terminus-ui icon indicating copy to clipboard operation
terminus-ui copied to clipboard

Published 20 hours ago • verified publisher icon GetTerminus

chore(packages): update dependency jsdom to v16.5.0 [security]

Open renovate[bot] opened this issue 2 years ago • 0 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
jsdom 16.2.2 -> 16.5.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.

Release Notes

jsdom/jsdom

v16.5.0

Compare Source

  • Added window.queueMicrotask().
  • Added window.event.
  • Added inputEvent.inputType. (diegohaz)
  • Removed ondragexit from Window and friends, per a spec update.
  • Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
  • Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
  • Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
  • Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
  • Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
  • Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
  • Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
  • Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
  • Fixed xhr.response to return null for failures that occur during the middle of the download.
  • Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
  • Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
  • Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

v16.4.0

Compare Source

  • Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
  • Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
  • Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
  • Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
  • Fixed el.focus() to work on SVG elements. (zjffun)
  • Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
  • Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
  • Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
  • Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
  • Fixed the valueMissing validation check for <input type="radio">. (zjffun)
  • Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

v16.3.0

Compare Source

  • Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
  • Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
  • Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
  • Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
  • Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
  • Fixed drawing an empty canvas into another canvas. (zjffun)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar May 28 '23 09:05 renovate[bot]