From 554d5d8c3b2a72f02c4f2f5c235423fbb4de7ee6 Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Wed, 6 Sep 2023 23:24:53 +0800 Subject: [PATCH] [Backport 2.x] bump @cypress/request to 3.0.0 due to CVE-2023-28155 (#106) * bump @cypress/request to 3.0.0 due to CVE-2023-28155 (#105) * bump @cypress/request to 3.0.0 due to CVE-2023-28155 Signed-off-by: Hailong Cui * update snapshot Signed-off-by: Hailong Cui --------- Signed-off-by: Hailong Cui (cherry picked from commit 8eec56b0f96f9815ec98890f95a04e8f3b7549ff) Signed-off-by: github-actions[bot] Signed-off-by: Hailong Cui * revert snpashot change Signed-off-by: Hailong Cui * add --no-optimizer for osd start Signed-off-by: Hailong Cui * Revert "add --no-optimizer for osd start" This reverts commit 345a0ce77d83dd38c67678fc903d65132bf5e9d5. Signed-off-by: Hailong Cui * increase timeout to wait for OSD fully started Signed-off-by: Hailong Cui --------- Signed-off-by: Hailong Cui Signed-off-by: github-actions[bot] Co-authored-by: github-actions[bot] Co-authored-by: Hailong Cui --- ...hboards-notifications-test-and-build-workflow.yml | 5 +++++ package.json | 3 ++- yarn.lock | 12 ++++++------ 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/dashboards-notifications-test-and-build-workflow.yml b/.github/workflows/dashboards-notifications-test-and-build-workflow.yml index b9925250..55e806a6 100644 --- a/.github/workflows/dashboards-notifications-test-and-build-workflow.yml +++ b/.github/workflows/dashboards-notifications-test-and-build-workflow.yml @@ -170,6 +170,11 @@ jobs: run: | # Resetting npm's script shell for Windows so `yarn run cypress` doesn't have conflicts npm config delete script-shell + - name: Wait for OSD to be fully start + run: | + sleep 300 + curl http://localhost:5601/app/home#/ + curl http://localhost:9200 - name: Run Cypress tests uses: cypress-io/github-action@v2 diff --git a/package.json b/package.json index a56a4eaa..a43d22b3 100644 --- a/package.json +++ b/package.json @@ -31,6 +31,7 @@ "resolutions": { "async": "^3.2.3", "minimist": "^1.2.6", - "tough-cookie": "^4.1.3" + "tough-cookie": "^4.1.3", + "@cypress/request": "^3.0.0" } } \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index ca263d72..6b932b30 100644 --- a/yarn.lock +++ b/yarn.lock @@ -17,10 +17,10 @@ date-fns "^1.27.2" figures "^1.7.0" -"@cypress/request@^2.88.5": - version "2.88.11" - resolved "https://registry.npmmirror.com/@cypress/request/-/request-2.88.11.tgz#5a4c7399bc2d7e7ed56e92ce5acb620c8b187047" - integrity sha512-M83/wfQ1EkspjkE2lNWNV5ui2Cv7UCv1swW1DqljahbzLVWltcsexQh8jYtuS/vzFXP+HySntGM83ZXA9fn17w== +"@cypress/request@^2.88.5", "@cypress/request@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@cypress/request/-/request-3.0.0.tgz#7f58dfda087615ed4e6aab1b25fffe7630d6dd85" + integrity sha512-GKFCqwZwMYmL3IBoNeR2MM1SnxRIGERsQOTWeQKoYBt2JLqcqiy7JXqO894FLrpjZYqGxW92MNwRH2BN56obdQ== dependencies: aws-sign2 "~0.7.0" aws4 "^1.8.0" @@ -37,7 +37,7 @@ performance-now "^2.1.0" qs "~6.10.3" safe-buffer "^5.1.2" - tough-cookie "~2.5.0" + tough-cookie "^4.1.3" tunnel-agent "^0.6.0" uuid "^8.3.2" @@ -1866,7 +1866,7 @@ tmp@~0.2.1: dependencies: rimraf "^3.0.0" -tough-cookie@^4.1.3, tough-cookie@~2.5.0: +tough-cookie@^4.1.3: version "4.1.3" resolved "https://registry.npmmirror.com/tough-cookie/-/tough-cookie-4.1.3.tgz#97b9adb0728b42280aa3d814b6b999b2ff0318bf" integrity sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==