Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⬆️ Update dependency happy-dom to v15 [SECURITY] #2193

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 6, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
happy-dom ^10.0.0 -> ^15.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-51757

Impact

Consumers of the NPM package happy-dom

Patches

The security vulnerability has been patched in v15.10.2

Workarounds

No easy workarounds to my knowledge

References

#​1585


Release Notes

capricorn86/happy-dom (happy-dom)

v15.10.2

Compare Source

👷‍♂️ Patch fixes
  • Fixes a security vulnerability that allowed for server side code to be executed by a <script> tag - By @​capricorn86 in task #​1585
    • There was a case that was missed with the first patch

v15.10.1

Compare Source

👷‍♂️ Patch fixes
  • Fixes a security vulnerability that allowed for server side code to be executed by a <script> tag - By @​capricorn86 in task #​1585

v15.10.0

Compare Source

🎨 Features
  • Adds a new setting called disableSameOriginPolicy that makes it possible to bypass the same-origin policy in fetch requests - By @​OlaviSau in task #​1553

v15.9.0

Compare Source

🎨 Features
  • Adds support for "aspect-ratio" to CSSStyleDeclaration - By @​yinm in task #​1147

v15.8.5

Compare Source

👷‍♂️ Patch fixes
  • Fixes bug where Node.getRootNode() returned null when it was within a ShadowRoot that previously been disconnected from the Document - By @​capricorn86 in task #​1581

v15.8.4

Compare Source

👷‍♂️ Patch fixes
  • Fixes bug where child nodes of HTMLSelectElement and HTMLFormElement had the wrong reference to the parent - By @​capricorn86 in task #​1578

v15.8.3

Compare Source

👷‍♂️ Patch fixes
  • Toggle "open" attribute on HTMLDetailsElement when dispatching a click event on a summary element which is a child of the details element - By @​mikedidomizio in task #​1534

v15.8.2

Compare Source

👷‍♂️ Patch fixes
  • Use globalThis instead of global to make Happy DOM work in other runtimes such as Cloudflare workers - By @​mattallty in task #​1546

v15.8.1

Compare Source

👷‍♂️ Patch fixes

v15.8.0

Compare Source

v15.7.4

Compare Source

👷‍♂️ Patch fixes
  • Fixes incorrect handling of non-node items inserted using replaceWith(), before() and after() - By @​BenjaminAster in task #​1533

v15.7.3

Compare Source

👷‍♂️ Patch fixes
  • Fixes bug that occurs when checking if a symbol property exists on HTMLSelectElement - By @​Cherry in task #​1526

v15.7.2

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem where it is not possible to observe again after disconnecting in MutationObserver - By @​capricorn86 in task #​1524

v15.7.1

Compare Source

👷‍♂️ Patch fixes
  • Fixes selector validation and converts selectors to string (e.g. querySelector(['.class'])) - By @​capricorn86 in task #​1507

v15.7.0

Compare Source

v15.6.1

Compare Source

v15.6.0

Compare Source

v15.5.0

Compare Source

v15.4.3

Compare Source

👷‍♂️ Patch fixes
  • Adds support for supporting new lines and tabs as white-space character in CSS selectors - By @​syi0808 in task #​1414

v15.4.2

Compare Source

👷‍♂️ Patch fixes

v15.4.1

Compare Source

👷‍♂️ Patch fixes
  • Throw error in FormData.append() when value parameter type is incorrect - By @​btea in task #​1484

v15.4.0

Compare Source

v15.3.2

Compare Source

👷‍♂️ Patch fixes
  • Fixes the HTMLInputElement.indeterminate, so that it behaves correctly - By @​malko in task #​1439

