chore(deps): update test packages (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
happy-dom	18.0.1 -> 20.0.8
vitest (source)	3.2.4 -> 4.0.3

---

Release Notes

capricorn86/happy-dom (happy-dom)

v20.0.8

Compare Source

👷‍♂️ Patch fixes

• Fixes issue where previousSibling() and nextSibling() didn't work in HTMLSelectElement and HTMLFormElement - By @​capricorn86 in task #​1939
• Fixes issue where parsing an item without a permitted parent (e.g. <tr>) should be valid inside a <template> element - By @​capricorn86 in task #​1939

v20.0.7

Compare Source

👷‍♂️ Patch fixes

• Fix incorrect handling of >= operator in media query parser - By @​lkritsimas in task #​1869

v20.0.6

Compare Source

👷‍♂️ Patch fixes

• Changes implementation for DOMTokenList.forEach(), Headers.forEach() and NodeList.forEach() to be spec compliant - By @​ikeyan in task #​1858

v20.0.5

Compare Source

👷‍♂️ Patch fixes

• The setter TreeWalker.currentNode should validate if the value is a Node - By @​capricorn86 in task #​1935

v20.0.4

Compare Source

👷‍♂️ Patch fixes

• Only adds buttons to FormData if they are the submitter - By @​maxmil and @​
  karpiuMG in task #​1859

v20.0.3

Compare Source

👷‍♂️ Patch fixes

• Moves URL resolution to after checking if module preloading is enabled to prevent URL errors to be thrown when unresolvable - By @​iam-medvedev in task #​1851
• Fixes issue where CSS variables aren't parsed correctly when inside CSS functions - By @​fimion in task #​1837

v20.0.2

Compare Source

👷‍♂️ Patch fixes

• Adds frozen intrinsics flag to workers in @happy-dom/server-renderer - By @​capricorn86 in task #​1934

v20.0.1

Compare Source

👷‍♂️ Patch fixes

• Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By @​capricorn86 in task #​1932
  • A security advisory has been reported showing that the recommended preventive measure of running Node.js with --disallow-code-generation-from-strings wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to @​cristianstaicu for reporting this!
  • The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the Wiki

v20.0.0

Compare Source

I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.

💣 Breaking Changes

• Due to security risks, JavaScript evaluation is now disabled by default - By @​capricorn86 in task #​1930
  • A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @​Mas0nShi for reporting this!
  • Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions
  • JavaScript evaluation can be enabled by setting enableJavaScriptEvaluation to "true". Read more about how to enable this in a safer way in the Wiki

v19.0.2

Compare Source

👷‍♂️ Patch fixes

• Fixes issue related to CSS pseudo selector :scope that didn't work correctly for direct descendants to root - By @​capricorn86 in task #​1620

v19.0.1

Compare Source

👷‍♂️ Patch fixes

• Fixes issue with sending in URLs as string in @happy-dom/server-renderer config using CLI - By @​capricorn86 in task #​1908

v19.0.0

Compare Source

💣 Breaking Changes

• Removes support for CommonJS - By @​capricorn86 in task #​1730
  • Support for CommonJS is no longer needed as Node.js v18 is deprecated and v20 and above supports loading ES modules from CommonJS using require()
• Updates Jest to v30 in the @happy-dom/jest-environment package - By @​capricorn86 in task #​1730
• Makes Jest packages peer dependencies to make it easier to align versions with the project using @happy-dom/jest-environment - By @​capricorn86 in task #​1730

🎨 Features

• Adds a new package called @happy-dom/server-renderer - By @​capricorn86 in task #​1730
  • This package provides a simple way to statically render (SSG) or server-side render (SSR) your client-side application
  • Read more in the Wiki under Server-Renderer
• Adds support for import.meta to the ESM compiler - By @​capricorn86 in task #​1730
• Adds support for the CSS pseudo selector :scope - By @​capricorn86 in task #​1620
• Improves support for MediaList - By @​capricorn86 in task #​1730
• Adds support for CSSKeywordValue, CSSStyleValue, StylePropertyMap, StylePropertyMap, StylePropertyMapReadOnly - By @​capricorn86 in task #​1730
• Improves debug information in the ESM compiler - By @​capricorn86 in task #​1730
• Adds validation of browser settings when creating a new Browser instance - By @​capricorn86 in task #​1730
• Adds support for the browser setting navigation.beforeContentCallback which makes it possible to inject event listeners or logic before content is loaded to the document when navigating a browser frame - By @​capricorn86 in task #​1730
• Adds support for the browser setting fetch.requestHeaders which provides with a declarative and simple way to add request headers - By @​capricorn86 in task #​1730
• Adds support for setting an object to timer.preventTimerLoops which makes it possible to define different settings for setTimeout() and requestAnimationFrame() - By @​capricorn86 in task #​1730
• Adds support for the browser setting viewport which makes it possible to define a default viewport size - By @​capricorn86 in task #​1730
• Adds support for the parameters beforeContentCallback and headers to BrowserFrame.goto(), BrowserFrame.goBack(), BrowserFrame.goForward(), BrowserFrame.goSteps() and BrowserFrame.reload() - By @​capricorn86 in task #​1730
• Adds support for PopStateEvent and trigger the event when navigating the page history using History.pushState() - By @​capricorn86 in task #​1730
• Use local file paths for virtual server files in stack traces - By @​capricorn86 in task #​1730
• Adds support for ResponseCache.fileSystem.load() and ResponseCache.fileSystem.save() for storing and loading cache from the file system - By @​capricorn86 in task #​1730

👷‍♂️ Patch fixes

• Fixes a bug in the ESM compiler that caused it to fail to parse certain code - By @​capricorn86 in task #​1730
• Disables the same origin policy when navigating a browser frame using BrowserFrame.goto() - By @​capricorn86 in task #​1730
• Fixes bug where CSS selectors with the pseudos "+" and ">" failed for selectors without arguments - By @​capricorn86 in task #​1730
• Adds try and catch to listeners for events dispatched from XMLHttpRequest to prevent it from being set to an invalid state if a listener throws an Error - By @​capricorn86 in task #​1730

vitest-dev/vitest (vitest)

v4.0.3

Compare Source

   🐞 Bug Fixes

• Preserve reporter options from config when CLI reporters override them  -  by @​Copilot and sheremet-va in #​8794 (15552)
• browser: More stable in-source testing validation  -  by @​sheremet-va in #​8793 (62297)
• happy-dom: Support fetch globals  -  by @​sheremet-va in #​8791 (0fb74)
• init: Use correct jsx/tsx extension  -  by @​sheremet-va in #​8792 (abc04)

    View changes on GitHub

v4.0.2

Compare Source

   🐞 Bug Fixes

• browser:
  • Don't print the deprecation notice in node_modules  -  by @​sheremet-va in #​8779 (588f7)
• pool:
  • Assign envs before running tests to keep in sync with process.env  -  by @​sheremet-va in #​8769 (26ce8)
• spy:
  • Properly inherit implementation's length  -  by @​sheremet-va in #​8778 (d4c2b)
  • Reset spies if both restoreMocks and mockReset is set in the config  -  by @​sheremet-va in #​8781 (2eedb)

    View changes on GitHub

v4.0.1

Compare Source

   🐞 Bug Fixes

• Move the getBuiltins check  -  by @​sheremet-va in #​8765 (81000)
• pool: Don't teardown the communication channel too soon if something is running after the test  -  by @​sheremet-va in #​8767 (3fae7)

    View changes on GitHub

v4.0.0

Compare Source

   🚨 Breaking Changes

• Remove 'basic' reporter  -  by @​AriPerkkio in #​7884 (82fcf)
• Simplify default exclude pattern  -  by @​sheremet-va in #​6287 (14c50)
• Remove deprecated getSourceMap  -  by @​sheremet-va in #​8194 (ff934)
• Replace deprecated ErrorWithDiff with TestError  -  by @​sheremet-va in #​8195 (da59e)
• Remove UserConfig type in favor of ViteUserConfig  -  by @​sheremet-va in #​8196 (22f7f)
• Remove deprecated coverage options in favor of vitest/node exports  -  by @​sheremet-va in #​8197 (dc848)
• Remove deprecated internal helpers and environment exports  -  by @​sheremet-va in #​8198 (4703c)
• Remove deprecated typecheck and runner types  -  by @​sheremet-va in #​8199 (89a1c)
• Remove Node types from the main entry point, use vitest/node instead  -  by @​sheremet-va in #​8200 (1e60c)
• Remove support for Vite 5  -  by @​sheremet-va in #​8202 (cb8b0)
• Remove deprecated types  -  by @​sheremet-va in #​8203 (66bee)
• Remove deprecated environmentMatchGlobs and poolMatchGlobs  -  by @​sheremet-va in #​8205 (be11d)
• Remove deprecated workspace option in favor of projects  -  by @​sheremet-va in #​8218 (76fb7)
• Ignore --standalone when CLI filename filter is used  -  by @​AriPerkkio in #​8262 (013bf)
• Use module-runner instead of vite-node  -  by @​sheremet-va and @​AriPerkkio in #​8208 (9be01)
• Rewrite spying implementation to make module mocking more intuitive  -  by @​sheremet-va in #​8363 (9e412)
• Remove deprecated APIs  -  by @​sheremet-va in #​8428 (a1cb9)
• Remove minWorkers and set it automatically to 0 in non watch mode  -  by @​sheremet-va in #​8454 (2c2d1)
• Verbose reporter prints tests in a list, introduce tree reporter  -  by @​sheremet-va and @​AriPerkkio in #​8500 (25fd3)
• Include shadow root contents in pretty-format output  -  by @​wkillerud in #​8545 (9e722)
• Remove deprecated order from test() API  -  by @​sheremet-va in #​8594 (4d419)
• Rewrite pools without tinypool  -  by @​AriPerkkio and @​sheremet-va in #​8705 (4822d)
• browser: Require a provider factory instead of a string  -  by @​sheremet-va in #​8445 (606cb)
• expect: Pass current equality testers to asymmetric matcher  -  by @​hi-ogawa in #​6825 (965ce)
• projects: Allow only files that have "vitest.config" or "vite.config" in the name  -  by @​sheremet-va in #​8542 (304bc)
• reporter: Remove deprecated APIs  -  by @​AriPerkkio and @​sheremet-va in #​8223 (149f8)
• runner: Set mode to todo if no function is passed down to test or describe  -  by @​sheremet-va in #​8346 (1a81c)
• snapshot: Fail test with obsolete snapshot on CI  -  by @​hi-ogawa in #​7963 (4d84f)
• spy: Support spying on classes  -  by @​sheremet-va in #​6160 (abc0d)

   🚀 Features

• Provide entity to onConsoleLog  -  by @​sheremet-va in #​8159 (437d4)
• Add onUnhandledError callback  -  by @​sheremet-va in #​8162 (924cb)
• Add spy option to vi.mockObject  -  by @​rChaoz in #​8285 (81d76)
• Don't use vite-node in coverage packages  -  by @​sheremet-va (ffdb4)
• Clickable dashboard numbers  -  by @​shairez in #​7406 (2344c)
• Display test "path" when filtering  -  by @​userquin in #​8547 (2e491)
• Introduce separate packages for browser mode providers  -  by @​sheremet-va in #​8629 (0dc93)
• Add hooks with type-safe extra context to TestAPI  -  by @​ysfaran in #​8623 (6b21c)
• Support expect.assert for type narrowing  -  by @​sheremet-va in #​8695 (fe589)
• Add displayAnnotations option to github-options  -  by @​sheremet-va in #​8706 (4a66d)
• Add schema validation matchers  -  by @​zirkelc in #​8527 (c0b25)
• Add a way to dump transformed content  -  by @​sheremet-va in #​8711 (931c0)
• api:
  • Expose experimental_parseSpecifications  -  by @​sheremet-va in #​8408 (fdeb2)
  • Expose Vitest watcher  -  by @​sheremet-va in #​8413 (aaa6e)
  • Add enableCoverage and disableCoverage methods  -  by @​sheremet-va and @​AriPerkkio in #​8412 (61eb7)
  • Add getGlobalTestNamePattern method  -  by @​sheremet-va in #​8438 (bdb70)
  • Add relativeModuleId to TestModule  -  by @​sheremet-va in #​8505 (3be09)
  • Add getSeed method  -  by @​sheremet-va in #​8592 (438c4)
• browser:
  • Support toBeInViewport utility method to assert element is in viewport or not  -  by @​Shinyaigeek in #​8234 (ceed5)
  • Add qwik to the vitest init cli command  -  by @​thejackshelton in #​8330 (1638b)
  • Introduce toMatchScreenshot for Visual Regression Testing  -  by @​macarie in #​8041 (d45f9)
  • Add trackUnhandledErrors option  -  by @​sheremet-va in #​8386 (c0ec0)
  • Support iframe locator with playwright provider  -  by @​sheremet-va in #​8016 (57b2c)
  • Add length property to locators, toHaveLength now accepts locators  -  by @​sheremet-va in #​8512 (2308c)
  • Support playwright tracing  -  by @​sheremet-va in #​8584 (1aac5)
  • Expose options on BrowserProviderOption  -  by @​sheremet-va in #​8609 (0d0e5)
  • Support --inspect option in webdriverio  -  by @​sheremet-va in #​8613 (38adc)
  • Support custom screenshot comparison algorithms  -  by @​macarie in #​8687 (e63b1)
• coverage:
  • autoUpdate to support percentage formatting  -  by @​Battjmo and @​AriPerkkio in #​8456 (99e01)
• expect:
  • Support toBeNullable expect function to check provided value is nullish  -  by @​Shinyaigeek and @​sheremet-va in #​8294 (eeec5)
• mocker:
  • Add automocker entry  -  by @​sheremet-va in #​8301 (e9c92)

   🐞 Bug Fixes

• Allow overriding globals in types  -  by @​sheremet-va in #​8215 (2248b)
• Remove unused dependencies  -  by @​AriPerkkio in #​8184 (feadc)
• Distribute test files to shards more evenly  -  by @​Shinyaigeek and @​AriPerkkio in #​8288 (7b489)
• Use suite's timeout when test.extend  -  by @​AriPerkkio in #​8278 (43977)
• Support snapshot with no object key sorting  -  by @​hi-ogawa and @​sheremet-va in #​8136 (e85e3)
• Annotation location always points to the test file  -  by @​sheremet-va in #​8315 (88071)
• Add --changed flag support to vitest list command  -  by @​haakonjackfloat in #​8270 and #​8272 (e71a5)
• Prevent rpc timeout on slow thread blocking synchronous methods  -  by @​AriPerkkio and @​sheremet-va in #​8297 (bea87)
• Forbid setting environment to browser  -  by @​sheremet-va in #​8334 (0417a)
• Invalidate modules in all module graphs when the file is changed  -  by @​sheremet-va in #​8352 (94ab3)
• Screenshot masks with Playwright provider  -  by @​macarie in #​8357 (459ef)
• Configure oxc instead of esbuild on rolldown-vite  -  by @​hi-ogawa in #​8378 (e922e)
• Make sure test errors always have stacks property in Node.js context  -  by @​sheremet-va in #​8392 (b825e)
• Support import.meta.resolve on Vite 7  -  by @​hi-ogawa in #​8493 (549d3)
• Show the assertion error first when expect.poll assertion fails  -  by @​sheremet-va in #​8483 (fb450)
• Override fake timers when useFakeTimers is called multiple times  -  by @​sheremet-va in #​8504 (ed7e3)
• Custom expect messages for expect.extend matchers  -  by @​lzl0304 in #​8520 (96945)
• Process sourcemaps for stack traces from globalSetup files  -  by @​sheremet-va in #​8534 (8978a)
• Resolve performance issue when throwing errors with stackTraceLimit = 0  -  by @​Copilot, sheremet-va and @​AriPerkkio in #​8531 (6d5b5)
• Avoid recursively applying $ and % formatting to test.for/each title  -  by @​hi-ogawa in #​8557 (ea6d7)
• Replace wildcard exports "./*" with specific files in vitest package  -  by @​hi-ogawa in #​8560 (ce746)
• Don't publish unused d.ts files  -  by @​sheremet-va in #​8562 (42dfd)
• Remove loupe dependencies from optimizeDeps.include for browser mode  -  by @​jake-danton in #​8570 (cdcf7)
• Update engines field to drop Node 18 support  -  by @​sheremet-va in #​8608 (9a0bf)
• Correctly inherit test options on extended tests  -  by @​sheremet-va in #​8618 (15c09)
• Update @​types/node peer deps  -  by @​sheremet-va (ee6b2)
• Re-export CDP Session directly from playwright  -  by @​mrginglymus in #​8702 (9553a)
• Disable trackUnhandledErrors if inspector is enabled  -  by @​sheremet-va in #​8732 (acac7)
• base option doesn't crash vitest  -  by @​sheremet-va in #​8760 (9f0ec)
• browser:
  • Run in-source tests only when the file itsels is a test file  -  by @​sheremet-va in #​8204 (bdd2e)
  • locator.element() returns HTMLElement or SVGElement  -  by @​sheremet-va in #​8440 (c1ac1)
  • Don't import from vite directly  -  by @​sheremet-va in #​8541 (d7fca)
  • Update expect.element type to match the implementation  -  by @​sheremet-va in #​8597 (b2804)
  • Throw an error if iframe is not accessible anymore  -  by @​sheremet-va in #​8601 (6acdc)
  • Stop creating unnecessary directories when taking screenshots  -  by @​macarie in #​8605 (b1c8f)
  • Always define commands  -  by @​sheremet-va in #​8626 (acbe0)
  • Exclude deprecated context import from optimization  -  by @​sheremet-va in #​8658 (a96ea)
  • Allow importing BrowserCommand if no browser package is installed  -  by @​sheremet-va in #​8666 (95c36)
  • Define an export for browser/utils  -  by @​sheremet-va in #​8678 (529ab)
  • Allow service workers to mock the network in chromium without breaking vi.mock  -  by @​Georgegriff and @​sheremet-va in #​8668 (87108)
  • Support sync not.toBeInTheDocument()  -  by @​sheremet-va in #​8751 (f5d06)
• core:
  • Fix objectContaining expect utility to have more compatibility to jest's one  -  by @​Shinyaigeek in #​8241 (480be)
• coverage:
  • Include files based on --project filter  -  by @​gtbuchanan in #​7885 (761be)
  • Prevent encoding filenames of uncovered files  -  by @​AriPerkkio in #​8239 (8a998)
  • Handle query param based transforms correctly  -  by @​AriPerkkio in #​8418 (a400a)
  • Enforce order of vitest:coverage-transform plugin  -  by @​AriPerkkio in #​8477 (ff517)
  • V8 to ignore Vite's generated cjs import helpers  -  by @​mrginglymus and @​AriPerkkio in #​8718 (35816)
  • Keep only strings in coverage.exclude  -  by @​sheremet-va in #​8731 (c9c30)
• deps:
  • Update all non-major dependencies  -  by @​sheremet-va in #​8235 (a1e57)
  • Update all non-major dependencies  -  in #​8328 (aa79e)
  • Update all non-major dependencies  -  in #​8348 (13f94)
  • Update all non-major dependencies  -  by @​sheremet-va in #​8382 (704eb)
  • Update all non-major dependencies  -  in #​8550 (048f7)
• jsdom:
  • Override globals that Fetch API relies on  -  by @​sheremet-va in #​8390 (05b41)
  • Support AbortSignal API  -  by @​sheremet-va in #​8704 (f6690)
• mocker:
  • Fix regexpHoistable to allow whitespace before parentheses  -  by @​cszhjh in #​8231 (a0f9a)
• module-runner:
  • Resolve resolvedSources correctly  -  by @​sheremet-va in #​8736 (8fc52)
  • Support getBuiltins  -  by @​sheremet-va in #​8746 (87bb8)
• pool:
  • Properly reuse the vm pool  -  by @​sheremet-va in #​8758 (08498)
• reporter:
  • Invisible CLI menus when vitest --standalone  -  by @​AriPerkkio in #​8248 (37cc2)
• rolldown-vite:
  • Properly disable minifier in the browser client  -  by @​sheremet-va in #​8306 (f55bb)
• runner:
  • Don't bundle runner with utils  -  by @​sheremet-va in #​8496 (2b4b0)
• spy:
  • Fix spyOn types with optional method  -  by @​sheremet-va in #​8499 (d3afa)
  • Can respy on an exported method  -  by @​sheremet-va in #​8521 (bf450)
  • Don't fail when spying on static getters  -  by @​sheremet-va in #​8589 (ac1d9)
• types:
  • Ensure Chai declaration merge works with TS-Go  -  by @​LukeAbby in #​8188 (5261d)
  • Allow returning a promise from defineConfig  -  by @​sheremet-va in #​8651 (c3474)
• ui:
  • Keep the same tab open when clicking on different tests  -  by @​sheremet-va in #​8599 (3e535)
• utils:
  • Remove ast export  -  by @​bluwy in #​8435 (21622)
• vitest:
  • Override config.include option with config.browser.instances[].include option if it is specified  -  by @​Shinyaigeek in #​8260 [(

---

Configuration

📅 Schedule: Branch creation - "on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying dev-mode with    Cloudflare Pages

Latest commit:	378f222
Status:	🚫  Build failed.

View logs

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	simple-git-hooks@​2.13.0
	happy-dom@​18.0.1 ⏵ 20.0.8		+75		+1

View full report