stashaway-engineering / node-my-info-sg

Small wrapper around Singapore MyInfo V3 API for node JS. Wraps the scary-scary 😱 security logic into easy to use APIs
7 stars 4 forks source link

[Snyk] Security upgrade puppeteer from 1.15.0 to 18.2.0 #28

Open stashaway-devops opened 11 months ago

stashaway-devops commented 11 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: puppeteer The new version differs by 250 commits.
  • a07ff12 chore: use scoped tags for publishing (#9055)
  • ee1272e chore: release main (#9052)
  • bafdb47 chore: update pin_dependencies.py (#9051)
  • d4c6ff1 chore: update pin dependencies (#9050)
  • d1b61cf chore: update generate sources (#9049)
  • 9b28a3b chore: use file dependencies at root (#9048)
  • a359873 chore: pin dependencies on pre-release (#9046)
  • 469ac02 chore: fix release-please (#9044)
  • f42336c feat: separate puppeteer and puppeteer-core (#9023)
  • 3aee641 chore(main): release 18.1.0 (#9042)
  • 022fbde feat(chromium): roll to Chromium 107.0.5296.0 (r1045629) (#9039)
  • b7b07e3 chore: add documentation to xpath prefix and deprecated page.waitForTimeout (#9014)
  • 5dbd69e chore: type in waitForRequest function description (#9015)
  • c0c7878 chore: initiate monorepo migration (#9022)
  • 2a21896 chore: rename vendor to third_party (#9021)
  • f8de7b1 chore: bundle vendor code (#9016)
  • d06a905 chore: update deps (#9013)
  • 023ebd8 chore: enable firefox tests on Mac (#9002)
  • a00d466 chore: add strategy.fail-fast=false (#9007)
  • 5a1b8d2 chore: add headful support for Firefox (#9004)
  • c21c3ba chore: remove environment variable that forces WebRender to be disabled in Firefox (#9001)
  • a6f4584 chore: clarify build instructions (#9000)
  • 3939d55 chore: enable continue on error (#9003)
  • ddc567a chore(main): release 18.0.5 (#8997)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/stashaway-devops/project/b01436c9-cdae-4270-9510-13b288b2fdf9?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/stashaway-devops/project/b01436c9-cdae-4270-9510-13b288b2fdf9?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"df8aa50d-e2f4-4066-9bac-05f002f5d7ca","prPublicId":"df8aa50d-e2f4-4066-9bac-05f002f5d7ca","dependencies":[{"name":"puppeteer","from":"1.15.0","to":"18.2.0"}],"packageManager":"npm","projectPublicId":"b01436c9-cdae-4270-9510-13b288b2fdf9","projectUrl":"https://app.snyk.io/org/stashaway-devops/project/b01436c9-cdae-4270-9510-13b288b2fdf9?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-INFLIGHT-6095116"],"upgrade":["SNYK-JS-INFLIGHT-6095116"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)