[Security] Bump puppeteer from 1.6.1 to 1.13.0

[dependabot-preview]

Bumps puppeteer from 1.6.1 to 1.13.0. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Use-After-Free in puppeteer Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.

Recommendation

Upgrade to version 1.13.0 or later.

Affected versions: < 1.13.0

Release notes

Sourced from puppeteer's releases.

v1.13.0

Big Changes

• Chromium 74.0.3723.0 (r637110)

API Changes

No API changes.

Bug Fixes

• #3762 - uploadFile in puppeteer-firefox
• #3889 - firefox: merge Puppeteer-Firefox tests with Puppeteer tests
• #4011 - Page.Content freezes without error after running 101 times
• #4102 - Firefox macOS installation fails

Raw Notes

ba5f94d - test: disable flaky cookies test (#4112) 02b2451 - fix: check if async error has a stack (#4017) 9db09fe - test: add test to validate redirecting in request.respond (#4106) c68df32 - test: add failing test for bad request interception (#4108) 02859c3 - feat(chromium): roll Chromium to r637110 (#4099) bc28f3b - fix(firefox): fix executablePath() on OSX (#4105) c9f6a3d - chore(firefox): bump version to v0.5.0 (#4089) a6d8ecc - fix(firefox): keyboard tests (#4082) e8a4963 - test: cleanup tests (#4078) dae998e - fix(firefox): enable domains in a proper order (#4077) 9ef23b1 - feat(firefox): implement cookies api (#4076) 03d06f5 - feat(firefox): page.accessibility.snapshot() (#4071) f21486f - feat(firefox): implement Page.touchscreen (#4070) 3541b89 - test: split out all chromium-specific tests into chromiumonly.spec.js (#4068) 77a4ea5 - test: split out fixture tests and make them work with FF (#4067) d04a8d5 - refactor(firefox): split out DOMWorld (#4066) 4ecbd91 - refactor(firefox): migrate onto ExecutionContext events (#4064) 56dafd7 - feat: support Response.buffer(), Response.json() and Response.text() (#4063) 3bea5d6 - feat(firefox): implement browserContext.overridePermissions (#4060) f1a14fe - feat(firefox): support elementHandle.uploadFile (#4058) 1315dc8 - feat(firefox): support Page.emualteMedia (#4056) 5c81836 - feat(firefox): implement page.exposeFunction (#4052) 7d39aca - test: split out test for "text" option of ElementHandle.press (#4051) ed984ac - chore(firefox): kill original puppeteer-firefox tests (#4047) fbf91cc - test(firefox): move AX tests to Chrome-only (#4042) a0fd2ce - fix(firefox): enable more tests (#4037) 03c542a - feat(firefox): implement missing launcher options (#4036) 719ee5a - feat(firefox): support page.setExtraHTTPHeaders (#4035) c118b20 - feat(firefox): basic request interception support (#4034) 3b18092 - refactor(firefox): migrate onto Juggler flatten protocol (#4033) 4a4793a - feat(firefox): support Browser.target() (#4028) ea482c4 - fix(firefox): properly cleanup networkmanager (#4024)

Commits

• 77a9694 chore: mark version v1.13.0 (#4114)
• ba5f94d test: disable flaky cookies test (#4112)
• 02b2451 fix: check if async error has a stack (#4017)
• 9db09fe test: add test to validate redirecting in request.respond (#4106)
• c68df32 test: add failing test for bad request interception (#4108)
• 02859c3 feat(chromium): roll Chromium to r637110 (#4099)
• bc28f3b fix(firefox): fix executablePath() on OSX (#4105)
• c9f6a3d chore(firefox): bump version to v0.5.0 (#4089)
• a6d8ecc fix(firefox): keyboard tests (#4082)
• e8a4963 test: cleanup tests (#4078)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)