[Snyk] Security upgrade puppeteer from 18.2.1 to 22.8.2

[karencapiiro]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• development/fetchLicenses/package.json
• development/fetchLicenses/package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Symlink Attack SNYK-JS-TARFS-9535930	125

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/puppeteer@18.2.1 ➜ 22.8.2	Transitive: network, unsafe	+103	28.3 MB	google-wombot

View full report↗︎

[rafikmojr]

Checkmarx One – Scan Summary & Details – 03656685-dde7-44b1-a086-3486580fd043

New Issues (334)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Second_Order_SQL_Injection	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	details The application's query method executes an SQL query with sqLiteQuery, at line 74 of /room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt.... Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	details The method set embeds untrusted data in generated output with set, at line 1652 of /compose/runtime/runtime/src/commonMain/kotlin/androidx/compose/... Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	details The method Lambda embeds untrusted data in generated output with set, at line 476 of /paging/paging-common/src/commonMain/kotlin/androidx/paging/Pa... Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	details The method Lambda embeds untrusted data in generated output with set, at line 309 of /paging/paging-common/src/commonMain/kotlin/androidx/paging/Pa... Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	details The method Lambda embeds untrusted data in generated output with set, at line 303 of /paging/paging-common/src/commonMain/kotlin/androidx/paging/Pa... Attack Vector
	Stored_XSS	/room/room-paging/src/main/java/androidx/room/paging/util/RoomPagingUtil.kt: 140	details The method Lambda embeds untrusted data in generated output with set, at line 298 of /paging/paging-common/src/commonMain/kotlin/androidx/paging/Pa... Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	details The method Lambda embeds untrusted data in generated output with set, at line 96 of /buildSrc/private/src/main/kotlin/androidx/build/resources/Reso... Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	details The method Lambda embeds untrusted data in generated output with set, at line 109 of /buildSrc/private/src/main/kotlin/androidx/build/resources/Res... Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	details The method Lambda embeds untrusted data in generated output with set, at line 141 of /buildSrc/private/src/main/kotlin/androidx/build/metalava/Meta... Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	details The method Lambda embeds untrusted data in generated output with set, at line 62 of /buildSrc/private/src/main/kotlin/androidx/build/resources/Reso... Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	details The method Lambda embeds untrusted data in generated output with set, at line 106 of /buildSrc/private/src/main/kotlin/androidx/build/metalava/Meta... Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	details The method Lambda embeds untrusted data in generated output with set, at line 90 of /buildSrc/private/src/main/kotlin/androidx/build/metalava/Metal... Attack Vector
	Stored_XSS	/buildSrc/private/src/main/kotlin/androidx/build/checkapi/ApiLocation.kt: 96	details The method Lambda embeds untrusted data in generated output with set, at line 58 of /buildSrc/private/src/main/kotlin/androidx/build/metalava/Metal... Attack Vector
	Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	details The method bindBlob embeds untrusted data in generated output with set, at line 127 of /room/room-runtime/src/main/java/androidx/room/RoomSQLiteQue... Attack Vector
	Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	details The method recursiveFetchHashMap embeds untrusted data in generated output with set, at line 48 of /room/room-runtime/src/main/java/androidx/room/u... Attack Vector
	Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	details The method recursiveFetchHashMap embeds untrusted data in generated output with set, at line 46 of /room/room-runtime/src/main/java/androidx/room/u... Attack Vector
	Stored_XSS	/room/room-runtime/src/main/java/androidx/room/util/DBUtil.kt: 74	details The method resolve embeds untrusted data in generated output with set, at line 72 of /room/room-common/src/commonMain/kotlin/androidx/room/Ambiguou... Attack Vector
	CVE-2024-37890	Npm-ws-8.17.0	details Recommended version: 8.17.1 Description: The ws is an open-source WebSocket client and server for Node.js. A request with a number of headers exceeding the "server.maxHeadersCount" thresho... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2024-4068	Npm-braces-3.0.2	details Recommended version: 3.0.3 Description: The NPM package "braces", versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2024-45296	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.12 Description: The path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be explo... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2024-45590	Npm-body-parser-1.20.1	details Recommended version: 1.20.3 Description: The body-parser is Node.js body parsing middleware. The body-parser package versions prior to 1.20.3 and 2.0.x prior to 2.0.0 are vulnerable to Den... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	CVE-2024-52798	Npm-path-to-regexp-0.1.7	details Recommended version: 0.1.12 Description: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploit... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
	Reflected_XSS	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 173	details The method Lambda embeds untrusted data in generated output with set, at line 77 of /wear/watchface/watchface-editor-guava/src/main/java/androidx/w... Attack Vector
	Reflected_XSS	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 151	details The method Lambda embeds untrusted data in generated output with set, at line 77 of /wear/watchface/watchface-editor-guava/src/main/java/androidx/w... Attack Vector
	Reflected_XSS	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149	details The method Lambda embeds untrusted data in generated output with set, at line 77 of /wear/watchface/watchface-editor-guava/src/main/java/androidx/w... Attack Vector
	Reflected_XSS	/compose/integration-tests/macrobenchmark-target/src/main/java/androidx/compose/integration/macrobenchmark/target/AndroidViewListActivity.kt: 41	details The method Lambda embeds untrusted data in generated output with set, at line 91 of /compose/foundation/foundation/src/commonMain/kotlin/androidx/c... Attack Vector
	Reflected_XSS	/compose/integration-tests/macrobenchmark-target/src/main/java/androidx/compose/integration/macrobenchmark/target/AndroidViewListActivity.kt: 41	details The method Lambda embeds untrusted data in generated output with set, at line 90 of /compose/foundation/foundation/src/commonMain/kotlin/androidx/c... Attack Vector
	Reflected_XSS	/compose/integration-tests/macrobenchmark-target/src/main/java/androidx/compose/integration/macrobenchmark/target/AndroidViewListActivity.kt: 41	details The method Lambda embeds untrusted data in generated output with set, at line 106 of /compose/foundation/foundation/src/commonMain/kotlin/androidx/... Attack Vector
	Reflected_XSS	/compose/foundation/foundation/src/commonMain/kotlin/androidx/compose/foundation/text/CoreTextField.kt: 243	details The method set embeds untrusted data in generated output with set, at line 1652 of /compose/runtime/runtime/src/commonMain/kotlin/androidx/compose/... Attack Vector
	Reflected_XSS	/compose/foundation/foundation/integration-tests/foundation-demos/src/main/java/androidx/compose/foundation/demos/text/ComposeInputFieldMinMaxLines.kt: 140	details The method set embeds untrusted data in generated output with set, at line 1652 of /compose/runtime/runtime/src/commonMain/kotlin/androidx/compose/... Attack Vector
	Reflected_XSS	/compose/foundation/foundation/src/androidInstrumentedTest/kotlin/androidx/compose/foundation/textfield/TextFieldSelectionTest.kt: 452	details The method set embeds untrusted data in generated output with set, at line 1652 of /compose/runtime/runtime/src/commonMain/kotlin/androidx/compose/... Attack Vector
	Reflected_XSS	/navigation/navigation-runtime/src/main/java/androidx/navigation/NavDeepLinkBuilder.kt: 288	details The method handleDeepLink embeds untrusted data in generated output with set, at line 1369 of /navigation/navigation-runtime/src/main/java/androidx... Attack Vector

More results are available on the CxOne platform

Fixed Issues (1734)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Buffer_Improper_Index_Access	/graphics/graphics-core/src/main/cpp/sc_test_utils.cpp: 29
	Buffer_Improper_Index_Access	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 643
	Buffer_Improper_Index_Access	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 633
	Buffer_Improper_Index_Access	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 623
	Buffer_Improper_Index_Access	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 211
	Buffer_Improper_Index_Access	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 201
	Buffer_Improper_Index_Access	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 191
	Buffer_Overflow_Unbounded_Format	/benchmark/benchmark-common/src/main/cpp/androidx_benchmark_CpuCounter.cpp: 66
	Buffer_Overflow_Unbounded_Format	/benchmark/benchmark-common/src/main/cpp/androidx_benchmark_CpuCounter.cpp: 66
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 168
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 148
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 148
	Code_Injection	/wear/watchface/watchface-editor/src/androidTest/java/androidx/wear/watchface/editor/EditorSessionTest.kt: 336
	Code_Injection	/wear/watchface/watchface-editor/src/androidTest/java/androidx/wear/watchface/editor/EditorSessionTest.kt: 336
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 149
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 164
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 164
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 164
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 164
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 151
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 151
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 151
	Code_Injection	/wear/watchface/watchface-editor/src/main/java/androidx/wear/watchface/editor/WatchFaceEditorContract.kt: 151
	Command_Injection	/development/project-creator/create_project.py: 249
	Command_Injection	/development/project-creator/create_project.py: 242
	Command_Injection	/development/project-creator/create_project.py: 224
	Command_Injection	/development/project-creator/create_project.py: 209
	Command_Injection	/development/auto-version-updater/update_versions_for_release.py: 77
	Command_Injection	/development/update_tracing_perfetto.py: 188
	Command_Injection	/development/file-utils/diff-filterer.py: 970
	Command_Injection	/development/update_library_versions.py: 59
	Command_Injection	/appsearch/exportToFramework.py: 376
	Command_Injection	/appsearch/exportToFramework.py: 377
	Command_Injection	/development/update_tracing_perfetto.py: 188
	Command_Injection	/development/update_tracing_perfetto.py: 188
	Command_Injection	/development/project-creator/create_project.py: 663
	Cx89601373-08db	Npm-debug-2.6.9
	Cx89601373-08db	Npm-debug-3.2.7
	Cxab55612e-3a56	Npm-braces-3.0.2
	Cxca84a1c2-1f12	Npm-micromatch-4.0.5
	Cxf6e7f2c1-dc59	Npm-yauzl-2.10.0
	OS_Access_Violation	/development/file-utils/diff-filterer.py: 970
	OS_Access_Violation	/development/copy_screenshots_to_golden_repo.py: 22
	OS_Access_Violation	/development/simplify-build-failure/impl/explode.py: 211
	OS_Access_Violation	/development/simplify-build-failure/impl/explode.py: 211
	OS_Access_Violation	/appsearch/exportToFramework.py: 377
	OS_Access_Violation	/development/project-creator/create_project.py: 663
	OS_Access_Violation	/development/project-creator/create_project.py: 663
	OS_Access_Violation	/development/offlinifyDocs/offlinify_dackka_docs.py: 31
	OS_Access_Violation	/development/offlinifyDocs/offlinify_dackka_docs.py: 72
	OS_Access_Violation	/development/project-creator/create_project.py: 663
	OS_Access_Violation	/development/project-creator/create_project.py: 663
	OS_Access_Violation	/development/simplify-build-failure/impl/explode.py: 211
	OS_Access_Violation	/development/simplify-build-failure/impl/explode.py: 211
	Off_by_One_Error	/graphics/graphics-core/src/main/cpp/sc_test_utils.cpp: 29
	Off_by_One_Error	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 643
	Off_by_One_Error	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 633
	Off_by_One_Error	/camera/camera-core/src/main/cpp/image_processing_util_jni.cc: 623

More results are available on the CxOne platform