[Snyk] Upgrade @playwright/test from 1.44.0 to 1.48.0

[HaLaGu1L]

Snyk has created this PR to upgrade @playwright/test from 1.44.0 to 1.48.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 261 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-AXIOS-6144788	118	No Known Exploit
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-7361793	118	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	118	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	118	No Known Exploit
	Information Exposure SNYK-JS-VITE-8023174	118	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	118	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-FASTXMLPARSER-7573289	118	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-ROLLUP-8073097	118	Proof of Concept
	Undesired Behavior SNYK-JS-STYLEDCOMPONENTS-3149924	118	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-VITE-8022916	118	Proof of Concept

Release notes

Package name: @playwright/test

• 1.48.0 - 2024-10-08
  

  WebSocket routing

  New methods page.routeWebSocket() and browserContext.routeWebSocket() allow to intercept, modify and mock WebSocket connections initiated in the page. Below is a simple example that mocks WebSocket communication by responding to a "request" with a "response".

  await page.routeWebSocket('/ws', ws => {
    ws.onMessage(message => {
      if (message === 'request')
        ws.send('response');
    });
  });

  See WebSocketRoute for more details.

  UI updates

  • New "copy" buttons for annotations and test location in the HTML report.
  • Route method calls like route.fulfill() are not shown in the report and trace viewer anymore. You can see which network requests were routed in the network tab instead.
  • New "Copy as cURL" and "Copy as fetch" buttons for requests in the network tab.

  Miscellaneous

  • Option form and similar ones now accept FormData.
  • New method page.requestGC() may help detect memory leaks.
  • New option location to pass custom step location.
  • Requests made by APIRequestContext now record detailed timing and security information in the HAR.

  Browser Versions

  • Chromium 130.0.6723.19
  • Mozilla Firefox 130.0
  • WebKit 18.0

  This version was also tested against the following stable channels:

  • Google Chrome 129
  • Microsoft Edge 129
• 1.48.0-beta-1729066602000 - 2024-10-16
• 1.48.0-beta-1729034638000 - 2024-10-15
• 1.48.0-beta-1729024528000 - 2024-10-15
• 1.48.0-beta-1728993409000 - 2024-10-15
• 1.48.0-beta-1728993389000 - 2024-10-15
• 1.48.0-beta-1728983264000 - 2024-10-15
• 1.48.0-beta-1728939942000 - 2024-10-14
• 1.48.0-beta-1728916380000 - 2024-10-14
• 1.48.0-beta-1728521270000 - 2024-10-10
• 1.48.0-beta-1728408670000 - 2024-10-08
• 1.48.0-beta-1728391058000 - 2024-10-08
• 1.48.0-beta-1728384960000 - 2024-10-08
• 1.48.0-beta-1728384890000 - 2024-10-08
• 1.48.0-beta-1728371904000 - 2024-10-08
• 1.48.0-beta-1728034490000 - 2024-10-04
• 1.48.0-beta-1727939718000 - 2024-10-03
• 1.48.0-beta-1727868641000 - 2024-10-02
• 1.48.0-beta-1727802413000 - 2024-10-01
• 1.48.0-beta-1727800739000 - 2024-10-01
• 1.48.0-beta-1727721217000 - 2024-09-30
• 1.48.0-beta-1727692967000 - 2024-09-30
• 1.48.0-alpha-2024-09-30 - 2024-09-30
• 1.48.0-alpha-2024-09-29 - 2024-09-29
• 1.48.0-alpha-2024-09-28 - 2024-09-28
• 1.48.0-alpha-2024-09-27 - 2024-09-27
• 1.48.0-alpha-2024-09-26 - 2024-09-26
• 1.48.0-alpha-2024-09-25 - 2024-09-25
• 1.48.0-alpha-2024-09-24 - 2024-09-24
• 1.48.0-alpha-2024-09-23 - 2024-09-23
• 1.48.0-alpha-2024-09-22 - 2024-09-22
• 1.48.0-alpha-2024-09-21 - 2024-09-21
• 1.48.0-alpha-2024-09-20 - 2024-09-20
• 1.48.0-alpha-2024-09-19 - 2024-09-19
• 1.48.0-alpha-2024-09-18 - 2024-09-18
• 1.48.0-alpha-2024-09-17 - 2024-09-17
• 1.48.0-alpha-2024-09-16 - 2024-09-16
• 1.48.0-alpha-2024-09-15 - 2024-09-15
• 1.48.0-alpha-2024-09-14 - 2024-09-14
• 1.48.0-alpha-2024-09-13 - 2024-09-13
• 1.48.0-alpha-2024-09-12 - 2024-09-12
• 1.48.0-alpha-2024-09-11 - 2024-09-11
• 1.48.0-alpha-2024-09-10 - 2024-09-10
• 1.48.0-alpha-2024-09-09 - 2024-09-09
• 1.48.0-alpha-2024-09-08 - 2024-09-08
• 1.48.0-alpha-2024-09-07 - 2024-09-07
• 1.48.0-alpha-2024-09-06 - 2024-09-06
• 1.48.0-alpha-1727434891000 - 2024-09-27
• 1.47.2 - 2024-09-20
  

