fix: correct NPM_TOKEN secret reference + QoL updates#152
Conversation
…ce response handling - Deleted the ESLint configuration file. - Updated dependencies in package.json and package-lock.json, including major version upgrades for Vue, ESLint, and TypeScript-related packages. - Refactored response handling in Cypress tests to improve validation for XML, HTML, and JSON formats. - Enhanced the UI components to support new features like cURL generation and improved tab handling in request and response panels. - Adjusted CSS styles for better interaction and visibility of highlighted sections.
- Implemented a new endpoint for file uploads that responds with a success message. - Added endpoints to serve binary content and decoded binary responses. - Enhanced response handling to support ArrayBuffer and Uint8Array types, ensuring proper formatting and size calculation for various response types. - Updated type definitions to allow for string or object response bodies.
- Introduced a new test HTML file for Cypress fixtures. - Expanded the response handling in the server to support ArrayBuffer and Uint8Array types, ensuring proper formatting and size calculation. - Updated type definitions to allow for string or object response bodies, improving flexibility in handling various response formats.
…e handling - Added a setupNodeEvents function in cypress.config.ts to manage video deletion for passing tests. - Updated package dependencies, including cypress and commitlint packages, to their latest versions. - Refactored response handling in various Cypress tests to improve error handling and response format detection. - Improved the UI components for better interaction, including adjustments to the CodeBlock and RequestPanel components. - Enhanced CSS styles for better visibility and interaction of highlighted sections. - Lat Fixes I will add this should address most concerns.
…functionality - Changed Cypress test assertions from 'be.visible' to 'exist' for better reliability in binary response handling. - Moved the fallback copy to clipboard function into App.vue for improved code organization and added functionality to handle clipboard operations more effectively. - Updated the transform module to ensure 'details' elements are opened by default for better user experience in displaying JSON structures.
- Removed error parameter from catch blocks in clipboard-related functions for cleaner code. - Enhanced readability and maintainability of the clipboard functionality in App.vue.
…onding Cypress test - Implemented a new POST endpoint '/json-with-commas' in the server to return a structured JSON response with commas. - Added a Cypress test to verify that commas are correctly aligned on the same line as closing brackets and braces in both request and response bodies. - Enhanced the transform module to ensure proper formatting of closing braces and brackets with commas in the displayed JSON.
…inary data support - Implemented new endpoints '/arraybuffer-request' and '/arraybuffer-response' in the server to handle ArrayBuffer data in both request and response bodies. - Enhanced Cypress tests to verify correct handling and display of ArrayBuffer content in the UI. - Updated the transform and response handling modules to support ArrayBuffer and Blob types, ensuring proper decoding and formatting. - Improved request body formatting to accommodate FormData and ArrayBuffer types for better data handling.
…d Cypress tests - Added tests to verify visibility of request headers, query parameters, and request body in the RequestPanel based on the presence of corresponding data. - Implemented logic in RequestPanel.vue to dynamically select the appropriate tab (query, headers, auth, or body) based on the content of the request. - Introduced a MutationObserver to update the selected tab when the request panel is highlighted in the Cypress command log, improving user experience.
- Updated Vue and TypeScript dependencies to their latest versions for improved performance and compatibility. - Added back and updated the semantic-release and standard-version for automated versioning and changelog generation. - Enhanced the RequestPanel component to improve tab selection logic and user experience. - Improved error handling in the server to manage port conflicts gracefully. - Updated CSS styles for better readability and interaction in code blocks.
- Upgraded semantic-release to version 25.0.2 and standard-version to 13.1.1 for improved versioning and changelog generation. - Updated Node.js engine requirement to >=22.14.0 in package.json and package-lock.json. - Enhanced GitHub Actions workflow to set up Node.js version 22.14.0 for consistent CI environment. - Improved type handling in App.vue for better integration with TypeScript.
- Added `expose` configuration options in `cypress.config.ts` to enable timeline and request mode features. - Introduced `hideCredentials` and `testToken` environment variables for better credential management during tests. - Updated Cypress to version 15.10.0 in `package.json` and `package-lock.json` for improved functionality. - Enhanced README documentation to clarify usage of new features and configuration options. - Refactored tests to utilize the new configuration methods for hiding credentials and managing request modes.
