attachments

attachments copied to clipboard

Reame
Issues

chore(deps): update dependency jsdom to v24 [security]

Open renovate[bot] opened this issue 3 years ago • 0 comments

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
jsdom	`^11.3.0` -> `^24.0.0`

GitHub Vulnerability Alerts

CVE-2021-20066

JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.

Release Notes

jsdom/jsdom (jsdom)

`v24.0.0`

This release reverts our selector engine back to nwsapi. As discussed in #3659, the performance regressions from @asamuzakjp/dom-selector turned out to be higher than anticipated. In the future, we can revisit @asamuzakjp/dom-selector after it reaches nwsapi's performance on the two real-world benchmarks provided by the community.

Since reverting to nwsapi causes several functionality regressions, e.g. removing :has() support, we've decided to make this a major version.

Additionally:

Small fixes to edge-case behavior of the following properties: input.maxLength, input.minLength, input.size, progress.max, tableCell.colSpan, tableCell.rowSpan, tableCol.span, textArea.cols, textArea.maxLength, textArea.minLength, textArea.rows.

`v23.2.0`

This release switches our CSS selector engine from nwsapi to @asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.

There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.

`v23.1.0`

Added an initial implementation of ElementInternals, including the shadowRoot getter and the string-valued ARIA properties. (zjffun)
Added the string-valued ARIA attribute-reflecting properties to Element.
Fixed history.pushState() and history.replaceState() to follow the latest specification, notably with regards to how they handle empty string inputs and what new URLs are possible.
Fixed the input.valueAsANumber setter to handle NaN correctly. (alexandertrefz)
Updated various dependencies, including cssstyle which contains several bug fixes.

`v23.0.1`

Fix incorrect canvas peer dependency.

`v23.0.0`

`v22.1.0`

Added crypto.randomUUID(). (jamesbvaughan)
Added DOMRect and DOMRectReadOnly.
Added AbortSignal.timeout().
Added abortSignal.throwIfAborted().
Added support for the submitter argument to the FormData constructor. (jenseng)
Improved getComputedStyle()'s results for color-based properties, to resolve named colors and attempt to provide initial inheritance support. (hoekz-wwt)
Updated Window's event handler properties (e.g. oncopy, ontouchstart, etc.) to reflect the latest list from the standard.
Fixed DOMParser-created documents to inherit their URL from the creating document.

`v22.0.0`

Node.js v16 is now the minimum supported version.
Removed support for running jsdom in the browser via a browserified bundle. This carried with it too much complexity, especially for our testing infrastructure, and a testing package we relied on was recently deprecated.

`v21.1.2`

Fixed setRangeText() used on <input> and <textarea> elements to calculate the new end index correctly. (pmstss)
Fixed pageX, pageY, offsetX, and offsetY on MouseEvents during dispatch. (jenseng)
Upgraded nwsapi to v2.2.4, bringing along various fixes to our selector engine.

`v21.1.1`

Fixed jsdom.reconfigure() to also adjust the URL as seen by the history API, so that e.g. history.replaceState(null, "") would not mess up the URL. (jdufresne)
Fixed location.hash = "" to leave any # in location.href.
Fixes a few bugs with CSS parsing by replacing cssom with rweb-cssom, since the latter is maintained. (seanparmelee)

`v21.1.0`

Added x, y, pageX, pageY, offsetX, and offsetY to MouseEvent. (jenseng, ViniciusFXavier)
Added support for unset with getComputedStyle(). (jsnajdr)
Added the submitter property to SubmitEvent. (jenseng)
Fixed MouseEvent's screenX and screenY to no longer coerce to integers, allowing fractional values. (jenseng)
Fixed formEl.submit() to not longer fire submit events. (jenseng)
Fixed stylesheets to no longer affect the document after their corresponding <link> is removed. (jsnajdr)
Fixed pointer-events to inherit when used with getComputedStyle(). (jnajdr)
Fixed <script> elements with no src="" to no longer fire load events. (t1ger2080)
Improved getComputedStyle() to cache its results, which should make it much faster. (jsnajdr)

`v21.0.0`

A potentially-breaking bug fix:

Fixed the window, document, location, and top properties of Window to be non-configurable. (ExE-Boss)

Other changes:

