[Backport 2.x] bump @cypress/request to 3.0.0 due to CVE-2023-28155 (#…

…106)

* bump @cypress/request to 3.0.0 due to CVE-2023-28155 (#105)

* bump @cypress/request to 3.0.0 due to CVE-2023-28155

Signed-off-by: Hailong Cui <[email protected]>

* update snapshot

Signed-off-by: Hailong Cui <[email protected]>

---------

Signed-off-by: Hailong Cui <[email protected]>
(cherry picked from commit 8eec56b)
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Signed-off-by: Hailong Cui <[email protected]>

* revert snpashot change

Signed-off-by: Hailong Cui <[email protected]>

* add --no-optimizer for osd start

Signed-off-by: Hailong Cui <[email protected]>

* Revert "add --no-optimizer for osd start"

This reverts commit 345a0ce.

Signed-off-by: Hailong Cui <[email protected]>

* increase timeout to wait for OSD fully started

Signed-off-by: Hailong Cui <[email protected]>

---------

Signed-off-by: Hailong Cui <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Hailong Cui <[email protected]>

.github/workflows/dashboards-notifications-test-and-build-workflow.yml

@@ -170,6 +170,11 @@ jobs:
         run: |
           # Resetting npm's script shell for Windows so `yarn run cypress` doesn't have conflicts
           npm config delete script-shell
+      - name: Wait for OSD to be fully start
+        run: |
+          sleep 300
+          curl http://localhost:5601/app/home#/
+          curl http://localhost:9200
 
       - name: Run Cypress tests
         uses: cypress-io/github-action@v2

package.json

@@ -31,6 +31,7 @@
   "resolutions": {
     "async": "^3.2.3",
     "minimist": "^1.2.6",
-    "tough-cookie": "^4.1.3"
+    "tough-cookie": "^4.1.3",
+    "@cypress/request": "^3.0.0"
   }
 }

yarn.lock

@@ -17,10 +17,10 @@
     date-fns "^1.27.2"
     figures "^1.7.0"
 
-"@cypress/request@^2.88.5":
-  version "2.88.11"
-  resolved "https://registry.npmmirror.com/@cypress/request/-/request-2.88.11.tgz#5a4c7399bc2d7e7ed56e92ce5acb620c8b187047"
-  integrity sha512-M83/wfQ1EkspjkE2lNWNV5ui2Cv7UCv1swW1DqljahbzLVWltcsexQh8jYtuS/vzFXP+HySntGM83ZXA9fn17w==
+"@cypress/request@^2.88.5", "@cypress/request@^3.0.0":
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/@cypress/request/-/request-3.0.0.tgz#7f58dfda087615ed4e6aab1b25fffe7630d6dd85"
+  integrity sha512-GKFCqwZwMYmL3IBoNeR2MM1SnxRIGERsQOTWeQKoYBt2JLqcqiy7JXqO894FLrpjZYqGxW92MNwRH2BN56obdQ==
   dependencies:
     aws-sign2 "~0.7.0"
     aws4 "^1.8.0"
@@ -37,7 +37,7 @@
     performance-now "^2.1.0"
     qs "~6.10.3"
     safe-buffer "^5.1.2"
-    tough-cookie "~2.5.0"
+    tough-cookie "^4.1.3"
     tunnel-agent "^0.6.0"
     uuid "^8.3.2"
 
@@ -1866,7 +1866,7 @@ tmp@~0.2.1:
   dependencies:
     rimraf "^3.0.0"
 
-tough-cookie@^4.1.3, tough-cookie@~2.5.0:
+tough-cookie@^4.1.3:
   version "4.1.3"
   resolved "https://registry.npmmirror.com/tough-cookie/-/tough-cookie-4.1.3.tgz#97b9adb0728b42280aa3d814b6b999b2ff0318bf"
   integrity sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==