npm: bump puppeteer from 13.7.0 to 20.7.3

[dependabot]

Bumps puppeteer from 13.7.0 to 20.7.3.

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v20.7.3

20.7.3 (2023-06-20)

Bug Fixes

• add parenthesis to JS values in interpolateFunction (#10426) (fbdcc0d)
• added clipboard permission that was not exposed (#10119) (c06e15f)
• include src into published package (#10415) (d1ffad0)
• WaitForNetworkIdle and Deferred.race (#10411) (138cc5c)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 1.4.1 to 1.4.2

puppeteer: v20.7.3

20.7.3 (2023-06-20)

Bug Fixes

• include src into published package (#10415) (d1ffad0)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 20.7.2 to 20.7.3
    • @​puppeteer/browsers bumped from 1.4.1 to 1.4.2

puppeteer-core: v20.7.2

20.7.2 (2023-06-16)

Bug Fixes

• roll to Chrome 114.0.5735.133 (r1135570) (#10384) (9311558)

puppeteer: v20.7.2

20.7.2 (2023-06-16)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

... (truncated)

Commits

• 3b09e95 chore: release main (#10412)
• fbdcc0d fix: add parenthesis to JS values in interpolateFunction (#10426)
• c16a4a7 ci: check number of tests (#10423)
• 0556799 chore: fix error in Connection for Firefox (#10422)
• 3ba7fba chore: implement Bidi keyboard (#10417)
• 769dd59 chore: enable locator tests (#10416)
• d1ffad0 fix: include src into published package (#10415)
• 4f6b0d4 chore: implement Webdriver BiDi mouse and touchscreen (#10402)
• 4b49212 chore(deps): Bump tar-fs from 2.1.1 to 3.0.2 (#10410)
• 6a16f51 chore(deps): Bump github/codeql-action from 2.3.6 to 2.20.0 (#10409)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by google-wombot, a new releaser for puppeteer since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: npm, dependencies.

[changelogg]

Hey! Changelogs info seems to be missing or might be in incorrect format.
Please use the below template in PR description to ensure Changelogg can detect your changes:
- (tag) changelog_text
or
- tag: changelog_text
OR
You can add tag in PR header or while doing a commit too
(tag) PR header
or
tag: PR header
Valid tags: added / feat, changed, deprecated, fixed / fix, removed, security, build, ci, chore, docs, perf, refactor, revert, style, test
Thanks!
For more info, check out changelogg docs

[viezly]

Pull request by bot. No need to analyze

[ghost]

👇 Click on the image for a new way to code review

Legend

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Install scripts	puppeteer	20.7.3	Install script: postinstall Source: node install.js	packages/changelog/package.json via jest-puppeteer@6.2.0, packages/contributors-view/package.json
Network access	basic-ftp	5.0.3	Module: tls Location: dist/Client.js	packages/changelog/package.json via jest-puppeteer@6.2.0, puppeteer@20.7.3, packages/contributors-view/package.json via puppeteer@20.7.3
Network access	puppeteer-core	20.7.3	Module: globalThis["fetch"] Location: lib/cjs/puppeteer/common/BrowserConnector.js	packages/changelog/package.json via jest-puppeteer@6.2.0, puppeteer@20.7.3, packages/contributors-view/package.json via puppeteer@20.7.3
Network access	@puppeteer/browsers	1.4.2	Module: https Location: lib/cjs/httpUtil.js	packages/changelog/package.json via jest-puppeteer@6.2.0, puppeteer@20.7.3, packages/contributors-view/package.json via puppeteer@20.7.3
Network access	agent-base	7.1.0	Module: https Location: dist/helpers.js	packages/changelog/package.json via jest@27.5.1, jest-extended@2.1.0, jest-extended-snapshot@1.1.5, jest-html@1.5.0, jest-image-snapshot@5.2.0, jest-puppeteer@6.2.0, jest-watch-typeahead@1.1.0, puppeteer@20.7.3, ts-jest@27.1.5, packages/contributors-view/package.json via jest@27.5.1, jest-extended@2.1.0, jest-extended-snapshot@1.1.5, jest-html@1.5.0, jest-watch-typeahead@1.1.0, puppeteer@20.7.3, ts-jest@27.1.5
Network access	proxy-agent	6.2.1	Module: https Location: ./dist/index.js	packages/changelog/package.json via jest-puppeteer@6.2.0, puppeteer@20.7.3, packages/contributors-view/package.json via puppeteer@20.7.3
Network access	socks-proxy-agent	8.0.1	Module: net Location: ./dist/index.js	packages/changelog/package.json via jest-puppeteer@6.2.0, puppeteer@20.7.3, packages/contributors-view/package.json via puppeteer@20.7.3

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is network access?

This module accesses the network.

Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore puppeteer@20.7.3
• @SocketSecurity ignore basic-ftp@5.0.3
• @SocketSecurity ignore puppeteer-core@20.7.3
• @SocketSecurity ignore @puppeteer/browsers@1.4.2
• @SocketSecurity ignore agent-base@7.1.0
• @SocketSecurity ignore proxy-agent@6.2.1
• @SocketSecurity ignore socks-proxy-agent@8.0.1

[socket-security]

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages		Version	New capabilities	Transitives1	Size	Publisher
puppeteer	⬆️	13.7.0...20.7.3, 15.5.0...20.7.3	shell	+46/-6	22.4 MB	google-wombot

Footnotes

1. https://docs.socket.dev ↩

[dependabot]

Superseded by #3259.