Added support for <input type=image> submitting forms. (jenseng)
Added the location setter to the Window object, which forwards to the location.href setter. Setting the URL is still only implemented for fragment navigations, however. (ExE-Boss)
Fixed defer="" <script> elements that are added after DOMContentLoaded to execute, instead of being skipped.
Fixed selectElement.selectedOptions being incorrect when optionElement.selected is set. This was a regression introduced in v20.0.1. Unfortunately this also reverts the performance improvement when appending <option> elements that was introduced then. (eps1lon)
Fixed the self, locationbar, menubar, personalbar, scrollbars, statusbar, toolbar, frames, parent, external, length, and screen properties of Window to be replaceable: that is, setting them will override their values, instead of having the new value be ignored. (ExE-Boss)
Fixed a few issues with JSDOM.fromURL() in the browser build of jsdom. (LungZeno)

`v20.0.3`

Updated dependencies, notably w3c-xmlserializer, which fixes using DOMParser on XML documents containing emoji.

`v20.0.2`

Fixed xhr.abort() to no longer give an exception when the constructed XMLHttpRequest was invalid. (whamtet)
Fixed event.getModifierState() on MouseEvent and KeyboardEvent instances to properly consult the ctrlKey, altKey, metaKey, and shiftKey properties of the event. (juzerzarif)
Fixed custom element creation to not be affected by any modifications to the window.customElements property. (bicknellr)

`v20.0.1`

Improved the performance of appending <option> elements to <select> elements. (TheHound)
Fixed location.pathname getter to not crash when the JSDOM instance was created using an opaque-path URL, including the default URL of about:blank.
Fixed crypto.getRandomValues() to accept typed array subclasses. (sebamarynissen)
Updated various dependency minor versions. Notably, nwsapi fixed some selectors bugs, and tough-cookie fixed some cookie bugs.

`v20.0.0`

Node.js v14 is now the minimum supported version.
Added crypto.getRandomValues(). (sjrd)
Added HTMLFormControlsCollection and RadioNodeList, so formEl.elements now behaves correctly. (UndefinedBehavior)
Added the signal option to addEventListener(). (cheap-glitch)
Fixed the :root pseudoclass to work correctly. (hughs-ch)
Updated parse5, bringing along some HTML parsing and serialization fixes. (fb55)

`v19.0.0`

Changed jsdom.nodeLocation() to return undefined when used on nodes that originate via fragment parsing (e.g., via innerHTML). Previously it would return based on the node location of the fragment string, which made node locations unreliable with respect to the original document source. This restores the behavior that was present in v14.0.0, and was accidentally broken in v14.1.0. (bakkot)
Fixed calling window.close() inside the Window's load event to no longer crash. (MattiasBuelens)

`v18.1.1`

Fixed connectedCallback to fire in situations involving document fragments, which was broken in v18.0.1. (GrantGryczan)

`v18.1.0`

Fixed headers.append() and headers.set() to normalize values. (MattiasBuelens)
Fixed pageshow events to have bubbles: true and cancelable: true. (MattiasBuelens)
Implemented the reason property on AbortSignals, along with the corresponding reason argument to abortSignal.abort() and AbortSignal.abort(). (MattiasBuelens)

`v18.0.1`

Fixed live Ranges to update correctly after calling node.normalize(). (hgiesel)
Fixed live Ranges to update correctly after removing child nodes. (hgiesel)
Fixed setting inputEl.valueAsDate = null to no longer throw an exception, but instead set the value to the empty string. (simon-weimann)
Improved performance of node insertion and node.contains(). (GrantGryczan)

`v18.0.0`

Potentially-breaking bug fixes:

Fixed SSL certificate checking for WebSocket connections. Previously, invalid SSL certificates were always accepted; now, they properly respect the ResourceLoader's strictSSL option (which defaults to true).
Changed the global in which almost all Promise and TypeError instances are created to be the jsdom global, not the Node.js global. This could affect any code that uses instanceof.

Other changes:

Fixed moving an element between HTML and XML documents to reset the tagName cache, allowing it to return a lowercase value once it's in the XML document. (LucasLefevre)
Fixed form submission to not happen when the form is invalid. (pozil)

`v17.0.0`

Breaking change: Node v12 is now the minimum supported version.