v15.3.1

Compare Source

v15.3.0

Compare Source

v15.2.0

Compare Source

🎨 Features

v15.1.0

Compare Source

🎨 Features
  • Refactor internal logic related to injecting the Window context for classes that can be constructed using the "new" operator - By @​capricorn86 in task #​1332
  • Improves the way classes can access the Browser context internally - By @​capricorn86 in task #​1332
  • Refactor of the logic for EventTarget.dispatchEvent() to better handle the event phases "none", "capture", "atTarget" and "bubbling" - By @​capricorn86 in task #​1332
  • Adds support for HTMLInputElement.popoverTargetElement, HTMLInputElement.popoverTargetAction, HTMLButtonElement.popoverTargetElement and HTMLButtonElement.popoverTargetAction - By @​capricorn86 in task #​1332
  • Adds support for HTMLElement.popover - By @​capricorn86 in task #​1332
  • Adds support for PerformanceObserver, PerformanceEntry and PerformanceObserverEntryList - By @​capricorn86 in task #​1332
👷‍♂️ Patch fixes
  • Makes it possible for a polyfill to replace NodeList[Symbol.iterator]() with Array.prototype.values() - By @​capricorn86 in task #​1332
  • Adds logic for canceling any request to start new async tasks while the Window is closing (e.g. using setTimeout() or fetch()) - By @​capricorn86 in task #​1332
  • Fixes issues with errors exiting the browser when using the setting "errorCapture" set to "processLevel" - By @​capricorn86 in task #​1332
    • Refactor internal logic, so that thrown errors are instances of unique error classes assigned to the Window, which makes it possible for BrowserExceptionObserver to know which Window the error originated from
  • Changes Event.composedPath() to not return the Window object if the event type is "load", which is the same behaviour as the browser - By @​capricorn86 in task #​1332
    • This means that "load" events will not bubble up to the Window object

v15.0.0

Compare Source

💣 Breaking Changes
  • Drops offical support for Node.js 16.x and 17.x - By @​capricorn86 in task #​1332
  • A lot of internal logic has been refactored, so if you rely on internal APIs, this release may break your code - By @​capricorn86 in task #​1332
🎨 Features
  • Adds support for HTMLAreaElement, HTMLBodyElement, HTMLQuoteElement, HTMLBRElement, HTMLTableCaptionElement, HTMLTableColElement, HTMLTableColElement, HTMLDataElement, HTMLDataListElement, HTMLModElement, HTMLDetailsElement, HTMLDivElement, HTMLDListElement, HTMLEmbedElement, HTMLFieldSetElement, HTMLHeadingElement, HTMLHeadElement, HTMLHRElement, HTMLHtmlElement, HTMLModElement, HTMLLegendElement, HTMLLIElement, HTMLMapElement, HTMLMenuElement, HTMLMeterElement, HTMLObjectElement, HTMLOListElement, HTMLOutputElement, HTMLParagraphElement, HTMLParamElement, HTMLPictureElement, HTMLPreElement, HTMLProgressElement, HTMLQuoteElement, HTMLSourceElement, HTMLSpanElement, HTMLTableElement, HTMLTableSectionElement, HTMLTableSectionElement, HTMLTitleElement, HTMLTableRowElement, HTMLTrackElement, HTMLUListElement - By @​capricorn86 in task #​1332
  • Adds basic support for HTMLCanvasElement - By @​capricorn86 in task #​1332
  • Adds support for History API - By @​capricorn86 in task #​1332
  • Adds cache to CSSStyleDeclaration, querySelector(), querySelectorAll(), getElementById(), getElementsByClassName(), getElementsByTagName(), getElementsByTagNameNS(), getElementsByClassName() - By @​capricorn86 in task #​1332
  • Uses proxy for NodeList, HTMLCollection, DOMTokenList, TextTrackList, HTMLFormElement, HTMLSelectElement
  • Makes HTMLCollection objects returned by getElementsByClassName(), getElementsByTagName(), getElementsByTagNameNS() and getElementsByClassName() live - By @​capricorn86 in task #​1332
  • Improves support for HTMLMediaElement - By @​capricorn86 in task #​1332
    • It now supports all methods and properties of the HTMLMediaElement interface
  • Adds support for MediaStream, MediaStreamTrack, RemotePlayback, TextTrack, TextTrackCue, TextTrackCueList, TextTrackList, VTTCue, VTTRegion, CanvasCaptureMediaStream, ImageBitmap, OffscreenCanvas - By @​capricorn86 in task #​1332
  • Adds basic support for IntersectionObserver - By @​capricorn86 in task #​1332
  • Uses Array for nodes and elements in the DOM-tree to leverage the JiT compiler better - By @​capricorn86 in task #​1332
  • Adds support for HTMLInputElement.list - By @​capricorn86 in task #​1332
  • Improves support for ShadowRoot (it now supports clonable, serializable and slotAssignment) - By @​capricorn86 in task #​1332
  • Adds support for Element.getHTML() - By @​capricorn86 in task #​1332
  • Improves performance for some pseudo query selectors - By @​capricorn86 in task #​1332
  • Improves support for HTMLSlotElement - By @​capricorn86 in task #​1332
    • It now supports assign(), assignedNodes(), assignedElements() and the slotchange event
👷‍♂️ Patch fixes
  • Attributes and text data wasn't escaped correctly in XMLSerializer (used by features such as innerHTML) - By @​capricorn86 in task #​1265
  • waitForNavigation() would not resolve when navigating to some URLs (e.g. "javascript" or "about:blank") - By @​capricorn86 in task #​1332
  • CSS rules for gradients where not parsed correctly - By @​capricorn86 in task #​1332
  • Updates to CSSStyleDeclaration would not trigger listeners for the "style" attribute - By @​capricorn86 in task #​1332
  • Attributes where added to elements after they were added to the DOM during parsing, causing problems for elements loading resources - By @​capricorn86 in task #​1332
  • Attr.cloneNode() would not clone internal values - By @​capricorn86 in task #​1332
  • Document.title included text data inside child elements, which it shouldn't - By @​capricorn86 in task #​1332
  • Event.preventDefault() shouldn't cancel the default behaviour if cancelable is not sent as an option in EventTarget.dispatchEvent() - By @​capricorn86 in task #​1332
  • Source attributes containing URLs would not be resolved correctly in some elements - By @​capricorn86 in task #​1332
  • Changes name on TimeRange to TimeRanges - By @​capricorn86 in task #​1332
  • Window.parent and Window.top would not be set correctly in some scenarios - By @​capricorn86 in task #​1332