  Highlights

  #32699 [REGRESSION]: fix(codegen): use content_frame property in python/.NET
  #32706 [REGRESSION]: page.pause() does not pause test timeout after 1.47
  #32661 - fix(trace-viewer): time delta between local and remote actions

  Browser Versions

  • Chromium 129.0.6668.29
  • Mozilla Firefox 130.0
  • WebKit 18.0

  This version was also tested against the following stable channels:

  • Google Chrome 128
  • Microsoft Edge 128
• 1.47.2-beta-1727139937000 - 2024-09-24
• 1.47.2-beta-1726852863000 - 2024-09-20
• 1.47.1 - 2024-09-13
  

  Highlights

  #32480 - [REGRESSION]: tsconfig.json's compilerOptions.paths no longer working in 1.47
  #32552 - [REGRESSION]: broken UI in Trace Viewer while showing network response body

  Browser Versions

  • Chromium 129.0.6668.29
  • Mozilla Firefox 130.0
  • WebKit 18.0

  This version was also tested against the following stable channels:

  • Google Chrome 128
  • Microsoft Edge 128
• 1.47.1-beta-1726849306000 - 2024-09-20
• 1.47.1-beta-1726827698000 - 2024-09-20
• 1.47.1-beta-1726598621000 - 2024-09-17
• 1.47.1-beta-1726247857000 - 2024-09-13
• 1.47.0 - 2024-09-05
  

  Network Tab improvements

  The Network tab in the UI mode and trace viewer has several nice improvements:

  • filtering by asset type and URL
  • better display of query string parameters
  • preview of font assets

  

  Credit to @ kubajanik for these wonderful improvements!

  --tsconfig CLI option

  By default, Playwright will look up the closest tsconfig for each imported file using a heuristic. You can now specify a single tsconfig file in the command line, and Playwright will use it for all imported files, not only test files:

  # Pass a specific tsconfig
  npx playwright test --tsconfig tsconfig.test.json

  APIRequestContext now accepts URLSearchParams and string as query parameters

  You can now pass URLSearchParams and string as query parameters to APIRequestContext:

  test('query params', async ({ request }) => {
    const searchParams = new URLSearchParams();
    searchParams.set('userId', 1);
    const response = await request.get(
        'https://jsonplaceholder.typicode.com/posts',
        {
          params: searchParams // or as a string: 'userId=1'
        }
    );
    // ...
  });

  Miscellaneous

  • The mcr.microsoft.com/playwright:v1.47.0 now serves a Playwright image based on Ubuntu 24.04 Noble.
    To use the 22.04 jammy-based image, please use mcr.microsoft.com/playwright:v1.47.0-jammy instead.
  • The :latest/:focal/:jammy tag for Playwright Docker images is no longer being published. Pin to a specific version for better stability and reproducibility.
  • New option behavior in page.removeAllListeners(), browser.removeAllListeners() and browserContext.removeAllListeners() to wait for ongoing listeners to complete.
  • TLS client certificates can now be passed from memory by passing cert and key as buffers instead of file paths.
  • Attachments with a text/html content type can now be opened in a new tab in the HTML report. This is useful for including third-party reports or other HTML content in the Playwright test report and distributing it to your team.
  • noWaitAfter in locator.selectOption() was deprecated.
  • We've seen reports of WebGL in Webkit misbehaving on GitHub Actions macos-13. We recommend upgrading GitHub Actions to macos-14.

  Browser Versions

  • Chromium 129.0.6668.29
  • Mozilla Firefox 130.0
  • WebKit 18.0

  This version was also tested against the following stable channels:

  • Google Chrome 128
  • Microsoft Edge 128
• 1.47.0-beta-1726138322000 - 2024-09-12
• 1.47.0-beta-1726136860000 - 2024-09-12
• 1.47.0-beta-1726127997000 - 2024-09-12
• 1.47.0-beta-1726085360000 - 2024-09-11
• 1.47.0-beta-1725889926000 - 2024-09-09
• 1.47.0-beta-1725611500000 - 2024-09-06
• 1.47.0-beta-1725570477000 - 2024-09-05
• 1.47.0-beta-1725568763000 - 2024-09-05
• 1.47.0-beta-1725550839000 - 2024-09-05
• 1.47.0-beta-1725531189000 - 2024-09-05
• 1.47.0-alpha-2024-09-05 - 2024-09-05
• 1.47.0-alpha-2024-09-04 - 2024-09-04
• 1.47.0-alpha-2024-09-03 - 2024-09-03
• 1.47.0-alpha-2024-09-02 - 2024-09-02
• 1.47.0-alpha-2024-09-01 - 2024-09-01
• 1.47.0-alpha-2024-08-31 - 2024-08-31
• 1.47.0-alpha-2024-08-30 - 2024-08-30
• 1.47.0-alpha-2024-08-29 - 2024-08-29
• 1.47.0-alpha-2024-08-28 - 2024-08-28
• 1.47.0-alpha-2024-08-27 - 2024-08-27
• 1.47.0-alpha-2024-08-26 - 2024-08-26
• 1.47.0-alpha-2024-08-25 - 2024-08-25
• 1.47.0-alpha-2024-08-24 - 2024-08-24
• 1.47.0-alpha-2024-08-23 - 2024-08-23
• 1.47.0-alpha-2024-08-22 - 2024-08-22
• 1.47.0-alpha-2024-08-21 - 2024-08-21
• 1.47.0-alpha-2024-08-20 - 2024-08-20
• 1.47.0-alpha-2024-08-19 - 2024-08-19
• 1.47.0-alpha-2024-08-18 - 2024-08-18
• 1.47.0-alpha-2024-08-17 - 2024-08-17
• 1.47.0-alpha-2024-08-15 - 2024-08-15
• 1.47.0-alpha-2024-08-14 - 2024-08-14
• 1.47.0-alpha-2024-08-13 - 2024-08-13
• 1.47.0-alpha-2024-08-12 - 2024-08-12
• 1.47.0-alpha-2024-08-11 - 2024-08-11
• 1.47.0-alpha-2024-08-10 - 2024-08-10
• 1.47.0-alpha-2024-08-09 - 2024-08-09
• 1.47.0-alpha-2024-08-08 - 2024-08-08
• 1.47.0-alpha-2024-08-07 - 2024-08-07
• 1.47.0-alpha-2024-08-06 - 2024-08-06
• 1.47.0-alpha-2024-08-05 - 2024-08-05
• 1.47.0-alpha-2024-08-04 - 2024-08-04
• 1.47.0-alpha-2024-08-03 - 2024-08-03
• 1.47.0-alpha-2024-08-02 - 2024-08-02
• 1.47.0-alpha-2024-08-01 - 2024-08-01
• 1.47.0-alpha-2024-07-31 - 2024-07-31
• 1.47.0-alpha-2024-07-30 - 2024-07-30
• 1.47.0-alpha-2024-07-29 - 2024-07-29
• 1.47.0-alpha-2024-07-28 - 2024-07-28
• 1.47.0-alpha-2024-07-27 - 2024-07-27
• 1.47.0-alpha-1722580468000 - 2024-08-02
• 1.47.0-alpha-1722448717000 - 2024-07-31
• 1.47.0-alpha-1722335054000 - 2024-07-30
• 1.46.1 - 2024-08-16
  

  Highlights

  #32004 - [REGRESSION]: Client Certificates don't work with Microsoft IIS
  #32004 - [REGRESSION]: Websites stall on TLS handshake errors when using Client Certificates
  #32146 - [BUG]: Credential scanners warn about internal socks-proxy TLS certificates
  #32056 - [REGRESSION]: 1.46.0 (TypeScript) - custom fixtures extend no longer chainable
  #32070 - [Bug]: --only-changed flag and project dependencies
  #32188 - [Bug]: --only-changed with shallow clone throws "unknown revision" error

  Browser Versions

  • Chromium 128.0.6613.18
  • Mozilla Firefox 128.0
  • WebKit 18.0

  This version was also tested against the following stable channels:

  • Google Chrome 127
  • Microsoft Edge 127
• 1.46.1-beta-1724923267000 - 2024-08-29
• 1.46.1-beta-1723837512000 - 2024-08-16
• 1.46.1-beta-1723832682000 - 2024-08-16
• 1.46.0 - 2024-08-05
  

  TLS Client Certificates

  Playwright now allows to supply client-side certificates, so that server can verify them, as specified by TLS Client Authentication.

  When client certificates are specified, all browser traffic is routed through a proxy that establishes the secure TLS connection, provides client certificates to the server and validates server certificates.

  The following snippet sets up a client certificate for https://example.com:

  import { defineConfig } from '@ playwright/test';

  export default defineConfig({
  // ...
  use: {
  clientCertificates: [{
  origin: 'https://example.com',
  certPath: './cert.pem',
  keyPath: './key.pem',
  passphrase: 'mysecretpassword',
  }],
  },
  // ...
  });

  You can also provide client certificates to a particular test project or as a parameter of browser.newContext() and apiRequest.newContext().

  --only-changed cli option

  New CLI option --only-changed allows to only run test files that have been changed since the last git commit or from a specific git "ref".

  # Only run test files with uncommitted changes
  npx playwright test --only-changed

  # Only run test files changed relative to the "main" branch
  npx playwright test --only-changed=main

  Component Testing: New router fixture

  This release introduces an experimental router fixture to intercept and handle network requests in component testing.
  There are two ways to use the router fixture:

  • Call router.route(url, handler) that behaves similarly to page.route().
  • Call router.use(handlers) and pass MSW library request handlers to it.

  Here is an example of reusing your existing MSW handlers in the test.

  import { handlers } from '@ src/mocks/handlers';

  test.beforeEach(async ({ router }) => {
  // install common handlers before each test
  await router.use(...handlers);
  });

  test('example test', async ({ mount }) => {
  // test as usual, your handlers are active
  // ...
  });

  This fixture is only available in component tests.

  UI Mode / Trace Viewer Updates

  • Test annotations are now shown in UI mode.
  • Content of text attachments is now rendered inline in the attachments pane.
  • New setting to show/hide routing actions like route.continue().
  • Request method and status are shown in the network details tab.
  • New button to copy source file location to clipboard.
  • Metadata pane now displays the baseURL.

  Miscellaneous

  • New maxRetries option in apiRequestContext.fetch() which retries on the ECONNRESET network error.
  • New option to box a fixture to minimize the fixture exposure in test reports and error messages.
  • New option to provide a custom fixture title to be used in test reports and error messages.

  Possibly breaking change

  Fixture values that are array of objects, when specified in the test.use() block, may require being wrapped into a fixture tuple. This is best seen on the example:

  import { test as base } from '@ playwright/test';

  // Define an option fixture that has an "array of objects" value
  type User = { name: string, password: string };
  const test = base.extend<{ users: User[] }>({
  users: [ [], { option: true } ],
  });

  // Specify option value in the test.use block.
  test.use({
  // WRONG: this syntax may not work for you
  users: [
  { name: 'John Doe', password: 'secret' },
  { name: 'John Smith', password: 's3cr3t' },
  ],
  // CORRECT: this syntax will work. Note extra [] around the value, and the "scope" property.
  users: [[
  { name: 'John Doe', password: 'secret' },
  { name: 'John Smith', password: 's3cr3t' },
  ], { scope: 'test' }],
  });

  test('example test', async () => {
  // ...
  });

  Browser Versions

  • Chromium 128.0.6613.18
  • Mozilla Firefox 128.0
  • WebKit 18.0

  This version was also tested against the following stable channels:

  • Google Chrome 127
  • Microsoft Edge 127
• 1.46.0-beta-1723832534000 - 2024-08-16
• 1.46.0-beta-1723801589000 - 2024-08-16
• 1.46.0-beta-1723720592000 - 2024-08-15
• 1.46.0-beta-1723720241000 - 2024-08-15
• 1.46.0-beta-1723710364000 - 2024-08-15
• 1.46.0-beta-1723660382000 - 2024-08-14
• 1.46.0-beta-1723133504000 - 2024-08-08
• 1.46.0-beta-1722921654000 - 2024-08-06
• 1.46.0-beta-1722864935000 - 2024-08-05
• 1.46.0-beta-1722862542000 - 2024-08-05
• 1.46.0-beta-1722861852000 - 2024-08-05
• 1.46.0-beta-1722861393000 - 2024-08-05
• 1.46.0-beta-1722619968000 - 2024-08-02
• 1.46.0-beta-1722548857000 - 2024-08-01
• 1.46.0-beta-1722543854000 - 2024-08-01
• 1.46.0-beta-1722539025000 - 2024-08-01
• 1.46.0-beta-1722538384000 - 2024-08-01
• 1.46.0-beta-1722536587000 - 2024-08-01
• 1.46.0-beta-1722529720000 - 2024-08-01
• 1.46.0-beta-1722515615000 - 2024-08-01
• 1.46.0-beta-1722491095000 - 2024-08-01
• 1.46.0-beta-1722473979000 - 2024-08-01
• 1.46.0-beta-1722473905000 - 2024-08-01
• 1.46.0-beta-1722473882000 - 2024-08-01
• 1.46.0-beta-1722449265000 - 2024-07-31
• 1.46.0-beta-1722359450000 - 2024-07-30
• 1.46.0-beta-1722356599000 - 2024-07-30
• 1.46.0-beta-1722335510000 - 2024-07-30
• 1.46.0-beta-1722264334000 - 2024-07-29
• 1.46.0-beta-1722257607000 - 2024-07-29
• 1.46.0-beta-1722008066000 - 2024-07-26
• 1.46.0-alpha-2024-07-26 - 2024-07-26
• 1.46.0-alpha-2024-07-25 - 2024-07-25
• 1.46.0-alpha-2024-07-24 - 2024-07-24
• 1.46.0-alpha-2024-07-23 - 2024-07-23
• 1.46.0-alpha-2024-07-22 - 2024-07-22
• 1.46.0-alpha-2024-07-21 - 2024-07-21
• 1.46.0-alpha-2024-07-20 - 2024-07-20
• 1.46.0-alpha-2024-07-19 - 2024-07-19
• 1.46.0-alpha-2024-07-18 - 2024-07-18
• 1.46.0-alpha-2024-07-17 - 2024-07-17
• 1.46.0-alpha-2024-07-16 - 2024-07-16
• 1.46.0-alpha-2024-07-15 - 2024-07-15
• 1.46.0-alpha-2024-07-14 - 2024-07-14
• 1.46.0-alpha-2024-07-13 - 2024-07-13
• 1.46.0-alpha-2024-07-12 - 2024-07-12
• 1.46.0-alpha-2024-07-11 - 2024-07-11
• 1.46.0-alpha-2024-07-10 - 2024-07-10
• 1.46.0-alpha-2024-07-09 - 2024-07-09
• 1.46.0-alpha-2024-07-08 - 2024-07-08
• 1.46.0-alpha-2024-07-07 - 2024-07-07
• 1.46.0-alpha-2024-07-06 - 2024-07-06
• 1.46.0-alpha-2024-07-05 - 2024-07-05
• 1.46.0-alpha-2024-07-04 - 2024-07-04
• 1.46.0-alpha-2024-07-03 - 2024-07-03
• 1.46.0-alpha-2024-07-02 - 2024-07-02
• 1.46.0-alpha-2024-07-01 - 2024-07-01
• 1.46.0-alpha-2024-06-30 - 2024-06-30
• 1.46.0-alpha-2024-06-29 - 2024-06-29
• 1.46.0-alpha-2024-06-28 - 2024-06-28
• 1.46.0-alpha-2024-06-27 - 2024-06-27
• 1.46.0-alpha-2024-06-26 - 2024-06-26
• 1.46.0-alpha-2024-06-25 - 2024-06-25
• 1.46.0-alpha-2024-06-24 - 2024-06-24
• 1.46.0-alpha-2024-06-23 - 2024-06-23
• 1.46.0-alpha-2024-06-22 - 2024-06-22
• 1.46.0-alpha-2024-06-21 - 2024-06-21
• 1.46.0-alpha-2024-06-20 - 2024-06-20
• 1.46.0-alpha-2024-06-19 - 2024-06-19
• 1.46.0-alpha-2024-06-18 - 2024-06-18
• 1.46.0-alpha-2024-06-17 - 2024-06-17
• 1.46.0-alpha-2024-06-16 - 2024-06-16
• 1.46.0-alpha-1721990585000 - 2024-07-26
• 1.46.0-alpha-1721813979000 - 2024-07-24
• 1.45.3 - 2024-07-22
  