`v16.7.0`

Added AbortSignal.abort(). (ninevra)
Added dummy x and y properties to the return value of getBoundingClientRect(). (eiko)
Implemented wrapping for textareaEl.value if the wrap="" attribute is specified. (ninevra)
Changed newline normalization in <textarea>s according to recent HTML Standard updates. (ninevra)
Fixed some bad cascade computation in getComputedStyle(). (romain-trotard)

`v16.6.0`

Added parentNode.replaceChildren(). (ninevra)
Fixed jsdom's handling of when code running inside the jsdom throws null or undefined as an exception. (mbest)
Removed the dependency on the deprecated request package, in the process fixing several issues with the XMLHttpRequest implementation around header processing. Special thanks to vegardbb for completing this months-long effort!

`v16.5.3`

Fixed infinite recursion when using MutationObservers to observe elements inside a MutationObserver callback.

`v16.5.2`

Fixed Access-Control-Allow-Headers: * to work with XMLHttpRequest. (silviot)
Fixed xhr.response to strip any leading BOM when xhr.responseType is "json".
Fixed new Text() and new Comment() constructors to properly set the resulting node's ownerDocument.
Fixed customElements.whenDefined() to resolve its returned promise with the custom element constructor, per recent spec updates. (ExE-Boss)
Fixed parsing to ensure that <svg><template></template></svg> does not throw an exception, but instead correctly produces a SVG-namespace <template> element.
Fixed domParser.parseFromString() to treat <noscript> elements appropriately.
Fixed form control validity checking when the control was outside the <form> element and instead associated using the form="" attribute.
Fixed legendEl.form to return the correct result based on its parent <fieldset>.
Fixed optionEl.text to exclude <script> descendants.
Fixed radio buttons and checkboxes to not fire input and change events when disconnected.
Fixed inputEl.indeterminate to reset to its previous value when canceling a click event on a checkbox or radio button.
Fixed the behavior of event handler attributes (e.g. onclick="...code...") when there were global variables named element or formOwner. (ExE-Boss)
On Node.js v14.6.0+ where WeakRefs are available, fixed NodeIterator to no longer stop working when more than ten NodeIterator instances are created, and to use less memory due to inactive NodeIterators sticking around. (ExE-Boss)

`v16.5.1`

Fixed a regression that broke customElements.get() in v16.5.0. (fdesforges)
Fixed window.event to have a setter which overwrites the window.event property with the given value, per the specification. This fixes an issue where after upgrading to jsdom v16.5.0 you would no longer be able to set a global variable named event in the jsdom context.

`v16.5.0`

Added window.queueMicrotask().
Added window.event.
Added inputEvent.inputType. (diegohaz)
Removed ondragexit from Window and friends, per a spec update.
Fixed the URL of about:blank iframes. Previously it was getting set to the parent's URL. (SimonMueller)
Fixed the loading of subresources from the filesystem when they had non-ASCII filenames.
Fixed the hidden="" attribute to cause display: none per the user-agent stylesheet. (ph-fritsche)
Fixed the new File() constructor to no longer convert / to :, per a pending spec update.
Fixed mutation observer callbacks to be called with the MutationObserver instance as their this value.
Fixed <input type=checkbox> and <input type=radio> to be mutable even when disabled, per a spec update.
Fixed XMLHttpRequest to not fire a redundant final progress event if a progress event was previously fired with the same loaded value. This would usually occur with small files.
Fixed XMLHttpRequest to expose the Content-Length header on cross-origin responses.
Fixed xhr.response to return null for failures that occur during the middle of the download.
Fixed edge cases around passing callback functions or event handlers. (ExE-Boss)
Fixed edge cases around the properties of proxy-like objects such as localStorage or dataset. (ExE-Boss)
Fixed a potential memory leak with custom elements (although we could not figure out how to trigger it). (soncodi)

`v16.4.0`

Added a not-implemented warning if you try to use the second pseudo-element argument to getComputedStyle(), unless you pass a ::part or ::slotted pseudo-element, in which case we throw an error per the spec. (ExE-Boss)
Improved the performance of repeated access to el.tagName, which also indirectly improves performance of selector matching and style computation. (eps1lon)
Fixed form.elements to respect the form="" attribute, so that it can contain non-descendant form controls. (ccwebdesign)
Fixed el.focus() to do nothing on disconnected elements. (eps1lon)
Fixed el.focus() to work on SVG elements. (zjffun)
Fixed removing the currently-focused element to move focus to the <body> element. (eps1lon)
Fixed imgEl.complete to return true for <img> elements with empty or unset src="" attributes. (strager)
Fixed imgEl.complete to return true if an error occurs loading the <img>, when canvas is enabled. (strager)
Fixed imgEl.complete to return false if the <img> element's src="" attribute is reset. (strager)
Fixed the valueMissing validation check for <input type="radio">. (zjffun)
Fixed translate="" and draggable="" attribute processing to use ASCII case-insensitivity, instead of Unicode case-insensitivity. (zjffun)

