Skip to content

Update dependency puppeteer to v20 #123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: trunk
Choose a base branch
from

Update dependency puppeteer to v20

5859288
Select commit
Loading
Failed to load commit list.
Open

Update dependency puppeteer to v20 #123

Update dependency puppeteer to v20
5859288
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed Nov 27, 2025 in 31m 11s

Security Report

❗️Scan Incomplete: The scan completed with partial failure. The integration encountered issues with one or more projects in this repository, preventing their scan. The errors occurred in the following package managers: php. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

You have successfully remediated 10 vulnerabilities, but introduced 8 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue Reachability
CVE-893166-217151

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

Critical 9.8 Transitive form-data-2.3.3.tgz cypress-3.1.2.tgz None
CVE-814504-1548

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ isstream-0.1.2.tgz (Vulnerable Library)

Critical 9.8 Transitive isstream-0.1.2.tgz cypress-3.1.2.tgz None
CVE-72435-185255

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> http-signature-1.3.6.tgz

         -> sshpk-1.17.0.tgz

           -> ❌ tweetnacl-0.14.5.tgz (Vulnerable Library)

Critical 9.8 Transitive tweetnacl-0.14.5.tgz cypress-3.1.2.tgz None
CVE-295712-399081

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> http-signature-1.3.6.tgz

         -> sshpk-1.17.0.tgz

           -> ❌ asn1-0.2.6.tgz (Vulnerable Library)

Critical 9.8 Transitive asn1-0.2.6.tgz cypress-3.1.2.tgz None
CVE-2025-7783

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> request-2.88.12.tgz

       -> ❌ form-data-2.3.3.tgz (Vulnerable Library)

High 8.7 Transitive form-data-2.3.3.tgz cypress-3.1.2.tgz None
CVE-2025-59343

Path to dependency file: /src/Storefront/Resources/app/storefront/package.json

Path to vulnerable library: /src/Storefront/Resources/app/storefront/package.json

Dependency Hierarchy:

-> puppeteer-20.7.3.tgz (Root Library)

   -> browsers-1.4.2.tgz

     -> ❌ tar-fs-3.0.2.tgz (Vulnerable Library)

High 7.5 Transitive tar-fs-3.0.2.tgz puppeteer-20.7.3.tgz Transitive 3.1.1 None
CVE-2025-54798

Path to dependency file: /tests/e2e/package.json

Path to vulnerable library: /tests/e2e/package.json

Dependency Hierarchy:

-> cypress-3.1.2.tgz (Root Library)

   -> cypress-12.17.4.tgz

     -> ❌ tmp-0.2.1.tgz (Vulnerable Library)

Low 2.5 Transitive tmp-0.2.1.tgz cypress-3.1.2.tgz Transitive https://github.com/raszi/node-tmp.git - no_fix None
CVE-2025-53892

Path to dependency file: /src/Administration/Resources/app/administration/package.json

Path to vulnerable library: /src/Administration/Resources/app/administration/package.json

Dependency Hierarchy:

-> ❌ vue-i18n-9.2.2.tgz (Vulnerable Library)

Low 0.0 Direct vue-i18n-9.2.2.tgz vue-i18n-9.2.2.tgz https://github.com/intlify/vue-i18n.git - no_fix None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
GHSA-8x6c-cv3v-vp6g cacheable-request-6.1.0.tgz
GHSA-6chw-6frg-f759 acorn-6.3.0.tgz
GHSA-vjh7-7g9h-fjfh elliptic-6.5.2.tgz
GHSA-7fhm-mqm4-2wp7 acorn-6.3.0.tgz
CVE-2025-50182 urllib3-2.2.3-py3-none-any.whl
GHSA-7fhm-mqm4-2wp7 minimist-1.2.0.tgz
GHSA-vjh7-7g9h-fjfh elliptic-6.5.4.tgz
CVE-2025-26862 urllib3-2.2.3-py3-none-any.whl
CVE-2025-50181 urllib3-2.2.3-py3-none-any.whl
GHSA-7fhm-mqm4-2wp7 minimist-0.0.8.tgz

Base branch total remaining vulnerabilities: 170
Base branch commit: null


Total libraries scanned: 2428

Scan token: 90407850f1a946c486619277e90eb182

View more details on Dev - Mend for GitHub.com