Scripts: Update puppeteer-core dependency

[jacobcassidy]

What?

Upgrades the puppeteer-core package to the latest version (23.1.0).

Why?

This PR fixes the issue with @wordpress/scripts having five high-severity vulnerabilities introduced with an older version of the puppeteer-core package.

See: #63771

How?

Removes the sub-dependencies versions with vulnerabilities.

Testing Instructions

1. In a WP theme development environment, run npm install @wordpress/scripts path webpack-remove-empty-scripts --save-dev
2. Run npm audit and you'll see a warning for 5 high-severity vulnerabilities.
3. Add the following to your package.json file:

   "overrides": {
       "puppeteer-core": "^23.1.0"
   }

4. Run npm install to update the packages.
5. The vulnerabilities are now removed.

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: jacobcassidy <jacobcassidy@git.wordpress.org>
Co-authored-by: gziolo <gziolo@git.wordpress.org>
Co-authored-by: Mamaduka <mamaduka@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[github-actions]

👋 Thanks for your first Pull Request and for helping build the future of Gutenberg and WordPress, @jacobcassidy! In case you missed it, we'd love to have you join us in our Slack community.

If you want to learn more about WordPress development in general, check out the Core Handbook full of helpful information.

[gziolo]

Thank you for opening this issue. There are some details to polish related to the packages release process. I also see some CI issues reported that need to be further investigated. It looks like the changes to the package-lock.json will require some tweaks to make it work with the monorepo.

@Mamaduka and @swissspidy – do we still use Puppeteer for e2e tests in any place in Gutenebrg or WordPress core? What's the plan with the scripts powered by Puppeteer? How can we test these changes?

[Mamaduka]

@gziolo, we do not, but it needs to be removed in a backward-compatible manner. See #60357.

[gziolo]

Thank you for the follow-up commits. It's good to go.

[jacobcassidy]

@gziolo Thanks for the instructions and follow-up.

[gziolo]

It looks like ESLint detected that puppeteer-core doesn't get installed in the top node_modules folder. To fix it, we would have to put puppeteer-core as a dev dependency in the main package.json file. Remove all changes added in this branch to the main package-lock.json file. Run npm install, and it should all be good.