javascript-cheatsheet chore(deps): update dependency happy-dom to v15 [security]

chore(deps): update dependency happy-dom to v15 [security]

Open renovate[bot] opened this issue 1 year ago • 1 comments

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
happy-dom	`^14.12.3` -> `^15.0.0`

GitHub Vulnerability Alerts

CVE-2024-51757

Impact

Consumers of the NPM package happy-dom

Patches

The security vulnerability has been patched in v15.10.2

Workarounds

No easy workarounds to my knowledge

References

#1585

Release Notes

capricorn86/happy-dom (happy-dom)

`v15.10.2`

Compare Source

:construction_worker_man: Patch fixes

Fixes a security vulnerability that allowed for server side code to be executed by a <script> tag - By @capricorn86 in task #1585
- There was a case that was missed with the first patch

`v15.10.1`

Compare Source

:construction_worker_man: Patch fixes

Fixes a security vulnerability that allowed for server side code to be executed by a <script> tag - By @capricorn86 in task #1585

`v15.10.0`

Compare Source

:art: Features

Adds a new setting called disableSameOriginPolicy that makes it possible to bypass the same-origin policy in fetch requests - By @OlaviSau in task #1553

`v15.9.0`

Compare Source

:art: Features

Adds support for "aspect-ratio" to CSSStyleDeclaration - By @yinm in task #1147

`v15.8.5`

Compare Source

:construction_worker_man: Patch fixes

Fixes bug where Node.getRootNode() returned null when it was within a ShadowRoot that previously been disconnected from the Document - By @capricorn86 in task #1581

`v15.8.4`

Compare Source

:construction_worker_man: Patch fixes

Fixes bug where child nodes of HTMLSelectElement and HTMLFormElement had the wrong reference to the parent - By @capricorn86 in task #1578

`v15.8.3`

Compare Source

:construction_worker_man: Patch fixes

Toggle "open" attribute on HTMLDetailsElement when dispatching a click event on a summary element which is a child of the details element - By @mikedidomizio in task #1534

`v15.8.2`

Compare Source

:construction_worker_man: Patch fixes

Use globalThis instead of global to make Happy DOM work in other runtimes such as Cloudflare workers - By @mattallty in task #1546

`v15.8.1`

Compare Source

:construction_worker_man: Patch fixes

Always return Promise<Blob> from ClipboardItem.getType() - By @ezzatron in task #1538

`v15.8.0`

Compare Source

`v15.7.4`

Compare Source

:construction_worker_man: Patch fixes

Fixes incorrect handling of non-node items inserted using replaceWith(), before() and after() - By @BenjaminAster in task #1533

`v15.7.3`

Compare Source

:construction_worker_man: Patch fixes

Fixes bug that occurs when checking if a symbol property exists on HTMLSelectElement - By @Cherry in task #1526

`v15.7.2`

Compare Source

:construction_worker_man: Patch fixes

Fixes problem where it is not possible to observe again after disconnecting in MutationObserver - By @capricorn86 in task #1524

`v15.7.1`

Compare Source

:construction_worker_man: Patch fixes

Fixes selector validation and converts selectors to string (e.g. querySelector(['.class'])) - By @capricorn86 in task #1507

:construction_worker_man: Patch fixes

Adds support for supporting new lines and tabs as white-space character in CSS selectors - By @syi0808 in task #1414

`v15.4.2`

Compare Source

:construction_worker_man: Patch fixes

Typo in CORS rejection error message - By @rexxars in task #1485

`v15.4.1`

Compare Source

:construction_worker_man: Patch fixes

Throw error in FormData.append() when value parameter type is incorrect - By @btea in task #1484

`v15.4.0`

Compare Source

`v15.3.2`

Compare Source

:construction_worker_man: Patch fixes

Fixes the HTMLInputElement.indeterminate, so that it behaves correctly - By @malko in task #1439

`v15.3.1`

Compare Source

`v15.3.0`

Compare Source

`v15.2.0`

Compare Source

:art: Features

Adds support for the static method AbortSignal.any() - By @ezzatron in task #1468

`v15.1.0`

Compare Source

:art: Features

Refactor internal logic related to injecting the Window context for classes that can be constructed using the "new" operator - By @capricorn86 in task #1332
Improves the way classes can access the Browser context internally - By @capricorn86 in task #1332
Refactor of the logic for EventTarget.dispatchEvent() to better handle the event phases "none", "capture", "atTarget" and "bubbling" - By @capricorn86 in task #1332
Adds support for HTMLInputElement.popoverTargetElement, HTMLInputElement.popoverTargetAction, HTMLButtonElement.popoverTargetElement and HTMLButtonElement.popoverTargetAction - By @capricorn86 in task #1332
Adds support for HTMLElement.popover - By @capricorn86 in task #1332
Adds support for PerformanceObserver, PerformanceEntry and PerformanceObserverEntryList - By @capricorn86 in task #1332

:construction_worker_man: Patch fixes

Makes it possible for a polyfill to replace NodeList[Symbol.iterator]() with Array.prototype.values() - By @capricorn86 in task #1332
Adds logic for canceling any request to start new async tasks while the Window is closing (e.g. using setTimeout() or fetch()) - By @capricorn86 in task #1332
Fixes issues with errors exiting the browser when using the setting "errorCapture" set to "processLevel" - By @capricorn86 in task #1332
- Refactor internal logic, so that thrown errors are instances of unique error classes assigned to the Window, which makes it possible for BrowserExceptionObserver to know which Window the error originated from
Changes Event.composedPath() to not return the Window object if the event type is "load", which is the same behaviour as the browser - By @capricorn86 in task #1332
- This means that "load" events will not bubble up to the Window object

