fix: ct testing support for node 17+

cli/lib/util.js

@@ -315,7 +315,7 @@ const util = {
     // To be removed when the Cypress binary pulls in the @cypress/webpack-batteries-included-preprocessor
     // version that has been updated to webpack >= 5.61, which no longer relies on
     // Node's builtin crypto.hash function.
-    if (process.versions && semver.satisfies(process.versions.node, '>=17.0.0') && process.versions.openssl.startsWith('3.')) {
+    if (process.versions && semver.satisfies(process.versions.node, '>=17.0.0') && semver.satisfies(process.versions.openssl, '>=3', { includePrerelease: true })) {
       opts.ORIGINAL_NODE_OPTIONS = `${opts.ORIGINAL_NODE_OPTIONS || ''} --openssl-legacy-provider`
     }
 

npm/webpack-dev-server/src/createWebpackDevServer.ts

@@ -68,7 +68,7 @@ function webpackDevServer4 (
   const { devServerConfig: { cypressConfig: { devServerPublicPathRoute } } } = config
   const WebpackDevServer = config.sourceWebpackModulesResult.webpackDevServer.module
   const webpackDevServerConfig = {
-    host: 'localhost',
+    host: '127.0.0.1',
     port: 'auto',
     // @ts-ignore
     ...finalWebpackConfig?.devServer,

npm/webpack-dev-server/test/devServer-e2e.spec.ts

@@ -12,7 +12,7 @@ import './support'
 const requestSpecFile = (file: string, port: number) => {
   return new Promise((res) => {
     const opts = {
-      host: 'localhost',
+      host: '127.0.0.1',
       port,
       path: encodeURI(file),
     }

packages/extension/package.json

@@ -4,7 +4,7 @@
   "private": true,
   "main": "index.js",
   "scripts": {
-    "build": "gulp build",
+    "build": "cross-env NODE_OPTIONS=\"$(node ../../scripts/use-legacy-openssl.js)\" gulp build",
     "build-prod": "yarn build",
     "clean": "gulp clean",
     "clean-deps": "rimraf node_modules",

packages/runner-ct/package.json

@@ -4,7 +4,7 @@
   "private": true,
   "browser": "src/index.js",
   "scripts": {
-    "build": "webpack",
+    "build": "cross-env NODE_OPTIONS=\"$(node ../../scripts/use-legacy-openssl.js)\" webpack",
     "build-prod": "cross-env NODE_ENV=production yarn build && tsc",
     "clean-deps": "rimraf node_modules",
     "cypress:open": "ts-node ../../scripts/cypress.js open --component --project .",

packages/runner/package.json

@@ -4,7 +4,7 @@
   "private": true,
   "browser": "src/index.js",
   "scripts": {
-    "build": "webpack",
+    "build": "cross-env NODE_OPTIONS=\"$(node ../../scripts/use-legacy-openssl.js)\" webpack",
     "build-prod": "cross-env NODE_ENV=production yarn build",
     "clean-deps": "rimraf node_modules",
     "cypress:open": "node ../../scripts/cypress open",

scripts/gulp/tasks/gulpWebpack.ts

@@ -3,6 +3,9 @@ import pDefer from 'p-defer'
 import { monorepoPaths } from '../monorepoPaths'
 import { universalSpawn } from '../utils/childProcessUtils'
 import { addChildProcess } from './gulpRegistry'
+import semver from 'semver'
+
+type Env = typeof process.env
 
 export function webpackRunner () {
   return runWebpack({
@@ -16,10 +19,27 @@ type RunWebpackCfg = {
   cwd: string
   prefix: string
   args?: string[]
-  env?: object
+  env?: Env
   devServer?: boolean
 }
 
+// https://github.com/cypress-io/cypress/issues/18914
+// Node 17+ ships with OpenSSL 3 by default, so we may need the option
+// --openssl-legacy-provider so that webpack@4 can use the legacy MD4 hash
+// function. This option doesn't exist on Node <17 or when it is built
+// against OpenSSL 1, so we have to detect Node's major version and check
+// which version of OpenSSL it was built against before spawning the process.
+//
+// Can be removed once the webpack version is upgraded to >= 5.61,
+// which no longer relies on Node's builtin crypto.hash function.
+function useLegacyOpenSSLProvider (env: Env) {
+  if (process.versions && semver.satisfies(process.versions.node, '>=17.0.0') && semver.satisfies(process.versions.openssl, '>=3', { includePrerelease: true })) {
+    return { NODE_OPTIONS: `${env.NODE_OPTIONS ?? ''} --openssl-legacy-provider` }
+  }
+
+  return {}
+}
+
 export async function runWebpack (cfg: RunWebpackCfg) {
   const { cwd, args = [], env = process.env, devServer = false, prefix } = cfg
   const dfd = pDefer()
@@ -32,6 +52,7 @@ export async function runWebpack (cfg: RunWebpackCfg) {
       cwd,
       env: {
         ...(env || process.env),
+        ...useLegacyOpenSSLProvider(env),
         FORCE_COLOR: '1',
       },
     },

scripts/use-legacy-openssl.js

@@ -0,0 +1,20 @@
+// https://github.com/cypress-io/cypress/issues/18914
+// Node 17+ ships with OpenSSL 3 by default, so we may need the option
+// --openssl-legacy-provider so that webpack@4 can use the legacy MD4 hash
+// function. This option doesn't exist on Node <17 or when it is built
+// against OpenSSL 1, so we have to detect Node's major version and check
+// which version of OpenSSL it was built against before spawning the process.
+//
+// Can be removed once the webpack version is upgraded to >= 5.61,
+// which no longer relies on Node's builtin crypto.hash function.
+
+const semver = require('semver')
+
+let opts = process.env.NODE_OPTIONS || ''
+
+if (process.versions && semver.satisfies(process.versions.node, '>=17.0.0') && semver.satisfies(process.versions.openssl, '>=3', { includePrerelease: true })) {
+  opts = `${opts} --openssl-legacy-provider`
+}
+
+// eslint-disable-next-line no-console
+console.log(opts)