[Snyk] Security upgrade puppeteer from 15.3.2 to 24.10.2#42
[Snyk] Security upgrade puppeteer from 15.3.2 to 24.10.2#42
Conversation
…nerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-TARFS-13045213
There was a problem hiding this comment.
Pull Request Overview
This PR upgrades the Puppeteer dependency from version 15.3.2 to 24.10.2 to address a medium-severity symlink following vulnerability (SNYK-JS-TARFS-13045213) with a score of 541.
- Puppeteer version bump from 15.3.2 to 24.10.2
- Security fix for symlink following vulnerability
- Automated dependency update via Snyk
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| "node-fetch-commonjs": "^3.3.1", | ||
| "puppeteer": "^15.3.2", | ||
| "puppeteer": "^24.10.2", | ||
| "puppeteer-cluster": "^0.23.0", |
There was a problem hiding this comment.
The major version upgrade from Puppeteer 15.3.2 to 24.10.2 introduces breaking changes. The puppeteer-cluster dependency (v0.23.0) may not be compatible with Puppeteer v24, as it was likely designed for earlier Puppeteer versions. Verify compatibility and consider updating puppeteer-cluster to a version that supports Puppeteer v24, or test thoroughly to ensure the current version works correctly.
| "puppeteer-cluster": "^0.23.0", | |
| "@puppeteer-cluster/core": "^0.24.0", |
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
unfurler/package.jsonunfurler/package-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-TARFS-13045213
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Symlink Following