chore(deps): bump the npm_and_yarn group across 3 directories with 5 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the / directory: electron and ws.
Bumps the npm_and_yarn group with 1 update in the /packages/playwright-core/bundles/utils directory: ws.
Bumps the npm_and_yarn group with 1 update in the /utils/flakiness-dashboard directory: @azure/identity.

Updates electron from 19.0.11 to 22.3.25

Commits

• 1c1c132 chore: cherry-pick 3fbd1dca6a4d from libvpx (#40026)
• d892c2b build: fixup autoninja (#39899)
• 6132e80 build: run on circle hosts for forks (#39865)
• a953199 build: use aks backed runners for linux builds (#39838)
• 056eacf chore: cherry-pick b2eab7500a18 from chromium (#39827)
• 5f8ef81 fix: ensure app load is limited to real asar files when appropriate (#39811)
• 4995c9e chore: cherry-pick 1 changes from Release-3-M116 (#39758)
• e29cdac build: fix depot_tools patch application (#39751)
• b58903d chore: cherry-pick 1 changes from Release-2-M116 (#39689)
• 33f9dce chore: cherry-pick 2 changes from Release-1-M116 (#39648)
• Additional commits viewable in compare view

Updates ws from 8.16.0 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Updates got from 9.6.0 to 11.8.6

Release notes

Sourced from got's releases.

v11.8.6

• Destroy request object after successful response

sindresorhus/got@v11.8.5...v11.8.6

v11.8.5

• Backport security fix sindresorhus/got@861ccd9
  • CVE-2022-33987

sindresorhus/got@v11.8.4...v11.8.5

v11.8.3

• Bump cacheable-request dependency (#1921) 9463bb6
• Fix HTTPError missing .code property (#1739) 0e167b8

sindresorhus/got@v11.8.2...v11.8.3

v11.8.2

• Make the dnsCache option lazy (#1529) 3bd245f This slightly improves Got startup performance and fixes an issue with Jest.

sindresorhus/got@v11.8.1...v11.8.2

v11.8.1

• Do not throw on custom stack traces (#1491) 4c815c3a609eb74d0eb139414d9996b4f65dc3c0

v11.8.0

• Fix for sending files with size 0 on stat (#1488) 7acd380
• beforeRetry allows stream body if different from original (#1501) 3dd2273
• Set default value for an options object (#1495) 390b145

sindresorhus/got@v11.7.0...v11.8.0

v11.7.0

Improvements

• Add pfx HTTPS option (#1364) c33df7f
• Update body after beforeRequest (#1453) e1c1844
• Don't allocate buffer twice (#1403) 7bc69d9

Fixes

• Fix a regression where body was sent after redirect 88b32ea
• Fix destructure error on promise.json() c97ce7c
• Do not ignore userinfo on a redirect to the same origin 52de13b

sindresorhus/got@v11.6.2...v11.7.0

v11.6.2

Bug fixes

... (truncated)

Commits

• 2b1482c 11.8.6
• 2d1497e Destroy request object after successful response (#2187)
• 5e17bb7 11.8.5
• bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
• 8ced192 Fix build
• 670eb04 11.8.4
• 20f29fe Backport #1543: Initialize globalResponse in case of ignored HTTPError (#2017)
• 0da732f 11.8.3
• 9463bb6 Bump cacheable-request dependency (#1921)
• 0e167b8 HTTPError code set to 'HTTPError' #1711 (#1739)
• Additional commits viewable in compare view

Updates ws from 8.4.2 to 8.17.1

Release notes

Sourced from ws's releases.

8.17.1

Bug fixes

• Fixed a DoS vulnerability (#2231).

A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server.

const http = require('http');
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 0 }, function () {
const chars = "!#$%&'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~".split('');
const headers = {};
let count = 0;
for (let i = 0; i < chars.length; i++) {
if (count === 2000) break;
for (let j = 0; j &lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';
if (++count === 2000) break;
}

}
headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';
const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});
request.end();
});

The vulnerability was reported by Ryan LaPointe in websockets/ws#2230.

In vulnerable versions of ws, the issue can be mitigated in the following ways:

1. Reduce the maximum allowed length of the request headers using the [--max-http-header-size=size][] and/or the [maxHeaderSize][] options so that no more headers than the server.maxHeadersCount limit can be sent.

... (truncated)

Commits

• 3c56601 [dist] 8.17.1
• e55e510 [security] Fix crash when the Upgrade header cannot be read (#2231)
• 6a00029 [test] Increase code coverage
• ddfe4a8 [perf] Reduce the amount of crypto.randomFillSync() calls
• b73b118 [dist] 8.17.0
• 29694a5 [test] Use the highWaterMark variable
• 934c9d6 [ci] Test on node 22
• 1817bac [ci] Do not test on node 21
• 96c9b3d [major] Flip the default value of allowSynchronousEvents (#2221)
• e5f32c7 [fix] Emit at most one event per event loop iteration (#2218)
• Additional commits viewable in compare view

Updates @azure/identity from 4.1.0 to 4.2.1

Commits

• 183d301 Upgrade to a version ESRP Release that supports federated auth (#29612)
• 9a2afdf [identity] Prep for release (#29981)
• 3caf203 [identity] Prepare identity for May release (#29441)
• 0a69729 [core] CHANGELOG date for @​azure-rest/core-client release (#29440)
• 88d244a Sync eng/common directory with azure-sdk-tools for PR 8158 (#29423)
• 7706373 [template-dpg] Suppress build failure (#29437)
• 769c1b1 [EngSys] Update name of @​azure-tools/test-utils NO_CI
• 8cd5bc2 [core] New multipart/form-data primitive in core-client-rest (#29047)
• 73b9faa [identity] Add changelog entry for MSALClient migration (#29419)
• b8e63a5 Post release automated changes for notificationhubs releases (#29431)
• Additional commits viewable in compare view

Updates @azure/msal-node from 2.7.0 to 2.9.2

Release notes

Sourced from @​azure/msal-node's releases.

@​azure/msal-node v2.9.2

2.9.2

Mon, 10 Jun 2024 22:30:36 GMT

Patches

• Fixed msal-node unit tests for PoP token support #��7119 (lalimasharda@microsoft.com)
• Implementation Based on Feature Request #7151 (rginsburg@microsoft.com)
• Bump @​azure/msal-common to v14.12.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)

@​azure/msal-node v2.9.1

2.9.1

Tue, 04 Jun 2024 00:08:57 GMT

Patches

• Bump @​azure/msal-common to v14.11.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)

@​azure/msal-node v2.9.0

2.9.0

Tue, 28 May 2024 21:37:23 GMT

Minor changes

• Added API for Managed Identity to detect the current environment #7093 (rginsburg@microsoft.com)
• Bump eslint-config-msal to v0.0.0 (beachball)

@​azure/msal-node v2.8.0

2.8.0

Mon, 06 May 2024 23:48:17 GMT

Minor changes

• Client Assertion Implementation now accepts a callback instead of a string argument (rginsburg@microsoft.com)
• Bump @​azure/msal-common to v14.10.0 (beachball)
• Bump eslint-config-msal to v0.0.0 (beachball)

Patches

• Fixed inconsistencies with cancellationToken (timeout) (rginsburg@microsoft.com)
• ClientCredential and OBO acquireToken requests with claims will now skip the cache (rginsburg@microsoft.com)
• Managed Identity: ManagedIdentityTokenResponses expires_in is now calculated correctly (rginsburg@microsoft.com)
• Removed Managed Identity Resource URI Validation (rginsburg@microsoft.com)

Commits

• 1b0fc20 Bump package versions
• 5685c8c Update lab request scope (#7155)
• 25aefea Support pop as optional for full framed apps (#7119)
• 7563498 Update package-lock (#7152)
• 3893cce Update gatsby and angular samples (#7150)
• 3ee9c68 Implementation Based on Feature Request (#7151)
• cc18b42 Remove outdated TS Sample (#7149)
• 46f6e8a Bump package versions
• 8e4b664 Fix MSAL Angular MsalInterceptor bug matching to query string (#7137)
• 69e58c3 Update regional-authorities.md (#7078)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.