[Snyk] Fix for 39 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/server/package.json
  • packages/server/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	No	Proof of Concept
	590/1000 Why? Has a fix available, CVSS 7.3	Command Injection SNYK-JS-FINDPROCESS-1090284	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	No	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Reverse Tabnabbing SNYK-JS-ISTANBULREPORTS-2328088	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-JPEGJS-2859218	No	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JPEGJS-570039	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-1019388	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-PUPA-174563	Yes	Proof of Concept
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	No	No Known Exploit
	596/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.5	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	No	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-URLPARSE-1078283	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-URLPARSE-1533425	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Authorization Bypass SNYK-JS-URLPARSE-2407759	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Improper Input Validation SNYK-JS-URLPARSE-2407770	No	Proof of Concept
	631/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.2	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:minimatch:20160620	Yes	No Known Exploit
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) npm:underscore.string:20170908	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @cypress/browserify-preprocessor

The new version differs by 65 commits.

• 2b1c1f4 chore: Upgrade node to 16.13.0, use https for npm registry (Bump debug from 4.1.1 to 4.3.1 in /packages/https-proxy #94)
• 927b76a fix: release
• 67ea9f6 chore: Fix semantic release (Bump debug from 4.1.1 to 4.3.1 in /packages/network #93)
• a8ff57f fix: release
• a8adb24 chore: Bump circle node orb and non-major deps (Bump debug from 3.2.6 to 3.2.7 in /cli #92)
• c66ae40 chore(docs): remove note about being default (Bump electron from 5.0.10 to 22.3.21 in /packages/electron #91)
• 76edfbe chore(deps): update dependency semantic-release to version 17.2.3 🌟 ([Snyk] Security upgrade underscore.string from 3.3.5 to 3.3.6 #76)
• 61dae70 fix(deps): update dependency glob-parent to version 5.1.2 🌟 ([Snyk] Security upgrade moment from 2.24.0 to 2.29.2 #84)
• fc9f2ee Merge pull request [Snyk] Security upgrade plist from 2.1.0 to 3.0.4 #77 from cypress-io/renovate/npm-set-value-vulnerability
• 60e408b Merge pull request [Snyk] Security upgrade parse-domain from 2.3.4 to 3.0.0 #67 from cypress-io/renovate/npm-elliptic-vulnerability
• d0a76d7 Merge pull request [Snyk] Security upgrade mocha-junit-reporter from 1.23.1 to 2.0.2 #68 from cypress-io/renovate/npm-handlebars-vulnerability
• f1273c8 Merge pull request [Snyk] Fix for 1 vulnerabilities #65 from cypress-io/renovate/npm-acorn-vulnerability
• d9467f2 Merge pull request [Snyk] Security upgrade find-process from 1.4.1 to 1.4.5 #66 from cypress-io/renovate/npm-dot-prop-vulnerability
• b882246 chore(deps): update set-value to 2.0.1 🌟
• 91dbb34 Merge pull request [Snyk] Fix for 2 vulnerabilities #69 from cypress-io/renovate/npm-https-proxy-agent-vulnerability
• 8f20054 Merge pull request [Snyk] Security upgrade parse-domain from 2.3.4 to 3.0.0 #70 from cypress-io/renovate/npm-ini-vulnerability
• 9044660 Merge pull request [Snyk] Security upgrade node-forge from 0.9.0 to 1.0.0 #71 from cypress-io/renovate/npm-lodash-vulnerability
• 1309f48 Merge pull request [Snyk] Security upgrade node-forge from 0.9.0 to 1.0.0 #72 from cypress-io/renovate/npm-marked-vulnerability
• e9c9043 Merge pull request [Snyk] Security upgrade ramda from 0.24.1 to 0.27.2 #73 from cypress-io/renovate/npm-mixin-deep-vulnerability
• cff2acb Merge pull request [Snyk] Security upgrade ramda from 0.24.1 to 0.27.2 #74 from cypress-io/renovate/npm-node-fetch-vulnerability
• 170a37c chore(deps): update node-fetch to 2.6.1 🌟
• 0526cb6 chore(deps): update mixin-deep to 1.3.2 🌟
• e000efc chore(deps): update marked to 0.7.0 🌟
• 494c6bd chore(deps): update lodash to 4.17.19 🌟

See the full diff

Package name: color-string

The new version differs by 4 commits.

• 966ae4d 1.5.5
• 0789e21 fix ReDos in hwb() parser (low-severity)
• 60f3f66 1.5.4
• 6f7d6f1 don't fix alpha to 2 decimal points (ref qix-/color#174)

See the full diff

Package name: electron-context-menu

The new version differs by 38 commits.

• 1286195 1.0.0
• 4de32a9 Require Electron 8
• 71c5d2e Add built-in support for spellchecking (Bump debug from 4.1.1 to 4.3.1 in /packages/https-proxy #94)
• 2f1bae0 Add `showSaveImage` option (Bump lodash from 4.17.15 to 4.17.21 in /cli #100)
• d47071e 0.16.0
• 296ae9c Support rich text for `Cut`, `Copy`, and `Paste` items
• 1410532 Add `WebContents` to `browserWindow` TypeScript type (Bump jquery from 3.1.1 to 3.5.0 in /packages/driver #90)
• 5b36497 0.15.2
• 26938e1 Fix the TypeScript types
• dd5dc58 0.15.1
• 7b9637c Meta tweaks
• 9e9fd9a Fix showing `Inspect Element` menu item
• 4d28a12 Fix TypeScript definition
• 4e1177d 0.15.0
• d9fd3ad Meta tweaks
• 79868f1 Add `Copy Image` option ([Snyk] Security upgrade url-parse from 1.4.7 to 1.5.7 #79)
• 1310a1d 0.14.0
• 4c8eb16 Fix the "Save Image" label ID
• bf760be 0.13.0
• dcf9979 Don't show `lookUpSelection` on links
• 1b389b7 Meta tweaks
• 12d60d9 Improve `lookUpSelection` implementation ([Snyk] Security upgrade underscore.string from 3.3.5 to 3.3.6 #76)
• 295e19d Add Services submenu on macOS ([Snyk] Security upgrade ramda from 0.24.1 to 0.27.2 #73)
• 28662f3 Fix typo

See the full diff

Package name: find-process

The new version differs by 30 commits.

• 2a20559 chore: add changelog
• f32ed58 chore: bump to 1.4.5
• 5ec7c30 fix: fix find-process
• 2e18620 Merge pull request [Snyk] Security upgrade lodash from 4.17.15 to 4.17.21 #50 from yibn2008/dependabot/npm_and_yarn/path-parse-1.0.7
• aa21f17 chore(deps): bump path-parse from 1.0.6 to 1.0.7
• 1528288 Merge pull request [Snyk] Fix for 2 vulnerabilities #43 from yibn2008/dependabot/npm_and_yarn/y18n-4.0.1
• 872c18a Merge pull request [Snyk] Security upgrade lodash from 4.17.15 to 4.17.21 #44 from 418sec/1-npm-find-process
• 4ca6a5c Merge pull request [Snyk] Security upgrade minimist from 1.2.0 to 1.2.2 #1 from EffectRenan/master
• ef49cbe chore(deps): bump y18n from 4.0.0 to 4.0.1
• a48fd29 Fix Command Injection vulnerability
• 723f44d chore: add changelog
• c1e7ddb chore: bump to 1.4.4
• e47b6bb Merge pull request [Snyk] Security upgrade mocha from 2.4.5 to 3.0.0 #39 from yibn2008/dependabot/npm_and_yarn/lodash-4.17.20
• de69079 chore(deps): bump lodash from 4.17.15 to 4.17.20
• 9c5ebac Merge pull request [Snyk] Security upgrade lodash from 4.17.15 to 4.17.17 #34 from DominicBoettger/master
• 13b2ce8 Create nodejs.yml
• 3122b0b fix: Security updates, Windows unit tests
• 4002d35 chore: merge
• 649b21b chore: add changelog
• 46798a3 chore: bump to 1.4.3
• 6c14c60 fix: fix [Snyk] Security upgrade lodash from 4.17.15 to 4.17.20 #30
• 9ae906f update image
• 7f3c602 chore: add changelog
• 65e1386 chore: bump to 1.4.2

See the full diff

Package name: fix-path

The new version differs by 9 commits.

• 40d974d 4.0.0
• 5f0a1a2 Add support for Linux
• 8968c9b Require Node.js 12.20 and move to ESM
• c757835 Move to GitHub Actions ([Snyk] Fix for 1 vulnerabilities #13)
• 8f12bec 3.0.0
• 41133a9 Require Node.js 10
• 096036c Add TypeScript definition ([Snyk] Fix for 1 vulnerabilities #12)
• df80620 Require Node.js 8
• e208dd0 Create funding.yml

See the full diff

Package name: getos

The new version differs by 5 commits.

• 64e514e 3.1.2
• 4fde3c6 failed to semver bump last release
• 3287294 add version to keywords
• 1680f9d upgrade all deps
• 87e7dce fix: os-release should be checked last because it's mostly present in every Linux distribution ([Snyk] Security upgrade moment from 2.24.0 to 2.29.4 #88)

See the full diff

Package name: http-proxy

The new version differs by 33 commits.

• 9b96cd7 1.18.1
• 335aeeb Skip sending the proxyReq event when the expect header is present (Adding the options normalizing step for open API cypress-io/cypress#1447)
• dba3966 Remove node6 support, add node12 to build (Open Modal or Page with Ionic 3 cypress-io/cypress#1397)
• 9bbe486 [dist] Version bump. 1.18.0
• 6e4bef4 Added in auto-changelog module set to keepachangelog format (Cypress no longer works on AWS CodeBuild cypress-io/cypress#1373)
• d056241 fix 'Modify Response' readme section to avoid unnecessary array copying (Proposal: download Cypress to the common cached folder cypress-io/cypress#1300)
• 244303b Fix incorrect target name for reverse proxy example (CSS Selector Playground - allow configuration? cypress-io/cypress#1135)
• b4028ba Fix modify response middleware example (Server XHR is not detected / stubbed when using document.write cypress-io/cypress#1139)
• 77a9815 [dist] Update dependency async to v3 (Add Firefox support cypress-io/cypress#1359)
• c662f9e Fix path to local http-proxy in examples. (Question: Configure create-react-app w/ Travis-CI cypress-io/cypress#1072)
• 806e492 fix reverse-proxy example require path (E2E tests for Python app failing when spawning child process cypress-io/cypress#1067)
• c8fa599 Update README.md (Any way to force CSS media queries to detect mobile cypress-io/cypress#970)
• 0d9ed36 [dist] Update dependency request to ~2.88.0 [SECURITY] (Cypress as a node module and multireporters cypress-io/cypress#1357)
• 9d75b98 [dist] Update dependency eventemitter3 to v4 (cypress.exe crashing to desktop Ubuntu 16.04 LTS cypress-io/cypress#1365)
• 192b2b9 [dist] Update dependency colors to v1 (asterisks displaying instead of single quotes in Command Log assertion cypress-io/cypress#1360)
• 4a657a7 [dist] Update all non-major dependencies (Typescript example recipe workflow cypress-io/cypress#1356)
• 7a154f8 [dist] Update dependency agentkeepalive to v4 (Dotenv module doesn't work with cypress cypress-io/cypress#1358)
• 749eec6 [dist] Update dependency nyc to v14 (Propose: Providing the service for get cypress status's badge. cypress-io/cypress#1367)
• e588213 [dist] Update dependency concat-stream to v2 (Stop cypress from downloading & unpacking every time cypress-io/cypress#1363)
• 59c4403 [fix] Latest versions.
• dd1d08b [fix test] Update tests.
• 16d4f8a [dist] Regenerate package-lock.json.
• fc93520 [dist] .gitattributes all the things.
• 7e4a0e5 [dist] New test fixtures.

See the full diff

Package name: jimp

The new version differs by 103 commits.

• 2b3413a Bump version to: v0.12.0 [skip ci]
• 0bd02d5 Update CHANGELOG.md [skip ci]
• 651de24 Fix package.json
• a2b44a1 Add readme description
• 697f2a6 Remove compiling polyfills into published code (Tests breaking on Electron, seemingly because no CSS Grid support cypress-io/cypress#891)
• ec736c9 Bump version to: v0.11.0 [skip ci]
• a52b096 Update CHANGELOG.md [skip ci]
• 2f99663 Make callback optional for Jimp.rgbaToInt (Enabling opening Cypress installed locally in 'global' mode cypress-io/cypress#889)
• 585c1ab Removed Core-JS as a dependency. (Paused before potential out-of-memory crash cypress-io/cypress#882)
• 3719710 Bump version to: v0.10.3 [skip ci]
• 30f04f7 Update CHANGELOG.md [skip ci]
• e93497a Simplify and fix flip (Relax visibility rules when an element is clipped but can be scrolled to cypress-io/cypress#879)
• dd7a6ba Bump version to: v0.10.2 [skip ci]
• baf756c Update CHANGELOG.md [skip ci]
• b038cba Rewrite handling EXIF orientation — add tests, make it plugin-independent (Add project editorconfig cypress-io/cypress#875)
• 44ce60b Bump version to: v0.10.1 [skip ci]
• da6bf75 Update CHANGELOG.md [skip ci]
• bd5ba89 Update package.json ([WIP] Implement slowTestThreshold Cypress option cypress-io/cypress#870)
• 3cc4a4c Fix a `loadFont` and case inconsistency of `jimp` (Add support for MTLS authentication cypress-io/cypress#868)
• c23237b Bump version to: v0.10.0 [skip ci]
• 1add0ba Update CHANGELOG.md [skip ci]
• e1d05da Properly split constructor and instance types (Disable video recording on cypress run cypress-io/cypress#867)
• 3a3df33 Bump version to: v0.9.8 [skip ci]
• df1fd79 Update CHANGELOG.md [skip ci]

See the full diff

Package name: minimist

The new version differs by 21 commits.

• 7efb22a 1.2.6
• ef88b93 security notice for additional prototype pollution issue
• c2b9819 isConstructorOrProto adapted from PR
• bc8ecee test from prototype pollution PR
• aeb3e27 1.2.5
• 278677b 1.2.4
• 4cf1354 security notice
• 1043d21 additional test for constructor prototype pollution
• 6457d74 1.2.3
• 38a4d1c even more aggressive checks for protocol pollution
• 13c01a5 more failing proto pollution tests
• f34df07 1.2.2
• 67d3722 cleanup
• 63e7ed0 don't assign onto __proto__
• 47acf72 console.dir -> console.log
• 0efed03 failing test for protocol pollution
• 29783cd 1.2.1
• 6be5dae add test
• ac3fc79 fix bad boolean regexp
• 4cf45a2 Merge pull request [Snyk] Fix for 1 vulnerabilities #63 from lydell/dash-dash-docs-fix
• 5fa440e move the `opts['--']` example back where it belongs

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (Support creating custom assertion operator like 'should('have.text.trimmed', ...)' cypress-io/cypress#4026)
• 3f7b987 uncaughtException: report more than one exception per test (Cypress runs hanging when video stream was not able to be generated cypress-io/cypress#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (chore(deps): Update dependency @types/bluebird to version 3.5.26 🌟 cypress-io/cypress#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closes Cypress rest runner stops execution after competing steps within an iFrame cypress-io/cypress#4035 (Detect forked pull request on AppVeyor CI cypress-io/cypress#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (chore(deps): Update dependency babel-plugin-add-module-exports to version 1.0.2 🌟 cypress-io/cypress#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (update Test Runner to handle API errs for non-private test limits cypress-io/cypress#4025)
• 9650d3f add OpenJS Foundation logo to website (DOM snapshot inspection mode does not reset when reloading file on change cypress-io/cypress#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (cy.request fails with error incorrect header check cypress-io/cypress#3971)
• aca8895 Add link checking to docs build step (Visiting a url with subdomains, supplying with basic auth crashes cypress-io/cypress#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (Display errors from Electron when we run cypress run cypress-io/cypress#3986)
• 18ad1c1 treat '--require esm' as Node option (promote the influence of cypress cypress-io/cypress#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (add matcher option to cy.route - addresses #387 cypress-io/cypress#3984)
• ad4860e Remove extraGlobals() (Ajax Synchronous Request Failing in Chrome cypress-io/cypress#3970)
• b269ad0 Clarify effect of .skip() (Wrap scenario and step names in UI cypress-io/cypress#3947)
• 1e6cf3b Add Matomo to website (decaffeinate reporter specs cypress-io/cypress#3765)
• 91b3a54 fix style on mochajs.org (I'm trying to run the same test both in chrome and electron, In chrome, it runs fine but in electron it fails with unhandled exception cypress-io/cypress#3886)

See the full diff

Package name: mocha-junit-reporter

The new version differs by 35 commits.

• 8e0b9e4 Merge branch 'master' of https://github.com/michaelleeallen/mocha-junit-reporter
• 4a7cca4 Bump glob-parent from 5.1.1 to 5.1.2
• 2a321e3 Merge pull request Accept a function for a cy.route response cypress-io/cypress#152 from michaelleeallen/dependabot/npm_and_yarn/glob-parent-5.1.2
• 5403f63 Merge pull request Error: EISDIR: illegal operation on a directory, read cypress-io/cypress#155 from pkuczynski/upgrade-strip-ansi
• 2222692 Upgrade strip-ansi@6.0.1
• 1c3eb62 Bump glob-parent from 5.1.1 to 5.1.2
• 88388ee Merge pull request Bump lodash from 4.17.15 to 4.17.21 in /packages/runner #104 from michaelleeallen/add-actions
• 2cd514a Merge pull request Error's stack trace is being truncated in Desktop App on server error. cypress-io/cypress#133 from michaelleeallen/dependabot/npm_and_yarn/lodash-4.17.19
• 18ff0f4 Merge pull request 'Add Project' button breaks after unfocusing desktop app while folder viewer is open. cypress-io/cypress#115 from gabegorelick/setup-teardown-time
• a3ec7b5 Bump lodash from 4.17.15 to 4.17.19
• d2770c2 Testsuite time should include setup and teardown
• 3d1909d Drop support for misspelled option `suiteTitleSeparatedBy`
• fababe6 tests: Actually invoke mocha instead of mocking it out
• 076aeab Run lint in GitHub Actions
• bcbfb2f Fix eslint
• fd6ed97 Build PRs too
• 671bc9e Update jenkins mode to use suiteTitleSeparatedBy and update documentation (Popup escapes cypress cypress-io/cypress#123)
• 3824381 Fix all `npm audit` issues (Git error while installing cypress-cli cypress-io/cypress#124)
• 29a1dd4 Fix strict mode declarations
• 9e2527c Support node 10, 12, 14 (when running spec when integrationFolder default is overridden, Cypress looks in wrong directory path. cypress-io/cypress#117)
• e2d8232 Turn on linting (cy.dblclick() should accept same options as cy.click() cypress-io/cypress#116)
• 663b967 Upgrade eslint
• 94016cc 1.23.3
• 221d830 Fix option parsing for mocha 6+

See the full diff

Package name: parse-domain

The new version differs by 2 commits.

• a22b76e chore(release): 3.0.0 [skip ci]
• 9f38492 feat: Complete rewrite in TypeScript and several bug fixes and improvements

See the full diff

Package name: ramda

The new version differs by 250 commits.

• 1a5d40b Version 0.27.2
• 4d8e8f0 Merge pull request Unable to open cypress v.3.1.4 on windows cypress-io/cypress#3212 from ramda/davidchambers/trim
• 94d0570 Security fix for ReDoS (localStorage being set on wrong domain  cypress-io/cypress#3177)
• 8ae355e update test string for trim
• 6bb8eea Version 0.27.1
• ed191e6 Merge pull request How to assert that a get should fail cypress-io/cypress#2832 from kibertoad/chore/update-dependencies-2
• 20ba763 Update dependencies
• a6620f6 Update Babel to v7 (Allow separate request and response timeout overrides in cy.wait cypress-io/cypress#2829)
• 2705518 Execute tests on Node 12 (Adding .only to multiple tests only runs the last one cypress-io/cypress#2828)
• c45208e hasPath return false for non-object checks (Test passes when loading a page which returns 500 cypress-io/cypress#2825)
• 0baeda1 updated invoker.js documentation (Cypress 3.1.1 hangs on Jenkins cypress-io/cypress#2821)
• 072d417 Including BR translation. (cy.route() doesn't intercept calls during 303 redirect cypress-io/cypress#2621)
• ca1e2b5 add an example which covers error and value (cy.get not yielding visible component. cypress-io/cypress#2806)
• 271b044 docs: Add @ since where it is missing (Add .clear support for HTML 5 input types cypress-io/cypress#2793)
• ac58c96 Update `pathSatisfies` to handles empty `path` arguments (Publicly export withinSubject option on get command cypress-io/cypress#2791)
• b25ac73 Fix typo in split docs (Getting error while running cypress on Jenkins - some dependencies missing cypress-io/cypress#2792)
• 7d55e91 Add R.xor (Exclusive OR) (Fix UI bug where test label was the contents of double quotes from test title cypress-io/cypress#2646)
• efd899b feature: adding paths operator - #2694 - Visiting PKI protected domains with cy.visit() - Exploratory PR cypress-io/cypress#2740 (Trashing assets results in infinitely nested trash directories cypress-io/cypress#2742)
• 235a370 fix: rename then to andThen (Issue 1321 fix 2 cypress-io/cypress#2772)
• 8d59032 Fix broken link in readme (Map not responding to mouse commands cypress-io/cypress#2768)
• 38feed2 remove erroneous quotes in tryCatch documentation (ignoreTestFiles being ignored on Travis CI cypress-io/cypress#2765)
• ce4f936 fix `@ since` in `includes` (Trend Micro is marking cypress.exe for quarantine. Because it's detected as Virus cypress-io/cypress#2764)
• 626762b Reference to Ramda Conventions wiki page (Set video config to false by default cypress-io/cypress#2718)
• 878cacd Add prebench script (cy.get() does not accept a DOM element cypress-io/cypress#2759)

See the full diff

Package name: strip-ansi

The new version differs by 7 commits.

• dfab677 5.0.0
• 6a25566 Require Node.js 6 and upgrade dependencies
• e8d149c Add Tidelift mention in the readme
• 52dcf65 Add related streaming version of this module to the readme ([Snyk] Security upgrade http-proxy from 1.17.0 to 1.18.1 #15)
• c299056 4.0.0
• 740dac9 Bump ansi-regex
• 0978944 Require Node.js 4

See the full diff

Package name: underscore

The new version differs by 250 commits.

• bf5a0ed Merge branch 'template-variable-parameter'
• 7e3d404 Update annotated sources and minified bundles for 1.12.1
• 5343fbc Add version 1.12.1 to the documentation
• 44df929 Bump the version to 1.12.1
• 7e89b79 Un-document the fix for I am unable to login with valid username and password on a website - timeout cypress-io/cypress#2911 for the time being
• 4c73526 Fix I am unable to login with valid username and password on a website - timeout cypress-io/cypress#2911
• ef646cc Reflect real issue of I am unable to login with valid username and password on a website - timeout cypress-io/cypress#2911 in test from "run" is much slower than "open" cypress-io/cypress#2912
• a6159ff Fix indentation in the test from "run" is much slower than "open" cypress-io/cypress#2912
• 798eafa Update the link to the preview release (bugfix)
• 07cc415 Convert all RawGit links to Statically
• db7fb6a Add temporary note about preview release to index.html
• 548fa01 Merge pull request instanceOf(Array) assertion fails unexpectedly cypress-io/cypress#2913 from ognjenjevremovic/test/time-tampering-tests
• 3a5c878 test: Assertion comment updates; `_.throttle` and `_.debounce`.
• 4d5d198 test: 💍 Time tampering tests for _.throttle and _.deobounce
• a4cc7c0 Add a test to confirm we are not vulnerable to CVE-2021-23337 (I am unable to login with valid username and password on a website - timeout cypress-io/cypress#2911)
• 745e9b7 Merge pull request Windows binary includes devDependencies cypress-io/cypress#2896 from anderlaw/master
• af2f919 Correct "Non-numerical values in list will be ignored"
• c9b4b63 Put back test/vendor/qunit.* static files to fix live website tests
• 311b04e Merge pull request Scroll element into view when using .should('be.visible') cypress-io/cypress#2892 from kritollm/master
• 6568211 Make a comment render more nicely
• 0b93f06 Fixed a few more details
• 913bcf2 Resolved changes requested.
• 769a494 throttle cleanup
• 03f9781 Reimplementing timer optimization Crash when moving test to test cypress-io/cypress#1269

See the full diff

Package name: underscore.string

The new version differs by 9 commits.

• 6a65c38 Version 3.3.6