knockout-store [Snyk] Upgrade puppeteer from 3.0.2 to 3.3.0

[Snyk] Upgrade puppeteer from 3.0.2 to 3.3.0

Open RockRunner007 opened this issue 4 years ago • 0 comments

Snyk has created this PR to upgrade puppeteer from 3.0.2 to 3.3.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 5 versions ahead of your current version.
The recommended version was released 8 months ago, on 2020-06-02.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: puppeteer

3.3.0 - 2020-06-02
Highlights
- The migration from Node's EventEmitter to the Mitt library has been reverted in this release. We're sorry for causing unexpected issues in the 3.2.0 release. If you were unable to upgrade from 3.1.0 to 3.2.0, you will be able to upgrade straight to 3.3.0 and not have any issues.
Behind the scenes
- The Puppeteer Response class was renamed HTTPResponse to avoid a clash with the TS Response type. We don't expose this class on the main Puppeteer instance so this shouldn't affect any of your code.
- Similarly we have renamed Worker to WebWorker to avoid a clash with the TS Worker type.
Raw Notes

34c0f9b - chore: mark version v3.3.0
309d811 - chore: Revert Mitt due to breaking changes (#5952)
81e3248 - chore: Defer Windows FF tests for longer (#5954)
b874cac - chore: rename Worker to WebWorker (#5941)
7862484 - chore: update request and response references in docs (#5942)
232def0 - chore: rename Response to HTTPResponse (#5940)
cfd72ac - chore: bump version to v3.2.0-post (#5938)
3.2.0 - 2020-05-29
Highlights
- We now support emulating vision deficiency types within Puppeteer using page.emulateVisionDeficiency. You can read more about these on the DevTools update blog post.
- We now use Mitt as the Event Emitter that backs many of Puppeteer's classes rather than the EventEmitter module that ships with Node. This is potentially a breaking change if you rely on some of the less popular EventEmitter methods as Puppeteer's EventEmitter does not support the entire suite of NodeJS EventEmitter functions. We think it's unlikely anyone has relied on these; we were able to swap out the EventEmitter in Puppeteer without any unit tests needing to change.
- Puppeteer now recognises webviews as regular pages which means you can control them just like you would control a regular page.
Behind the scenes
- The Request class has been renamed to HTTPRequest to avoid a clash with TypeScript's Request type. We'll be making similar changes to Response and Worker. This is not a breaking change as Puppeteer doesn't directly expose these classes so you shouldn't be referring to them by name in your code.
Raw notes

1d4d25a - chore: use Mitt as the Event Emitter (#5907)
a2ba6f0 - feat: recognize webviews as regular pages (#5905)
8e8a9df - chore: rename Request class to HTTPRequest (#5934)
9737059 - chore: remove doclint generate_types code (#5932)
7eab7f8 - feat(api): add page.emulateVisionDeficiency(type) (#5901)
24ac11e - chore: fix undefined rm in mocha-utils (#5920)
6cfe142 - chore: don't use expect within Promises (#5466) (#5473)
dfb2e60 - chore: stop Protocol types being globally available (#5899)
d8e0557 - chore: update Travis to run latest macOS and fix HTTPS test (#5903)
9a08d31 - chore: error if coverage couldn't find the given class (#5863)
caaf4d2 - fix: support async functions as an argument for waitForFunction (#5682)
e6c22da - chore: bump version to v3.1.0-post (#5884)
3.1.0 - 2020-05-18 Read more
3.0.4 - 2020-05-07
Highlights
- As of Node.js v14.1.0 the bug that prevented Puppeteer working on Node.js 14.0.x has been fixed. The code that tried to debug this and show a useful error has been removed (#5816). Puppeteer should install and run just fine on Node.js v14.1.0 and beyond.
Behind the scenes
- We now run unit tests on Node.js v14 (#5821).
Raw notes

c214d20 - chore: mark version v3.0.4 (#5823)
17bb660 - chore: remove unused mime-types dependency (#5819)
70340de - chore: add Node.js 12 & 14 to CI (#5821)
70d5c7f - fix: remove node@14 specific extract timeout (#5816)
5115482 - chore: bump version to 3.0.3-post (#5814)
3.0.3 - 2020-05-06 Read more
3.0.2 - 2020-04-28 Read more