v14.12.3

Compare Source

👷‍♂️ Patch fixes
  • Element.insertBefore works when the node is already inserted - In task #​1429

v14.12.2

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem related to the cookie container using the wrong path when caching cookies - By @​matcic in task #​1455

v14.12.1

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem related to React click handler with preventDefault not preventing navigation - By @​amitdahan in task #​1464

v14.12.0

Compare Source

v14.11.4

Compare Source

v14.11.3

Compare Source

v14.11.2

Compare Source

v14.11.1

Compare Source

v14.11.0

Compare Source

🎨 Features

v14.10.3

Compare Source

👷‍♂️ Patch fixes
  • Adds check for if Window and MutationObserver has been destroyed when triggering listeners - By @​capricorn86 in task #​1436

v14.10.2

Compare Source

👷‍♂️ Patch fixes
  • HTMLAnchorElement, HTMLButtonElement, HTMLInputElement and HTMLLabelElement checked that click events triggering native behavior was of type PointerEvent, but should check that they are of type MouseEvent - By @​capricorn86 in task #​1397

v14.10.1

Compare Source

v14.10.0

Compare Source

🎨 Features
  • Adds support for Document.elementFromPoint() - By @​TreyVigus in task #​1400
    • The method will always return null as Happy DOM doesn't support rendering and can't calculate an element's position based on where it is rendered

v14.9.0

Compare Source

v14.8.3

Compare Source

👷‍♂️ Patch fixes
  • Fixes issue related to Element.insertBefore() not removing comment node from previous ancestor - By @​mdafanasev in task #​1406

v14.8.2

Compare Source

v14.8.1

Compare Source

v14.8.0

Compare Source

🎨 Features

v14.7.1

Compare Source

👷‍♂️ Patch fixes

v14.7.0

Compare Source

v14.6.2

Compare Source

👷‍♂️ Patch fixes

v14.6.1

Compare Source

👷‍♂️ Patch fixes
  • Fixes bug where Document.createTextNode() didn't handle conversion of non-string values to string - By @​odanado in task #​1380
  • Adds support for throwing an exception when no argument is submitted to Document.createTextNode() - By @​odanado in task #​1380

v14.6.0

Compare Source

v14.5.2

Compare Source

v14.5.1

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem with Document.defaultView not referring to the global object when using GlobalRegistrator - By @​capricorn86 in task #​1367