  Highlights

  #31764 - [Bug]: some actions do not appear in the trace file
  microsoft/playwright-java#1617 - [Bug]: Traceviewer not reporting all actions

  Browser Versions

  • Chromium 127.0.6533.5
  • Mozilla Firefox 127.0
  • WebKit 17.4

  This version was also tested against the following stable channels:

  • Google Chrome 126
  • Microsoft Edge 126
• 1.45.3-beta-1721669341000 - 2024-07-22
• 1.45.2 - 2024-07-16
  

  Highlights

  #31613 - [REGRESSION]: Trace is not showing any screenshots nor test name
  #31601 - [REGRESSION]: missing trace for 2nd browser
  #31541 - [REGRESSION]: Failing tests have a trace with no images and with steps missing

  Browser Versions

  • Chromium 127.0.6533.5
  • Mozilla Firefox 127.0
  • WebKit 17.4

  This version was also tested against the following stable channels:

  • Google Chrome 126
  • Microsoft Edge 126
• 1.45.2-beta-1721667688000 - 2024-07-22
• 1.45.2-beta-1721667620000 - 2024-07-22
• 1.45.2-beta-1721126701000 - 2024-07-16
• 1.45.1 - 2024-07-02
• 1.45.1-beta-1721056413000 - 2024-07-15
• 1.45.1-beta-1720807989000 - 2024-07-12
• 1.45.1-beta-1719996498000 - 2024-07-03
• 1.45.1-beta-1719941226000 - 2024-07-02
• 1.45.0 - 2024-06-24
• 1.45.0-beta-1719854491000 - 2024-07-01
• 1.45.0-beta-1719819889000 - 2024-07-01
• 1.45.0-beta-1719505820000 - 2024-06-27
• 1.45.0-beta-1719443776000 - 2024-06-26
• 1.45.0-beta-1719257069000 - 2024-06-24
• 1.45.0-beta-1719257053000 - 2024-06-24
• 1.45.0-beta-1719253817000 - 2024-06-24
• 1.45.0-beta-1718972438000 - 2024-06-21
• 1.45.0-beta-1718813530000 - 2024-06-19
• 1.45.0-beta-1718782041000 - 2024-06-19
• 1.45.0-beta-1718733727000 - 2024-06-18
• 1.45.0-beta-1718419432000 - 2024-06-15
• 1.45.0-beta-1718411373000 - 2024-06-15
• 1.45.0-alpha-2024-06-15 - 2024-06-15
• 1.45.0-alpha-2024-06-14 - 2024-06-14
• 1.45.0-alpha-2024-06-13 - 2024-06-13
• 1.45.0-alpha-2024-06-12 - 2024-06-12
• 1.45.0-alpha-2024-06-11 - 2024-06-11
• 1.45.0-alpha-2024-06-10 - 2024-06-10
• 1.45.0-alpha-2024-06-09 - 2024-06-09
• 1.45.0-alpha-2024-06-08 - 2024-06-08
• 1.45.0-alpha-2024-06-07 - 2024-06-07
• 1.45.0-alpha-2024-06-06 - 2024-06-06
• 1.45.0-alpha-2024-06-05 - 2024-06-05
• 1.45.0-alpha-2024-06-04 - 2024-06-04
• 1.45.0-alpha-2024-06-03 - 2024-06-03
• 1.45.0-alpha-2024-06-02 - 2024-06-02
• 1.45.0-alpha-2024-06-01 - 2024-06-01
• 1.45.0-alpha-2024-05-31 - 2024-05-31
• 1.45.0-alpha-2024-05-30 - 2024-05-30
• 1.45.0-alpha-2024-05-29 - 2024-05-29
• 1.45.0-alpha-2024-05-28 - 2024-05-28
• 1.45.0-alpha-2024-05-27 - 2024-05-27
• 1.45.0-alpha-2024-05-26 - 2024-05-26
• 1.45.0-alpha-2024-05-25 - 2024-05-25
• 1.45.0-alpha-2024-05-24 - 2024-05-24
• 1.45.0-alpha-2024-05-23 - 2024-05-23
• 1.45.0-alpha-2024-05-22 - 2024-05-22
• 1.45.0-alpha-2024-05-21 - 2024-05-21
• 1.45.0-alpha-2024-05-20 - 2024-05-20
• 1.45.0-alpha-2024-05-19 - 2024-05-19
• 1.45.0-alpha-2024-05-18 - 2024-05-18
• 1.45.0-alpha-2024-05-17 - 2024-05-17
• 1.45.0-alpha-2024-05-16 - 2024-05-16
• 1.45.0-alpha-2024-05-15 - 2024-05-15
• 1.45.0-alpha-2024-05-14 - 2024-05-14
• 1.45.0-alpha-2024-05-13 - 2024-05-13
• 1.45.0-alpha-2024-05-12 - 2024-05-12
• 1.45.0-alpha-2024-05-11 - 2024-05-11
• 1.45.0-alpha-2024-05-10 - 2024-05-10
• 1.45.0-alpha-2024-05-09 - 2024-05-09
• 1.45.0-alpha-2024-05-08 - 2024-05-08
• 1.45.0-alpha-2024-05-07 - 2024-05-07
• 1.45.0-alpha-2024-05-06 - 2024-05-06
• 1.45.0-alpha-2024-04-30 - 2024-04-30
• 1.45.0-alpha-1716491102000 - 2024-05-23
• 1.45.0-alpha-1714760563000 - 2024-05-06
• 1.44.1 - 2024-05-23
• 1.44.1-beta-1716453231000 - 2024-05-23
• 1.44.1-beta-1716449392000 - 2024-05-23
• 1.44.0 - 2024-05-06

from @playwright/test GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"@playwright/test","from":"1.44.0","to":"1.48.0"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-AXIOS-6144788","issue_id":"SNYK-JS-AXIOS-6144788","priority_score":125,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Jan 05 2024 09:16:43 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.08},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Prototype Pollution"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-AXIOS-7361793","issue_id":"SNYK-JS-AXIOS-7361793","priority_score":221,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00084},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Sun Aug 11 2024 18:45:22 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":7.84},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Server-side Request Forgery (SSRF)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":169,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:36:53 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MICROMATCH-6838728","issue_id":"SNYK-JS-MICROMATCH-6838728","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:42:05 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-VITE-8023174","issue_id":"SNYK-JS-VITE-8023174","priority_score":118,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"none"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"adjacent"},{"name":"epss","value":0.00043},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Sep 18 2024 12:06:01 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":98},{"name":"impact","value":5.99},{"name":"likelihood","value":1.96},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Information Exposure"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-AXIOS-6124857","issue_id":"SNYK-JS-AXIOS-6124857","priority_score":67,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Dec 14 2023 09:43:10 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":2.83},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Regular Expression Denial of Service (ReDoS)"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-FASTXMLPARSER-7573289","issue_id":"SNYK-JS-FASTXMLPARSER-7573289","priority_score":49,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequ...

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.