`v16.3.0`

Added firing of focusin and focusout when using el.focus() and el.blur(). (trueadm)
Fixed elements with the contenteditable="" attribute to be considered as focusable. (jamieliu386)
Fixed window.NodeFilter to be per-Window, instead of shared across all Windows. (ExE-Boss)
Fixed edge-case behavior involving use of objects with handleEvent properties as event listeners. (ExE-Boss)
Fixed a second failing image load sometimes firing a load event instead of an error event, when the canvas package is installed. (strager)
Fixed drawing an empty canvas into another canvas. (zjffun)

`v16.2.2`

Updated StyleSheetList for better spec compliance; notably it no longer inherits from Array.prototype. (ExE-Boss)
Fixed requestAnimationFrame() from preventing process exit. This likely regressed in v16.1.0.
Fixed setTimeout() to no longer leak the closures passed in to it. This likely regressed in v16.1.0. (AviVahl)
Fixed infinite recursion that could occur when calling click() on a <label> element, or one of its descendants.
Fixed getComputedStyle() to consider inline style="" attributes. (eps1lon)
Fixed several issues with <input type="number">'s stepUp() and stepDown() functions to be properly decimal-based, instead of floating point-based.
Fixed various issues where updating selectEl.value would not invalidate properties such as selectEl.selectedOptions. (ExE-Boss)
Fixed <input>'s src property, and <ins>/<del>'s cite property, to properly reflect as URLs.
Fixed window.addEventLister, window.removeEventListener, and window.dispatchEvent to properly be inherited from EventTarget, instead of being distinct functions. (ExE-Boss)
Fixed errors that would occur if attempting to use a DOM object, such as a custom element, as an argument to addEventListener.
Fixed errors that would occur when closing a window with outstanding requests to data: URLs.
Fixed sporadic issues with the value of <input type="month"> that could occur in some time zones and for some times.
Fixed document.implementation.createDocument() to return an XMLDocument, instead of a Document. (ExE-Boss)
Fixed running jsdom in a browser to detect globals more reliably. (ExE-Boss)

`v16.2.1`

Updated saxes, to bring in some BOM-related fixes.
Updated Acorn-related packages to squelch npm audit warnings.

`v16.2.0`

Added support for custom elements! Congratulations and thanks to @pmdartus for making this happen, after ten months of hard work and lots of effort poured into the complex architectural prerequisites in jsdom and supporting packages.
Fixed some issues when trying to use Attr as a Node, e.g. by checking its baseURI property or calling attr.cloneNode().
Fixed a memory leak during parsing that was introduced in v14.0.0.
Fixed edge cases in number/string conversion used for certain element properties that reflected integer attributes.

`v16.1.0`

Added console.timeLog().
Changed Attr to extend Node, to align with specifications. (ExE-Boss)
Changed <noscript> children to be parsed as nodes, instead of as text, when runScripts is left as the default of undefined. (ACHP)
Upgraded cssstyle to v2.1.0, which brings along fixes to handling of rgba() and hsl() colors. (kraynel)
Fixed some selection-related issues when manipulating the value of <input>s and <textarea>s. (Matthew-Goldberg)
Fixed various issues with setTimeout(), setInterval(), and requestAnimationFrame(), particularly around window closing and recursive calls.

`v16.0.1`

Fixed Node v10 and v11 support when runScripts was set.
Fixed the behavior when changing an <input>'s type="" attribute.
Fixed input validation behavior for <input type="range"> when max="" is less than min="".

`v16.0.0`

For this release we'd like to welcome @pmdartus to the core team. Among other work, he's driven the heroic effort of constructor prototype and reform in jsdom and its dependencies over the last few months, to allow us to move away from shared constructors and prototypes, and set the groundwork for custom elements support (coming soon!).

Breaking changes:

Node v10 is now the minimum supported version.
The dom.runVMScript() API has been replaced with the more general dom.getInternalVMContext() API.
Each jsdom Window now creates new instances of all the web platform globals. That is, our old shared constructor and prototypes caveat is no longer in play.
Each jsdom Window now exposes all JavaScript-spec-defined globals uniformly. When runScripts is disabled, it exposes them as aliases of the ones from the outer Node.js environment. Whereas when runScripts is enabled, it exposes fresh copies of each global from the new scripting environment. (Previously, a few typed array classes would always be aliased, and with runScripts disabled, the other classes would not be exposed at all.)

Other changes:

Added the AbstractRange, Range, StaticRange, Selection, and window.getSelection() APIs.
Added working constructors for Comment, Text, and DocumentFragment.
Added valueAsDate, valueAsNumber, stepUp() and stepDown() to <input> elements. (kraynel)
Added window.origin.
Removed document.origin.
Fixed <template> to work correctly inside XML documents.
Fixed some bugs which would cause jsdom to choose the wrong character encoding because it was failing to detect <meta charset> or <meta http-equiv="charset"> elements.
Fixed input.type to default to "text". (connormeredith)
Fixed incorrect validation errors for <input> with fractional values for their step="" attribute. (kontomondo)
Fixed incorrect validation errors on readonly <input> elements.
Fixed <input type="email" multiple pattern="..."> validation.
Fixed fileReader.readAsDataURL() to always base64-encode the result. (ytetsuro)
Fixed inserting <img> elements into documents without a browsing context to no longer crash when the canvas package is installed.
Fixed a memory leak when using window.setTimeout() or window.setInterval().
Improved the performance of getComputedStyle(). (eps1lon)

`v15.2.1`

Fixed JSDOM.fromURL() handling of URLs with hashes in them, to no longer send the hash to the server and append an extra copy of it when constructing the Document. (rchl)
Fixed focusing an already-focused element to correctly do nothing, instead of firing additional focus events. (eps1lon)
Fixed typo in the not-implemented message for mediaElement.addTextTrack(). (mtsmfm)
Upgraded nwsapi minimum version to 2.2.0, which fixes issues with ::-webkit- prefixed pseudo-elements and namespaced attribute selectors.

`v15.2.0`

Added basic style inheritance in getComputedStyle() for the 'visibility' property. This sets the foundation for further work on inheritance, cascading, and specificity. (eps1lon)
Added shadowRoot.activeElement.
Added readystatechange events during document loading.
Added a stub for form.requestSubmit(), to match our existing stub for form.submit().
Changed el.tabIndex's default value, when no tabindex="" attribute was set, to reflect the updated specification.
Changed the exception thrown by el.attachShadow() on something that's already a shadow host, to reflect the updated specification.
Fixed the validation logic for <input type="range">.
Fixed selectEl.value when no <option> is selected to return the empty string, instead of the value of the first option. (tgohn)
Fixed various correctness issues with new FormData(formElement). (brendo)
Fixed error messages when parsing XML to include the filename, instead of using "undefined". (papandreou)
Fixed the logic for reflected properties to not be affected by overwriting of el.getAttributeNS() or el.setAttributeNS().
Set canvas as an optional ``peerDependency`, which apparently helps with Yarn PnP support.

`v15.1.1`

Moved the nonce property from HTMLScriptElement and HTMLStyleElement to HTMLElement. Note that it is still just a simple reflection of the attribute, and has not been updated for the rest of the changes in whatwg/html#2373.
Fixed the style and on<event> properties to properly track their related attributes for SVG elements. (kbruneel)
Fixed XMLHttpRequest merging preflight and response headers. (thiagohirata)
Fixed XMLHttpRequest reserializing content-type request headers unnecessarily. See whatwg/mimesniff#84 for more details. (thiagohirata)
Fixed element.tagName to be the ASCII uppercase of the element's qualified name, instead of the Unicode uppercase.

`v15.1.0`

Added the Headers class from the Fetch standard.
Added the element.translate getter and setter.
Fixed synchronous XMLHttpRequest on the newly-released Node.js v12.
Fixed form.elements to exclude <input type="image"> elements.
Fixed event path iteration in shadow DOM cases, following spec fixes at whatwg/dom#686 and whatwg/dom#750.
Fixed pattern="" form control validation to apply the given regular expression to the whole string. (kontomondo)

`v15.0.0`

Several potentially-breaking changes, each of them fairly unlikely to actually break anything:

JSDOM.fromFile() now treats .xht files as application/xhtml+xml, the same as it does for .xhtml and .xml. Previously, it would treat them as text/html.
If the JSDOM constructor's contentType option has a charset parameter, and the first argument to the constructor is a binary data type (e.g. Buffer or ArrayBuffer), then the charset will override any sniffed encoding in the same way as a Content-Type header would in browser scenarios. Previously, the charset parameter was ignored.
When using the Blob or File constructor with the endings: "native" option, jsdom will now convert line endings to \n on all operating systems, for consistency. Previously, on Windows, it would convert line endings to \r\n.

`v14.1.0`

Added activation behavior for <a> and <area> elements whose href="" points to a javascript: URL or fragment.
Added the <datalist> element's options property.
Added the <input> element's list property.
Added PageTransitionEvent, and the firing of pageshow events during loading.
Exposed the External class as a property of window.
Fixed HTML fragment parsing (via innerHTML and outerHTML) to be spec-compliant. (pmdartus)
Fixed HTML serialization (e.g. via innerHTML) breaking after setting certain properties to non-string values.
Fixed how disabling an element would cause its activation behavior to forever be null, even if it were re-enabled.
Fixed all access to attributes to ignore attributes with namespaces, per the spec.
Fixed <style>s to no longer apply to documents without a browsing context. This includes fixing a crash that would occur with such styles if they had an @import rule.
Fixed <option>'s label and value properties to return correct values in various edge cases.
Fixed the load event during document loading to target the Document, not the Window.
Fixed the pretendToBeVisual option to propagate to child subframes, as well as the main Window. (pyrho)
Updated the minimum nwsapi version from v2.1.1 to v2.1.3, bringing along a few fixes in our selector engine.

`v14.0.0`

Breaking changes:

JSDOM.fragment() now creates fragments whose document has no browsing context, i.e. no associated Window. This means the defaultView property will be null, resources will not load, etc.
JSDOM.fragment(), called with no arguments, now creates a DocumentFragment with no children, instead of with a single child text node whose data was "undefined".

Other changes:

Fixed a regression in v13.2.0 when calling element.blur() on a focused element.
Fixed inserting <link> elements into documents with no browsing context to no longer crash if the originating JSDOM was configured to fetch the resource. Now, per spec, <link> elements only attempt to fetch if they are browsing-context connected.
Fixed <template> elements to have the correct semantics, of using a separate browsing-context-less document to store its contents. In particular this means resources will not be fetched for elements inside the <template>, as per spec.

`v13.2.0`

Added support for MutationObservers! (pmdartus)
Added support for XML documents loaded in frames and iframes; previously this would error.
Added the <progress> element's value, max, and position properties.
Added navigator.plugins and navigator.mimeTypes. (But, they are always empty.)
Fixed <summary> elements respond to click events by toggling their parent <details>.
Fixed <summary> elements to be focusable.
Fixed XML document DOCTYPE parsing to preserve any custom name values.
Fixed XML documents to default to UTF-8, not windows-1252 like HTML documents do.
Fixed all events fired by jsdom to have isTrusted set to true.
Fixed DOMParser-created documents to have their readyState set to "complete".
Fixed how nested <fieldset>s get disabled.
Fixed getComputedStyle() to throw a sensible exception when passed the wrong argument, instead of one that exposes jsdom internals.
Upgraded our saxes dependency, so that it now correctly errors on XML fragments like <foo bar:="1"/>.

