[Snyk] Fix for 6 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • aws-node-puppeteer/package.json
  • aws-node-puppeteer/package-lock.json
  • aws-node-puppeteer/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Command Injection SNYK-JS-CHROMELAUNCHER-537575	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	869/1000 Why? Mature exploit, Has a fix available, CVSS 8.8	Use After Free SNYK-JS-PUPPETEER-174321	No	Mature

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chrome-launcher

The new version differs by 50 commits.

• d703582 v0.13.2
• 7c1ea54 deps: bump to [email protected] ([Snyk] Security upgrade aws-sdk from 2.467.0 to 2.814.0 #187)
• 2ae5591 fix: sanitize environment variables used in RegExp ([Snyk] Security upgrade js-yaml from 3.13.0 to 3.13.1 #197)
• 9aa64d6 add prepublish script ([Snyk] Security upgrade @nestjs/common from 5.5.0 to 8.0.7 #193)
• 2289dcd update changelog
• d4d8221 v0.13.1
• bf2957a deps: update various dependencies ([Snyk] Fix for 1 vulnerabilities #192)
• c4c72c6 v0.13.0
• 13fbc0f changelog for 0.13.0
• 83da1e4 feat: add killAll function ([Snyk] Security upgrade react-scripts from 2.1.8 to 5.0.0 #186)
• b8c89f8 flags: disable the default browser check ([Snyk] Security upgrade postmark from 1.6.1 to 2.0.0 #181) ([Snyk] Fix for 13 vulnerabilities #182)
• 6112555 fix: log taskkill error based on logging opts ([Snyk] Security upgrade @line/bot-sdk from 6.8.4 to 7.5.2 #178) ([Snyk] Security upgrade node-fetch from 2.2.1 to 2.6.7 #179)
• 7c935ef docs: add missing quote in README.md example ([Snyk] Security upgrade mailparser from 2.8.1 to 3.3.0 #180)
• 2e829c7 Skip --disable-setuid-sandbox flag when ignoreDefaultFlags = true ([Snyk] Security upgrade mongoose from 4.13.21 to 6.4.6 #171)
• 1f0f9be add changelog for 0.12.0
• 82af0f4 v0.12.0
• 66a5e22 flags: add new --disable flags to reduce noise and disable backg… ([Snyk] Security upgrade react-scripts from 2.1.8 to 3.1.0 #170)
• c4890ee feat: expose public interface for locating Chrome installations ([Snyk] Security upgrade serverless-google-cloudfunctions from 2.4.3 to 3.1.0 #177)
• a5ccaa4 deps: update assorted dependencies ([Snyk] Security upgrade twilio from 2.11.1 to 3.41.0 #175)
• e67a10d --disable-translation is now --disable-features=TranslateUI ([Snyk] Security upgrade twilio from 2.11.1 to 3.17.1 #167)
• d39af59 v0.11.2
• 8a017ba misc: update changelog for v0.11.2
• 574aceb misc: minor type improvements
• 1928187 fix: prevent mutation of default flags ([Snyk] Security upgrade sharp from 0.21.3 to 0.29.3 #162)

See the full diff

Package name: puppeteer

The new version differs by 173 commits.

• 77a9694 chore: mark version v1.13.0 (#4114)
• ba5f94d test: disable flaky cookies test (#4112)
• 02b2451 fix: check if async error has a stack (#4017)
• 9db09fe test: add test to validate redirecting in request.respond (#4106)
• c68df32 test: add failing test for bad request interception (#4108)
• 02859c3 feat(chromium): roll Chromium to r637110 (#4099)
• bc28f3b fix(firefox): fix executablePath() on OSX (#4105)
• c9f6a3d chore(firefox): bump version to v0.5.0 (#4089)
• a6d8ecc fix(firefox): keyboard tests (#4082)
• e8a4963 test: cleanup tests (#4078)
• dae998e fix(firefox): enable domains in a proper order (#4077)
• 9ef23b1 feat(firefox): implement cookies api (#4076)
• 03d06f5 feat(firefox): page.accessibility.snapshot() (#4071)
• f21486f feat(firefox): implement Page.touchscreen (#4070)
• 3541b89 test: split out all chromium-specific tests into chromiumonly.spec.js (#4068)
• 77a4ea5 test: split out fixture tests and make them work with FF (#4067)
• d04a8d5 refactor(firefox): split out DOMWorld (#4066)
• 4ecbd91 refactor(firefox): migrate onto ExecutionContext events (#4064)
• 56dafd7 feat: support Response.buffer(), Response.json() and Response.text() (#4063)
• 3bea5d6 feat(firefox): implement browserContext.overridePermissions (#4060)
• f1a14fe feat(firefox): support elementHandle.uploadFile (#4058)
• 1315dc8 feat(firefox): support Page.emualteMedia (#4056)
• 5c81836 feat(firefox): implement page.exposeFunction (#4052)
• 7d39aca test: split out test for "text" option of ElementHandle.press (#4051)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	626/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.1	Man-in-the-Middle (MitM) SNYK-JS-HTTPSPROXYAGENT-469131	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn