[Snyk] Upgrade puppeteer from 21.4.1 to 24.7.2

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade puppeteer from 21.4.1 to 24.7.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 83 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-WS-7266574	63	Proof of Concept
	Excessive Platform Resource Consumption within a Loop SNYK-JS-BRACES-6838727	63	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	63	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	63	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	63	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	63	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	63	Proof of Concept
	Symlink Attack SNYK-JS-TARFS-9535930	63	Mature
	Denial of Service (DoS) SNYK-JS-WS-7266574	63	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	63	Proof of Concept
	Code Injection SNYK-JS-LODASH-1040724	63	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	63	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	63	Proof of Concept
	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	63	No Known Exploit
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-JSZIP-3188562	63	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	63	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	63	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	63	Proof of Concept
	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	63	No Known Exploit
	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	63	Proof of Concept
	Arbitrary Command Injection SNYK-JS-SYSTEMINFORMATION-5914637	63	No Known Exploit
	Arbitrary Code Injection SNYK-JS-SYSTEMINFORMATION-8547981	63	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	63	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	63	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-3244450	63	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	63	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-IP-7148531	63	Proof of Concept
	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	63	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-KOA-8720152	63	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	63	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-KOA-9679272	63	Proof of Concept

Release notes

Package name: puppeteer

• 24.7.2 - 2025-04-24
• 24.7.1 - 2025-04-23
• 24.7.0 - 2025-04-22
• 24.6.1 - 2025-04-09
• 24.6.0 - 2025-04-03
• 24.5.0 - 2025-04-01
• 24.4.0 - 2025-03-06
• 24.3.1 - 2025-03-03
• 24.3.0 - 2025-02-24
• 24.2.1 - 2025-02-14
• 24.2.0 - 2025-02-05
• 24.1.1 - 2025-01-23
• 24.1.0 - 2025-01-15
• 24.0.0 - 2025-01-10
• 23.11.1 - 2024-12-19
• 23.11.0 - 2024-12-18
• 23.10.4 - 2024-12-12
• 23.10.3 - 2024-12-10
• 23.10.2 - 2024-12-09
• 23.10.1 - 2024-12-04
• 23.10.0 - 2024-12-03
• 23.9.0 - 2024-11-21
• 23.8.0 - 2024-11-13
• 23.7.1 - 2024-11-07
• 23.7.0 - 2024-11-04
• 23.6.1 - 2024-10-28
• 23.6.0 - 2024-10-16
• 23.5.3 - 2024-10-11
• 23.5.2 - 2024-10-10
• 23.5.1 - 2024-10-07
• 23.5.0 - 2024-10-02
• 23.4.1 - 2024-09-25
• 23.4.0 - 2024-09-18
• 23.3.1 - 2024-09-16
• 23.3.0 - 2024-09-04
• 23.2.2 - 2024-09-03
• 23.2.1 - 2024-08-29
• 23.2.0 - 2024-08-26
• 23.1.1 - 2024-08-21
• 23.1.0 - 2024-08-14
• 23.0.2 - 2024-08-08
• 23.0.1 - 2024-08-07
• 23.0.0 - 2024-08-07
• 22.15.0 - 2024-07-31
• 22.14.0 - 2024-07-25
• 22.13.1 - 2024-07-17
• 22.13.0 - 2024-07-11
• 22.12.1 - 2024-06-26
• 22.12.0 - 2024-06-21
• 22.11.2 - 2024-06-18
• 22.11.1 - 2024-06-17
• 22.11.0 - 2024-06-12
• 22.10.1 - 2024-06-11
• 22.10.0 - 2024-05-24
• 22.9.0 - 2024-05-16
• 22.8.2 - 2024-05-15
• 22.8.1 - 2024-05-13
• 22.8.0 - 2024-05-06
• 22.7.1 - 2024-04-25
• 22.7.0 - 2024-04-23
• 22.6.5 - 2024-04-15
• 22.6.4 - 2024-04-11
• 22.6.3 - 2024-04-05
• 22.6.2 - 2024-04-02
• 22.6.1 - 2024-03-25
• 22.6.0 - 2024-03-20
• 22.5.0 - 2024-03-15
• 22.4.1 - 2024-03-08
• 22.4.0 - 2024-03-05
• 22.3.0 - 2024-02-26
• 22.2.0 - 2024-02-22
• 22.1.0 - 2024-02-17
• 22.0.0 - 2024-02-05
• 21.11.0 - 2024-02-02
• 21.10.0 - 2024-01-29
• 21.9.0 - 2024-01-24
• 21.8.0 - 2024-01-24
• 21.7.0 - 2024-01-04
• 21.6.1 - 2023-12-13
• 21.6.0 - 2023-12-06
• 21.5.2 - 2023-11-15
• 21.5.1 - 2023-11-09
• 21.5.0 - 2023-11-02
• 21.4.1 - 2023-10-24

from puppeteer GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Upgrade the Puppeteer dependency in benchmark tooling to address security vulnerabilities.

Bug Fixes:

• Resolve multiple high-severity security vulnerabilities by upgrading Puppeteer and its transitive dependencies.

Chores:

• Bump Puppeteer from 21.4.1 to 24.7.2 in bench dependencies.

[sourcery-ai]

Reviewer's Guide

Upgrades the Puppeteer dependency in the benchmarks package from v21.4.1 to v24.7.2 via a single package.json change to address multiple security vulnerabilities.

Class Diagram: Update to 'puppeteer' in devDependencies of benches/package.json

classDiagram
  class DevDependenciesBenches {
    <<JSON Object in 'benches/package.json'>>
    - puppeteer: "21.4.1"
    + puppeteer: "24.7.2"
    %% Other dependencies not shown for clarity
  }

Loading

File-Level Changes

Change	Details	Files
Bump Puppeteer dependency to v24.7.2	Changed version specifier from ^21.4.1 to ^24.7.2	benches/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.