v14.5.0

Compare Source

🎨 Features
  • Adds support for handling "application/x-www-form-urlencoded" in Request.formData() - By @​tt-public in #​1379

v14.4.0

Compare Source

v14.3.10

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem related to CSS properties not being used when defined after the CSS value - By @​capricorn86 in task #​1364

v14.3.9

Compare Source

👷‍♂️ Patch fixes

v14.3.8

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem when the error for the invalid selectors :is and :where (without argument) was not handled correctly - By @​capricorn86 in task #​1352

v14.3.7

Compare Source

👷‍♂️ Patch fixes

v14.3.6

Compare Source

👷‍♂️ Patch fixes

v14.3.5

Compare Source

v14.3.4

Compare Source

v14.3.3

Compare Source

v14.3.2

Compare Source

👷‍♂️ Patch fixes

v14.3.1

Compare Source

v14.3.0

Compare Source

v14.2.1

Compare Source

v14.2.0

Compare Source

🎨 Features

v14.1.2

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem with properties defined as getters and setters not being registered globally by Vitest - By @​capricorn86 in task #​1339
    • The problem occurred as Vitest is using Object.getOwnPropertyDescriptors(window) to read which properties to register globally, but getters and setters are defined on the prototype
    • To solve the problem, GlobalWindow now defines the properties on the instance when it is constructed

v14.1.1

Compare Source

v14.1.0

Compare Source

🎨 Features
  • Adds support for the setting handleDisabledFileLoadingAsSuccess, that can be used for triggering a "load" event instead of an "error" event when file loading is disabled - By @​capricorn86 in task #​1334

v14.0.0

Compare Source

💣 Breaking Changes
  • Removes interfaces for Node's, as they are no longer needed as newer versions of Typescript can handle circular dependencies - By @​capricorn86 in task #​1330

v13.10.1

Compare Source

v13.10.0

Compare Source

🎨 Features

v13.9.0

Compare Source

v13.8.6

Compare Source

👷‍♂️ Patch fixes
  • Fixes bug related to multiple fallbacks to CSS variables being set incorrectly - By @​odanado in task #​1308

v13.8.5

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem related to invalid pseudo query selectors matching elements (e.g. ":before" should only match the pseudo element and not the actual element) - By @​capricorn86 in task #​1122
  • Adds support for using multiple pseudo query selectors (e.g. ":first-of-type:last-of-type") - By @​capricorn86 in task #​1122
  • Fixes minor typo in HTMLElementConfig - By @​danbentley in task #​1306

v13.8.4

Compare Source

👷‍♂️ Patch fixes
  • Adds support for returning URL relative to window location in HTMLLinkElement.href, HTMLImageElement.src and HTMLScriptElement.src - By @​capricorn86 in task #​1135

v13.8.3

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem where some elements (e.g. <li>, <h1> or <table>) doesn't allow itself as direct descendant when parsing HTML, but should allow itself as descendant when it is not at first level - By @​capricorn86 in task #​1039

v13.8.2

Compare Source

v13.8.1

Compare Source

v13.8.0

Compare Source

🎨 Features

v13.7.8

Compare Source

v13.7.7

Compare Source

v13.7.6

Compare Source

v13.7.5

Compare Source

👷‍♂️ Patch fixes
  • Modify option node to return empty string even if the value is empty string - In task #​1138

v13.7.4

Compare Source

v13.7.3

Compare Source

v13.7.2

Compare Source

v13.7.1

Compare Source

👷‍♂️ Patch fixes

v13.7.0

Compare Source

v13.6.2

Compare Source

🎨 Features
👷‍♂️ Patch fixes

v13.6.1

Compare Source

👷‍♂️ Patch fixes
  • Improves validation for the options argument in MutationsObserver.observe() - By @​romansp in task #​1223

v13.6.0

Compare Source

🎨 Features
👷‍♂️ Patch fixes
  • Adds support for the property Document.forms - By @​juandiegombr in task #​1260
  • Adds check for if MutationObserver options are null, which most likely happens for code that is executed after the Window instance has been closed - By @​zachlankton in task #​1217

