Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(webdriverio): update puppeteer-core #13256

Merged
merged 3 commits into from
Aug 1, 2024
Merged

fix(webdriverio): update puppeteer-core #13256

merged 3 commits into from
Aug 1, 2024

Conversation

christian-bromann
Copy link
Member

Proposed changes

There has been a vulnerability detected in ws which can be resolved by updating Puppeteer to 21.11.0. Unfortunately due to the fact that Puppeteer v22 drops support for Node.js v16 there is no way we can update to latest.

Types of changes

  • Polish (an improvement for an existing feature)
  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update (improvements to the project's docs)
  • Specification changes (updates to WebDriver command specifications)
  • Internal updates (everything related to internal scripts, governance documentation and CI files)

Checklist

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have added the necessary documentation (if appropriate)
  • I have added proper type definitions for new commands (if appropriate)

Backport Request

//: # (The current main branch is the development branch for WebdriverIO v9. If your change should be released to the current major version of WebdriverIO (v8), please raise another PR with the same changes against the v8 branch.)

  • This change is solely for v9 and doesn't need to be back-ported
  • Back-ported PR at #XXXXX

Further comments

n/a

Reviewers: @webdriverio/project-committers

@christian-bromann christian-bromann added the PR: Bug Fix 🐛 PRs that contain bug fixes label Aug 1, 2024
@torokati44
Copy link

Yay, finally!

@christian-bromann christian-bromann merged commit ffaf19e into v8 Aug 1, 2024
8 checks passed
@christian-bromann christian-bromann deleted the cb/puppeteer-update branch August 1, 2024 21:47
@torokati44
Copy link

Unfortunately, only puppeteer-core version 22.11.2 updated to a ws version that makes Dependabot stop complaining:
https://github.com/puppeteer/puppeteer/releases/tag/puppeteer-core-v22.11.2

@torokati44
Copy link

Okay, sorry, I was a bit confused. I glanced over the fact that this is still only a bump to major version 21, not 22. (Like you mentioned in Proposed changes...)

@torokati44
Copy link

Anyway, this still holds:

There has been a vulnerability detected in ws which can be resolved by updating Puppeteer to 21.11.0.

Um... how exactly? According to npm audit:

  puppeteer-core  11.0.0 - 22.11.1
  Depends on vulnerable versions of ws

@alex742 alex742 mentioned this pull request Sep 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
PR: Bug Fix 🐛 PRs that contain bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@christian-bromann @torokati44