socket-security[bot]
commented
3 weeks ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|
🚮 Removed packages: npm/@rollup/plugin-url@8.0.2)
This PR contains the following updates:
~22.1.0->~25.0.0Release Notes
jsdom/jsdom (jsdom)
### [`v25.0.0`](https://redirect.github.com/jsdom/jsdom/blob/HEAD/Changelog.md#2500) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/24.1.3...25.0.0) This major release changes the prototype of a jsdom's `EventTarget.prototype` to point to the `Object.prototype` inside the jsdom, instead of pointing to the Node.js `Object.prototype`. Thus, the prototype chain of `Window` stays entirely within the jsdom, never crossing over into the Node.js realm. This only occurs when `runScripts` is set to non-default values of `"dangerously"` or `"outside-only"`, as with the default value, there is no separate `Object.prototype` inside the jsdom. This will likely not impact many programs, but could cause some changes in `instanceof` behavior, and so out of an abundance of caution, we're releasing it as a new major version. ### [`v24.1.3`](https://redirect.github.com/jsdom/jsdom/blob/HEAD/Changelog.md#2413) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/24.1.2...24.1.3) - Fixed calls to `postMessage()` that were done as a bare property (i.e., `postMessage()` instead of `window.postMessage()`). ### [`v24.1.2`](https://redirect.github.com/jsdom/jsdom/blob/HEAD/Changelog.md#2412) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/24.1.1...24.1.2) - Fixed an issue with the `in` operator applied to `EventTarget` methods, e.g. `'addEventListener' in window`, which only appeared in Node.js ≥22.5.0. (legendecas) - Fixed the events fired by `blur()`: it no longer fires `focus` and `focusin` on the `Document`, and `blur` and `focusout` no longer have their `relatedTarget` property set. (asamuzaK) ### [`v24.1.1`](https://redirect.github.com/jsdom/jsdom/blob/HEAD/Changelog.md#2411) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/24.1.0...24.1.1) - Fixed selection methods to trigger the `selectionchange` event on the `Document` object. (piotr-oles) ### [`v24.1.0`](https://redirect.github.com/jsdom/jsdom/blob/HEAD/Changelog.md#2410) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/24.0.0...24.1.0) - Added the `getSetCookie()` method to the `Headers` class. (ushiboy) - Fixed the creation and parsing of elements with names from `Object.prototype`, like `"constructor"` or `"toString"`. - Updated `rweb-cssom`, which can now parse additional CSS constructs. ### [`v24.0.0`](https://redirect.github.com/jsdom/jsdom/blob/HEAD/Changelog.md#2400) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/23.2.0...24.0.0) This release reverts our selector engine back to [`nwsapi`](https://www.npmjs.com/nwsapi). As discussed in [#3659](https://redirect.github.com/jsdom/jsdom/issues/3659), the performance regressions from [`@asamuzakjp/dom-selector`](https://www.npmjs.com/package/@asamuzakjp/dom-selector) turned out to be higher than anticipated. In the future, we can revisit `@asamuzakjp/dom-selector` after it reaches `nwsapi`'s performance on the [two real-world benchmarks provided by the community](https://redirect.github.com/jsdom/jsdom/issues/3659#issuecomment-1890852609). Since reverting to `nwsapi` causes several functionality regressions, e.g. removing `:has()` support, we've decided to make this a major version. Additionally: - Small fixes to edge-case behavior of the following properties: `input.maxLength`, `input.minLength`, `input.size`, `progress.max`, `tableCell.colSpan`, `tableCell.rowSpan`, `tableCol.span`, `textArea.cols`, `textArea.maxLength`, `textArea.minLength`, `textArea.rows`. ### [`v23.2.0`](https://redirect.github.com/jsdom/jsdom/blob/HEAD/Changelog.md#2320) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/23.1.0...23.2.0) This release switches our CSS selector engine from [`nwsapi`](https://www.npmjs.com/nwsapi) to [`@asamuzakjp/dom-selector`](@asamuzakjp/dom-selector). The new engine is more actively maintained, and supports many new selectors: see [the package's documentation](https://redirect.github.com/asamuzaK/domSelector#supported-css-selectors) for the full list. It also works better with shadow trees. There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of [these 273 selectors](https://redirect.github.com/jsdom/jsdom/blob/908f27d4e348502a9068f0b335a8518d050ef872/benchmark/selectors/sizzle-speed/selectors.large.css) against [this 128 KiB document](https://redirect.github.com/jsdom/jsdom/blob/908f27d4e348502a9068f0b335a8518d050ef872/benchmark/selectors/sizzle-speed/selector.html), the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up `@asamuzakjp/dom-selector` is appreciated, and feel free to open an issue if this has had a significant impact on your project. ### [`v23.1.0`](https://redirect.github.com/jsdom/jsdom/blob/HEAD/Changelog.md#2310) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/23.0.1...23.1.0) - Added an initial implementation of `ElementInternals`, including the `shadowRoot` getter and the string-valued ARIA properties. (zjffun) - Added the string-valued ARIA attribute-reflecting properties to `Element`. - Fixed `history.pushState()` and `history.replaceState()` to follow the latest specification, notably with regards to how they handle empty string inputs and what new URLs are possible. - Fixed the `input.valueAsANumber` setter to handle `NaN` correctly. (alexandertrefz) - Updated various dependencies, including `cssstyle` which contains several bug fixes. ### [`v23.0.1`](https://redirect.github.com/jsdom/jsdom/blob/HEAD/Changelog.md#2301) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/23.0.0...23.0.1) - Fix incorrect `canvas` peer dependency. ### [`v23.0.0`](https://redirect.github.com/jsdom/jsdom/compare/22.1.0...v23.0.0) [Compare Source](https://redirect.github.com/jsdom/jsdom/compare/22.1.0...23.0.0)Configuration
📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.