Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency puppeteer to v1 [SECURITY] #35

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Oct 29, 2020

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
puppeteer 0.13.0 -> 1.13.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2019-5786

Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.

Recommendation

Upgrade to version 1.13.0 or later.


Release Notes

puppeteer/puppeteer

v1.13.0

Compare Source

Big Changes

  • Chromium 74.0.3723.0 (r637110)

API Changes

No API changes.

Bug Fixes

  • #​3762 - uploadFile in puppeteer-firefox
  • #​3889 - firefox: merge Puppeteer-Firefox tests with Puppeteer tests
  • #​4011 - Page.Content freezes without error after running 101 times
  • #​4102 - Firefox macOS installation fails

Raw Notes

ba5f94d - test: disable flaky cookies test (#​4112)
02b2451 - fix: check if async error has a stack (#​4017)
9db09fe - test: add test to validate redirecting in request.respond (#​4106)
c68df32 - test: add failing test for bad request interception (#​4108)
02859c3 - feat(chromium): roll Chromium to r637110 (#​4099)
bc28f3b - fix(firefox): fix executablePath() on OSX (#​4105)
c9f6a3d - chore(firefox): bump version to v0.5.0 (#​4089)
a6d8ecc - fix(firefox): keyboard tests (#​4082)
e8a4963 - test: cleanup tests (#​4078)
dae998e - fix(firefox): enable domains in a proper order (#​4077)
9ef23b1 - feat(firefox): implement cookies api (#​4076)
03d06f5 - feat(firefox): page.accessibility.snapshot() (#​4071)
f21486f - feat(firefox): implement Page.touchscreen (#​4070)
3541b89 - test: split out all chromium-specific tests into chromiumonly.spec.js (#​4068)
77a4ea5 - test: split out fixture tests and make them work with FF (#​4067)
d04a8d5 - refactor(firefox): split out DOMWorld (#​4066)
4ecbd91 - refactor(firefox): migrate onto ExecutionContext events (#​4064)
56dafd7 - feat: support Response.buffer(), Response.json() and Response.text() (#​4063)
3bea5d6 - feat(firefox): implement browserContext.overridePermissions (#​4060)
f1a14fe - feat(firefox): support elementHandle.uploadFile (#​4058)
1315dc8 - feat(firefox): support Page.emualteMedia (#​4056)
5c81836 - feat(firefox): implement page.exposeFunction (#​4052)
7d39aca - test: split out test for "text" option of ElementHandle.press (#​4051)
ed984ac - chore(firefox): kill original puppeteer-firefox tests (#​4047)
fbf91cc - test(firefox): move AX tests to Chrome-only (#​4042)
a0fd2ce - fix(firefox): enable more tests (#​4037)
03c542a - feat(firefox): implement missing launcher options (#​4036)
719ee5a - feat(firefox): support page.setExtraHTTPHeaders (#​4035)
c118b20 - feat(firefox): basic request interception support (#​4034)
3b18092 - refactor(firefox): migrate onto Juggler flatten protocol (#​4033)
4a4793a - feat(firefox): support Browser.target() (#​4028)
ea482c4 - fix(firefox): properly cleanup networkmanager (#​4024)
9782f9c - fix(firefox): add test to make sure remote browser can be closed (#​4023)
c35821a - feat(firefox): switch over to WebSocket and support multiclient (#​4022)
e0d4a5d - fix(firefox): track frame detachment in navigation watchdog (#​4008)
247733b - fix(firefox): enable more firefox tests (#​4007)
e8f044c - fix(firefox): enable a bunch of evaluation tests (#​4006)
6350cf0 - fix(firefox): report more console messages (including warnings) (#​4005)
0b40d04 - feat(firefox): support running beforeunload hooks when closing (#​4003)
e3b76b2 - feat(firefox): support consoleMessage.location() (#​4002)
2275c3c - fix(firefox): properly round clip when doing element screenshots (#​4001)
670d758 - feat(firefox): support "referer" option in Page.goto (#​4000)
fbf3643 - feat(firefox): support Request.postData (#​3999)
13224a7 - feat(firefox): support Response.securityDetails() (#​3997)
57e7f12 - test: split out tests for security details (#​3996)
31ae1d6 - feat(firefox) support Request.headers() & Response.headers() (#​3993)
89d0f1e - feat(firefox): implement frame.goto / frame.waitForNavigation (#​3992)
f0fba56 - test: split out Response.fromCache/fromServiceWorker (#​3990)
1890dc0 - feat(firefox): Page.waitForRequest/Page.waitForResponse (#​3989)
afb9355 - feat(firefox): basic support for Network (#​3988)
fb9d404 - test(mouse): add failing for test for mobile + cross process navigation (#​3951)
63ea805 - feat(chromium): roll Chromium to r630727 (#​3985)
b82cc15 - feat(firefox): support Page.setJavascriptEnabled (#​3970)
edb6f62 - feat(firefox): support page.setDefaultNavigationTimeout (#​3969)
fc18a79 - feat(firefox): support Page.setUserAgent method (#​3968)
1ce578b - chore(test): remove the server.EMPTY_PAGE2 asset (#​3967)
cfefd61 - feat(firefox): support target.opener() and page.on('popup') (#​3966)
0cf6ab6 - feat(firefox): support page.browserContext() (#​3965)
c64e02e - refactor(firefox): introduce FrameManager (#​3964)
2a7ed1a - fix(firefox): add ExecutionContext to api (#​3963)
a987535 - feat(firefox): implement execution contexts (#​3962)
5696096 - chore(testrunner): newline for toEqual matcher (#​3959)
0bb657c - chore(test): remove --firefox-status flag from tests (#​3956)
07b43ff - chore: remove Juggler from Puppeteer repository (#​3954)
72c0047 - refactor(firefox): introduce /lib/Events (#​3949)
6b18e8c - feat(firefox): introduce async stacks for Puppeteer-Firefox (#​3948)
9216056 - fix(testrunner): fix bad test counter (#​3947)
addd7f4 - chore(testrunner): introduce verbose mode (#​3946)
c33be4c - refactor(firefox): split out JSHandle into a separate file (#​3945)
76eecde - chore(test): remove stray console.log (#​3943)
609e763 - test(firefox): enable screenshot tests for Firefox (#​3942)
49e8704 - test(firefox): enable more tests on Puppeteer-Firefox (#​3937)
9679279 - chore(ci): enable firefox on travis (#​3935)
a762dbe - chore(ci): add Puppeteer-Firefox to CI (#​3932)
6887ad8 - chore: further unify Puppeteer-Firefox tests with Puppeteer (#​3931)
c3b6619 - chore(firefox): readme link to isready site (#​3930)
14fb3e3 - chore(firefox): mark all Puppeteer tests that are failing on FF (#​3924)
86783c2 - chore(firefox): run all tests without "UnhandledPromiseRejection" error (#​3922)
bc71e92 - chore(testrunner): nicer colors for test reporter (#​3921)
1676f99 - chore(firefox): move sources from //lib/firefox to //lib (#​3920)
a210dd7 - chore(testrunner): show 5 slowest tests on CI (#​3919)
00bcecb - chore: increase test timeout to 20 seconds on Appveyour (#​3918)
28087c2 - feat(firefox): support ElementHandle.contentFrame() (#​3917)
dd8bd6d - test(firefox): support Puppeteer-Firefox specific env variables (#​3907)
e100000 - docs(api.md): update versions (#​3916)
a760d79 - chore: bump version to v1.12.2-post (#​3915)

v1.12.2

Compare Source

Big Changes

  • Chromium 73.0.3679.0 (r624492)

API Changes

No API changes.

Bug Fixes

  • #​3880 - puppeteer stops working with some https URLs
  • #​3893 - Puppeteer are now restricted on certain websites?

Raw Notes

9a90107 - chore: mark version v1.12.2
6e1f7dc - feat(chromium): roll chromium to r624492 (#​3909)
69c434a - test(firefox): further unify Puppeteer-Firefox and Puppeteer tests (#​3894)
47fbb11 - test(firefox): add more Puppeteer-Firefox tests to Puppeteer (#​3892)
b5e53fd - test(firefox): add puppeteer-firefox unique evaluation tests (#​3891)
6bb0350 - test(firefox): introduce vendor-specific specs (#​3890)
84fe601 - chore(firefox): run Puppeteer-Firefox against Puppeteer tests (#​3888)
fd67fa7 - test(firefox): run puppeteer-firefox tests in browser contexts (#​3887)
bd34755 - feat(ppfox): implement browser contexts (#​3872)
b0e8084 - chore: bump version to v1.12.1-post (#​3886)

v1.12.1

Compare Source

Big Changes

  • Chromium 73.0.3679.0 (r624487)
  • un-ship the auto-generated 'd.ts' file since it's inferior to the @​types one.

API Changes

No API changes.

Bug Fixes

Raw Notes

a1abd6c - chore: mark version v1.12.1 (#​3885)
23b7465 - fix(types): disable shipping our own d.ts file (#​3882)
718cdf1 - chore: bump version to v1.12.0-post (#​3876)

v1.12.0

Compare Source

Big Changes

  • Chromium 73.0.3679.0 (r624487)
  • New page.setDefaultTimeout(timeout) allows controlling default timeout for all page operations.
  • Puppeteer now ships a .d.ts file for better TypeScript support. (f2c968f)

API Changes

Added:
Changed:

Bug Fixes

  • #​609 - page.waitForSelector doesn't work on baidu.com
  • #​2672 - When the target element width is zero, elementHandle.screenshot does not work.
  • #​3029 - Feature request: expose URL and line number for ConsoleMessage object
  • #​3261 - frame.evaluate freezes / hangs on detached frames.
  • #​3319 - Implement setDefaultWaitTimeout or setDefaultTimeouts
  • #​3327 - Puppeteer page.select got error: Cannot read property 'indexOf' of undefined
  • #​3537 - Feature proposal: Ability to pass browserUrl to puppeteer.connect
  • #​3562 - Better error message for TypeError: Converting circular structure to JSON
  • #​3635 - PUPPETEER_DOWNLOAD_HOST poorly named & documented
  • #​3665 - Repeated setContent is 50x slower without goto('about:blank') in between than with it
  • #​3673 - browser.close hangs with beforeunload dialog
  • #​3684 - Puppeteer does not follow javascript redirects - leads to infinite loading of page without timeout
  • #​3711 - puppeteer 1.11.0 ignore --proxy-server for localhost URLs
  • #​3723 - page.waitForFunction fails because of whitespace
  • #​3798 - Ignore intervention header when generating request hash
  • #​3812 - pptr-ff: Black screen when building FF
  • #​3858 - disable-translate flag replacement
  • #​3859 - Emulated devices have old User Agents
  • #​3865 - executionContextId is 0 when using multiples connections

Raw Notes

a545059 - chore: mark version v1.12.0
5cca7c0 - fix(types): don't report events as class members (#​3874)
3c516f2 - chore: move static constructor to the top (#​3873)
d89ec00 - fix(ppfox): check directory existance if necessary when running tests (#​3871)
a2f1e27 - fix: ignore console messages from destroyed execution contexts (#​3866)
7001042 - fix(launcher): properly disable translate UI (#​3863)
61bc51c - fix: update device descriptors (#​3862)
a064a63 - feat(page): introduce page.setDefaultTimeout (#​3854)
f2c968f - chore(types): generate our own d.ts file from api.md (#​3744)
63d9ac4 - fix(executioncontext): follow up to properly adopt element handles (#​3857)
55432f8 - fix(page): execute frame.waitFor{Selector,XPath} in secondary world (#​3856)
2061dd4 - fix(page): teach waitForSelector to return null (#​3846)
7446550 - docs(api.md): fix typo (#​3848)
62da236 - chore: introduce //lib/api.js (#​3835)
cd678fb - chore(juggler): Roll Firefox to 120450a (#​3842)
1a79955 - chore(test): prepare tests to be run with Puppeteer-Firefox (#​3833)
7585e6d - docs(api.md): expand puppeteer-core explanation (#​3830)
fb71012 - feat(page): use secondary world to drive clicks (#​3828)
89a5c39 - refactor: move to flatten protocol (#​3827)
678b8e8 - fix(page): use secondary DOMWorld to drive page.select() (#​3809)
c09835f - feat(chromium): roll Chromium to r624487 (#​3817)
9fb89e1 - test: Add test for waitForFunction with cross-process navigation (#​3826)
9fd4b67 - fix(requestinterception): filter out "intervention" header (#​3814)
c48b574 - docs(juggler/readme.md): more troubleshooting for ff on mac (#​3813)
8426102 - docs(troubleshooting): fix bundle directions (#​3808)
a9ad1c3 - docs(juggler/README.md): Add possible solution FF-Build (#​3801)
f8615c8 - feat(chromium): roll Chromium to r623082 (#​3785)
4ac00ca - refactor: split out DOMWorld from Frame (#​3780)
bea26a7 - chore(testrunner): sort workers numerically when terminating (#​3782)
489be90 - test: move tracing tests to one-per-browser (#​3781)
91c4501 - test(coverage): add failing test for skipping all debugger statements (#​3779)
4e1e2fb - fix(screenshot): round the clip dimensions (#​3778)
e574190 - feat(chromium): roll Chromium to r622871 (#​3777)
04fbbd7 - fix(network): relax request matching heuristic (#​3775)
e8bb26e - refactor: split out classes into files (#​3773)
4e9e3bc - refactor: consolidate all events in Events.js (#​3772)
71edfc7 - feat(chromium): roll Chromium to r622472 (#​3771)
9083c11 - fix(frames): make sure evaluation does not hang in detached iframes (#​3770)
02ae552 - chore(ci): another sad attempt to fix travis deployment (#​3769)
2e36b55 - docs(readme): migrate travis.org shield to travis.com (#​3767)
7daeafc - chore(ci): yet another attempt to fix travis auto-deployment (#​3768)
7fabf32 - feat(executioncontext): warn on nested js handle (#​3591)
d346cb5 - chore: cleanup puppeteer.connect({browserURL}) (#​3766)
15af75f - feat(launcher): add browserUrl option to puppeteer.connect (#​3558)
81cf579 - chore(ci): another attempt to fix travis autopublish (#​3759)
f933f59 - chore(ci): attempt to fix travis (#​3758)
96adedf - fix(screenshots): throw on 0x0 screenshots (#​3756)
29a2438 - chore(types): Upgrade TypeScript to 3.2.2 (#​3754)
c44564a - feat(docs): mention puppeteer@chrome tagged releases (#​3528)
0505c81 - test: add test for multiline waittask (#​3753)
f731973 - fix(page): page.waitForFunction should work with multiline strings (#​3727)
89fc2ad - fix(page): consoleMessage.location() should work with workers (#​3752)
0c86763 - feat(page): introduce consoleMessage.location() (#​3365)
16fc28b - test: make sure headful browser closes with beforeuload page (#​3751)
4c48b77 - chore(examples): exclude localhost from proxy bypass list (#​3742)
82bef70 - docs(troubleshooting.md): Update running on Alpine example (#​3708)
1899e79 - feat: enable Network Service by default (#​3738)
c86bc0f - feat(chromium): roll Chromium to r620317 (#​3732)
1e66d33 - docs(api.md): better documentation for PUPPETEER_DOWNLOAD_HOST (#​3669)
3d82465 - fix(page): fix repetitative setContent calls (#​3666)
8aaca4e - feat(page): introduce "Popup" event (#​3661)
c90392b - feat: introduce page.browserContext() (#​3655)
4346fa1 - feat(chromium): roll Chromium to r615489 (#​3653)
0cccc58 - fix: ignore the experimental folder for npm (#​3636)
2c4198f - docs(readme): update experimental readme
c81f03c - docs(readme): fix pptrfx readme (#​3634)
be836be - docs(pptrfx): update readme (#​3633)
b874529 - readme(pptr-firefox): adjustments (#​3632)
45ab3e0 - feat: introduce puppeteer-firefox (#​3628)
8613e87 - docs(troubleshooting.md): Update troubleshooting.md (#​3606)
cdaa604 - docs(examples): adding puppetry tool (#​3598)
68afb3c - docs(troubleshooting): Update docs about copying file for setuid sandbox (#​3608)
45c4477 - chore: bump version to v1.11.0-post (#​3613)

v1.11.0

Compare Source

Big Changes

API Changes

Changed:

Bug Fixes

  • #​728 - Page.setContent should wait for resources to be loaded
  • #​3517 - Page#setViewport required options
  • #​3549 - Functions bound with page.exposeFunction() produce unhandled promise rejections
  • #​2262 - Problem with PUPPETEER_SKIP_CHROMIUM_DOWNLOAD

Raw Notes

a0cbaf3 - chore(types): lint the api docs with typescript (#​3577)
fb5b080 - feat(chromium): roll Chromium to r609904 (#​3587)
6656519 - test: split out dialog tests (#​3586)
309cbe6 - test: split out navigation tests (#​3585)
d61916b - test: split out evaluation tests (#​3584)
e839189 - test: split input tests into keyboard, mouse and touchscreen (#​3583)
25f4f26 - test: extract clicking tests (#​3582)
a181bdd - test: split out emulation tests (#​3581)
a5b1978 - test: split out waittask tests (#​3580)
e5830d1 - test: split queryselector tests into separate file (#​3579)
aa9fb82 - test: split screenshot tests into separate file (#​3578)
a04100c - docs(troubleshooting): added link to alixaxel/chrome-aws-lambda (#​3576)
927d0f4 - feat(page): support waitUntil option for page.setContent (#​3557)
e2e43bc - fix(page): navigating 11 pages simultaneously should not throw warning (#​3560)
86e0959 - docs(api.md): mark optional arguments in signatures (#​3565)
f6bfa32 - docs(api.md): fixes #​3517 (#​3561)
d9d9996 - feat(chromium): roll Chromium to r608752 (#​3555)
03d8746 - test(accessibility): Fix duplicated test (#​3539)
95a19c7 - fix(page): dispatch errors into page (#​3550)
c185eee - feat(install): support configurations in package.json (#​3449)
766a951 - docs(troubleshooting): update on sandboxing (#​3531)
eb7bd9d - test: setup sandbox on linux (#​3530)
10a4c8c - docs(troubleshooting): modern linux sandboxing
5687343 - fix(types): fix parameters where they disagree with the api (#​3525)
27ea226 - test: fix workers test (#​3527)
d3f50ea - chore: update dependencies (#​3526)
1d671c6 - chore(bisect): properly output bisect ranges + output styling (#​3523)
576c8f8 - chore(chromium): roll Chromium to r606647 (#​3522)
6693537 - chore: add utils/bisect.js to bisect chromium revisions (#​3511)
59e7e8c - docs(api.md): update returned value description (#​3514)
79ec7a3 - fix(types): fix return types where JSDoc and api.md disagree (#​3512)
04b6ca8 - Fix dead link (#​3497)
b9f2104 - test(cookies): Remove duplicated test. (#​3492)
52a1030 - feat(chromium): roll Chromium to r604907 (#​3488)
6b65407 - test: unflake cookie test on windows (#​3489)
60a8d41 - chore: bump version to v1.10.0-post (#​3483)

