build(deps): [security] bump puppeteer from 1.8.0 to 1.20.0

[dependabot-preview[bot]]

Bumps puppeteer from 1.8.0 to 1.20.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Use-After-Free in puppeteer Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.

Recommendation

Upgrade to version 1.13.0 or later.

Affected versions: < 1.13.0

Release notes

Sourced from puppeteer's releases.

v1.20.0

Big changes

• Chromium 78.0.3882.0 (r686378)
• New APIs: element.evaluate, element.evaluateHandle, element.select, jsHandle.evaluate, jsHandle.evaluateHandle

API changes

Added

• element.evaluate (#4892)
• element.evaluateHandle (#4892)
• element.select (#4892)
• jsHandle.evaluate (#4892)
• jsHandle.evaluateHandle (#4892)

Bug fixes

e0c8d46 - fix: abort page.waitFor{Request,Response} when page closes (#4865)
417981a - fix(firefox): fix cookies in default browser context (#4850)
b9b6ca1 - fix(network): enable removing headers using request.continue (#4797)
4acce55 - fix(test): enable cross-process viewport test (#4806)
f2056a8 - fix(test): enable redirect inside sync XHR test (#4805)
f4f2189 - fix(page): fix typo in page.screenshot method (#4786)
e2db16f - fix(tests): make eval test resilient to error format (#4793)
1b4a030 - fix(test): make sure selection is not empty before running copy command (#4772)
7a60746 - fix(tests): background page tests should wait for the page (#4769)

Raw notes

a5f03ce - chore: mark version v1.20.0 (#4928)
f504c04 - test: mark Page.close test as failing in Firefox (#4929)
e17d38c - docs(readme): explain significance of Chromium revision (#4811)
9384359 - docs(troubleshooting): fix Alpine version link (#4927)
fca9d45 - docs(contributing): clarify release process (#4923)
97ff359 - docs(contributing): fix some typos (#4917)
c2651c2 - refactor: Pass FrameManager to NetworkManager constructor (#4907)
73fd7ff - feat(api): add element.select and element.evaluate for consistency (#4892)
135bb42 - docs: update README.md (#4857)
cba0f98 - docs(troubleshooting): Fix missing package in Docker instructions (#4877)
07eaad9 - fix(api): tbd release date (#4872)
e0c8d46 - fix: abort page.waitForRequest/Response when page closes (#4865)
faa4527 - chore(testrunner): bump TestRunner version to v0.8.0 (#4856)
498492d - test: add a test for errors inside promise (#4838)
417981a - fix(firefox): fix cookies in default browser context (#4850)
b6b2950 - feat(chromium): roll Chromium to r686378 (#4841)
01b8880 - test(firefox): disable BigInt tests for Firefox (#4849)
f595bc0 - test: fix tests to work on node6 (#4851)
f47ed16 - feat: update DeviceDescriptors to include 6.5 inch iPhone XR and similar (#4846)
0e0a679 - feat(chromium): roll Chromium to r682225 (#4844)

Commits

• a5f03ce chore: mark version v1.20.0 (#4928)
• f504c04 test: mark Page.close test as failing in Firefox (#4929)
• e17d38c docs(readme): explain significance of Chromium revision (#4811)
• 9384359 docs(troubleshooting): fix Alpine version link (#4927)
• fca9d45 docs(CONTRIBUTING.md): clarify release process (#4923)
• 97ff359 docs(CONTRIBUTING.md): fix some typos (#4917)
• c2651c2 refactor: Pass FrameManager to NetworkManager constructor (#4907)
• 73fd7ff feat(api): add element.select and element.evaluate for consistency (#4892)
• 135bb42 docs: update README.md (#4857)
• cba0f98 docs(troubleshooting): Fix missing package in Docker instructions (#4877)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by mathias, a new releaser for puppeteer since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)