v13.5.3

Compare Source

👷‍♂️ Patch fixes
  • Improves check for invalid query selectors - By @​btea in task #​0

v13.5.2

Compare Source

👷‍♂️ Patch fixes

v13.5.1

Compare Source

👷‍♂️ Patch fixes
  • Fixes problem with query selectors not finding SVG elements after the v13.4.0 release - By @​capricorn86 in task #​1274

v13.5.0

Compare Source

🎨 Features
  • Use the Node.js ReadableStream class for the properties Response.body and Request.body - By @​diego-toro and @​capricorn86 in task #​1180
    • The previous implementation used the Node.js Stream.Readable class, which is not fully spec compliant

v13.4.1

Compare Source

👷‍♂️ Patch fixes

v13.4.0

Compare Source

🎨 Features
  • Adds support for CustomElementRegistry.getName() - By @​mash-graz in task #​1176
  • Adds support for await Window.happyDOM.close(), which makes it possible to wait for the teardown to be completed in a detached window - By @​capricorn86 in task #​1176
👷‍♂️ Patch fixes
  • Use Element.localName correctly in Document.createElement() and Document.createElementNS() - By @​capricorn86 in task #​1176
  • Set correct namespaceURI for "xmlns" attribute when parsing SVGs - By @​capricorn86 in task #​1176
  • Fixes problem related to window being "null" during teardown/close - By @​capricorn86 in task #​1176
  • Validate custom element name in CustomElementRegistry - By @​mash-graz in task #​1176
  • Prevent registration of the same HTMLElement class with different name in CustomElementRegistry - By @​mash-graz in task #​1176

v13.3.8

Compare Source

👷‍♂️ Patch fixes

v13.3.7

Compare Source

👷‍♂️ Patch fixes
  • Removes validation of PR commit messages from Github workflow as it will fallback to patch version anyway - By @​capricorn86 in task #​1249

v13.3.6

Compare Source

👷‍♂️ Patch fixes
  • Adds support for PR username in release notes if it is not possible to retrieve Github username based on commit email - By @​capricorn86 in task #​1247

v13.3.5

Compare Source

🎨 Features
👷‍♂️ Patch fixes
  • Fixes problem with calculating next version by updating the package "happy-conventional-commit" - By @​capricorn86 in task #​1244

v13.3.4

Compare Source

👷‍♂️ Patch fixes

v13.3.3

Compare Source

👷‍♂️ Patch fixes

v13.3.2

Compare Source

👷‍♂️ Patch fixes

v13.3.1

Compare Source

👷‍♂️ Patch fixes

v13.3.0

Compare Source

🎨 Features
👷‍♂️ Patch fixes

v13.2.2

Compare Source

👷‍♂️ Patch fixes

v13.2.1

Compare Source

👷‍♂️ Patch fixes
  • Adds missing element classes and types to the export in "index.js", so that they are easier to import. The missing elements was HTMLAnchorElement, HTMLButtonElement, HTMLOptGroupElement, HTMLOptionElement, HTMLUnknownElement and HTMLSelectElement. (#​1227)
  • Adds non-implemented element classes to the export in "index.js" by exporting HTMLElement as the non-implemented class name. (#​1227)

v13.2.0

Compare Source

🎨 Features
  • Removes unnecessary depen

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link

github-actions bot commented Nov 6, 2024

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 17.16% 5620 / 32737
🔵 Statements 17.16% 5620 / 32737
🔵 Functions 6.34% 33 / 520
🔵 Branches 37.32% 134 / 359
File CoverageNo changed files found.
Generated in workflow #6945 for commit 977c2a0 by the Vitest Coverage Report Action

@renovate renovate bot changed the title ⬆️ Update dependency happy-dom to v15 [SECURITY] ⬆️ Update dependency happy-dom to v15 [SECURITY] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-happy-dom-vulnerability branch December 8, 2024 18:41
@renovate renovate bot changed the title ⬆️ Update dependency happy-dom to v15 [SECURITY] - autoclosed ⬆️ Update dependency happy-dom to v15 [SECURITY] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-happy-dom-vulnerability branch from 49360f1 to 977c2a0 Compare December 8, 2024 19:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants