[Security] Bump puppeteer from 0.9.0 to 1.13.0

[dependabot-preview]

Bumps puppeteer from 0.9.0 to 1.13.0.

Release notes

Sourced from puppeteer's releases.

v1.13.0

Big Changes

• Chromium 74.0.3723.0 (r637110)

API Changes

No API changes.

Bug Fixes

• #3762 - uploadFile in puppeteer-firefox
• #3889 - firefox: merge Puppeteer-Firefox tests with Puppeteer tests
• #4011 - Page.Content freezes without error after running 101 times
• #4102 - Firefox macOS installation fails

Raw Notes

ba5f94d - test: disable flaky cookies test (#4112)
02b2451 - fix: check if async error has a stack (#4017)
9db09fe - test: add test to validate redirecting in request.respond (#4106)
c68df32 - test: add failing test for bad request interception (#4108)
02859c3 - feat(chromium): roll Chromium to r637110 (#4099)
bc28f3b - fix(firefox): fix executablePath() on OSX (#4105)
c9f6a3d - chore(firefox): bump version to v0.5.0 (#4089)
a6d8ecc - fix(firefox): keyboard tests (#4082)
e8a4963 - test: cleanup tests (#4078)
dae998e - fix(firefox): enable domains in a proper order (#4077)
9ef23b1 - feat(firefox): implement cookies api (#4076)
03d06f5 - feat(firefox): page.accessibility.snapshot() (#4071)
f21486f - feat(firefox): implement Page.touchscreen (#4070)
3541b89 - test: split out all chromium-specific tests into chromiumonly.spec.js (#4068)
77a4ea5 - test: split out fixture tests and make them work with FF (#4067)
d04a8d5 - refactor(firefox): split out DOMWorld (#4066)
4ecbd91 - refactor(firefox): migrate onto ExecutionContext events (#4064)
56dafd7 - feat: support Response.buffer(), Response.json() and Response.text() (#4063)
3bea5d6 - feat(firefox): implement browserContext.overridePermissions (#4060)
f1a14fe - feat(firefox): support elementHandle.uploadFile (#4058)
1315dc8 - feat(firefox): support Page.emualteMedia (#4056)
5c81836 - feat(firefox): implement page.exposeFunction (#4052)
7d39aca - test: split out test for "text" option of ElementHandle.press (#4051)
ed984ac - chore(firefox): kill original puppeteer-firefox tests (#4047)
fbf91cc - test(firefox): move AX tests to Chrome-only (#4042)
a0fd2ce - fix(firefox): enable more tests (#4037)
03c542a - feat(firefox): implement missing launcher options (#4036)
719ee5a - feat(firefox): support page.setExtraHTTPHeaders (#4035)
c118b20 - feat(firefox): basic request interception support (#4034)
3b18092 - refactor(firefox): migrate onto Juggler flatten protocol (#4033)
4a4793a - feat(firefox): support Browser.target() (#4028)
ea482c4 - fix(firefox): properly cleanup networkmanager (#4024)

... (truncated)

Commits

• 77a9694 chore: mark version v1.13.0 (#4114)
• ba5f94d test: disable flaky cookies test (#4112)
• 02b2451 fix: check if async error has a stack (#4017)
• 9db09fe test: add test to validate redirecting in request.respond (#4106)
• c68df32 test: add failing test for bad request interception (#4108)
• 02859c3 feat(chromium): roll Chromium to r637110 (#4099)
• bc28f3b fix(firefox): fix executablePath() on OSX (#4105)
• c9f6a3d chore(firefox): bump version to v0.5.0 (#4089)
• a6d8ecc fix(firefox): keyboard tests (#4082)
• e8a4963 test: cleanup tests (#4078)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

[dependabot-preview]

We've just been alerted that this update fixes a security vulnerability:

Sourced from The GitHub Security Advisory Database.

Use-After-Free in puppeteer
Versions of puppeteer prior to 1.13.0 are vulnerable to the Use-After-Free vulnerability in Chromium (CVE-2019-5786). The Chromium FileReader API is vulnerable to Use-After-Free which may lead to Remote Code Execution.

Recommendation

Upgrade to version 1.13.0 or later.

Affected versions: ["< 1.13.0"]