Skip to content

fix: update Playwright to 1.56.1 to resolve security vulnerability #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 20, 2025
Merged

fix: update Playwright to 1.56.1 to resolve security vulnerability #89

merged 1 commit into from
Oct 20, 2025

Conversation

@jamesbhobbs
Copy link
Contributor

@jamesbhobbs jamesbhobbs commented Oct 20, 2025

Summary

Updates Playwright from 1.54.1 to 1.56.1 to fix moderate severity vulnerability GHSA-7mvr-c777-76hp, where Playwright downloads and installs browsers without verifying SSL certificate authenticity.

Changes

  • Updated playwright and playwright-core from 1.54.1 to 1.56.1 in package-lock.json
  • Fix applied via npm audit fix

Testing

  • ✅ All unit tests pass (1415 passing)
  • ✅ Lint checks pass
  • ✅ Format checks pass

Review Checklist

  • Verify version bump correctly addresses GHSA-7mvr-c777-76hp
  • Confirm no unexpected changes in package-lock.json
  • Consider running integration tests that use Playwright if available

Link to Devin run: https://app.devin.ai/sessions/cd8da455c70c4cd797da66b575182718
Requested by: James Hobbs (james@deepnote.com) @jamesbhobbs

@devin-ai-integration
fix: update Playwright to 1.56.1 to resolve security vulnerability
856bcd3 
Updated Playwright from 1.54.1 to 1.56.1 to address moderate severity
vulnerability GHSA-7mvr-c777-76hp where Playwright downloads and installs
browsers without verifying the authenticity of the SSL certificate.

Ran npm audit fix to apply the update. All tests and linting pass.
@devin-ai-integration
Copy link

devin-ai-integration bot commented Oct 20, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR that start with 'DevinAI' or '@devin'.
  • Look at CI failures and help fix them

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 20, 2025

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link

codecov bot commented Oct 20, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71%. Comparing base (9ad31d9) to head (856bcd3).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@          Coverage Diff          @@
##            main     #89   +/-   ##
=====================================
  Coverage     71%     71%           
=====================================
  Files        523     523           
  Lines      39001   39001           
  Branches    4905    4905           
=====================================
  Hits       27834   27834           
  Misses      9542    9542           
  Partials    1625    1625
🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jamesbhobbs jamesbhobbs marked this pull request as ready for review October 20, 2025 17:03
@jamesbhobbs jamesbhobbs merged commit cdae9f2 into main Oct 20, 2025
11 checks passed
@jamesbhobbs jamesbhobbs deleted the devin/1760977650-fix-playwright-vulnerability branch October 20, 2025 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

@saltenasl saltenasl Awaiting requested review from saltenasl

@Artmann Artmann Awaiting requested review from Artmann

Assignees

@jamesbhobbs jamesbhobbs

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamesbhobbs