twilio
[Snyk] Security upgrade puppeteer from 10.4.0 to 13.1.2
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- packages/flex-plugin-e2e-tests/package.json
- packages/flex-plugin-e2e-tests/package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
539/1000 Why? Has a fix available, CVSS 6.5 |
Information Exposure SNYK-JS-NODEFETCH-2342118 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: puppeteer
The new version differs by 118 commits.- 0a9eb3c chore(release): mark v13.1.2 (#7925)
- e4c48d3 fix(package.json): update node-fetch package (#7924)
- d80d602 fix: types in Connection.ts to be compatible with strict mode Typescript (#7919)
- a8ec0aa fix: types in Browser.ts to be compatible with strict mode Typescript (#7918)
- 08c0e8b chore: bump version to v13.1.1-post (#7913)
- f108560 chore(release): mark v13.1.1 (#7912)
- 344feb5 fix: use content box for OOPIF offset calculations (#7911)
- c09522a chore: bump version to v13.1.0-post (#7909)
- 80d6b84 chore(release): mark v13.1.0 (#7908)
- a55c86f feat(chromium): roll to Chromium 98.0.4758.0 (r950341) (#7907)
- a566263 fix: apply OOPIF offsets to bounding box and box model calls (#7906)
- d7937b8 fix: error for pre-existing OOPIFs (#7899)
- 486bbe0 fix: correctly compute clickable points for elements inside OOPIFs (#7900)
- 59578d9 chore: bump version to v13.0.1-post (#7866)
- 71cef32 chore(release): mark v13.0.1 (#7865)
- 8d8e874 fix: make sure ElementHandle.waitForSelector is evaluated in the right context (#7843)
- 1c44551 fix: predicate arguments for waitForFunction (#7845)
- 36207c5 fix: disable a test failing on Firefox (#7846)
- 3e3a90b docs: fix typo (#7839)
- acdc67b chore: bump version to v13.0.0-post (#7833)
- d0cb9e2 chore(release): mark v13.0.0 (#7832)
- 02c9af6 fix(types): revert "feat(typescript): allow using puppeteer without dom lib"
- 8242422 fix!: typo in 'already-handled' constant of the request interception API (#7813)
- 71cc1b9 refactor: remove unused promise (#7830)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
Codecov Report
Base: 87.51% // Head: 87.51% // No change to project coverage :thumbsup:
Coverage data is based on head (
8ac9c86) compared to base (440d28e). Patch has no changes to coverable lines.
Additional details and impacted files
@@ Coverage Diff @@
## main #731 +/- ##
=======================================
Coverage 87.51% 87.51%
=======================================
Files 137 137
Lines 3754 3754
Branches 638 638
=======================================
Hits 3285 3285
Misses 367 367
Partials 102 102
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Closing this PR as there no known exploit and this package is used internally for running e2e test suites
