[Snyk] Upgrade puppeteer from 21.4.1 to 23.11.1

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade puppeteer from 21.4.1 to 23.11.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 69 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	218	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	218	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	218	Proof of Concept
	Arbitrary Command Injection SNYK-JS-SYSTEMINFORMATION-5914637	218	No Known Exploit
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	218	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	218	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	218	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	218	Proof of Concept
	Code Injection SNYK-JS-LODASH-1040724	218	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	218	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	218	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	218	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	218	Proof of Concept
	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	218	No Known Exploit
	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	218	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	218	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	218	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	218	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SYSTEMINFORMATION-8547981	218	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	218	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	218	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	218	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-3244450	218	Proof of Concept
	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	218	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	218	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	218	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	218	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	218	Proof of Concept

Release notes

Package name: puppeteer

• 23.11.1 - 2024-12-19
  

  23.11.1 (2024-12-19)

  Miscellaneous Chores

  • puppeteer: Synchronize puppeteer versions

  Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 23.11.0 to 23.11.1
• 23.11.0 - 2024-12-18
  

  23.11.0 (2024-12-18)

  Bug Fixes

  • deps: bump chromium-bidi to 0.11.0 (#13418) (771e4b2)

  Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 23.10.4 to 23.11.0
• 23.10.4 - 2024-12-12
  

  23.10.4 (2024-12-12)

  Miscellaneous Chores

  • puppeteer: Synchronize puppeteer versions

  Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • puppeteer-core bumped from 23.10.3 to 23.10.4
• 23.10.3 - 2024-12-10
• 23.10.2 - 2024-12-09
• 23.10.1 - 2024-12-04
• 23.10.0 - 2024-12-03
• 23.9.0 - 2024-11-21
• 23.8.0 - 2024-11-13
• 23.7.1 - 2024-11-07
• 23.7.0 - 2024-11-04
• 23.6.1 - 2024-10-28
• 23.6.0 - 2024-10-16
• 23.5.3 - 2024-10-11
• 23.5.2 - 2024-10-10
• 23.5.1 - 2024-10-07
• 23.5.0 - 2024-10-02
• 23.4.1 - 2024-09-25
• 23.4.0 - 2024-09-18
• 23.3.1 - 2024-09-16
• 23.3.0 - 2024-09-04
• 23.2.2 - 2024-09-03
• 23.2.1 - 2024-08-29
• 23.2.0 - 2024-08-26
• 23.1.1 - 2024-08-21
• 23.1.0 - 2024-08-14
• 23.0.2 - 2024-08-08
• 23.0.1 - 2024-08-07
• 23.0.0 - 2024-08-07
• 22.15.0 - 2024-07-31
• 22.14.0 - 2024-07-25
• 22.13.1 - 2024-07-17
• 22.13.0 - 2024-07-11
• 22.12.1 - 2024-06-26
• 22.12.0 - 2024-06-21
• 22.11.2 - 2024-06-18
• 22.11.1 - 2024-06-17
• 22.11.0 - 2024-06-12
• 22.10.1 - 2024-06-11
• 22.10.0 - 2024-05-24
• 22.9.0 - 2024-05-16
• 22.8.2 - 2024-05-15
• 22.8.1 - 2024-05-13
• 22.8.0 - 2024-05-06
• 22.7.1 - 2024-04-25
• 22.7.0 - 2024-04-23
• 22.6.5 - 2024-04-15
• 22.6.4 - 2024-04-11
• 22.6.3 - 2024-04-05
• 22.6.2 - 2024-04-02
• 22.6.1 - 2024-03-25
• 22.6.0 - 2024-03-20
• 22.5.0 - 2024-03-15
• 22.4.1 - 2024-03-08
• 22.4.0 - 2024-03-05
• 22.3.0 - 2024-02-26
• 22.2.0 - 2024-02-22
• 22.1.0 - 2024-02-17
• 22.0.0 - 2024-02-05
• 21.11.0 - 2024-02-02
• 21.10.0 - 2024-01-29
• 21.9.0 - 2024-01-24
• 21.8.0 - 2024-01-24
• 21.7.0 - 2024-01-04
• 21.6.1 - 2023-12-13
• 21.6.0 - 2023-12-06
• 21.5.2 - 2023-11-15
• 21.5.1 - 2023-11-09
• 21.5.0 - 2023-11-02
• 21.4.1 - 2023-10-24

from puppeteer GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Bug Fixes:

• This upgrade fixes multiple security vulnerabilities, including arbitrary command injection, server-side request forgery (SSRF), denial of service (DoS), and regular expression denial of service (ReDoS).

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request upgrades the puppeteer npm package from version 21.4.1 to 23.11.1 in the package.json file located in the benches directory. This upgrade addresses multiple security vulnerabilities.

Flow diagram of security vulnerability fixes

flowchart TD
    A[Upgrade Puppeteer]
    B{Security Fixes}
    C[Critical Vulnerabilities]
    D[High Severity Issues]
    E[Medium Severity Issues]
    F[Low Severity Issues]

    A --> B
    B --> C
    B --> D
    B --> E
    B --> F

    C --> C1[Command Injection]
    C --> C2[Input Validation]

    D --> D1[ReDoS]
    D --> D2[SSRF]
    D --> D3[Code Injection]

    E --> E1[Crypto Issues]
    E --> E2[DoS]
    E --> E3[File Operations]

    style A fill:#90EE90
    style B fill:#FFB6C1
    style C fill:#FF6B6B
    style D fill:#FFA07A
    style E fill:#FFD700
    style F fill:#98FB98

Loading

File-Level Changes

Change	Details	Files
Upgrade puppeteer package	Updated the version of puppeteer from 21.4.1 to 23.11.1 in the dependencies section of package.json	benches/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.