pump.io icon indicating copy to clipboard operation
pump.io copied to clipboard
verified publisher icon pump-io

[Snyk] Upgrade jsdom from 17.0.0 to 26.1.0

Open strugee opened this issue 3 months ago • 0 comments

snyk-top-banner

Snyk has created this PR to upgrade jsdom from 17.0.0 to 26.1.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 28 versions ahead of your current version.

  • The recommended version was released 6 months ago.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

Release notes
Package name: jsdom
  • 26.1.0 - 2025-04-13
    • Added at least partial support for various SVG elements and their classes: <defs> (SVGDefsElement), <desc> (SVGDescElement), <g> (SVGGElement), <metadata> (SVGMetadataElement), <switch> (SVGSwitchElement), and <symbol> (SVGSymbolElement).
    • Added SVGAnimatedPreserveAspectRatio and SVGAnimatedRect, including support in the reflection layer.
    • Added the SVGSVGElement createSVGRect() method, and the SVGRect type (which is distinct from DOMRect.)
    • Added indexed property support to HTMLFormElement.
    • Updated the SVGElement viewportElement() method to correctly establish the viewport based on ancestor elements.
    • Removed the now-bloated form-data dependency in favor of our own smaller implementation of multipart/form-data serialization. No functional changes are expected.
    • Various performance improvements, caches, microoptimizations, and deferred object creation.
  • 26.0.0 - 2025-01-09

    Breaking change: canvas peer dependency requirement has been upgraded from v2 to v3. (sebastianwachter)

    Other changes:

    • Added AbortSignal.any(). (jdbevan)
    • Added initial support for form-associated custom elements, in particular making them labelable and supporting the ElementInternals labels property. The form-associated callbacks are not yet supported. (hesxenon)
    • Updated whatwg-url, adding support for URL.parse().
    • Updated cssstyle and rrweb-cssom, to improve CSS parsing capabilities.
    • Updated nwsapi, improving CSS selector matching.
    • Updated parse5, fixing a bug around <noframes> elements and HTML entity decoding.
    • Fixed JSDOM.fromURL() to properly reject the returned promise if the server redirects to an invalid URL, instead of causing an uncaught exception.
  • 25.0.1 - 2024-09-22
    • Updated dependencies, notably tough-cookie, which no longer prints a deprecation warning.
  • 25.0.0 - 2024-08-25

    This major release changes the prototype of a jsdom's EventTarget.prototype to point to the Object.prototype inside the jsdom, instead of pointing to the Node.js Object.prototype. Thus, the prototype chain of Window stays entirely within the jsdom, never crossing over into the Node.js realm.

    This only occurs when runScripts is set to non-default values of "dangerously" or "outside-only", as with the default value, there is no separate Object.prototype inside the jsdom.

    This will likely not impact many programs, but could cause some changes in instanceof behavior, and so out of an abundance of caution, we're releasing it as a new major version.

  • 24.1.3 - 2024-08-25
    • Fixed calls to postMessage() that were done as a bare property (i.e., postMessage() instead of window.postMessage()).
  • 24.1.2 - 2024-08-25
  • 24.1.1 - 2024-07-21
  • 24.1.0 - 2024-05-26
  • 24.0.0 - 2024-01-21
  • 23.2.0 - 2024-01-07
  • 23.1.0 - 2024-01-05
  • 23.0.1 - 2023-11-30
  • 23.0.0 - 2023-11-26
  • 22.1.0 - 2023-05-27
  • 22.0.0 - 2023-05-02
  • 21.1.2 - 2023-05-01
  • 21.1.1 - 2023-03-12
  • 21.1.0 - 2023-01-22
  • 21.0.0 - 2023-01-07
  • 20.0.3 - 2022-11-20
  • 20.0.2 - 2022-10-30
  • 20.0.1 - 2022-10-02
  • 20.0.0 - 2022-06-19
  • 19.0.0 - 2021-12-02
  • 18.1.1 - 2021-11-21
  • 18.1.0 - 2021-11-12
  • 18.0.1 - 2021-11-01
  • 18.0.0 - 2021-10-08
  • 17.0.0 - 2021-08-13
from jsdom GitHub release notes

[!IMPORTANT]

  • Warning: This PR contains a major version upgrade, and may be a breaking change.
  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

strugee avatar Oct 02 '25 10:10 strugee