chore(deps): update dependency jsdom to v29

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
jsdom	^26.1.0 → ^29.0.2

---

Release Notes

jsdom/jsdom (jsdom)

v29.0.2

Compare Source

• Significantly improved and sped up getComputedStyle(). Computed value rules are now applied across a broader set of properties, and include fixes related to inheritance, defaulting keywords, custom properties, and color-related values such as currentcolor and system colors. (@​asamuzaK)
• Fixed CSS 'background' and 'border' shorthand parsing. (@​asamuzaK)

v29.0.1

Compare Source

v29.0.0

Compare Source

Breaking changes:

• Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

• Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
• Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
• Added cssMediaRule.matches and cssSupportsRule.matches getters.
• Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
• Added cssKeyframeRule.keyText getter/setter validation.
• Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
• Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
• Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
• Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (thypon)
• Fixed a memory leak when stylesheets were removed from the document.
• Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
• Fixed nested @media rule parsing.
• Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
• Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
• Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
• Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

v28.1.0

Compare Source

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
• Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
• Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

v28.0.0

Compare Source

• Overhauled resource loading customization. See the new README for details on the new API.
• Added MIME type sniffing to <iframe> and <frame> loads.
• Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
• Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
• Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)
• Fixed the referrer of a document to be set correctly when redirects are involved; it is now the initiating page, not the last hop in the redirect chain.
• Fixed correctness bugs when passing ArrayBuffers or typed arrays to various APIs, where they would not correctly snapshot the data.
• Fixed require("url").parse() deprecation warning when using WebSockets.
• Fixed <iframe>, <frame>, and <img> (when canvas is installed) to fire load events, not error events, on non-OK HTTP responses.
• Fixed many small issues in XMLHttpRequest.

v27.4.0

Compare Source

• Added TextEncoder and TextDecoder.
• Improved decoding of HTML bytes by using the new @exodus/bytes package; it is now much more correct. (ChALkeR)
• Improved decoding of XML bytes to use UTF-8 more often, instead of sniffing for <meta charset> or using the parent frame's encoding.
• Fixed a memory leak when Ranges were used and then the elements referred to by those ranges were removed.

v27.3.0

Compare Source

• Improved CSS parsing and CSSOM object APIs via updates to @acemir/cssom. (acemir)

v27.2.0

Compare Source

• Added CSSGroupingRule, CSSNestedDeclarations, CSSConditionRule, CSSContainerRule, CSSScopeRule, CSSSupportsRule, CSSLayerBlockRule, and CSSLayerStatementRule to jsdom Windows. (acemir)
• Improved CSS parsing and CSSOM object APIs via updates to @acemir/cssom. (acemir)
• Fixed @import-ed stylesheets to be properly exposed to CSSOM, and not to overwrite the sheet created from the <link> or <style> element. (acemir)

v27.1.0

Compare Source

• Improved CSS parsing by switching to @acemir/cssom, including support for nested selectors, nested declarations, layer statements, and improved at-rule validation. (acemir)
• Fixed some selector cache invalidation issues where changes to attributes were not being picked up. (asamuzaK)
• Fixed package.json "engines" field to reflect the new minimum Node.js versions needed to run jsdom, as noted in the changelog for v27.0.1.

v27.0.1

Compare Source

• Fixed some regressions in CSS selectors. Most such regression fixes were done in a minor update of a dependency, and thus available for all fresh installs of v27.0.0. However, one related to class="" attribute changes is only possible with a new version of jsdom. (asamuzaK)

v27.0.0

Compare Source

Changes since 26.1.0

• Node.js v20 is now the minimum supported version.
• Added a variety of event constructors, even though we do not implement their associated specifications or ever fire them: BeforeUnloadEvent, BlobEvent, DeviceMotionEvent (omitting requestPermission()), DeviceOrientationEvent (omitting requestPermission()), PointerEvent, PromiseRejectionEvent, and TransitionEvent.
• Added movementX and movementY to MouseEvent. (These are from the Pointer Lock specification, the rest of which is not implemented.)
• Added customElements.getName(). (mash-graz)
• Updated the virtual console:
  • "jsdomError" events are now documented, with specific type properties and other properties that depend on the type.
  • sendTo() was renamed to forwardTo().
  • The jsdomErrors option to forwardTo() can be used to control which errors are sent to the Node.js console. This replaces the previous omitJSDOMErrors boolean option.
  • "jsdomError"s for failed XMLHttpRequest fetches are no longer emitted.
  • The values that are printed when forwarding "jsdomError"s to the Node.js console are streamlined.
• Switched our CSS selector engine from nwsapi to @asamuzakjp/dom-selector, closing over 20 selector-related bugs.
• Upgraded tough-cookie, which now considers URLs like http://localhost/ to be secure contexts (per the spec), and thus will return Secure-flagged cookies for such URLs. (colincasey)
• Upgraded cssstyle, which brings along many improvements and fixes to the CSSStyleDeclaration object and its properties.
• Updated the user agent stylesheet to be derived from the HTML Standard, instead of from an old revision of Chromium.
• Changed element.click() to fire a PointerEvent instead of a MouseEvent.
• Changed certain events to be passive by default.
• Changed the <input> element's pattern="" attribute to use the v regular expression flag, instead of u.
• Fixed many specification conformance issues with the Window object, including named properties and changing various data properties to accessor properties.
• Fixed document.createEvent() to accept a more correct set of event names.
• Fixed the ElementInternals accessibility getters and setters. (They were introduced in v23.1.0, but due to inadequate test coverage never actually worked.)
• Fixed using Object.defineProperty() on certain objects, such as HTMLSelectElement instances.
• Fixed jsdom.reconfigure({ url }) not updating document.baseURI or properties derived from it. (This regressed in v26.1.0.)
• Fixed CSS system colors, as well as the initial, inherit, and unset keywords, to resolve correctly. (asamuzaK)
• Fixed CSS display style resolution. (asamuzaK)

Changes since 27.0.0-beta.3

• Upgraded cssstyle, which brings along various CSS parsing fixes.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	jsdom@​26.1.0 ⏵ 29.0.2	-15		+1		+31

View full report

[pkg-pr-new]

Open in StackBlitz

@poupe/css

npm i https://pkg.pr.new/@poupe/css@500

@poupe/nuxt

npm i https://pkg.pr.new/@poupe/nuxt@500

@poupe/tailwindcss

npm i https://pkg.pr.new/@poupe/tailwindcss@500

@poupe/theme-builder

npm i https://pkg.pr.new/@poupe/theme-builder@500

@poupe/vue

npm i https://pkg.pr.new/@poupe/vue@500

commit: 179ea98