v1.10.0

Compare Source

Big Changes

API Changes

Added:

Bug Fixes

Raw Notes

cffcaad - chore: mark version v1.10.0
9ba3261 - feat(accessibility): snapshot the accessibility tree (#​3470)
eca3c6b - test(cookies): cookies from headful now work in headless (#​3481)
3596c5f - fix(page.evaluate): better function serialization (#​3480)
e061007 - docs(api.md): update compatibility table
4110087 - docs(puppeteer-web): a note about running inside extension (#​3477)
8e93eab - docs(api.md): add example to override request headers (#​3475)
2a88690 - fix(launcher): add flags to improve reliability (#​3474)
3dd5c28 - fix(pipe): dispatch "disconnected" event when browser is terminated (#​3472)
9800b2c - docs(api.md): Fix missing await in extension example (#​3447)
81edbbb - fix(clicking): handle negative area results in computeQuadArea (#​3413)
fae441c - docs(troubleshooting): add workarounds for code transpilation (#​3399)
cf8c62e - docs(api.md): Fix ElementHandle example (#​3401)
d025d1f - fix(csscoverage): don't prematurely disable the CSS domain (#​3418)
a4cebd8 - feat(chromium): roll Chromium to r599821 (#​3414)
0fd3bfb - test(CSSCoverage): failing test when a stylesheet was recently added (#​3400)
a04dedc - docs(troubleshooting.md): run non-headless on CI (#​3353)
0bb462c - docs(readme): clarify SPA and SSR (#​3363)
6ac66c3 - feat: browser.waitForTarget (#​3356)
07febb6 - fix: add missing location property to some key descriptors (#​3354)
90d1fe8 - docs(api): fixed grammatical error (it's -> its) #​3352
af4209f - chore: bump version to v1.9.0-post (#​3351)

v1.9.0

Compare Source

Big Changes

API Changes

Added:

Bug Fixes

  • #​2374 - feat(browser): Run puppeteer in browser (POC)
  • #​2377 - Certificates error using puppeteer
  • #​2721 - page.goto doesn't clear internal timeout when the browser is closed
  • #​2888 - Cannot read property '_bodyLoadedPromiseFulfill' of null
  • #​2918 - Support waitForNavigation for frames
  • #​3104 - Full page screenshot fails when defaultViewport is null
  • #​3109 - Is it clear what <...Type> means in the docs?
  • #​3204 - docs: mention require('puppeteer-core')
  • #​3221 - As for puppeteer to emulate the movement of the mouse while pressing?
  • #​3232 - Add documentation and examples for iframe API.
  • #​3234 - Black render with omitBackground: true
  • #​3340 - Does --filter=SomeTest do anything when running npm run unit

Raw Notes

4abf7d1 - docs(bundling): add docs about bundling for web (#​3348)
8becb31 - test: add failing test for page.select (#​3346)
5ebfe1a - docs(contributing): remove the --filter note (#​3342)
cd54ce3 - fix(types): upgrade node types to 8.10.34 (#​3341)
c9657f8 - docs(api.md): minor grammar and consistency fixes (#​3320)
c237947 - chore(types): upgrade to TypeScript 3.1.1 (#​3331)
842fee8 - fix(page): full page screenshot when defaultViewport is null (#​3306)
e75e36b - feat(chromium): roll Chromium to r594312 (#​3310)
85aca8e - chore(testserver): prepare test server (#​3294)
9c89090 - chore(testrunner): fix readme description (#​3293)
[12e317c](https://togithub.com/


Renovate configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant