4.1 introduced breaking changes
Twipped opened this issue Β· comments
Our jest environment just started throwing errors because allowSpecialUseDomain is now being more enforced in this new release and jest-environment-jsdom doesn't set it. I tried to correct for it via Jest's testEnvironmentOptions config passthru, but that produced other problems. You may want to revert that release, it's gonna break a WHOLE LOT of builds.
Also breaking our jest tests. Don't see any breaking changes mentioned in the release notes.
Same here! Happy that this isn't a bug on our end, was about to throw the computer out the window.
More info:
Adding cookies via JSDom adds them to localhost domain ... this now errors, cost me about 2 hours
@awaterma after reviewing a few things, this is definitely a breaking change and probably causing lots of headaches right now. Recommend publishing a rollback minor release and pushing v5 with any updates. For now, we are manually overriding the dep via PNPM as we can't update JSDom ourselves and there provide no easy way of patching this (e.g. to provide the options recommended in the error)... \
Our jest environment also failed in our tests. We work on a react app but we don't use tough-cookie. We assume that it is a dependency of some installed library. Could you give me a hand?
Locally it does not give us an error, but in github actions it does appear
I'm sorry this is causing you all some issues! For some background on how to use localhost as a special use domain, please see the discussion and tests in issue #215.
I believe this is coming up for v4.1.0 as @ShivanKaul implemented all of the "special-use" domains per RFC 6761 in the following p/r: https://github.com/salesforce/tough-cookie/pull/203/files, which we included in this release. We view this as continued work for the RFC that we started in v4.0.0.
In regards to working with cookies in localhost please see: https://www.rfc-editor.org/rfc/rfc6761.html#section-6.3
I will reach out to the team in Slack and see if we can get some discussion going. Sorry to cause issues for those that depend upon us; we are working to improve tough-cookie and keep up to date with the relevant RFCs to support cookies correctly into the future!
Most of us can certainly empathize with these type of challenges so no worries there. We appreciate the work on keeping things compliant.
Al final, i think the best course of action is to move this to version 5; as a practice versions in NPM should live and die with Semver since things are automatically updated and hard to override (using standard NPM client)... By that, I mean RFC targets shouldn't have any relation to version numbers being used.
Our jest environment just started throwing errors because
allowSpecialUseDomainis now being more enforced in this new release andjest-environment-jsdomdoesn't set it. I tried to correct for it via Jest'stestEnvironmentOptionsconfig passthru, but that produced other problems. You may want to revert that release, it's gonna break a WHOLE LOT of builds.
If you are using jest@28.x add
testEnvironmentOptions: {
url: 'https://jestjs.io'
}to jest config file
If you are using earlier version of jest, add
testURL: 'https://jestjs.io'to jest config file
You can change https://jestjs.io to your url
It works on me
Broke my environment as well. Is there a simple fix for it, other than to pinpoint to the last version?
Faced this problem this morning, jest test failing, quick walkaround is to add
"tough-cookie": "4.0.0"
to package.json file
You can also add as a workaround in your pacakge.json : "overrides": { "jsdom": { "tough-cookie": "4.0.0" } },
@lyz810 Adding a valid fully qualified domain name for testEnvironmentOptions.url worked for us.
New version introduced following error
Cookie has domain set to the public suffix "localhost" which is a special use domain. To allow this, configure your CookieJar with {allowSpecialUseDomain:true, rejectPublicSuffixes: false}.
Another workaround is setting your own CookieJar for the jsdom environment:
testEnvironmentOptions: {
url: 'http://localhost.local/',
cookieJar: new jsdom.CookieJar(undefined, {
allowSpecialUseDomain: true,
}),
},
You have to use a FQDN even for localhost otherwise you will run into #248 bug.
@CSchulz when I've tried that, I get an error that this._cookieJar.getCookieStringSync is not a function
I have raised a PR to fix the version of tough-cookie to v4.0.0 which should fix the immediate problem
@CSchulz when I've tried that, I get an error that
this._cookieJar.getCookieStringSyncis not a function
Do you have a more detailled stacktrace?
Does anyone have a working override config for pnpm?
I've tried:
{
"pnpm": {
"overrides": {
"tough-cookie": "4.0.0"
}
}
}It does not seem to work, as pnpm why tough-cookie shows 4.1.0 still being used.
EDIT: It seems that this works after installing tough-cookie@4.0.0 as a dev dependency and running pnpm update --depth Infinity.
Ohhh THIS is why all our tests are breaking. π€¦ββοΈ
Related #248
failing for me on npm v6. tried both in package.json
"tough-cookie": "4.0.0"
"overrides": { "jsdom": { "tough-cookie": "4.0.0" } }
This solution totally depends on which package-manager you are using,
for npm v8+, add overrides key
for yarn, add it under resolutions key
for older npm versions, add a npm-shrinkwrap.json file. or define resolutions and use something like https://www.npmjs.com/package/npm-force-resolutions.
The changes seem not to be on the version provided by npm. Have you updated the npm package release? @colincasey @awaterma. We still get the same error while running the tests.
