9.5.2

Bugfixes:

• Fixed an issue with .type() where click events could be fired on the incorrect target element because the target focus changed within a key-down event handler callback. Fixed in #20525.

• Fixed a regression in 9.5.0 where ANSI colors were not removed from the FireFox warning message about the chromeWebSecurity configuration option having no effect on the Firefox browser. Fixes #20496.

• Updates were made to the pre-release build setup such that Cypress will use a unique cache folder for each pre-release installation on a machine. This removes the need to run cypress clear cache before installing a new pre-release version of Cypress or before installing a new released version of Cypress after a pre-release version had been installed. Addressed in #20296.

Misc:

• Updates were made to explicitly disable the Origin-Agent-Cluster header for proxied responses to ensure document.domain can continue to be set with Chrome v106+. This was necessary because Chrome is planning to make document.domain immutable in v106+ to relax the same-origin policy by interpreting the Origin-Agent-Cluster as true, whereas it is currently interpreted as false. Addresses #20147.

Dependency Updates:

• Upgraded url-parse dependency from 1.5.6 to 1.5.9 to address these NVD security vulnerabilities, CVE-2022-0639, CVE-2022-0686 and CVE-2022-0691. Addressed in #20386 and #20439.