6: https://docs.cypress.io/llm/markdown/api/node-events/overview.md
Cypress 15 upgrade requires migration from cypress.json to cypress.config.* (current config is incompatible).
package.json bumps Cypress to ^15.16.0, but the repo still relies on cypress.json with integrationFolder and pluginsFile (test/e2e/plugins/index.js). Cypress v10+ removed cypress.json and replaced the plugins flow with setupNodeEvents; integrationFolder is also no longer supported—this is likely to break spec discovery and node/plugin initialization for test:e2e/test:ci.
Create cypress.config.js and migrate:
- move
supportFile/fixturesFolder(and any other supported keys) under the appropriatee2econfig - replace
pluginsFilelogic withsetupNodeEvents(including theconfig.baseUrlsetup fromtest/e2e/plugins/index.js) - replace
integrationFolderwithspecPattern(or equivalent) for locating specs
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 51, package.json was upgraded to Cypress ^15.16.0 but
the repo still uses the old cypress.json and pluginsFile; create a new
cypress.config.js and migrate settings: move supportFile and fixturesFolder (and
any other supported keys) under the e2e config block, replace integrationFolder
with specPattern to locate specs, and implement setupNodeEvents in
cypress.config.js that imports/executes the existing test/e2e/plugins/index.js
logic (including setting config.baseUrl) instead of using pluginsFile; ensure
the exported defineConfig (or default export) mirrors prior behavior so test:e2e
and test:ci continue to find specs and initialize node events.
| "mocha": "^2.4.5", | ||
| "nodemon": "^1.19.1", | ||
| "selenium-webdriver": "^2.53.2", | ||
| "selenium-webdriver": "^4.44.0", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify Selenium 4 migration readiness in test code (read-only).
set -euo pipefail
echo "== selenium-webdriver version =="
rg -n '"selenium-webdriver"\s*:' package.json
echo
echo "== Legacy selenium testing helper usage =="
rg -n --type=js 'selenium-webdriver/testing'
echo
echo "== Hooks not marked async while using webdriver calls =="
rg -n --type=js 'before\s*\(\s*function\s*\(' test
rg -n --type=js 'webDriver\.(get|sleep|findElement|quit)\s*\(' test
echo
echo "== Async/await migration signals =="
rg -n --type=js '\basync\b|\bawait\b' test/security test/e2e || trueRepository: cliff-security/NodeGoat
Length of output: 2124
Migrate the Selenium test hook to explicit async/await for selenium-webdriver v4.
package.jsonbumpsselenium-webdriverto^4.44.0(line 66).test/security/profile-test.jsstill usesselenium-webdriver/testing, and thetest.before(function() { ... })hook is notasyncwhile callingwebDriver.get,webDriver.sleep,webDriver.findElement(...).sendKeys(...),click, andquitwithoutawait/returned promises—this can cause sequencing/race/flaky failures under Selenium 4.- Update the hook to
asyncandawaiteach webdriver operation (or return the full promise chain) so execution order is deterministic.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 66, The test hook in test/security/profile-test.js
still uses selenium-webdriver/testing and a non-async test.before that calls
webDriver.get, webDriver.sleep, webDriver.findElement(...).sendKeys(...), click,
and webDriver.quit without awaiting results; update the hook to be async (change
test.before(function() { ... }) to test.before(async function() { ... })) and
add await before each webdriver asynchronous call (await webDriver.get(...),
await webDriver.sleep(...), await webDriver.findElement(...).sendKeys(...),
await element.click(), await webDriver.quit()) or return the promise chain so
each operation completes in order and avoid using selenium-webdriver/testing
helpers incompatible with v4.44.0.
Bumps tmp to 0.2.7 and updates ancestor dependencies tmp, cypress and selenium-webdriver. These dependencies need to be updated together.
Updates
tmpfrom 0.0.24 to 0.2.7Changelog
Sourced from tmp's changelog.
... (truncated)
Commits
8ea1f37Bump up the version8f24f78Merge commit from forkce787f3Reject non-string prefix, postfix, template41f7159Bump up the versionefa4a06Merge commit from fork7ef2728Check for relative values3d2fe38Bump up the versione162828Merge pull request #309 from fflorent/fix-tmp-dir-with-dirb847d2fFix use of tmp.dir() withdiroption08fa3abUpdate versionUpdates
cypressfrom 3.8.3 to 15.16.0Release notes
Sourced from cypress's releases.
... (truncated)
Commits
22aaf23chore: bump cypress-example-kitchensink to 6.0.2 for release (#33921)448155cfix(cli): use verbose Listr renderer in CI for install + verify output (#33890)01cd887chore: surface wrong-passphrase client cert PEM errors consistently in OpenSS...4534d04fix: pin@sinonjs/fake-timerstype resolution in bundled sinon types (#33886)d7cd85arefactor(server): convert unit test specs to TypeScript (#33899)2d5366dtest: preserve allowCypressEnv in subscription test config rewrites (#33910)fcee425chore: updating v8 snapshot cache (#33909)986c3b2chore: updating v8 snapshot cache (#33903)de76502chore: Update v8 snapshot cache - linux (#33875)247a033chore: updating v8 snapshot cache (#33901)Maintainer changes
This version was pushed to npm by cypress-npm-publisher, a new releaser for cypress since your current version.
Install script changes
This version modifies
postinstallscript that runs during installation. Review the package contents before updating.Updates
selenium-webdriverfrom 2.53.3 to 4.44.0Release notes
Sourced from selenium-webdriver's releases.
... (truncated)
Commits
Maintainer changes
This version was pushed to npm by titusfortner, a new releaser for selenium-webdriver since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Summary by CodeRabbit