search

thomasdondorf / puppeteer-cluster

Puppeteer Pool, run a cluster of instances in parallel
MIT License
3.2k stars 307 forks source link

[Snyk] Fix for 1 vulnerabilities #531

Closed thomasdondorf closed 5 months ago

thomasdondorf commented 9 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **661/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 7.5 | Missing Release of Resource after Effective Lifetime
[SNYK-JS-INFLIGHT-6095116](https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: jest The new version differs by 250 commits.
  • 75006e4 v29.0.0
  • 7c82a9f chore: update jest-watch-typeahead again
  • 352ff29 chore: update changelog for release
  • 33ad8c3 docs: Jest 29 blog post (#13103)
  • dda77e5 docs: collapse 28.0 and 28.1 docs (#13104)
  • c0dc84c chore: update jest-watch-typeahead
  • 05f6217 fix: support deep CJS re-exports when using ESM (#13170)
  • 490fd88 chore: update yarn (#13169)
  • 98936a2 docs: Update Enzyme links to use new URL (#13166)
  • 187566a feat(pretty-format): allow to opt out from sorting object keys with `compareKeys: null` (#12443)
  • ae2bed7 chore: tweak regex used in e2e tests (#13129)
  • 8c56d74 docs: Update Configuration.md for added special notes on usage scenarios for pnpm. (#13115)
  • fb1c53d feat(jest-config)!: remove undocumented `collectCoverageOnlyFrom` option (#13156)
  • 075b489 fix: ignore `EISDIR` when resolving symlinks (#13157)
  • 3bef02e feat(@ jest/test-result, @ jest/types)!: replace `Bytes` and `Milliseconds` types with `number` (#13155)
  • 4def94b v29.0.0-alpha.6
  • 0f00d4e fix: replace non-CLI `rimraf` usage (#13151)
  • 6a90a2c fix: Allow updating inline snapshots when test includes JSX (#12760)
  • 983274a feat: Let `babel` find config when updating inline snapshots (#13150)
  • d2ff18a chore: make prettierPath optional in `SnapshotState` (#13149)
  • 7d8d01c feat(circus): added each to failing tests (#13142)
  • a5b52a5 chore(types): separate MatcherContext, MatcherUtils and MatcherState (#13141)
  • 79b5e41 chore: get rid of peer dep warning in website
  • 812763d chore: enable 'no-duplicate-imports' (#13138)
See the full diff
Package name: puppeteer The new version differs by 250 commits.
  • a07ff12 chore: use scoped tags for publishing (#9055)
  • ee1272e chore: release main (#9052)
  • bafdb47 chore: update pin_dependencies.py (#9051)
  • d4c6ff1 chore: update pin dependencies (#9050)
  • d1b61cf chore: update generate sources (#9049)
  • 9b28a3b chore: use file dependencies at root (#9048)
  • a359873 chore: pin dependencies on pre-release (#9046)
  • 469ac02 chore: fix release-please (#9044)
  • f42336c feat: separate puppeteer and puppeteer-core (#9023)
  • 3aee641 chore(main): release 18.1.0 (#9042)
  • 022fbde feat(chromium): roll to Chromium 107.0.5296.0 (r1045629) (#9039)
  • b7b07e3 chore: add documentation to xpath prefix and deprecated page.waitForTimeout (#9014)
  • 5dbd69e chore: type in waitForRequest function description (#9015)
  • c0c7878 chore: initiate monorepo migration (#9022)
  • 2a21896 chore: rename vendor to third_party (#9021)
  • f8de7b1 chore: bundle vendor code (#9016)
  • d06a905 chore: update deps (#9013)
  • 023ebd8 chore: enable firefox tests on Mac (#9002)
  • a00d466 chore: add strategy.fail-fast=false (#9007)
  • 5a1b8d2 chore: add headful support for Firefox (#9004)
  • c21c3ba chore: remove environment variable that forces WebRender to be disabled in Firefox (#9001)
  • a6f4584 chore: clarify build instructions (#9000)
  • 3939d55 chore: enable continue on error (#9003)
  • ddc567a chore(main): release 18.0.5 (#8997)
See the full diff
Package name: puppeteer-core The new version differs by 250 commits.
  • 101fcb9 chore: release main (#9789)
  • ca797ad chore: fix pre-release
  • 0df369a chore: fix husky
  • 22e4cc3 chore: fix pre-release workflow (#9788)
  • baf51bc chore: use prerelease for browser (#9786)
  • 364b23f fix: update dependencies (#9781)
  • 299d444 chore: remove pre-push and pre-commit (#9777)
  • 813882d chore: update glob (#9776)
  • 04247a4 feat: browsers: recognize chromium as a valid browser (#9760)
  • 6777604 chore: fix analyzer yarn installs (#9778)
  • 2123f80 chore: remove rimraf (#9775)
  • 8bf9718 chore(deps): Bump yargs from 17.7.0 to 17.7.1 (#9752)
  • f84873c chore: support commas in P selectors (#9769)
  • 62d5f39 chore(deps): Bump @ angular-devkit/schematics from 15.2.0 to 15.2.1 (#9773)
  • 3a4e726 chore: fix Browsers failing tests (#9768)
  • 2922611 chore(deps): Bump @ angular-devkit/core from 15.2.0 to 15.2.1 (#9761)
  • f68e046 chore(deps): Bump cosmiconfig from 8.0.0 to 8.1.0 (#9751)
  • d3b25df chore: update test expectation data for Firefox for 19.7.2 downstream sync (#9756)
  • f887292 chore: add more debugging info on Debug Runs (#9754)
  • 004a99a chore: implement simple BiDi ElementHandle (#9753)
  • 232873a chore: fix Mocha test runner suggestion when hooks fail (#9750)
  • 4a365a4 chore: extract BiDi context to allow emitting only to it (#9742)
  • ed1bb7c chore(deps): Bump @ angular-devkit/schematics from 15.1.6 to 15.2.0 (#9748)
  • 4ddf63d chore(deps): Bump @ angular-devkit/core from 15.1.6 to 15.2.0 (#9749)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/thomasdondorf/project/f5830bf6-2c07-4321-a264-bff76a4d6494?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/thomasdondorf/project/f5830bf6-2c07-4321-a264-bff76a4d6494?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"6e3d9570-4807-45ed-a6c8-d095df12d817","prPublicId":"6e3d9570-4807-45ed-a6c8-d095df12d817","dependencies":[{"name":"jest","from":"27.4.7","to":"29.0.0"},{"name":"puppeteer","from":"13.1.1","to":"18.2.0"},{"name":"puppeteer-core","from":"13.1.1","to":"19.7.3"}],"packageManager":"npm","projectPublicId":"f5830bf6-2c07-4321-a264-bff76a4d6494","projectUrl":"https://app.snyk.io/org/thomasdondorf/project/f5830bf6-2c07-4321-a264-bff76a4d6494?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-INFLIGHT-6095116"],"upgrade":["SNYK-JS-INFLIGHT-6095116"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[661],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)