[Snyk] Upgrade puppeteer from 3.0.2 to 3.3.0 #17

RockRunner007 · 2021-02-12T04:06:19Z

Snyk has created this PR to upgrade puppeteer from 3.0.2 to 3.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released 8 months ago, on 2020-06-02.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: puppeteer

3.3.0 - 2020-06-02
Highlights
- The migration from Node's EventEmitter to the Mitt library has been reverted in this release. We're sorry for causing unexpected issues in the 3.2.0 release. If you were unable to upgrade from 3.1.0 to 3.2.0, you will be able to upgrade straight to 3.3.0 and not have any issues.
Behind the scenes
- The Puppeteer Response class was renamed HTTPResponse to avoid a clash with the TS Response type. We don't expose this class on the main Puppeteer instance so this shouldn't affect any of your code.
- Similarly we have renamed Worker to WebWorker to avoid a clash with the TS Worker type.
Raw Notes

34c0f9b - chore: mark version v3.3.0
309d811 - chore: Revert Mitt due to breaking changes (#5952)
81e3248 - chore: Defer Windows FF tests for longer (#5954)
b874cac - chore: rename Worker to WebWorker (#5941)
7862484 - chore: update request and response references in docs (#5942)
232def0 - chore: rename Response to HTTPResponse (#5940)
cfd72ac - chore: bump version to v3.2.0-post (#5938)
3.2.0 - 2020-05-29
Highlights
- We now support emulating vision deficiency types within Puppeteer using page.emulateVisionDeficiency. You can read more about these on the DevTools update blog post.
- We now use Mitt as the Event Emitter that backs many of Puppeteer's classes rather than the EventEmitter module that ships with Node. This is potentially a breaking change if you rely on some of the less popular EventEmitter methods as Puppeteer's EventEmitter does not support the entire suite of NodeJS EventEmitter functions. We think it's unlikely anyone has relied on these; we were able to swap out the EventEmitter in Puppeteer without any unit tests needing to change.
- Puppeteer now recognises webviews as regular pages which means you can control them just like you would control a regular page.
Behind the scenes
- The Request class has been renamed to HTTPRequest to avoid a clash with TypeScript's Request type. We'll be making similar changes to Response and Worker. This is not a breaking change as Puppeteer doesn't directly expose these classes so you shouldn't be referring to them by name in your code.
Raw notes

1d4d25a - chore: use Mitt as the Event Emitter (#5907)
a2ba6f0 - feat: recognize webviews as regular pages (#5905)
8e8a9df - chore: rename Request class to HTTPRequest (#5934)
9737059 - chore: remove doclint generate_types code (#5932)
7eab7f8 - feat(api): add page.emulateVisionDeficiency(type) (#5901)
24ac11e - chore: fix undefined rm in mocha-utils (#5920)
6cfe142 - chore: don't use expect within Promises (#5466) (#5473)
dfb2e60 - chore: stop Protocol types being globally available (#5899)
d8e0557 - chore: update Travis to run latest macOS and fix HTTPS test (#5903)
9a08d31 - chore: error if coverage couldn't find the given class (#5863)
caaf4d2 - fix: support async functions as an argument for waitForFunction (#5682)
e6c22da - chore: bump version to v3.1.0-post (#5884)
3.1.0 - 2020-05-18
Read more
3.0.4 - 2020-05-07
Highlights
- As of Node.js v14.1.0 the bug that prevented Puppeteer working on Node.js 14.0.x has been fixed. The code that tried to debug this and show a useful error has been removed (#5816). Puppeteer should install and run just fine on Node.js v14.1.0 and beyond.
Behind the scenes
- We now run unit tests on Node.js v14 (#5821).
Raw notes

c214d20 - chore: mark version v3.0.4 (#5823)
17bb660 - chore: remove unused mime-types dependency (#5819)
70340de - chore: add Node.js 12 & 14 to CI (#5821)
70d5c7f - fix: remove node@14 specific extract timeout (#5816)
5115482 - chore: bump version to 3.0.3-post (#5814)
3.0.3 - 2020-05-06
Read more
3.0.2 - 2020-04-28
Read more

from puppeteer GitHub release notes

Commit messages

Package name: puppeteer

e84e579 chore: mark version v3.3.0 (#5959)
309d811 chore: Revert Mitt due to breaking changes (#5952)
81e3248 chore: Defer Windows FF tests for longer (#5954)
b874cac chore: rename Worker to WebWorker (#5941)
7862484 chore: update request and response references in docs (#5942)
232def0 chore: rename `Response` to `HTTPResponse` (#5940)
cfd72ac chore: bump version to v3.2.0-post (#5938)
88b5265 chore: mark version v3.2.0 (#5937)
1d4d25a Use Mitt as the Event Emitter (#5907)
a2ba6f0 feat: recognize webviews as regular pages (#5905)
8e8a9df chore: rename Request class to HTTPRequest (#5934)
9737059 chore: remove doclint generate_types code (#5932)
7eab7f8 feat(api): add page.emulateVisionDeficiency(type) (#5901)
24ac11e chore: fix undefined `rm` in mocha-utils (#5920)
6cfe142 Don't use expect within Promises (#5466) (#5473)
dfb2e60 chore: stop Protocol types being globally available (#5899)
d8e0557 chore: update Travis to run latest macOS and fix HTTPS test (#5903)
9a08d31 chore: error if coverage couldn't find the given class (#5863)
caaf4d2 fix: support async functions as an argument for waitForFunction (#5682)
e6c22da chore: bump version to v3.1.0-post (#5884)
8ba3675 chore: mark version v3.1.0 (#5883)
a17bd89 feat: add securityDetails.subjectAlternativeNames() #5628 (#5881)
e823289 feat(chromium): roll Chromium to r756035 (#5879)
ad3613d docs(contributing): clarify list of Chromium versions (#5878)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade puppeteer from 3.0.2 to 3.3.0. See this package in npm: https://www.npmjs.com/package/puppeteer See this project in Snyk: https://app.snyk.io/org/rockrunner007/project/aa5e5c45-e239-49a0-8c9d-0a3947eb13cf?utm_source=github&utm_medium=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade puppeteer from 3.0.2 to 3.3.0 #17

[Snyk] Upgrade puppeteer from 3.0.2 to 3.3.0 #17

RockRunner007 commented Feb 12, 2021

Highlights

Behind the scenes

Raw Notes

Highlights

Behind the scenes

Raw notes

Highlights

Behind the scenes

Raw notes

[Snyk] Upgrade puppeteer from 3.0.2 to 3.3.0 #17

Are you sure you want to change the base?

[Snyk] Upgrade puppeteer from 3.0.2 to 3.3.0 #17

Conversation

RockRunner007 commented Feb 12, 2021

Snyk has created this PR to upgrade puppeteer from 3.0.2 to 3.3.0.

Highlights

Behind the scenes

Raw Notes

Highlights

Behind the scenes

Raw notes

Highlights

Behind the scenes

Raw notes