This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **479/1000** **Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | Yes | No Known Exploit
 | **586/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS) [SNYK-JS-WS-1296835](https://snyk.io/vuln/SNYK-JS-WS-1296835) | Yes | Proof of Concept
 | **506/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Regular Expression Denial of Service (ReDoS) [npm:debug:20170905](https://snyk.io/vuln/npm:debug:20170905) | Yes | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: puppeteer
The new version differs by 250 commits.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/theyudhiztira/project/9f94a328-288b-48cd-bf03-beba2a624cd2?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project settings](https://app.snyk.io/org/theyudhiztira/project/9f94a328-288b-48cd-bf03-beba2a624cd2?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"7caeb26e-3c0e-43f1-8166-1a827308ffce","prPublicId":"7caeb26e-3c0e-43f1-8166-1a827308ffce","dependencies":[{"name":"puppeteer","from":"5.2.1","to":"21.3.7"}],"packageManager":"npm","projectPublicId":"9f94a328-288b-48cd-bf03-beba2a624cd2","projectUrl":"https://app.snyk.io/org/theyudhiztira/project/9f94a328-288b-48cd-bf03-beba2a624cd2?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-MINIMATCH-3050818","SNYK-JS-WS-1296835","npm:debug:20170905"],"upgrade":["SNYK-JS-MINIMATCH-3050818","SNYK-JS-WS-1296835","npm:debug:20170905"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[479,586,506],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **479/1000****Why?** Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-MINIMATCH-3050818](https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818) | Yes | No Known Exploit  | **586/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-WS-1296835](https://snyk.io/vuln/SNYK-JS-WS-1296835) | Yes | Proof of Concept  | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Regular Expression Denial of Service (ReDoS)
[npm:debug:20170905](https://snyk.io/vuln/npm:debug:20170905) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: puppeteer
The new version differs by 250 commits.- 377cd83 chore: release main (#11081)
- 11f7c69 test: update Firefox BiDi expectations (#11082)
- 0c0e516 fix: roll to Chrome 117.0.5938.149 (r1181205) (#11077)
- 163394d chore(deps): Bump actions/checkout from 3.6.0 to 4.1.0 (#11063)
- 67e9a92 chore(deps): Bump postcss from 8.4.16 to 8.4.31 in /website (#11075)
- 54bc80c chore(deps): Bump github/codeql-action from 2.21.8 to 2.21.9 (#11064)
- c5083bb docs: update link to `third_party/README.md` (#11068)
- a3187a0 docs: Update reference to SKIP_CHROMIUM_DOWNLOAD env to SKIP_DOWNLOAD
- 28c1c26 test: crash mocha if unhandled errors occur (#11055)
- c5f2d28 test: move queryObjects to a CDP only tests (#11050)
- 88681a8 test: Remove invalid drag and drop test (#11054)
- eedbb13 chore: release main (#11051)
- b0d7375 fix: remove the flag disabling bfcache (#11047)
- 30bd030 chore: use yargs for mocha runner (#11045)
- 03b22ab chore(deps): Bump glob from 10.3.4 to 10.3.10 (#11043)
- 897fb64 chore(deps): Bump @ swc/core from 1.3.86 to 1.3.90 (#11042)
- f59537e ci: add sharding for chrome (#11038)
- bd6c246 chore: add @ typescript-eslint/no-import-type-side-effects (#11040)
- e853e63 refactor: use common debugError (#11039)
- 48f9382 test: synchronize bidi expectations changes for Bug 1756595 (#11005)
- aa16ab1 chore: use RxJS for wait for Navigation (#11024)
- c502ca8 chore: release main (#11025)
- e0e7e3a test: move cdp only tests to a subfolder (#11033)
- 8993def ci: disable failing doctest (#11035)
See the full diff