[Snyk] Fix for 20 vulnerabilities

[Exnadella]

User description

Snyk has created this PR to fix 20 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• packages/wct-local/package.json
• packages/wct-local/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-LODASH-567746	731
	Remote Memory Exposure SNYK-JS-BL-608877	706
	Prototype Pollution SNYK-JS-ASYNC-2441827	696
	Prototype Pollution SNYK-JS-LODASH-6139239	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	696
	Prototype Pollution SNYK-JS-LODASH-450202	686
	Prototype Pollution SNYK-JS-LODASH-608086	686
	Code Injection SNYK-JS-LODASH-1040724	681
	Misinterpretation of Input SNYK-JS-URIJS-2440699	646
	Prototype Pollution SNYK-JS-MINIMIST-559764	601
	Cross-site Scripting (XSS) SNYK-JS-URIJS-2441239	591
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	586
	Open Redirect SNYK-JS-URIJS-1319803	586
	Open Redirect SNYK-JS-URIJS-2401466	586
	Improper Input Validation SNYK-JS-URIJS-2415026	586
	Open Redirect SNYK-JS-URIJS-2419067	586
	Prototype Pollution SNYK-JS-URIJS-1319806	579
	Improper Input Validation SNYK-JS-URIJS-1055003	539
	Prototype Pollution SNYK-JS-MINIMIST-2429795	506
	Improper Input Validation SNYK-JS-URIJS-1078286	479

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection
🦉 More lessons are available in Snyk Learn

---

PR Type

Bug fix, Enhancement

---

Description

• Updated launchpad dependency to version 0.8.0 to address vulnerabilities.
• Upgraded selenium-standalone to version ^6.22.0 for improved security.
• The changes aim to fix multiple vulnerabilities identified by Snyk in the project's npm dependencies.

---

Changes walkthrough 📝

	Relevant files
Dependencies	package.json Update dependencies to fix vulnerabilities                              packages/wct-local/package.json Updated launchpad dependency from a specific git commit to version 0.8.0. Upgraded selenium-standalone dependency from version ^6.7.0 to ^6.22.0. +2/-2
Additional files (token-limit)	package-lock.json ...                                                                                                            packages/wct-local/package-lock.json ... +795/-992

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[qodo-merge-pro]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Key issues to review Dependency Update The PR updates two dependencies: 'launchpad' and 'selenium-standalone'. The 'launchpad' dependency is changed from a git repository to a specific version (0.8.0), while 'selenium-standalone' is updated from ^6.7.0 to ^6.22.0.

[qodo-merge-pro]

PR Code Suggestions ✨

Category	Suggestion	Score
Dependency management	Replace Git URL dependency with a specific version number Update the launchpad dependency to use a specific version (0.8.0) instead of a Git URL. This improves reproducibility and stability of the build. packages/wct-local/package.json [59] -"launchpad": "git+https://github.com/web-padawan/launchpad.git#fdd994d089572e2c2152d70cc74abf497d08d5b7", +"launchpad": "0.8.0", Apply this suggestion Suggestion importance[1-10]: 9 Why: The suggestion correctly identifies the change from a Git URL to a specific version for the launchpad dependency, which improves build reproducibility and stability. This is a significant improvement in dependency management.	9
Dependency update	Update dependency version to the latest compatible release Update the selenium-standalone dependency to the latest version (6.22.0) to potentially fix vulnerabilities and get the latest features. packages/wct-local/package.json [60] -"selenium-standalone": "^6.7.0", +"selenium-standalone": "^6.22.0", Apply this suggestion Suggestion importance[1-10]: 8 Why: The suggestion accurately reflects the update of the selenium-standalone dependency to a newer version, which can address potential vulnerabilities and provide new features. This is a beneficial update for maintaining the project's security and functionality.	8

[qodo-merge-pro]

CI Failure Feedback 🧐

(Checks updated until commit 35bc887)

Action: test (ubuntu-latest)

Failed stage: Run npm run bootstrap [❌]

Failure summary: The action failed due to an error during the npm ci command execution within the 'wct-mocha' package: Multiple deprecated packages were detected, which might have contributed to the failure. The npm ci command exited with code 1, indicating a failure in the installation process.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 566: npm WARN deprecated [email protected]: This package is no longer supported. 567: npm WARN deprecated [email protected]: This package is no longer supported. 568: npm WARN deprecated [email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 569: npm WARN deprecated [email protected]: This package is no longer supported. 570: npm WARN deprecated [email protected]: This package is no longer supported. 571: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 572: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 573: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. 574: npm WARN deprecated @lerna/[email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. ... 747: npm ERR! [-ws|--workspaces] [--include-workspace-root] [--install-links] 748: npm ERR! 749: npm ERR! aliases: clean-install, ic, install-clean, isntall-clean 750: npm ERR! 751: npm ERR! Run "npm help ci" for more info 752: npm ERR! A complete log of this run can be found in: 753: npm ERR! /home/runner/.npm/_logs/2024-09-05T18_53_08_691Z-debug-0.log 754: lerna ERR! npm ci exited 1 in 'wct-mocha' 755: ##[error]Process completed with exit code 1.

---

✨ CI feedback usage guide:

---

The CI feedback tool (/checks) automatically triggers when a PR has a failed check.
The tool analyzes the failed checks and provides several feedbacks:

• Failed stage
• Failed test name
• Failure summary
• Relevant error logs

In addition to being automatically triggered, the tool can also be invoked manually by commenting on a PR:

/checks "https://github.com/{repo_name}/actions/runs/{run_number}/job/{job_number}"

where {repo_name} is the name of the repository, {run_number} is the run number of the failed check, and {job_number} is the job number of the failed check.

Configuration options

• enable_auto_checks_feedback - if set to true, the tool will automatically provide feedback when a check is failed. Default is true.
• excluded_checks_list - a list of checks to exclude from the feedback, for example: ["check1", "check2"]. Default is an empty list.
• enable_help_text - if set to true, the tool will provide a help message with the feedback. Default is true.
• persistent_comment - if set to true, the tool will overwrite a previous checks comment with the new feedback. Default is true.
• final_update_message - if persistent_comment is true and updating a previous checks message, the tool will also create a new message: "Persistent checks updated to latest commit". Default is true.

See more information about the checks tool in the docs.