Update dependency happy-dom to v15 [SECURITY] #6078
+15
−15
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^14.3.10
->^15.0.0
Test plan: CI should pass with updated dependencies. No review required: this is an automated dependency update PR.
Test plan: CI should pass with updated dependencies.
GitHub Vulnerability Alerts
GHSA-96g7-g7g9-jxw8
Fixes security vulnerability that allowed for server side code to be executed by a <script> tag
Impact
Consumers of the NPM package
happy-dom
Patches
The security vulnerability has been patched in v15.10.1
Workarounds
No easy workarounds to my knowledge
References
#1585
Release Notes
capricorn86/happy-dom (happy-dom)
v15.10.1
Compare Source
v15.10.0
Compare Source
v15.9.0
Compare Source
v15.8.5
Compare Source
v15.8.4
Compare Source
v15.8.3
Compare Source
v15.8.2
Compare Source
v15.8.1
Compare Source
v15.8.0
Compare Source
v15.7.4
Compare Source
👷♂️ Patch fixes
replaceWith()
,before()
andafter()
- By @BenjaminAster in task #1533v15.7.3
Compare Source
👷♂️ Patch fixes
HTMLSelectElement
- By @Cherry in task #1526v15.7.2
Compare Source
👷♂️ Patch fixes
MutationObserver
- By @capricorn86 in task #1524v15.7.1
Compare Source
👷♂️ Patch fixes
querySelector(['.class'])
) - By @capricorn86 in task #1507v15.7.0
Compare Source
v15.6.1
Compare Source
v15.6.0
Compare Source
v15.5.0
Compare Source
v15.4.3
Compare Source
👷♂️ Patch fixes
v15.4.2
Compare Source
👷♂️ Patch fixes
v15.4.1
Compare Source
👷♂️ Patch fixes
FormData.append()
when value parameter type is incorrect - By @btea in task #1484v15.4.0
Compare Source
v15.3.2
Compare Source
👷♂️ Patch fixes
HTMLInputElement.indeterminate
, so that it behaves correctly - By @malko in task #1439v15.3.1
Compare Source
v15.3.0
Compare Source
v15.2.0
Compare Source
🎨 Features
AbortSignal.any()
- By @ezzatron in task #1468v15.1.0
Compare Source
🎨 Features
EventTarget.dispatchEvent()
to better handle the event phases "none", "capture", "atTarget" and "bubbling" - By @capricorn86 in task #1332HTMLInputElement.popoverTargetElement
,HTMLInputElement.popoverTargetAction
,HTMLButtonElement.popoverTargetElement
andHTMLButtonElement.popoverTargetAction
- By @capricorn86 in task #1332HTMLElement.popover
- By @capricorn86 in task #1332PerformanceObserver
,PerformanceEntry
andPerformanceObserverEntryList
- By @capricorn86 in task #1332👷♂️ Patch fixes
NodeList[Symbol.iterator]()
withArray.prototype.values()
- By @capricorn86 in task #1332Window
is closing (e.g. usingsetTimeout()
orfetch()
) - By @capricorn86 in task #1332Window
, which makes it possible forBrowserExceptionObserver
to know whichWindow
the error originated fromEvent.composedPath()
to not return theWindow
object if the event type is "load", which is the same behaviour as the browser - By @capricorn86 in task #1332Window
objectv15.0.0
Compare Source
💣 Breaking Changes
🎨 Features
HTMLAreaElement
,HTMLBodyElement
,HTMLQuoteElement
,HTMLBRElement
,HTMLTableCaptionElement
,HTMLTableColElement
,HTMLTableColElement
,HTMLDataElement
,HTMLDataListElement
,HTMLModElement
,HTMLDetailsElement
,HTMLDivElement
,HTMLDListElement
,HTMLEmbedElement
,HTMLFieldSetElement
,HTMLHeadingElement
,HTMLHeadElement
,HTMLHRElement
,HTMLHtmlElement
,HTMLModElement
,HTMLLegendElement
,HTMLLIElement
,HTMLMapElement
,HTMLMenuElement
,HTMLMeterElement
,HTMLObjectElement
,HTMLOListElement
,HTMLOutputElement
,HTMLParagraphElement
,HTMLParamElement
,HTMLPictureElement
,HTMLPreElement
,HTMLProgressElement
,HTMLQuoteElement
,HTMLSourceElement
,HTMLSpanElement
,HTMLTableElement
,HTMLTableSectionElement
,HTMLTableSectionElement
,HTMLTitleElement
,HTMLTableRowElement
,HTMLTrackElement
,HTMLUListElement
- By @capricorn86 in task #1332HTMLCanvasElement
- By @capricorn86 in task #1332CSSStyleDeclaration
,querySelector()
,querySelectorAll()
,getElementById()
,getElementsByClassName()
,getElementsByTagName()
,getElementsByTagNameNS()
,getElementsByClassName()
- By @capricorn86 in task #1332NodeList
,HTMLCollection
,DOMTokenList
,TextTrackList
,HTMLFormElement
,HTMLSelectElement
HTMLCollection
objects returned bygetElementsByClassName()
,getElementsByTagName()
,getElementsByTagNameNS()
andgetElementsByClassName()
live - By @capricorn86 in task #1332HTMLMediaElement
- By @capricorn86 in task #1332HTMLMediaElement
interfaceMediaStream
,MediaStreamTrack
,RemotePlayback
,TextTrack
,TextTrackCue
,TextTrackCueList
,TextTrackList
,VTTCue
,VTTRegion
,CanvasCaptureMediaStream
,ImageBitmap
,OffscreenCanvas
- By @capricorn86 in task #1332IntersectionObserver
- By @capricorn86 in task #1332HTMLInputElement.list
- By @capricorn86 in task #1332ShadowRoot
(it now supportsclonable
,serializable
andslotAssignment
) - By @capricorn86 in task #1332Element.getHTML()
- By @capricorn86 in task #1332HTMLSlotElement
- By @capricorn86 in task #1332assign()
,assignedNodes()
,assignedElements()
and theslotchange
event👷♂️ Patch fixes
XMLSerializer
(used by features such asinnerHTML
) - By @capricorn86 in task #1265waitForNavigation()
would not resolve when navigating to some URLs (e.g. "javascript" or "about:blank") - By @capricorn86 in task #1332Attr.cloneNode()
would not clone internal values - By @capricorn86 in task #1332Document.title
included text data inside child elements, which it shouldn't - By @capricorn86 in task #1332Event.preventDefault()
shouldn't cancel the default behaviour if cancelable is not sent as an option inEventTarget.dispatchEvent()
- By @capricorn86 in task #1332TimeRange
toTimeRanges
- By @capricorn86 in task #1332Window.parent
andWindow.top
would not be set correctly in some scenarios - By @capricorn86 in task #1332Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.