Cypress - v3.0.3

Security

Released 7/30/2018

Bugfixes:

  • Reverted the Chrome argument that disabled RootLayerScrolling which was used to prevent the application under test from "shaking" due to a bug in versions 66 and 67. This workaround inadvertently created a different and much more severe bug in Chrome 68 that would miscalculate pointer coordinates. This led to Cypress giving confusing errors about elements being covered up on action. This is still a bug in Chrome, and is fixed in Canary but has not yet been released to the stable Chrome 68 channel. Nevertheless, removing the RootLayerScrolling flag does fix it. We did several experiments to try to ensure that the "shaking" behavior does not exhibit itself in Chrome 68. We have limited the --disable-blink-features=RootLayerScrolling flag to Chrome 66 and Chrome 67. Fixes #2223 and #2215 and #2037.
  • Fixed another bug with Chrome that caused the chromeWebSecurity: false option to not be respected. This was due to Chrome progressively rolling out trials of a new option that attempts to isolate sites (and iframes) in their own child process if their origins are different. Fixes #1951 and #2001 and #715.
  • Fixed Cypress hanging in CI due to excessive and unnecessary globbing. We finally tracked down this issue which made it appear as if Cypress was "hanging" after closing a spec file and then attempting to open the next one. Fixes #2183 and #1905 and #1912.
  • We are now properly serializing nested object arguments when using the Module API via cypress.open() or cypress.run(). Passing nested objects in reporterOptions now works correctly. This is especially useful when using mocha-multi-reporters. In addition to fixing the Module API, we are now also properly handling nested arguments from the Command Line. In order to pass nested objects within CLI params you must pass stringified JSON. This is useful for properties such as blacklistHosts. Fixes #1348 and #1357 and #2221.
  • Fixed a bug causing screenshots saved via cy.screenshot() to be in different folders when you ran using cypress run vs cypress run . Fixes #2091.
  • Fixed bugs with Electron losing focus when running headlessly via cypress run after navigation. Now the browser will always act as if it is focused no matter what and in all situations when running headlessly. If you were seeing focus related problems when running headlessly, this should fix them. Fixes issue #2190.
  • Fixed using when using cy.click() on an element that bound to the focus event while the browser was currently out of focus. We have now normalized all focus and blur events to behave the same as if the browser is always in focus. This should fix the other batch of blur and focus issues that users have been experiencing. Fixes #549 and #2198.
  • Fixed the vast majority of known issues with .type(). Fixes #1241.
  • Using .type() on an input of type email or number will no longer fire unnecessary additional blur and focus events. Fixes #2210.
  • Fixed .type() breaking on chains when passing the same options references. Fixes #365.
  • Fixed an issue with .clear() not behaving the same as cy.type('{selectall}{backspace}'). Fixes #420.
  • Fixed a bug with issuing an additional blur and click event when chaining .clear().type(...). Fixes #593.
  • Fixed many issues with typing into [contenteditable] elements. WYSIWYG, Draft.js based, and other HTML editors now work correctly. Fixes #596 and #1686 and #2096.
  • The caret now correctly moves on [contenteditable] elements. Fixes #1108.
  • Fixed .type() inserting a rogue <br> tag after the first letter in [contenteditable] elements. Fixes #1926.
  • Fixed issue where change events with .type() would not fire correctly for many more situations and edge cases. Fixes #651.
  • Fixed issues with typing into JS based text-mask plugins. Basically anything that would alter the .value in response to certain events now works correctly. Fixes #940 and #1684.
  • Using .clear() on an input with a maxlength attribute now works. Fixes #1002 and #2056.
  • Fixed issues with .type() not firing the change event on input[type=number]. Fixes #1171.
  • Fixed other event related issues with .type() that were not firing correctly. Fixes #1209.
  • Fixed even more issues with .type() not inserting characters on input[type=number]. Fixes #1381.
  • Fixed not being able to type negative numbers into input[type=number] elements. Fixes #2173.
  • Fixed selectionStart and selectionEnd with .type() when using {leftarrow} or {rightarrow}. Fixes #1234.
  • Fixed not being able to type into a datetime-local input. Fixes #1366.
  • Calling .focus() or .blur() on cy.window() no longer fires blur events on the activeElement or causes it to become body. Fixes #2234.
  • Using cy.get('body').click() now correctly changes the activeElement back to body and causes the existing activeElement to receive blur. Fixes #2236.

Misc:

  • We've loosened up the restrictions surrounding what we consider a typeable element. You can now type into inputs with invalid type attributes because the browser does still consider them regular text inputs and allows you to type into them. Fixes #586.
  • Using {uparrow} or {downarrow} with .type() on an input[type=number] element now increments or decrements the number configured via the step attribute. Fixes #2110.
  • Using {uparrow} or {downarrow} with .type() now correctly moves the cursor on textarea or [contenteditable] elements. Fixes #2187.
  • You can now use .focus() or .blur() on cy.get('body'). Fixes #2235.
  • Bumped the version in junit reporter dep from 1.12.1 to 1.17.0 which adds a few new features. Fixes #2238.
  • Bumped deps that npm audit was yelling about. Fixes #1701.
  • Runs showing up in the Runs tab now more closely match how they display in the Dashboard. Fixes #2060.
  • Added more debug logs. Fixes #2108.
  • When recording to the Dashboard we now more accurately collect commit details when it is missing from the local git data. Fixes #2129 and #2073.
  • We now collect the pull request information if you are recording in a CI provider that connects commits to PRs. Fixes #1844.
  • Updated build in example kitchen sink to 1.0.2. Fixes #2139.
  • Updated the json-schema describing videoCompression. Allowing it to be a boolean. Fixes #2140.

Documentation Changes:

Security

Security wording was detected, but no CVEs were found.

Details

date
Aug. 5, 2018, 11:07 a.m.
name
3.0.3
type
Patch
official page
https://github.com/cypress-io/cypress/releases/tag/v3.0.3
👇
Register or login to:
  • 🔍View and search all Cypress releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or