For all working with yarn, you can overwrite the though-cookie version by adding this to your package.json:
"resolutions": {
"tough-cookie": "4.0.0"
}
Thanks to @privateOmega
I have raised a PR to fix the version of tough-cookie to v4.0.0 which should fix the immediate problem
Hey @archer56 . This PR was closed and not merged because he (@domenic) is basically saying (and he is right) that this breaking change should be reverted.
For various reasons our dependency tree is complicated:
@my-repo
βββ¬ @our-sub-dependency
β βββ¬ jest-preset-angular@11.1.2
β βββ¬ jest-environment-jsdom@27.5.1
β βββ¬ jsdom@16.7.0
β βββ tough-cookie@4.1.0
@awaterma, @colincasey The temporary solutions posted above are difficult/undoable for us since we have lots of teams depending on our solutions. The real solution is fixing this issue in tough-cookie or reverting the changes since this is a breaking change. I hope you see the importance of this.
We are currently reviewing a p/r that will resolve the issue; once merged we will roll out a new NPM release for tough-cookie to 4.1.1.
Really appreciate everyone's patience as we do our best for tough-cookie and our customers!
We are currently reviewing a p/r that will resolve the issue; once merged we will roll out a new NPM release for tough-cookie to 4.1.1.
Really appreciate everyone's patience as we do our best for tough-cookie and our customers!
That sounds amazing. Thanks a lot for quick acknowledgement. This is affecting a lot of repositories right now and if you can release 4.1.1 that fixes it - that would be massive.
I'll reopen this until we get the 4.1.1 release completed.
We've released 4.1.1 to NPM:
Closing this issue; I hope our latest release works well for everyone!
Hi @awaterma tests are still failing for me at https://github.com/salesforce/tough-cookie/blob/master/lib/pubsuffix-psl.js#L62.
I did a clean install and also included tough-cookie@4.1.1 in package.json dev dependencies.
version: node v14.16.0 npm v6.14.1
npm ls tough-cookie:
βββ¬ jest@26.6.0
β βββ¬ @jest/core@26.6.3
β βββ¬ jest-config@26.6.3
β βββ¬ jest-environment-jsdom@26.6.2
β βββ¬ jsdom@16.7.0
β βββ tough-cookie@4.1.1 deduped
βββ¬ jsdom@15.1.1
β βββ¬ request@2.88.2
β β βββ tough-cookie@2.5.0
β βββ¬ request-promise-native@1.0.9
β β βββ tough-cookie@2.5.0
β βββ tough-cookie@3.0.1
βββ tough-cookie@4.1.1
Hi @awaterma tests are still failing for me at https://github.com/salesforce/tough-cookie/blob/master/lib/pubsuffix-psl.js#L62. I did a clean install and also included tough-cookie@4.1.1 in package.json dev dependencies. version: node v14.16.0 npm v6.14.1 npm ls tough-cookie: βββ¬ jest@26.6.0 β βββ¬ @jest/core@26.6.3 β βββ¬ jest-config@26.6.3 β βββ¬ jest-environment-jsdom@26.6.2 β βββ¬ jsdom@16.7.0 β βββ tough-cookie@4.1.1 deduped βββ¬ jsdom@15.1.1 β βββ¬ request@2.88.2 β β βββ tough-cookie@2.5.0 β βββ¬ request-promise-native@1.0.9 β β βββ tough-cookie@2.5.0 β βββ tough-cookie@3.0.1 βββ tough-cookie@4.1.1
Are you using localhost as your url? Then you have to change your url to localhost.local for more details see #248
I am also still seeing this issue using 4.1.1:
|-- jest@27.5.1
|--- @jest/core@27.5.1
|---- jest-config@27.5.1
|----- jest-environment-jsdom@27.5.1
|------ jsdom@16.7.0
|-------tough-cookie@4.1.1
Did the patch completely revert the change that caused this, or was there a new patch laid over the original change in an attempt to fix?
4.1.1 doesn't solve the issue for Vitest users because (at least to my knowledge, please correct me if I'm wrong) there's no way to configure jsdom -- our tests are still failing. (The workaround is to override tough-cookie version to 4.0.0)
vitest 0.22.1
βββ¬ jsdom 20.0.0 peer
βββ tough-cookie 4.1.1
4.1.1 - this does not solve the issue.
4.1.1 not working for me either
4.1.1 still not working
having the same issue with 4.1.1
We have a new patch for this issue. We believe that we have now resolved a bug for how we treated single word special use domains (localhost and invalid) that should resolve this issue for everyone.
@awaterma - I can confirm that 4.1.2 is working for us. Really appreciate the ownership on the issue and swiftness with which the patch was released. Thanks a lot.
Also confirm 4.1.2 is working here. For users who had trouble with jsdom/jest, you can add overrides to your package.json and run npm update tough-cookie to bump it to the desired version.
{
"overrides": {
"tough-cookie": "4.1.2"
}
}Reference: https://stackoverflow.com/a/64273186
Also here to confirm the new version works for us :)
Thank you!