[Snyk] Security upgrade puppeteer from 22.15.0 to 24.15.0

[sestinj]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• core/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-JSYAML-13961110	631

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

---

Summary by cubic

Upgrade puppeteer to ^24.15.0 to fix a Prototype Pollution vulnerability (SNYK-JS-JSYAML-13961110) and keep browser tooling secure.

• Dependencies

  • core/package.json: puppeteer ^22.x -> ^24.15.0

• Migration

  • Verify Node version meets Puppeteer 24 requirements and run browser/E2E tests.
  • Check for any deprecated launch options or API changes in your usage.

^{Written for commit e3bb443. Summary will update automatically on new commits.}

[github-actions]

⚠️ PR Title Format

Your PR title doesn't follow the conventional commit format, but this won't block your PR from being merged. We recommend using this format for better project organization.

Expected Format:

<type>[optional scope]: <description>

Examples:

• feat: add changelog generation support
• fix: resolve login redirect issue
• docs: update README with new instructions
• chore: update dependencies

Valid Types:

feat, fix, docs, style, refactor, perf, test, build, ci, chore, revert

This helps with:

• 📝 Automatic changelog generation
• 🚀 Automated semantic versioning
• 📊 Better project history tracking

This is a non-blocking warning - your PR can still be merged without fixing this.

[github-actions]

✅ Review Complete

Code Review Summary

⚠️ Continue configuration error. Please verify that the assistant exists in Continue Hub.

---

[cubic-dev-ai]

1 issue found across 1 file

Prompt for AI agents (all 1 issues)

Understand the root cause of the following 1 issues and fix them.


<file name="core/package.json">

<violation number="1" location="core/package.json:112">
Updating package.json to ^24.15.0 without regenerating core/package-lock.json leaves puppeteer pinned to 22.15.0, so installs keep the vulnerable version. Please update the lockfile alongside this change so the new release is actually used.</violation>
</file>

_{Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR}

[cubic-dev-ai]

Updating package.json to ^24.15.0 without regenerating core/package-lock.json leaves puppeteer pinned to 22.15.0, so installs keep the vulnerable version. Please update the lockfile alongside this change so the new release is actually used.

Prompt for AI agents

Address the following comment on core/package.json at line 112:

<comment>Updating package.json to ^24.15.0 without regenerating core/package-lock.json leaves puppeteer pinned to 22.15.0, so installs keep the vulnerable version. Please update the lockfile alongside this change so the new release is actually used.</comment>

<file context>
@@ -109,7 +109,7 @@
     &quot;plist&quot;: &quot;^3.1.0&quot;,
     &quot;posthog-node&quot;: &quot;^3.6.3&quot;,
-    &quot;puppeteer&quot;: &quot;^22.4.0&quot;,
+    &quot;puppeteer&quot;: &quot;^24.15.0&quot;,
     &quot;puppeteer-chromium-resolver&quot;: &quot;^23.0.0&quot;,
     &quot;quick-lru&quot;: &quot;^7.0.0&quot;,
</file context>