build(deps): bump selenium-webdriver from 4.35.0 to 4.43.0

[dependabot]

Bumps selenium-webdriver from 4.35.0 to 4.43.0.

Release notes

Sourced from selenium-webdriver's releases.

Selenium 4.43.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

Full Changelog: SeleniumHQ/selenium@selenium-4.42.0...selenium-4.43.0

Selenium 4.42.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

• [rust][rb] Update lock files with new versions by @​cgoldberg in SeleniumHQ/selenium#17118
• [dotnet] [bidi] Unify all event arguments to be *EventArgs by @​nvborisenko in SeleniumHQ/selenium#17125
• [py] Add return type annotation to execute_script and execute_async_script by @​adamtheturtle in SeleniumHQ/selenium#17117
• [dotnet] [bidi] Expose functionality via interface by @​nvborisenko in SeleniumHQ/selenium#17127
• [dotnet] [bidi] Unregister cancelled commands by @​nvborisenko in SeleniumHQ/selenium#17129
• [dotnet] [bidi] Properly handle websocket close handshake by @​nvborisenko in SeleniumHQ/selenium#17132
• [ruby] fix linter error in ./go authors script by @​asolntsev in SeleniumHQ/selenium#17136
• [nodejs] Color Class for Javascript library by @​BckupMuthu in SeleniumHQ/selenium#16944
• [java] fix "or" condition by @​asolntsev in SeleniumHQ/selenium#17135
• [java] Improve screenshot error message by @​seethinajayadileep in SeleniumHQ/selenium#17120
• [java] fix "Don't serialize binary stream - it might be large" when using RemoteWebDriver.builder() by @​tim-burke-systemware in SeleniumHQ/selenium#17139
• [dotnet] [bidi] Wait until events are dispatched when unsubscribing by @​nvborisenko in SeleniumHQ/selenium#17142
• [dotnet] Any WebDriver can be disposed asynchronously by @​nvborisenko in SeleniumHQ/selenium#17119
• [grid] Router bypass WebSocket data path via transparent TCP tunnel by @​VietND96 in SeleniumHQ/selenium#17146
• [dotnet] [bidi] Preserve configurable options pattern by @​nvborisenko in SeleniumHQ/selenium#17144
• [rb] Use portable Ruby by @​p0deje in SeleniumHQ/selenium#16936
• [java] Guard against NPE in Platform.extractFromSysProperty by @​seethinajayadileep in SeleniumHQ/selenium#17151
• [java] Deduplicate Unicode PUA mappings in Keys; make OPTION an alias of ALT and deprecate FN by @​seethinajayadileep in SeleniumHQ/selenium#17147
• [java] remove @Nullable from return value for ExpectedConditions that never return null by @​asolntsev in SeleniumHQ/selenium#17149
• [java] Fluent setters in few classes like PrintOptions etc. by @​asolntsev in SeleniumHQ/selenium#17148
• [dotnet] [bidi] Add disposed guard by @​nvborisenko in SeleniumHQ/selenium#17161
• [java] Enhance ScriptKey.toString() and mask script content in UnpinnedScriptKey by @​seethinajayadileep in SeleniumHQ/selenium#17159
• [java] specify nullability in packages org.openqa.selenium.chrom* by @​asolntsev in SeleniumHQ/selenium#17152
• Nullability for browsers by @​asolntsev in SeleniumHQ/selenium#17167

... (truncated)

Changelog

Sourced from selenium-webdriver's changelog.

4.43.0 (2026-04-09)

• Support CDP versions: v145, v146, v147

4.42.0 (2026-04-08)

• Support CDP versions: v144, v145, v146

4.41.0 (2026-02-19)

• Support CDP versions: v143, v144, v145
• remove stored atoms these get generated by build (#16971)
• output driver logs when SE_DEBUG is enabled (#16901)
• Update lint configuration and fix rubocop offenses (#17008)
• add missing unit tests (#17025)
• [grid] Add session event API for server-side event bus integration (#17015)
• Update dependencies (#17111)

4.40.0 (2026-01-18)

• add synchronization and error handling for socket interactions (#16487)
• mark low level bidi implementation as private api (#16475)
• ensure driver process is always stopped (#15635)
• create user-friendly method for enabling bidi (#14284)
• Add force encoding to remove warnings caused by json 3.0 (#16728)
• use SE_DEBUG to enable debugging (#16816)
• ensure the grid is properly restarted in tests when there is a problem (#16842)
• wait for grid to be ready when starting server (#16896)
• check driver status endpoint rather than socket connection (#16877)
• [build] update ruby gems with bazel (#16924)

4.39.0 (2025-12-06)

• Add CDP for Chrome 143 and remove 140

4.38.0 (2025-10-24)

• Add CDP for Chrome 142 and remove 139
• Fix BiDi Network issue by removing nil values on network requests (#16442)
• Remove cruft from old CI environment (#16473)
• [bidi] remove deprecated classes for log inspector (#16474)

4.37.0 (2025-10-16)

• Add CDP for Chrome 141 and remove 138
• Update Chrome/Edge args for test environment (#16376)
• Remove prism dependency (#16437)
• Remove json version constraint (#16436)

4.36.0 (2025-09-18)

... (truncated)

Commits

• dd0f534 [build] Prepare for release of selenium-4.43.0 (#17329)
• e2d089c fix(dependencies): update selenium-webdriver to 4.43.0.nightly
• cb536ad Bumping versions to nightly
• 74c7f02 [build] Prepare for release of selenium-4.42.0 (#17322)
• fa5b814 [rb] fix Ruby tests failing because of alerts in Firefox (#17294)
• b1a7b8d [bazel] Update to Bazel 9 (#16757)
• 5c23c7d [rb] Use portable Ruby (#16936)
• e5fc4e5 [rust][rb] Update lock files with new versions (#17118)
• 6865ab3 [build] Reset versions to nightly after 4.41.0 release
• 9fc754f [build] Prepare for release of selenium-4.41.0 (#17098)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

@dependabot merge

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[codacy-production]

Pull Request Overview

This pull request contains a critical security risk and must not be merged. Although automated quality checks passed, the dependency versions introduced—specifically selenium-webdriver 4.43.0 and rubyzip 3.3.0—do not exist on the public RubyGems registry (where the current stable versions are significantly lower). This is a strong indicator of a dependency confusion attack. Furthermore, the selenium-webdriver entry in the Gemfile.lock is missing expected sub-dependencies like childprocess. Immediate investigation into the source of these updates is required.

Test suggestions

• Run existing end-to-end browser tests to verify compatibility with the new selenium-webdriver version.

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Run existing end-to-end browser tests to verify compatibility with the new selenium-webdriver version.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}

[codacy-production]

_{🔴 HIGH RISK}

The versions 4.43.0 for selenium-webdriver and 3.3.0 for rubyzip do not exist on the public RubyGems registry. Furthermore, the selenium-webdriver entry lacks core dependencies such as childprocess and websocket found in the official gem. This suggests a potential dependency confusion attack or a compromised gem source. Verify the authenticity of these versions. Try running the following prompt in your coding agent: > Verify the existence of selenium-webdriver 4.43.0 and rubyzip 3.3.0 on your configured gem sources; if they are not found, revert these changes and update to the latest official stable versions.