Skip to content

chore(deps-dev): bump playwright from 1.40.1 to 1.60.0#747

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/develop/playwright-1.60.0
Open

chore(deps-dev): bump playwright from 1.40.1 to 1.60.0#747
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/develop/playwright-1.60.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Bumps playwright from 1.40.1 to 1.60.0.

Release notes

Sourced from playwright's releases.

v1.60.0

🌐 HAR recording on Tracing

tracing.startHar() / tracing.stopHar() expose HAR recording as a first-class tracing API, with the same content, mode and urlFilter options as recordHar. The returned Disposable makes it easy to scope a recording with await using:

await using har = await context.tracing.startHar('trace.har');
const page = await context.newPage();
await page.goto('https://playwright.dev');
// HAR is finalized when `har` goes out of scope.

🪝 Drop API

New locator.drop() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.locator('#dropzone').drop({
  files: { name: 'note.txt', mimeType: 'text/plain', buffer: Buffer.from('hello') },
});
await page.locator('#dropzone').drop({
data: {
'text/plain': 'hello world',
'text/uri-list': 'https://example.com',
},
});

🎯 Aria snapshots

🛑 test.abort()

New test.abort() aborts the currently running test from a fixture, hook, or route handler with an optional message. Use it when you have detected an unrecoverable misuse and want to fail the test right away:

test('does not publish to the shared page', async ({ page }) => {
  await page.route('**/publish', route => {
    test.abort('Tests must not publish to the shared page. Use the `clone` option.');
    return route.abort();
  });
  // ...
});

New APIs

Browser, Context and Page

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for playwright since your current version.


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): bump playwright from 1.40.1 to 1.60.0
4647df7 
Bumps [playwright](https://github.com/microsoft/playwright) from 1.40.1 to 1.60.0.
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.40.1...v1.60.0)

---
updated-dependencies:
- dependency-name: playwright
  dependency-version: 1.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the DEPENDABOT label Jun 4, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Jun 4, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​fortawesome/​react-fontawesome@​0.2.0991009250100
Added@​material-ui/​core@​4.12.39010010050100
Addedweb3modal@​1.9.08410010050100
Added@​storybook/​addon-knobs@​6.3.09910010050100
Addedeslint@​7.32.09710010050100
Addedstart-server-and-test@​1.15.59810010050100
Addedplaywright-cli@​0.180.0661005580100
Added@​types/​enzyme-adapter-react-16@​1.0.91001006380100
Added@​types/​react-copy-to-clipboard@​4.3.01001006480100
Added@​types/​cytoscape-popper@​2.0.4891006776100
Addedjest@​26.6.31001006896100
Addedcombine-reducers@​1.0.0691007475100
Added@​types/​combine-reducers@​1.0.4721007080100
Added@​types/​react-helmet@​6.1.111001007080100
Added@​types/​react-router-dom@​5.3.31001007080100
Added@​cowprotocol/​contracts@​1.3.1841001008370
Addedweb3@​1.2.994100848070
Added@​types/​flexsearch@​0.7.61001007380100
Added@​types/​react-router@​5.1.201001007380100
Added@​types/​webpack-env@​1.18.41001007480100
Added@​types/​styled-components@​5.1.301001007481100
Added@​types/​react-dom@​16.9.241001007485100
Added@​babel/​plugin-transform-runtime@​7.23.6991007595100
Added@​types/​enzyme@​3.10.181001007580100
Addedcytoscape-klay@​3.1.49410010075100
Addedcytoscape-no-overlap@​1.0.1821009675100
Addednode-cache@​5.1.210010010075100
Addednpm-run-all@​4.1.5991009875100
Addedreact-helmet@​6.1.09910010075100
Addedstyled-theming@​2.2.09810010075100
Addedbabel-plugin-transform-imports@​2.0.010010010075100
Addedenzyme@​3.11.09910010075100
Addedenzyme-to-json@​3.6.21001009875100
See 87 more rows in the dashboard

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Jun 4, 2026

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: Cross-realm object access in Webpack 5

CVE: GHSA-hc6q-2mpp-qw7j Cross-realm object access in Webpack 5 (CRITICAL)

Affected versions: >= 5.0.0 < 5.76.0

Patched version: 5.76.0

From: ?npm/@storybook/react@6.5.16npm/webpack@5.75.0

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@5.75.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

DEPENDABOT

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants