Merge pull request #181 from hmcts/fix-crossbrowser-test

Fix ccd e2e nightly pipeline issue
hmcts · Jan 25, 2024 · d0aa9fa · d0aa9fa
2 parents bcd53e9 + 040537e
commit d0aa9fa
Show file tree

Hide file tree

Showing 2 changed files with 110 additions and 2 deletions.
diff --git a/pages/SolCreateCheckYourAnswersPage.js b/pages/SolCreateCheckYourAnswersPage.js
@@ -47,7 +47,14 @@ module.exports = {
     }else if ( union === divorceOrDissolution.DISSOLUTION){
       unionUpperCase = union.toUpperCase();
       // the switch to DISSOLUTION is not present in the URL Yet , but when done it will be a quick change.
-      await I.waitInUrl('/DIVORCE/NFD/solicitor-create-application/submit');
+      const isSafariBrowser = await I.isSafariBrowser();
+      if (isSafariBrowser) {
+        await I.wait(5);
+        await I.waitInUrl('/DIVORCE/NFD/solicitor-create-application/submit');
+      } else {
+        await I.wait(1);
+        await I.waitInUrl('/DIVORCE/NFD/solicitor-create-application/submit');
+      }
     }
     //pause();
     ////await I.runAccessibilityTest;

diff --git a/yarn-audit-known-issues b/yarn-audit-known-issues
@@ -1 +1,102 @@
-{"actions":[],"advisories":{"1089034":{"findings":[{"version":"5.5.2","paths":["request>har-validator>ajv","request-promise-native>request>har-validator>ajv","request-promise-native>request-promise-core>request>har-validator>ajv"]}],"metadata":null,"vulnerable_versions":"<6.12.3","module_name":"ajv","severity":"moderate","github_advisory_id":"GHSA-v88g-cgmw-v5xw","cves":["CVE-2020-15366"],"access":"public","patched_versions":">=6.12.3","cvss":{"score":5.6,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"},"updated":"2023-01-27T05:08:06.000Z","recommendation":"Upgrade to version 6.12.3 or later","cwe":["CWE-915","CWE-1321"],"found_by":null,"deleted":null,"id":1089034,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2020-15366\n- https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f\n- https://github.com/ajv-validator/ajv/releases/tag/v6.12.3\n- https://hackerone.com/bugs?subject=user&report_id=894259\n- https://github.com/ajv-validator/ajv/tags\n- https://github.com/advisories/GHSA-v88g-cgmw-v5xw","created":"2022-02-10T23:30:59.000Z","reported_by":null,"title":"Prototype Pollution in Ajv","npm_advisory_id":null,"overview":"An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)","url":"https://github.com/advisories/GHSA-v88g-cgmw-v5xw"},"1092470":{"findings":[{"version":"2.5.0","paths":["request>tough-cookie","request-promise-native>request>tough-cookie","request-promise-native>request-promise-core>request>tough-cookie"]}],"metadata":null,"vulnerable_versions":"<4.1.3","module_name":"tough-cookie","severity":"moderate","github_advisory_id":"GHSA-72xf-g2v4-qvf3","cves":["CVE-2023-26136"],"access":"public","patched_versions":">=4.1.3","cvss":{"score":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"updated":"2023-07-11T13:44:36.000Z","recommendation":"Upgrade to version 4.1.3 or later","cwe":["CWE-1321"],"found_by":null,"deleted":null,"id":1092470,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-26136\n- https://github.com/salesforce/tough-cookie/issues/282\n- https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e\n- https://github.com/salesforce/tough-cookie/releases/tag/v4.1.3\n- https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873\n- https://lists.debian.org/debian-lts-announce/2023/07/msg00010.html\n- https://github.com/advisories/GHSA-72xf-g2v4-qvf3","created":"2023-07-01T06:30:16.000Z","reported_by":null,"title":"tough-cookie Prototype Pollution vulnerability","npm_advisory_id":null,"overview":"Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in `rejectPublicSuffixes=false` mode. This issue arises from the manner in which the objects are initialized.","url":"https://github.com/advisories/GHSA-72xf-g2v4-qvf3"},"1092972":{"findings":[{"version":"2.88.2","paths":["request","request-promise-native>request","request-promise-native>request-promise-core>request"]}],"metadata":null,"vulnerable_versions":"<=2.88.2","module_name":"request","severity":"moderate","github_advisory_id":"GHSA-p8p7-x288-28g6","cves":["CVE-2023-28155"],"access":"public","patched_versions":"<0.0.0","cvss":{"score":6.1,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},"updated":"2023-08-14T20:53:47.000Z","recommendation":"None","cwe":["CWE-918"],"found_by":null,"deleted":null,"id":1092972,"references":"- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://security.netapp.com/advisory/ntap-20230413-0007/\n- https://github.com/github/advisory-database/pull/2500\n- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116\n- https://github.com/request/request/blob/master/lib/redirect.js#L111\n- https://github.com/cypress-io/request/pull/28\n- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f\n- https://github.com/cypress-io/request/releases/tag/v3.0.0\n- https://github.com/advisories/GHSA-p8p7-x288-28g6","created":"2023-03-16T15:30:19.000Z","reported_by":null,"title":"Server-Side Request Forgery in Request","npm_advisory_id":null,"overview":"The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).\n\nNOTE: The `request` package is no longer supported by the maintainer.","url":"https://github.com/advisories/GHSA-p8p7-x288-28g6"}},"muted":[],"metadata":{"vulnerabilities":{"info":0,"low":0,"moderate":9,"high":0,"critical":0},"dependencies":73,"devDependencies":0,"optionalDependencies":0,"totalDependencies":73}}
+{
+  "actions": [],
+  "advisories": {
+    "1089034": {
+      "findings": [
+        {
+          "version": "5.5.2",
+          "paths": [
+            "request>har-validator>ajv",
+            "request-promise-native>request>har-validator>ajv",
+            "request-promise-native>request-promise-core>request>har-validator>ajv"
+          ]
+        }
+      ],
+      "metadata": null,
+      "vulnerable_versions": "<6.12.3",
+      "module_name": "ajv",
+      "severity": "moderate",
+      "github_advisory_id": "GHSA-v88g-cgmw-v5xw",
+      "cves": [
+        "CVE-2020-15366"
+      ],
+      "access": "public",
+      "patched_versions": ">=6.12.3",
+      "cvss": {
+        "score": 5.6,
+        "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+      },
+      "updated": "2023-01-27T05:08:06.000Z",
+      "recommendation": "Upgrade to version 6.12.3 or later",
+      "cwe": [
+        "CWE-915",
+        "CWE-1321"
+      ],
+      "found_by": null,
+      "deleted": null,
+      "id": 1089034,
+      "references": "- https://nvd.nist.gov/vuln/detail/CVE-2020-15366\n- https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f\n- https://github.com/ajv-validator/ajv/releases/tag/v6.12.3\n- https://hackerone.com/bugs?subject=user&report_id=894259\n- https://github.com/ajv-validator/ajv/tags\n- https://github.com/advisories/GHSA-v88g-cgmw-v5xw",
+      "created": "2022-02-10T23:30:59.000Z",
+      "reported_by": null,
+      "title": "Prototype Pollution in Ajv",
+      "npm_advisory_id": null,
+      "overview": "An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)",
+      "url": "https://github.com/advisories/GHSA-v88g-cgmw-v5xw"
+    },
+    "1092972": {
+      "findings": [
+        {
+          "version": "2.88.2",
+          "paths": [
+            "request",
+            "request-promise-native>request",
+            "request-promise-native>request-promise-core>request"
+          ]
+        }
+      ],
+      "metadata": null,
+      "vulnerable_versions": "<=2.88.2",
+      "module_name": "request",
+      "severity": "moderate",
+      "github_advisory_id": "GHSA-p8p7-x288-28g6",
+      "cves": [
+        "CVE-2023-28155"
+      ],
+      "access": "public",
+      "patched_versions": "<0.0.0",
+      "cvss": {
+        "score": 6.1,
+        "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
+      },
+      "updated": "2023-08-14T20:53:47.000Z",
+      "recommendation": "None",
+      "cwe": [
+        "CWE-918"
+      ],
+      "found_by": null,
+      "deleted": null,
+      "id": 1092972,
+      "references": "- https://nvd.nist.gov/vuln/detail/CVE-2023-28155\n- https://github.com/request/request/issues/3442\n- https://github.com/request/request/pull/3444\n- https://doyensec.com/resources/Doyensec_Advisory_RequestSSRF_Q12023.pdf\n- https://security.netapp.com/advisory/ntap-20230413-0007/\n- https://github.com/github/advisory-database/pull/2500\n- https://github.com/cypress-io/request/blob/master/lib/redirect.js#L116\n- https://github.com/request/request/blob/master/lib/redirect.js#L111\n- https://github.com/cypress-io/request/pull/28\n- https://github.com/cypress-io/request/commit/c5bcf21d40fb61feaff21a0e5a2b3934a440024f\n- https://github.com/cypress-io/request/releases/tag/v3.0.0\n- https://github.com/advisories/GHSA-p8p7-x288-28g6",
+      "created": "2023-03-16T15:30:19.000Z",
+      "reported_by": null,
+      "title": "Server-Side Request Forgery in Request",
+      "npm_advisory_id": null,
+      "overview": "The `request` package through 2.88.2 for Node.js and the `@cypress/request` package prior to 3.0.0 allow a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP).\n\nNOTE: The `request` package is no longer supported by the maintainer.",
+      "url": "https://github.com/advisories/GHSA-p8p7-x288-28g6"
+    }
+  },
+  "muted": [],
+  "metadata": {
+    "vulnerabilities": {
+      "info": 0,
+      "low": 0,
+      "moderate": 9,
+      "high": 0,
+      "critical": 0
+    },
+    "dependencies": 73,
+    "devDependencies": 0,
+    "optionalDependencies": 0,
+    "totalDependencies": 73
+  }
+}