`v13.1.0`

Added el.insertAdjacentElement() and el.insertAdjacentText().
Added the firing of a cancelable reset event to form.reset(). (epfremmer)
Added the type, value, and defaultValue properties to <output> elements, including their form reset behavior. (epfremmer)
Added the outputEl.htmlFor property.
Fixed the performance of parsing large text nodes, particularly noticeable for large inline <style> or <script> elements. This regressed in v11.6.0. To learn more, see V8 issue #6730.
Fixed the style property on <a> and <area> elements. This regressed in v13.0.0.
Fixed node.isConnected to not always return false for nodes inside a shadow tree. (pmdartus)
Fixed <button type="reset"> and <input type="reset"> elements to actually perform a form reset when clicked, instead of doing nothing. (epfremmer)
Fixed el.setCustomValidity() for <output> and <fieldset>.
Fixed activation behavior when dispatching bubbling click events, so that for example calling el.click() on the child of a submit button element will submit the form.
Fixed our XML parsing code to ignore text outside the root element, instead of treating it as an error. (lddubeau)
Fixed XML serialization when elements had an unknown prefix.
Fixed radio button group name matching to be case-sensitive, per a spec update.
Fixed focus/blur events to be composed.
Fixed mediaElement.duration to default to NaN.
Fixed olEl.start to default to 1.
Fixed using XMLHttpRequest against non-existant file: URLs to treat that as a network error, instead of crashing. (pascalbayer) Note that in the future we may completely disable XMLHttpRequest usage against file: URLs to follow the browser security model.
Fixed document.title in SVG documents.
Fixed titleElement.text to return the child text content, instead of being the same as titleElement.innerHTML.
Fixed <textarea>s to properly account for child CDATA section nodes changing.
Fixed the value of Element.prototype[Symbol.unscopables].

`v13.0.0`

Breaking change:

Removed support for v1.x of the canvas package, in favor of v2.x. This also removes support for canvas-prebuilt, since canvas v2.x has a built-in prebuilt version.

Other changes:

Added proper XML serialization, based on the w3c-xmlserializer package. Previously we were just using the HTML serialization, even in XML documents.
Added the storageEvent.initStorageEvent() method.
Added support for the passive option to addEventListener().
Added the relList property to <a>, <area>, and <link> elements.
Fixed our implementation of the node tree modification constraints (for example the ensure pre-insertion validity algorithm). It is no longer possible to add, remove, or move nodes to create impossible DOM trees. (pmdartus)

`v12.2.0`

Added support for shadow DOM! This includes shadow roots, slots, composed events, and more. (pmdartus)
Added the element.toggleAttribute() method.
Fixed XMLHttpRequest sometimes sending an empty request body after a preflight request. (andreasf)
Fixed the formElement.form property to use an algorithm that also checks the form="" attribute, instead of always looking for the closest ancestor <form> element. (jamietre)
Stopped swallowing errors when the canvas or canvas-prebuilt packages were installed, but failed to load. (joscha)

`v12.1.0`

Dramatically upgraded our XML parser, from the unmaintained sax package to the well-maintained saxes replacement. This increases our specification conformance, including rejecting certain ill-formed XML documents that were previously accepted, and properly handling other constructs like empty comments, CDATA sections, and <script> elements. (lddubeau)
Added fieldsetEl.elements and fieldsetEl.type properties.
Added the options parameter to dom.runVMScript(). (SimenB)
Added the ability for custom resource loader fetch() implementations to see what element initiated the fetch. (sarvaje)
Fixed input and change events for <input> elements to be trusted and uncancelable.
"Fixed" <script>s with the async attribute to not execute before sync <script>s that precede them. We still do not, in general, have proper execution of scripts during the initial parsing of a document, so this fix is more of a reduction of badness than an alignment with the specification. This behavior regressed in v12.0.0. (sarvaje)

`v12.0.0`

This major release brings along our new resource loader API, finally bringing all the capabilities from jsdom v9 to the new (jsdom v10+) API. Thanks very much to @sarvaje for his work to make this possible!

Breaking changes:

jsdom now requires Node.js v8.
Removed the old jsdom API, as the new API now has all the capabilities you need.
Updated our parse5 dependency to v5, which changes the format of the node locations returned by dom.nodeLocation().
Updated our whatwg-url dependency to v7, which changes the origin of file: URLs to be an opaque origin (and thus file: URLs are no longer same origin to each other).

Other changes:

Added countReset(), dir() and dirxml() methods to console.
Added the InputEvent class.
Added window.status.
Added htmlElement.draggable.
Fixed window.frameElement to correctly return an actual HTMLElement instance, instead of a jsdom internal class.
Fixed cloning of textarea elements to preserve their values.
Fixed select.selectedOptions sometimes returning outdated results.
Fixed CSS selection APIs sometimes returning outdated results, especially for state pseudo-class selectors like :checked.
Fixed CSS selection APIs to throw an error for invalid selectors even when used on empty nodes.
Fixed window.name to default to the empty string, per spec, instead of "nodejs".
Fixed the default User-Agent to say "unknown OS" instead of "undefined" when jsdom is used in web browsers.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Sep 06 '22 02:09 renovate[bot]