Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump tough-cookie and jsdom #225

Merged
merged 1 commit into from
Oct 4, 2024
Merged

Bump tough-cookie and jsdom #225

merged 1 commit into from
Oct 4, 2024

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Oct 2, 2024
edited
Loading

Bumps tough-cookie and jsdom. These dependencies needed to be updated together.
Updates tough-cookie from 2.5.0 to 5.0.0

Release notes

Sourced from tough-cookie's releases.

v5.0.0

Summary

Breaking Changes

  • We've migrated the project to TypeScript! First-party types are now available.
  • The minimum supported version of node is v18.
  • We no longer provide official support for non-node enviroments.

API Changes

  • We've standardized most of our exposed interfaces to accept both null and undefined and return only undefined.
  • getCookie and getCookies now accept a string or URL as a parameter.
  • We've removed the inspect function in favor of node's util.inspect.custom symbol. Cookies may appear different when logged in non-node environments.

Other Changes

  • Fixed the expiry time not updating when a cookie is updating.
  • Fixed validation errors not getting called in some callbacks.
  • New documentation that is always kept up to date!
  • Performance improvements.

What's Changed

... (truncated)

Commits
  • 7ed1b8a Merge pull request #451 from salesforce/prepare_v5
  • cbaa1a5 Prepare v5 release
  • 57b534c 5.0.0
  • 2e6b3f4 Bump eslint from 8.57.0 to 9.9.1 (#449)
  • b72cdb2 Bump the dev-dependencies group with 2 updates (#448)
  • 93d550b upgrade typescript-eslint to 8.0.1 (#440)
  • 07a7a4d Bump the dev-dependencies group with 6 updates (#444)
  • 9b78073 Bump tldts from 6.1.37 to 6.1.41 in the production-dependencies group (#443)
  • 25a769c Bump the dev-dependencies group across 1 directory with 6 updates (#439)
  • 99dab1b Bump tldts from 6.1.32 to 6.1.37 in the production-dependencies group (#436)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by ccasey, a new releaser for tough-cookie since your current version.


Updates jsdom from 15.2.1 to 25.0.1

Release notes

Sourced from jsdom's releases.

Version 25.0.1

  • Updated dependencies, notably tough-cookie, which no longer prints a deprecation warning.

Version 25.0.0

This major release changes the prototype of a jsdom's EventTarget.prototype to point to the Object.prototype inside the jsdom, instead of pointing to the Node.js Object.prototype. Thus, the prototype chain of Window stays entirely within the jsdom, never crossing over into the Node.js realm.

This only occurs when runScripts is set to non-default values of "dangerously" or "outside-only", as with the default value, there is no separate Object.prototype inside the jsdom.

This will likely not impact many programs, but could cause some changes in instanceof behavior, and so out of an abundance of caution, we're releasing it as a new major version.

Version 24.1.3

  • Fixed calls to postMessage() that were done as a bare property (i.e., postMessage() instead of window.postMessage()).

Version 24.1.2

  • Fixed an issue with the in operator applied to EventTarget methods, e.g. 'addEventListener' in window, which only appeared in Node.js ≥22.5.0. (legendecas)
  • Fixed the events fired by blur(): it no longer fires focus and focusin on the Document, and blur and focusout no longer have their relatedTarget property set. (asamuzaK)

Version 24.1.1

  • Fixed selection methods to trigger the selectionchange event on the Document object. (piotr-oles)

Version 24.1.0

  • Added the getSetCookie() method to the Headers class. (ushiboy)
  • Fixed the creation and parsing of elements with names from Object.prototype, like "constructor" or "toString".
  • Updated rweb-cssom, which can now parse additional CSS constructs.

Version 24.0.0

This release reverts our selector engine back to nwsapi. As discussed in #3659, the performance regressions from @asamuzakjp/dom-selector turned out to be higher than anticipated. In the future, we can revisit @asamuzakjp/dom-selector after it reaches nwsapi's performance on the two real-world benchmarks provided by the community.

Since reverting to nwsapi causes several functionality regressions, e.g. removing :has() support, we've decided to make this a major version.

Additionally:

  • Small fixes to edge-case behavior of the following properties: input.maxLength, input.minLength, input.size, progress.max, tableCell.colSpan, tableCell.rowSpan, tableCol.span, textArea.cols, textArea.maxLength, textArea.minLength, textArea.rows.

Version 23.2.0

This release switches our CSS selector engine from nwsapi to @asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.

There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.

Version 23.1.0

  • Added an initial implementation of ElementInternals, including the shadowRoot getter and the string-valued ARIA properties. (zjffun)
  • Added the string-valued ARIA attribute-reflecting properties to Element.
  • Fixed history.pushState() and history.replaceState() to follow the latest specification, notably with regards to how they handle empty string inputs and what new URLs are possible.
  • Fixed the input.valueAsANumber setter to handle NaN correctly. (alexandertrefz)
  • Updated various dependencies, including cssstyle which contains several bug fixes.

Version 23.0.1

  • Fixed the incorrect canvas peer dependency introduced in v23.0.0.

Version 23.0.0

... (truncated)

Changelog

Sourced from jsdom's changelog.

25.0.1

  • Updated dependencies, notably tough-cookie, which no longer prints a deprecation warning.

25.0.0

This major release changes the prototype of a jsdom's EventTarget.prototype to point to the Object.prototype inside the jsdom, instead of pointing to the Node.js Object.prototype. Thus, the prototype chain of Window stays entirely within the jsdom, never crossing over into the Node.js realm.

This only occurs when runScripts is set to non-default values of "dangerously" or "outside-only", as with the default value, there is no separate Object.prototype inside the jsdom.

This will likely not impact many programs, but could cause some changes in instanceof behavior, and so out of an abundance of caution, we're releasing it as a new major version.

24.1.3

  • Fixed calls to postMessage() that were done as a bare property (i.e., postMessage() instead of window.postMessage()).

24.1.2

  • Fixed an issue with the in operator applied to EventTarget methods, e.g. 'addEventListener' in window, which only appeared in Node.js ≥22.5.0. (legendecas)
  • Fixed the events fired by blur(): it no longer fires focus and focusin on the Document, and blur and focusout no longer have their relatedTarget property set. (asamuzaK)

24.1.1

  • Fixed selection methods to trigger the selectionchange event on the Document object. (piotr-oles)

24.1.0

  • Added the getSetCookie() method to the Headers class. (ushiboy)
  • Fixed the creation and parsing of elements with names from Object.prototype, like "constructor" or "toString".
  • Updated rweb-cssom, which can now parse additional CSS constructs.

24.0.0

This release reverts our selector engine back to nwsapi. As discussed in #3659, the performance regressions from @asamuzakjp/dom-selector turned out to be higher than anticipated. In the future, we can revisit @asamuzakjp/dom-selector after it reaches nwsapi's performance on the two real-world benchmarks provided by the community.

Since reverting to nwsapi causes several functionality regressions, e.g. removing :has() support, we've decided to make this a major version.

Additionally:

  • Small fixes to edge-case behavior of the following properties: input.maxLength, input.minLength, input.size, progress.max, tableCell.colSpan, tableCell.rowSpan, tableCol.span, textArea.cols, textArea.maxLength, textArea.minLength, textArea.rows.

23.2.0

This release switches our CSS selector engine from nwsapi to @asamuzakjp/dom-selector. The new engine is more actively maintained, and supports many new selectors: see the package's documentation for the full list. It also works better with shadow trees.

There is a potential of a performance regression due to this change. In our stress test benchmark, which runs most of these 273 selectors against this 128 KiB document, the new engine completes the benchmark only 0.25x as fast. However, we're hopeful that in more moderate usage this will not be a significant issue. Any help speeding up @asamuzakjp/dom-selector is appreciated, and feel free to open an issue if this has had a significant impact on your project.

23.1.0

  • Added an initial implementation of ElementInternals, including the shadowRoot getter and the string-valued ARIA properties. (zjffun)

... (truncated)

Commits
  • 04541b3 Version 25.0.1
  • 96bd111 Update dependencies and dev dependencies
  • d08440c Upgrade tough-cookie to v5.0.0
  • c53efc8 Version 25.0.0
  • 784c8a5 Set EventTarget.prototype to the jsdom's Object.prototype
  • 0314f1e Version 24.1.3
  • 46d5d5c Fix postMessage referenced as a bare property
  • a241df6 Version 24.1.2
  • c3a9aed Remove upstreamed WPTs
  • 07fab37 Refactor Window object setup code
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 2, 2024
@blcham blcham force-pushed the dependabot/npm_and_yarn/multi-0e171291c1 branch from 3dd9bc0 to a04aac8 Compare October 3, 2024 14:36
@blcham
Copy link

blcham commented Oct 3, 2024

@dependabot rebase

@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Oct 3, 2024

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@blcham
Copy link

blcham commented Oct 3, 2024

@dependabot recreate

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-0e171291c1 branch from a04aac8 to 88ef45b Compare October 3, 2024 15:05
@dependabot
Bump tough-cookie and jsdom
a98f15c 
Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) and [jsdom](https://github.com/jsdom/jsdom). These dependencies needed to be updated together.

Updates `tough-cookie` from 2.5.0 to 5.0.0
- [Release notes](https://github.com/salesforce/tough-cookie/releases)
- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)
- [Commits](salesforce/tough-cookie@v2.5.0...v5.0.0)

Updates `jsdom` from 15.2.1 to 25.0.1
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
- [Commits](jsdom/jsdom@15.2.1...25.0.1)

---
updated-dependencies:
- dependency-name: tough-cookie
  dependency-type: indirect
- dependency-name: jsdom
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/multi-0e171291c1 branch from 88ef45b to a98f15c Compare October 4, 2024 16:01
@palagdan
Copy link
Collaborator

palagdan commented Oct 4, 2024

@dependabot rebase

@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Oct 4, 2024

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@palagdan palagdan merged commit 78d499e into main Oct 4, 2024
2 checks passed
@palagdan palagdan deleted the dependabot/npm_and_yarn/multi-0e171291c1 branch October 4, 2024 16:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@blcham @palagdan