Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency issue with url-parse #460

Open
dmregister opened this issue Apr 21, 2022 · 0 comments
Open

Dependency issue with url-parse #460

dmregister opened this issue Apr 21, 2022 · 0 comments

Comments

@dmregister
Copy link

Description

url-parse is a dependency of the utils package that uses the ^ to indicate it's compatible with any minor version. Unfortunately, url-parse changed the way the url href is returned to circumvent a vulnerability found in the package. This change affects how identifiers are created, which affects how the requestId is calculated and ultimately causes the request to miss the recording.

Shareable Source

The identifiers change from

identifiers: {
    method: 'POST',
    body: '{"foo":"bar"}}',
    url: 'http:///example/url/path'
}

to

identifiers: {
    method: 'POST',
    body: '{"foo":"bar"}}',
    url: 'http://@/example/url/path'
}

I have restored the previous behavior by applying the following patch

diff --git a/node_modules/@pollyjs/core/dist/cjs/pollyjs-core.js b/node_modules/@pollyjs/core/dist/cjs/pollyjs-core.js
index 0c25668..415c853 100644
--- a/node_modules/@pollyjs/core/dist/cjs/pollyjs-core.js
+++ b/node_modules/@pollyjs/core/dist/cjs/pollyjs-core.js
@@ -2562,7 +2562,7 @@ function url(url, config, req) {
     parsedUrl.set('query', parse(stringify(parsedUrl.query)));
   }

-  return parsedUrl.href;
+  return parsedUrl.href.replace('://@/', ':///');
 }
 function headers(headers, config, req) {
   const normalizedHeaders = new HTTPHeaders(headers);

Error Message & Stack Trace

Config

import { setupPolly } from 'setup-polly-jest';
import NodeHttpAdapter from '@pollyjs/adapter-node-http';
import FSPersister from '@pollyjs/persister-fs';


setupPolly({
    adapters: [NodeHttpAdapter],
    persister: FSPersister,
    persisterOptions: {
      fs: {
        recordingsDir: path.resolve(recordingsDir),
      },
    },
    expiryStrategy: 'warn',
    matchRequestsBy: {
      method: true,
      headers: false,
      body: true,
      order: false,
      url: {
        protocol: true,
        username: false,
        password: false,
        hostname: false,
        port: false,
        pathname: true,
        query: true,
        hash: false,
      },
    },
    recordIfMissing: false,
    mode: MODES.REPLAY,
    recordFailedRequests: true,
  });

Dependencies

Copy the @pollyjs dependencies from package.json:

{
  "@pollyjs/adapter-node-http": "6.0.5",
   "@pollyjs/core": "6.0.5",
   "@pollyjs/persister-fs": "6.0.5",
   "setup-polly-jest": "0.10.0",
}

3rd party dependency resolved as:

url-parse@^1.5.3, url-parse@^1.5.9:
  version "1.5.10"
  resolved "https://registry.yarnpkg.com/url-parse/-/url-parse-1.5.10.tgz#9d3c2f736c1d75dd3bd2be507dcc111f1e2ea9c1"
  integrity sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==

Relevant Links

PR that introduced the change:
unshiftio/url-parse#226

Tag that includes the change:
https://github.com/unshiftio/url-parse/commits/8b3f5f2c88a4cfc2880f2319c307994cb25bb10a

Environment

Tell us which operating system you are using, as well as which versions of Node.js and npm/yarn. If applicable, include the browser and the corresponding version.

Run the following to get it quickly:

> node -e "var os=require('os');console.log('Node.js ' + process.version + '\n' + os.platform() + ' ' + os.release())"
Node.js v16.13.0
darwin 20.6.0

> yarn --version
1.19.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dmregister