`v15.0.0`

Compare Source

:bomb: Breaking Changes

Drops offical support for Node.js 16.x and 17.x - By @capricorn86 in task #1332
A lot of internal logic has been refactored, so if you rely on internal APIs, this release may break your code - By @capricorn86 in task #1332

:art: Features

Adds support for HTMLAreaElement, HTMLBodyElement, HTMLQuoteElement, HTMLBRElement, HTMLTableCaptionElement, HTMLTableColElement, HTMLTableColElement, HTMLDataElement, HTMLDataListElement, HTMLModElement, HTMLDetailsElement, HTMLDivElement, HTMLDListElement, HTMLEmbedElement, HTMLFieldSetElement, HTMLHeadingElement, HTMLHeadElement, HTMLHRElement, HTMLHtmlElement, HTMLModElement, HTMLLegendElement, HTMLLIElement, HTMLMapElement, HTMLMenuElement, HTMLMeterElement, HTMLObjectElement, HTMLOListElement, HTMLOutputElement, HTMLParagraphElement, HTMLParamElement, HTMLPictureElement, HTMLPreElement, HTMLProgressElement, HTMLQuoteElement, HTMLSourceElement, HTMLSpanElement, HTMLTableElement, HTMLTableSectionElement, HTMLTableSectionElement, HTMLTitleElement, HTMLTableRowElement, HTMLTrackElement, HTMLUListElement - By @capricorn86 in task #1332
Adds basic support for HTMLCanvasElement - By @capricorn86 in task #1332
Adds support for History API - By @capricorn86 in task #1332
Adds cache to CSSStyleDeclaration, querySelector(), querySelectorAll(), getElementById(), getElementsByClassName(), getElementsByTagName(), getElementsByTagNameNS(), getElementsByClassName() - By @capricorn86 in task #1332
Uses proxy for NodeList, HTMLCollection, DOMTokenList, TextTrackList, HTMLFormElement, HTMLSelectElement
Makes HTMLCollection objects returned by getElementsByClassName(), getElementsByTagName(), getElementsByTagNameNS() and getElementsByClassName() live - By @capricorn86 in task #1332
Improves support for HTMLMediaElement - By @capricorn86 in task #1332
- It now supports all methods and properties of the HTMLMediaElement interface
Adds support for MediaStream, MediaStreamTrack, RemotePlayback, TextTrack, TextTrackCue, TextTrackCueList, TextTrackList, VTTCue, VTTRegion, CanvasCaptureMediaStream, ImageBitmap, OffscreenCanvas - By @capricorn86 in task #1332
Adds basic support for IntersectionObserver - By @capricorn86 in task #1332
Uses Array for nodes and elements in the DOM-tree to leverage the JiT compiler better - By @capricorn86 in task #1332
Adds support for HTMLInputElement.list - By @capricorn86 in task #1332
Improves support for ShadowRoot (it now supports clonable, serializable and slotAssignment) - By @capricorn86 in task #1332
Adds support for Element.getHTML() - By @capricorn86 in task #1332
Improves performance for some pseudo query selectors - By @capricorn86 in task #1332
Improves support for HTMLSlotElement - By @capricorn86 in task #1332
- It now supports assign(), assignedNodes(), assignedElements() and the slotchange event

:construction_worker_man: Patch fixes

Attributes and text data wasn't escaped correctly in XMLSerializer (used by features such as innerHTML) - By @capricorn86 in task #1265
waitForNavigation() would not resolve when navigating to some URLs (e.g. "javascript" or "about:blank") - By @capricorn86 in task #1332
CSS rules for gradients where not parsed correctly - By @capricorn86 in task #1332
Updates to CSSStyleDeclaration would not trigger listeners for the "style" attribute - By @capricorn86 in task #1332
Attributes where added to elements after they were added to the DOM during parsing, causing problems for elements loading resources - By @capricorn86 in task #1332
Attr.cloneNode() would not clone internal values - By @capricorn86 in task #1332
Document.title included text data inside child elements, which it shouldn't - By @capricorn86 in task #1332
Event.preventDefault() shouldn't cancel the default behaviour if cancelable is not sent as an option in EventTarget.dispatchEvent() - By @capricorn86 in task #1332
Source attributes containing URLs would not be resolved correctly in some elements - By @capricorn86 in task #1332
Changes name on TimeRange to TimeRanges - By @capricorn86 in task #1332
Window.parent and Window.top would not be set correctly in some scenarios - By @capricorn86 in task #1332

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Nov 06 '24 15:11 renovate[bot]

Deploy Preview for fancy-alfajores-58dedb failed. Why did it fail? →

Name	Link
Latest commit	c9a9d503b230a8df08a72695fb00882c9eb938a7
Latest deploy log	https://app.netlify.com/projects/fancy-alfajores-58dedb/deploys/6912942250803e0008e1c7f7

Nov 06 '24 15:11 netlify[bot]

javascript-cheatsheet javascript-cheatsheet copied to clipboard

chore(deps): update dependency happy-dom to v15 [security]

GitHub Vulnerability Alerts

Impact

Patches

Workarounds

References

Release Notes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:art: Features

:art: Features

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:construction_worker_man: Patch fixes

:art: Features

:art: Features

:construction_worker_man: Patch fixes

:bomb: Breaking Changes

:art: Features

:construction_worker_man: Patch fixes

Configuration

❌ Deploy Preview for fancy-alfajores-58dedb failed. Why did it fail? →

javascript-cheatsheet
javascript-cheatsheet copied to clipboard

Deploy Preview for fancy-alfajores-58dedb failed. Why did it fail? →