Code Review by Qodo
1. server/index.js adds console.error
|
cypress-plugin-api
|
||||||||||||||||||||||||||||
| Project |
cypress-plugin-api
|
| Branch Review |
updates/updates-added-qol
|
| Run status |
|
| Run duration | 01m 20s |
| Commit |
|
| Committer | Filip Hric |
| View all properties for this run ↗︎ | |
| Test results | |
|---|---|
|
|
0
|
|
|
0
|
|
|
0
|
|
|
0
|
|
|
91
|
| View all changes introduced in this branch ↗︎ | |
PR Summary by Qodofix: correct NPM_TOKEN secret reference + QoL updates (v2.12.0) Description
Diagram
High-Level Assessment
Files changed (54)
|
Code Review by Qodo
|
| .on('error', (err) => { | ||
| if (err.code === 'EADDRINUSE') { | ||
| console.error(`\n❌ Port ${port} is already in use.`) | ||
| console.error(` Please stop the process using port ${port} or use a different port.\n`) | ||
| console.error(` To find and kill the process on Windows:`) | ||
| console.error(` netstat -ano | findstr :${port}`) | ||
| console.error(` taskkill /PID <PID> /F\n`) | ||
| process.exit(1) | ||
| } else { | ||
| console.error('Server error:', err) | ||
| process.exit(1) |
There was a problem hiding this comment.
1. server/index.js adds console.error 📘 Rule violation ◔ Observability
New console.error(...) statements were added to the server error handler. This violates the requirement to avoid introducing new logging statements in this codebase.
Agent Prompt
## Issue description
New `console.error(...)` logging statements were introduced in `server/index.js`, which violates the compliance requirement to avoid adding new logging statements.
## Issue Context
The PR adds an `.on('error', ...)` handler that prints multiple error messages to the console.
## Fix Focus Areas
- server/index.js[232-242]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| outline: 3px solid rgba(59, 130, 246, 0.6) !important; | ||
| outline-offset: 2px !important; | ||
| opacity: 1 !important; | ||
| pointer-events: auto !important; | ||
| } | ||
|
|
||
| .__cypress-highlight:not(section), | ||
| .__cypress-highlight [data-cy], | ||
| .__cypress-highlight [data-cy] *, | ||
| .__cypress-highlight pre, | ||
| .__cypress-highlight div[data-cy] { | ||
| outline: none !important; | ||
| } | ||
|
|
||
| section.__cypress-highlight { | ||
| pointer-events: auto !important; | ||
| cursor: pointer; | ||
| background-color: rgba(255, 255, 255, 0.1) !important; |
There was a problem hiding this comment.
3. Hard-coded colors in style.css 📘 Rule violation ⚙ Maintainability
New hard-coded color values (rgba(...) / rgb(...)) were added in src/style.css instead of using semantic design-system tokens. This violates the requirement to avoid hard-coded UI colors.
Agent Prompt
## Issue description
`src/style.css` introduces multiple hard-coded color literals (e.g., `rgba(...)`, `rgb(...)`) which should be replaced by the project’s semantic color tokens.
## Issue Context
The stylesheet otherwise uses semantic Tailwind tokens like `bg-cy-*` / `text-cy-*`, but these new rules bypass them via raw RGB/RGBA values.
## Fix Focus Areas
- src/style.css[20-21]
- src/style.css[37-37]
- src/style.css[303-314]
- src/style.css[345-360]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| const generateCurl = () => { | ||
| let curl = `curl -X ${options.method || 'GET'} "${options.url}"`; | ||
| if (options.headers) { | ||
| Object.entries(options.headers).forEach(([key, value]) => { | ||
| curl += ` -H "${key}: ${value}"`; | ||
| }); | ||
| } | ||
| if (options.body) { | ||
| if (typeof options.body === 'object') { | ||
| curl += ` -d '${JSON.stringify(options.body)}'`; | ||
| } else { | ||
| curl += ` -d '${options.body}'`; | ||
| } | ||
| } | ||
| return curl; | ||
| }; | ||
|
|
||
| log.set({ | ||
| consoleProps() { | ||
| return { | ||
| yielded | ||
| yielded, | ||
| cURL: generateCurl() | ||
| } | ||
| } | ||
| }) |
There was a problem hiding this comment.
4. Curl leaks masked secrets 🐞 Bug ⛨ Security
handleResponse() exposes a generated cURL string in Cypress.log().consoleProps() built from the original request options (headers/body/url), bypassing anonymize() which only masks props[index] when hideCredentials is enabled. This can contradict the expected hideCredentials behavior and leak secrets (e.g., cy.env()-sourced tokens) into Command Log console props, including CI artifacts or shared debugging sessions.
Agent Prompt
## Issue description
`handleResponse()` adds a `cURL` entry to `consoleProps()` by generating it from the original, unmasked `options` (headers/body/url). Since `hideCredentials` masking is applied only to `props[index]` via `anonymize()`, secrets can still appear in the Cypress Command Log console props even when credentials are expected to be hidden.
## Issue Context
- Masking is currently applied only to `props[index]` (RequestProps) through `anonymize()` when `hideCredentials` is enabled; `options` (ApiRequestOptions) retains the original sensitive values.
- `handleResponse()` should emit cURL derived from already-masked data (`props[index]`) or a masked clone, otherwise console output can leak tokens in CI artifacts or shared debugging sessions.
- The repo already has a shared `src/utils/generateCurl.ts` helper that generates cURL from `RequestProps` (the masked structure), and it should be reused rather than duplicating options-based generation.
## Fix Focus Areas
- src/modules/handleResponse.ts[188-216]
- src/modules/api.ts[12-23]
- src/utils/generateCurl.ts[1-58]
- src/utils/anonymize.ts[10-59]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
| - name: Cypress run |
There was a problem hiding this comment.
8. Deprecated checkout action 🧑 Team insight ☼ Reliability
**Inspired by shay-qodo's coding and review patterns** — The workflow still uses actions/checkout@v2, which is deprecated and can fail due to older Node runtime deprecations on GitHub-hosted runners. This undermines the stated goal of fixing the failing workflow and can re-break CI unexpectedly.
Agent Prompt
### Issue description
`actions/checkout@v2` is deprecated/EOL and may stop working on modern GitHub runner environments.
### Issue Context
This PR is explicitly about fixing the workflow; leaving a deprecated core action is a reliability risk.
### Fix Focus Areas
- .github/workflows/tests.yml[7-13]
### Suggested fix
Update:
- `uses: actions/checkout@v2` → `uses: actions/checkout@v4`
(Optionally) also consider bumping other actions to current major versions if you see warnings in Actions logs.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Qodo Fixer🍒 Ready to be cherry-picked — ✅ Merged (0) · ☑ Fixed (6) 🔗 Fix PR: #153 This fix PR was closed automatically. Its branch is preserved so you can cherry pick the changes into the original PR. Prompt for coding agent Process — 6 fixed
|
…-qol # Conflicts: # cypress.config.ts # cypress/e2e/authorization.cy.ts # cypress/e2e/copyCurl.cy.ts # eslint.config.js # package-lock.json # package.json # src/components/RequestPanel.vue # src/modules/handleResponse.ts # src/modules/transform.ts # src/shims-vue.d.ts # src/style.css # src/utils/generateCurl.ts
What
Fixes the failing
e2e-testsworkflow and bundles the pending QoL updates on this branch.Why the release was failing
The latest Actions run failed at the Semantic Release step with
SemanticReleaseError: Invalid npm token. Root cause: a typo in.github/workflows/tests.ymlreferencing the secret assecrets/NPM_TOKEN(slash) instead ofsecrets.NPM_TOKEN(dot), so the token resolved to empty.Changes
fix:correctNPM_TOKENsecret reference in release workflowfeat:/fix:commits already on this branch (binary/ArrayBuffer handling, request panel tabs, config updates, etc.)Result
Merging to
mainwill trigger semantic-release to cut a new minor version and publish to npm.