chore(deps): update dependency playwright to v1.55.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
playwright (source)	1.48.2 -> 1.55.1

GitHub Vulnerability Alerts

CVE-2025-59288

Improper verification of cryptographic signature in Playwright allows an unauthorized attacker to perform spoofing over an adjacent network.

---

Release Notes

microsoft/playwright (playwright)

v1.55.1

Compare Source

Highlights

#​37479 - [Bug]: Upgrade Chromium to 140.0.7339.186.
#​37147 - [Regression]: Internal error: step id not found.
#​37146 - [Regression]: HTML reporter displays a broken chip link when there are no projects.
#​37137 - Revert "fix(a11y): track inert elements as hidden".
#​37532 - chore: do not use -k option

Browser Versions

• Chromium 140.0.7339.186
• Mozilla Firefox 141.0
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 139
• Microsoft Edge 139

v1.55.0

Compare Source

New APIs

• New Property testStepInfo.titlePath Returns the full title path starting from the test file, including test and step titles.

Codegen

• Automatic toBeVisible() assertions: Codegen can now generate automatic toBeVisible() assertions for common UI interactions. This feature can be enabled in the Codegen settings UI.

Breaking Changes

• ⚠️ Dropped support for Chromium extension manifest v2.

Miscellaneous

• Added support for Debian 13 "Trixie".

Browser Versions

• Chromium 140.0.7339.16
• Mozilla Firefox 141.0
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 139
• Microsoft Edge 139

v1.54.2

Compare Source

Highlights

#​36714 - [Regression]: Codegen is not able to launch in Administrator Terminal on Windows (ProtocolError: Protocol error)
#​36828 - [Regression]: Playwright Codegen keeps spamming with selected option
#​36810 - [Regression]: Starting Codegen with target language doesn't work anymore

Browser Versions

• Chromium 139.0.7258.5
• Mozilla Firefox 140.0.2
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 140
• Microsoft Edge 140

v1.54.1

Compare Source

Highlights

#​36650 - [Regression]: 1.54.0 breaks downloading browsers when an HTTP(S) proxy is used

Browser Versions

• Chromium 139.0.7258.5
• Mozilla Firefox 140.0.2
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 140
• Microsoft Edge 140

v1.54.0

Compare Source

Highlights

• New cookie property partitionKey in browserContext.cookies() and browserContext.addCookies(). This property allows to save and restore partitioned cookies. See CHIPS MDN article for more information. Note that browsers have different support and defaults for cookie partitioning.

• New option noSnippets to disable code snippets in the html report.

  import { defineConfig } from '@​playwright/test';
  
  export default defineConfig({
    reporter: [['html', { noSnippets: true }]]
  });

• New property location in test annotations, for example in testResult.annotations and testInfo.annotations. It shows where the annotation like test.skip or test.fixme was added.

Command Line

• New option --user-data-dir in multiple commands. You can specify the same user data dir to reuse browsing state, like authentication, between sessions.

  npx playwright codegen --user-data-dir=./user-data

• Option -gv has been removed from the npx playwright test command. Use --grep-invert instead.

• npx playwright open does not open the test recorder anymore. Use npx playwright codegen instead.

Miscellaneous

• Support for Node.js 16 has been removed.
• Support for Node.js 18 has been deprecated, and will be removed in the future.

Browser Versions

• Chromium 139.0.7258.5
• Mozilla Firefox 140.0.2
• WebKit 26.0

This version was also tested against the following stable channels:

• Google Chrome 140
• Microsoft Edge 140

v1.53.2

Compare Source

Highlights

#​36317 - [Regression]: Merging pre-1.53 blob reports loses attachments
#​36357 - [Regression (Chromium)]: CDP missing trailing slash
#​36292 - [Bug (MSEdge)]: Edge fails to launch when using msRelaunchNoCompatLayer

Browser Versions

• Chromium 138.0.7204.23
• Mozilla Firefox 139.0
• WebKit 18.5

This version was also tested against the following stable channels:

• Google Chrome 137
• Microsoft Edge 137

v1.53.1

Compare Source

Highlights

#​36339 - [Regression]: Click can fail when scrolling required
#​36307 - [Regression (Chromium)]: Under some scenarios filling a textarea doesn't fill
#​36294 - [Regression (Firefox)]: setViewportSize times out
#​36350 - [Fix]: Display HTTP method for fetch trace entries

Browser Versions

• Chromium 138.0.7204.23
• Mozilla Firefox 139.0
• WebKit 18.5

This version was also tested against the following stable channels:

• Google Chrome 137
• Microsoft Edge 137

v1.53.0

Compare Source

Trace Viewer and HTML Reporter Updates

• New Steps in Trace Viewer and HTML reporter:

• New option in 'html' reporter to set the title of a specific test run:

  import { defineConfig } from '@​playwright/test';
  
  export default defineConfig({
    reporter: [['html', { title: 'Custom test run #​1028' }]]
  });

Miscellaneous

• New option kind in testInfo.snapshotPath() controls which snapshot path template is used.

• New method locator.describe() to describe a locator. Used for trace viewer and reports.

  const button = page.getByTestId('btn-sub').describe('Subscribe button');
  await button.click();

• npx playwright install --list will now list all installed browsers, versions and locations.

Browser Versions

• Chromium 138.0.7204.4
• Mozilla Firefox 139.0
• WebKit 18.5

This version was also tested against the following stable channels:

• Google Chrome 137
• Microsoft Edge 137

v1.52.0

Compare Source

Highlights

• New method expect(locator).toContainClass() to ergonomically assert individual class names on the element.

  await expect(page.getByRole('listitem', { name: 'Ship v1.52' })).toContainClass('done');

• Aria Snapshots got two new properties: /children for strict matching and /url for links.

  await expect(locator).toMatchAriaSnapshot(`
    - list
      - /children: equal
      - listitem: Feature A
      - listitem:
        - link "Feature B":
          - /url: "https://playwright.dev"
  `);

Test Runner

• New property testProject.workers allows to specify the number of concurrent worker processes to use for a test project. The global limit of property testConfig.workers still applies.
• New testConfig.failOnFlakyTests option to fail the test run if any flaky tests are detected, similarly to --fail-on-flaky-tests. This is useful for CI/CD environments where you want to ensure that all tests are stable before deploying.
• New property testResult.annotations contains annotations for each test retry.

Miscellaneous

• New option maxRedirects in apiRequest.newContext() to control the maximum number of redirects.
• HTML reporter now supports NOT filtering via !@​my-tag or !my-file.spec.ts or !p:my-project.

Breaking Changes

• Changes to glob URL patterns in methods like page.route():
  • ? wildcard is not supported any more, it will always match question mark ? character.
  • Ranges/sets [] are not supported anymore. We recommend using regular expressions instead.
• Method route.continue() does not allow to override the Cookie header anymore. If a Cookie header is provided, it will be ignored, and the cookie will be loaded from the browser's cookie store. To set custom cookies, use browserContext.addCookies().
• macOS 13 is now deprecated and will no longer receive WebKit updates. Please upgrade to a more recent macOS version to continue benefiting from the latest WebKit improvements.

Browser Versions

• Chromium 136.0.7103.25
• Mozilla Firefox 137.0
• WebKit 18.4

This version was also tested against the following stable channels:

• Google Chrome 135
• Microsoft Edge 135

v1.51.1

Compare Source

Highlights

#​35093 - [Regression]: TimeoutOverflowWarning: 2149630.634 does not fit into a 32-bit signed integer
#​35138 - [Regression]: TypeError: Cannot read properties of undefined (reading 'expectInfo')

Browser Versions

• Chromium 134.0.6998.35
• Mozilla Firefox 135.0
• WebKit 18.4

This version was also tested against the following stable channels:

• Google Chrome 133
• Microsoft Edge 133

v1.51.0

Compare Source

StorageState for indexedDB

• New option indexedDB for browserContext.storageState() allows to save and restore IndexedDB contents. Useful when your application uses IndexedDB API to store authentication tokens, like Firebase Authentication.

  Here is an example following the authentication guide:

  // tests/auth.setup.ts
  import { test as setup, expect } from '@​playwright/test';
  import path from 'path';
  
  const authFile = path.join(__dirname, '../playwright/.auth/user.json');
  
  setup('authenticate', async ({ page }) => {
    await page.goto('/');
    // ... perform authentication steps ...
  
    // make sure to save indexedDB
    await page.context().storageState({ path: authFile, indexedDB: true });
  });

Copy prompt

New "Copy prompt" button on errors in the HTML report, trace viewer and UI mode. Click to copy a pre-filled LLM prompt that contains the error message and useful context for fixing the error.

Filter visible elements

New option visible for locator.filter() allows matching only visible elements.

// example.spec.ts
test('some test', async ({ page }) => {
  // Ignore invisible todo items.
  const todoItems = page.getByTestId('todo-item').filter({ visible: true });
  // Check there are exactly 3 visible ones.
  await expect(todoItems).toHaveCount(3);
});

Git information in HTML report

Set option testConfig.captureGitInfo to capture git information into testConfig.metadata.

// playwright.config.ts
import { defineConfig } from '@​playwright/test';

export default defineConfig({
  captureGitInfo: { commit: true, diff: true }
});

HTML report will show this information when available:

Test Step improvements

A new TestStepInfo object is now available in test steps. You can add step attachments or skip the step under some conditions.

test('some test', async ({ page, isMobile }) => {
  // Note the new "step" argument:
  await test.step('here is my step', async step => {
    step.skip(isMobile, 'not relevant on mobile layouts');

    // ...
    await step.attach('my attachment', { body: 'some text' });
    // ...
  });
});

Miscellaneous

• New option contrast for methods page.emulateMedia() and browser.newContext() allows to emulate the prefers-contrast media feature.
• New option failOnStatusCode makes all fetch requests made through the APIRequestContext throw on response codes other than 2xx and 3xx.
• Assertion expect(page).toHaveURL() now supports a predicate.

Browser Versions

• Chromium 134.0.6998.35
• Mozilla Firefox 135.0
• WebKit 18.4

This version was also tested against the following stable channels:

• Google Chrome 133
• Microsoft Edge 133

v1.50.1

Compare Source

Highlights

#​34483 - [Feature]: single aria snapshot for different engines/browsers
#​34497 - [Bug]: Firefox not handling keepalive: true fetch requests
#​34504 - [Bug]: update snapshots not creating good diffs
#​34507 - [Bug]: snapshotPathTemplate doesnt work when multiple projects
#​34462 - [Bug]: updateSnapshots "changed" throws an error

Browser Versions

• Chromium 133.0.6943.16
• Mozilla Firefox 134.0
• WebKit 18.2

This version was also tested against the following stable channels:

• Google Chrome 132
• Microsoft Edge 132

v1.50.0

Compare Source

Test runner

• New option timeout allows specifying a maximum run time for an individual test step. A timed-out step will fail the execution of the test.

  test('some test', async ({ page }) => {
    await test.step('a step', async () => {
      // This step can time out separately from the test
    }, { timeout: 1000 });
  });

• New method test.step.skip() to disable execution of a test step.

  test('some test', async ({ page }) => {
    await test.step('before running step', async () => {
      // Normal step
    });
  
    await test.step.skip('not yet ready', async () => {
      // This step is skipped
    });
  
    await test.step('after running step', async () => {
      // This step still runs even though the previous one was skipped
    });
  });

• Expanded expect(locator).toMatchAriaSnapshot() to allow storing of aria snapshots in separate YAML files.

• Added method expect(locator).toHaveAccessibleErrorMessage() to assert the Locator points to an element with a given aria errormessage.

• Option testConfig.updateSnapshots added the configuration enum changed. changed updates only the snapshots that have changed, whereas all now updates all snapshots, regardless of whether there are any differences.

• New option testConfig.updateSourceMethod defines the way source code is updated when testConfig.updateSnapshots is configured. Added overwrite and 3-way modes that write the changes into source code, on top of existing patch mode that creates a patch file.

  npx playwright test --update-snapshots=changed --update-source-method=3way

• Option testConfig.webServer added a gracefulShutdown field for specifying a process kill signal other than the default SIGKILL.

• Exposed testStep.attachments from the reporter API to allow retrieval of all attachments created by that step.

• New option pathTemplate for toHaveScreenshot and toMatchAriaSnapshot assertions in the testConfig.expect configuration.

UI updates

• Updated default HTML reporter to improve display of attachments.
• New button for picking elements to produce aria snapshots.
• Additional details (such as keys pressed) are now displayed alongside action API calls in traces.
• Display of canvas content in traces is error-prone. Display is now disabled by default, and can be enabled via the Display canvas content UI setting.
• Call and Network panels now display additional time information.

Breaking

• expect(locator).toBeEditable() and locator.isEditable() now throw if the target element is not <input>, <select>, or a number of other editable elements.
• Option testConfig.updateSnapshots now updates all snapshots when set to all, rather than only the failed/changed snapshots. Use the new enum changed to keep the old functionality of only updating the changed snapshots.

Browser Versions

• Chromium 133.0.6943.16
• Mozilla Firefox 134.0
• WebKit 18.2

This version was also tested against the following stable channels:

• Google Chrome 132
• Microsoft Edge 132

v1.49.1

Compare Source

Highlights

#​33802 - [Bug]: Codegen's Clear button doesn't work if not recording
#​33806 - [Bug]: playwright hangs while waiting for pending navigations
#​33787 - [Bug]: VSC extension isn't capturing all entered text
#​33788 - [Regression]: Double clicking the steps in trace viewer doesn't filter actions
#​33772 - [Bug]: aria_snapshot generates invalid yaml when combined with an aria-label attribut
#​33791 - [Bug]: text input with number value raises "container is not iterable" with to_match_aria_snapshot
#​33644 - [Bug]: getByRole can't find element with the accessible name from label element when aria-labelledby is not valid
#​33660 - [Regression]: Unable to open Playwright UI in Dark Mode

Browser Versions

• Chromium 131.0.6778.33
• Mozilla Firefox 132.0
• WebKit 18.2

This version was also tested against the following stable channels:

• Google Chrome 130
• Microsoft Edge 130

v1.49.0

Compare Source

Aria snapshots

New assertion expect(locator).toMatchAriaSnapshot() verifies page structure by comparing to an expected accessibility tree, represented as YAML.

await page.goto('https://playwright.dev');
await expect(page.locator('body')).toMatchAriaSnapshot(`
  - banner:
    - heading /Playwright enables reliable/ [level=1]
    - link "Get started"
    - link "Star microsoft/playwright on GitHub"
  - main:
    - img "Browsers (Chromium, Firefox, WebKit)"
    - heading "Any browser • Any platform • One API"
`);

You can generate this assertion with Test Generator and update the expected snapshot with --update-snapshots command line flag.

Learn more in the aria snapshots guide.

Test runner

• New option testConfig.tsconfig allows to specify a single tsconfig to be used for all tests.
• New method test.fail.only() to focus on a failing test.
• Options testConfig.globalSetup and testConfig.globalTeardown now support multiple setups/teardowns.
• New value 'on-first-failure' for testOptions.screenshot.
• Added "previous" and "next" buttons to the HTML report to quickly switch between test cases.
• New properties testInfoError.cause and testError.cause mirroring Error.cause.

Breaking: channels chrome, msedge and similar switch to new headless

This change affects you if you're using one of the following channels in your playwright.config.ts:

• chrome, chrome-dev, chrome-beta, or chrome-canary
• msedge, msedge-dev, msedge-beta, or msedge-canary

What do I need to do?

After updating to Playwright v1.49, run your test suite. If it still passes, you're good to go. If not, you will probably need to update your snapshots, and adapt some of your test code around PDF viewers and extensions. See issue #​33566 for more details.

Other breaking changes

• There will be no more updates for WebKit on Ubuntu 20.04 and Debian 11. We recommend updating your OS to a later version.
• Package @playwright/experimental-ct-vue2 will no longer be updated.
• Package @playwright/experimental-ct-solid will no longer be updated.

Try new Chromium headless

You can opt into the new headless mode by using 'chromium' channel. As official Chrome documentation puts it:

New Headless on the other hand is the real Chrome browser, and is thus more authentic, reliable, and offers more features. This makes it more suitable for high-accuracy end-to-end web app testing or browser extension testing.

See issue #​33566 for the list of possible breakages you could encounter and more details on Chromium headless. Please file an issue if you see any problems after opting in.

import { defineConfig, devices } from '@​playwright/test';

export default defineConfig({
  projects: [
    {
      name: 'chromium',
      use: { ...devices['Desktop Chrome'], channel: 'chromium' },
    },
  ],
});

Miscellaneous

• <canvas> elements inside a snapshot now draw a preview.
• New method tracing.group() to visually group actions in the trace.
• Playwright docker images switched from Node.js v20 to Node.js v22 LTS.

Browser Versions

• Chromium 131.0.6778.33
• Mozilla Firefox 132.0
• WebKit 18.2

This version was also tested against the following stable channels:

• Google Chrome 130
• Microsoft Edge 130

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.