fix(cypress-image): resolve critical security vulnerabilities

[billhimmelsbach]

Let's fix some security vulnerabilities in the old cypress image! Upgrading to the latest cypress image fixes a lot of the critical issues... except for two in the crypto/tls and undici libraries.

These remaining vulnerabilities are especially annoying to fix since they're wrapped up in cypress: cypress runs a post-install script that installs the electron app with a bunch of it's own pre-installed node modules like a jerk. So package.json resolutions don't appear to work since yarn/npm isn't involved in the installation of them, so for the remaining two critical vulnerabilities we gotta go in there and replace them manually.

I experimented with fixing all the non-critical, high vulnerabilities with this method, but I think we should wait to see if cypress fixes themselves since this method is brittle/prone to causing issues, and added a ticket to track that GHE #2711.

Changes

• updates us to Cypress v15 to resolve a ton of vulnerabilities (the latest Cypress 14 image didn't get us as far)

Before	After

• manually updates two remaining critical vulnerabilities in the crypto/tls and undici libraries that aren't resolved in the latest cypress images. I've added a ticket (GHE [Dockerfile] Update Cypress image version to address crypto/tls and undici vulnerabilities #2711) to remove these overrides someday if Cypress updates their docker image

Before	After

• remove manually installing cypress with the force option, but add legacy peer deps flag because of incompatibility with cypress-keycloak v2.0.2
• remove experimentalStudio: true since it's no longer experimental in cypress v15
• added some cypress troubleshooting suggestions to the readme

Testing

Try yarn installing before testing anything out and cypress should work from there. But if you encounter issues, because cypress can be a little finicky sometimes, I'd recommend the following:

clear the cache and reinstall

yarn install
yarn yarn cypress cache clear
yarn cypress install

Still getting a weird Cannot find module '@ffprobe-installer/darwin-x64/ffprobe' error when on your Mac? Make sure the env var npm_config_arch is unset before you run the commands above, and maybe reach out to me if you're still having issues.

1. Do the tests still run and pass locally and in CI? Yes and Yes!

local run

ci run

2. Are the critical vulnerabilities resolved? Yes!

Notes

• There are still some high vulnerabilities we could manually fix in the cypress image, but I'd rather wait to see if they update it or just roll our own version of the cypress image. (See: [Dockerfile] Update Cypress image version to address crypto/tls and undici vulnerabilities #2711)
• In a future version 16 of cypress someday, they're going to remove Cypress.env() and instead replace it with two different ways of accessing env vars: cy.env() (for sensitive secrets) or Cypress.expose() (for public envs). For now we're fine, but we'll want to fix it for the next version that happens someday. Here's the ticket I made for future us: GHE #5493

Resolves GHE #5478