[Snyk] Upgrade jsdom from 11.11.0 to 24.0.0

[elson-snyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade jsdom from 11.11.0 to 24.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 49 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2024-01-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00222, Social Trends: No, Days since published: 1077, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: jsdom

• 24.0.0 - 2024-01-21
  

  This release reverts our selector engine back to nwsapi. As discussed in #3659, the performance regressions from @ asamuzakjp/dom-selector turned out to be higher than anticipated. In the future, we can revisit @ asamuzakjp/dom-selector after it reaches nwsapi's performance on the two real-world benchmarks provided by the community.

  Since reverting to nwsapi causes several functionality regressions, e.g. removing :has() support, we've decided to make this a major version.

  Additionally:

  • Small fixes to edge-case behavior of the following properties: input.maxLength, input.minLength, input.size, progress.max, tableCell.colSpan, tableCell.rowSpan, tableCol.span, textArea.cols, textArea.maxLength, textArea.minLength, textArea.rows.
• 23.2.0 - 2024-01-07
  

  This release switches our CSS selector engine from nwsapi to @ asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.

  There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @ asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.

• 23.1.0 - 2024-01-05
  
  • Added an initial implementation of ElementInternals, including the shadowRoot getter and the string-valued ARIA properties. (zjffun)
  • Added the string-valued ARIA attribute-reflecting properties to Element.
  • Fixed history.pushState() and history.replaceState() to follow the latest specification, notably with regards to how they handle empty string inputs and what new URLs are possible.
  • Fixed the input.valueAsANumber setter to handle NaN correctly. (alexandertrefz)
  • Updated various dependencies, including cssstyle which contains several bug fixes.
• 23.0.1 - 2023-11-30
  
  • Fixed the incorrect canvas peer dependency introduced in v23.0.0.
• 23.0.0 - 2023-11-26
  
  • Node.js v18 is now the minimum supported version.
  • Updated various dependencies, including whatwg-url which integrates various additions to the URL and URLSearchParams objects.
• 22.1.0 - 2023-05-27
  
  • Added crypto.randomUUID(). (jamesbvaughan)
  • Added DOMRect and DOMRectReadOnly.
  • Added AbortSignal.timeout().
  • Added abortSignal.throwIfAborted().
  • Added support for the submitter argument to the FormData constructor. (jenseng)
  • Improved getComputedStyle()'s results for color-based properties, to resolve named colors and attempt to provide initial inheritance support. (hoekz-wwt)
  • Updated Window's event handler properties (e.g. oncopy, ontouchstart, etc.) to reflect the latest list from the standard.
  • Fixed DOMParser-created documents to inherit their URL from the creating document.
• 22.0.0 - 2023-05-02
  
  • Node.js v16 is now the minimum supported version.
  • Removed support for running jsdom in the browser via a browserified bundle. This carried with it too much complexity, especially for our testing infrastructure, and a testing package we relied on was recently deprecated.
• 21.1.2 - 2023-05-01
  
  • Fixed setRangeText() used on <input> and <textarea> elements to calculate the new end index correctly. (pmstss)
  • Fixed pageX, pageY, offsetX, and offsetY on MouseEvents during dispatch. (jenseng)
  • Upgraded nwsapi to v2.2.4, bringing along various fixes to our selector engine.
• 21.1.1 - 2023-03-12
  
  • Fixed jsdom.reconfigure() to also adjust the URL as seen by the history API, so that e.g. history.replaceState(null, "") would not mess up the URL. (jdufresne)
  • Fixed location.hash = "" to leave any # in location.href.
  • Fixes a few bugs with CSS parsing by replacing cssom with rweb-cssom, since the latter is maintained. (seanparmelee)
• 21.1.0 - 2023-01-22
  
  • Added x, y, pageX, pageY, offsetX, and offsetY to MouseEvent. (jenseng, ViniciusFXavier)
  • Added support for unset with getComputedStyle(). (jsnajdr)
  • Added the submitter property to SubmitEvent. (jenseng)
  • Fixed MouseEvent's screenX and screenY to no longer coerce to integers, allowing fractional values. (jenseng)
  • Fixed formEl.submit() to not longer fire submit events. (jenseng)
  • Fixed stylesheets to no longer affect the document after their corresponding <link> is removed. (jsnajdr)
  • Fixed pointer-events to inherit when used with getComputedStyle(). (jsnajdr)
  • Fixed <script> elements with no src="" to no longer fire load events. (t1ger2080)
  • Improved getComputedStyle() to cache its results, which should make it much faster. (jsnajdr)
• 21.0.0 - 2023-01-07
• 20.0.3 - 2022-11-20
• 20.0.2 - 2022-10-30
• 20.0.1 - 2022-10-02
• 20.0.0 - 2022-06-19
• 19.0.0 - 2021-12-02
• 18.1.1 - 2021-11-21
• 18.1.0 - 2021-11-12
• 18.0.1 - 2021-11-01
• 18.0.0 - 2021-10-08
• 17.0.0 - 2021-08-13
• 16.7.0 - 2021-08-01
• 16.6.0 - 2021-05-23
• 16.5.3 - 2021-04-11
• 16.5.2 - 2021-03-28
• 16.5.1 - 2021-03-13
• 16.5.0 - 2021-03-07
• 16.4.0 - 2020-08-08
• 16.3.0 - 2020-07-10
• 16.2.2 - 2020-03-30
• 16.2.1 - 2020-03-09
• 16.2.0 - 2020-02-16
• 16.1.0 - 2020-02-01
• 16.0.1 - 2020-01-20
• 16.0.0 - 2020-01-13
• 15.2.1 - 2019-11-04
• 15.2.0 - 2019-10-14
• 15.1.1 - 2019-05-28
• 15.1.0 - 2019-05-12
• 15.0.0 - 2019-04-21
• 14.1.0 - 2019-04-21
• 14.0.0 - 2019-03-10
• 13.2.0 - 2019-01-24
• 13.1.0 - 2018-12-15
• 13.0.0 - 2018-10-29
• 12.2.0 - 2018-10-08
• 12.1.0 - 2018-09-30
• 12.0.0 - 2018-08-19
• 11.12.0 - 2018-07-27
• 11.11.0 - 2018-05-23

from jsdom GitHub release notes

Commit messages

Package name: jsdom

• 2f8a730 Version 24.0.0
• db0a4dc Implement the remaining types of numeric reflection
• c1d7005 Implement full long reflection
• ac815ff Revert back to nwsapi
• 5b1a49e Fix changelog link to dom-selector
• cf8b707 Version 23.2.0
• 908f27d Update dom-selector and roll web platform tests
• c039e52 Switch from nwsapi to dom-selector
• b677627 Add new CSS selectors benchmark
• 4b33d36 Enable WPT directories css/selectors and css/css-scoping
• 3a3a4cb Roll web platform tests
• dc8306f Version 23.1.0
• d6c0ab2 Implement string ARIA reflection
• 60978b6 Implement basic ElementInternals
• b7683ed Remove chai dependency
• b2b6956 Update dependencies and dev dependencies
• 7695f28 Add new benchmark for CSS selectors
• a82deab Handle NaN correctly in input.valueAsNumber setter
• 588c6f9 Change "Executing scripts" examples
• b2442a0 Align history.pushState/replaceState with latest spec
• c88815c Simplify Array.from() in convertToSequenceDOMString
• 63265a9 Roll web platform tests
• 0656631 Fix data: URL value used in tests
• 8e31507 Version 23.0.1

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs