dependabot[bot] opened a new pull request, #282: URL: https://github.com/apache/bigtop-manager/pull/282
Bumps [happy-dom](https://github.com/capricorn86/happy-dom) from 18.0.1 to 20.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/capricorn86/happy-dom/releases";>happy-dom's releases</a>.</em></p> <blockquote> <h2>v20.0.2</h2> <h3>:construction_worker_man: Patch fixes</h3> <ul> <li>Adds frozen intrinsics flag to workers in <code>@happy-dom/server-renderer</code> - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1934";>#1934</a></li> </ul> <h2>v20.0.1</h2> <h3>:construction_worker_man: Patch fixes</h3> <ul> <li>Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1932";>#1932</a> <ul> <li>A security advisory has been reported showing that the recommended preventive measure of running Node.js with <code>--disallow-code-generation-from-strings</code> wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to <a href="https://github.com/cristianstaicu";><code>@cristianstaicu</code></a> for reporting this!</li> <li>The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the <a href="https://github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning";>Wiki</a></li> </ul> </li> </ul> <h2>v20.0.0</h2> <p>I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.</p> <h3>:bomb: Breaking Changes</h3> <ul> <li>Due to security risks, JavaScript evaluation is now disabled by default - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1930";>#1930</a> <ul> <li>A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to <a href="https://github.com/Mas0nShi";><code>@Mas0nShi</code></a> for reporting this!</li> <li>Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions</li> <li>JavaScript evaluation can be enabled by setting <a href="https://github.com/capricorn86/happy-dom/wiki/IOptionalBrowserSettings";>enableJavaScriptEvaluation</a> to "true". Read more about how to enable this in a safer way in the <a href="https://github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning";>Wiki</a></li> </ul> </li> </ul> <h2>v19.0.2</h2> <h3>:construction_worker_man: Patch fixes</h3> <ul> <li>Fixes issue related to CSS pseudo selector <code>:scope</code> that didn't work correctly for direct descendants to root - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1620";>#1620</a></li> </ul> <h2>v19.0.1</h2> <h3>:construction_worker_man: Patch fixes</h3> <ul> <li>Fixes issue with sending in URLs as string in <code>@happy-dom/server-renderer</code> config using CLI - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1908";>#1908</a></li> </ul> <h2>v19.0.0</h2> <h3>:bomb: Breaking Changes</h3> <ul> <li>Removes support for CommonJS - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a> <ul> <li>Support for CommonJS is no longer needed as Node.js v18 is deprecated and v20 and above supports loading ES modules from CommonJS using <code>require()</code></li> </ul> </li> <li>Updates Jest to v30 in the <code>@happy-dom/jest-environment</code> package - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> <li>Makes Jest packages peer dependencies to make it easier to align versions with the project using <code>@happy-dom/jest-environment</code> - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> </ul> <h3>:art: Features</h3> <ul> <li>Adds a new package called <code>@happy-dom/server-renderer</code> - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a> <ul> <li>This package provides a simple way to statically render (SSG) or server-side render (SSR) your client-side application</li> <li>Read more in the Wiki under <a href="https://github.com/capricorn86/happy-dom/wiki/Server-Renderer";>Server-Renderer</a></li> </ul> </li> <li>Adds support for <code>import.meta</code> to the ESM compiler - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> <li>Adds support for the CSS pseudo selector <code>:scope</code> - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1620";>#1620</a></li> <li>Improves support for <code>MediaList</code> - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> <li>Adds support for <code>CSSKeywordValue</code>, <code>CSSStyleValue</code>, <code>StylePropertyMap</code>, <code>StylePropertyMap</code>, <code>StylePropertyMapReadOnly</code> - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> <li>Improves debug information in the ESM compiler - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> <li>Adds validation of browser settings when creating a new <code>Browser</code> instance - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> <li>Adds support for the browser setting <a href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings";>navigation.beforeContentCallback</a> which makes it possible to inject event listeners or logic before content is loaded to the document when navigating a browser frame - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> <li>Adds support for the browser setting <a href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings";>fetch.requestHeaders</a> which provides with a declarative and simple way to add request headers - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> <li>Adds support for setting an object to <a href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings";>timer.preventTimerLoops</a> which makes it possible to define different settings for <code>setTimeout()</code> and <code>requestAnimationFrame()</code> - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> <li>Adds support for the browser setting <a href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings";>viewport</a> which makes it possible to define a default viewport size - By <strong><a href="https://github.com/capricorn86";><code>@capricorn86</code></a></strong> in task <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1730";>#1730</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/capricorn86/happy-dom/commit/f4bd4ebe3fe5abd2be2bcea1c07043c8b0b70eea";><code>f4bd4eb</code></a> fix: <a href="https://redirect.github.com/capricorn86/happy-dom/issues/0";>#0</a> Adds frozen intrinsics flag to server-renderer workers (<a href="https://redirect.github.com/capricorn86/happy-dom/issues/1934";>#1934</a>)</li> <li><a href="https://github.com/capricorn86/happy-dom/commit/f45d92e176acf0232aade63ee4ddac8747252a79";><code>f45d92e</code></a> fix: <a href="https://redirect.github.com/capricorn86/happy-dom/issues/0";>#0</a> Adds warning for environemnt with unfrozen builtins (<a href="https://redirect.github.com/capricorn86/happy-dom/issues/1932";>#1932</a>)</li> <li><a href="https://github.com/capricorn86/happy-dom/commit/819d15ba289495439eda8be360d92a614ce22405";><code>819d15b</code></a> BREAKING CHANGE: <a href="https://redirect.github.com/capricorn86/happy-dom/issues/0";>#0</a> Changes JavaScript evaluation to be disabled by default...</li> <li><a href="https://github.com/capricorn86/happy-dom/commit/c80a08f30ad97b04fbb251ab11b87cb9d5706207";><code>c80a08f</code></a> fix: <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1620";>#1620</a> Fixes issue related to CSS pseudo selector :scope (<a href="https://redirect.github.com/capricorn86/happy-dom/issues/1911";>#1911</a>)</li> <li><a href="https://github.com/capricorn86/happy-dom/commit/220df23dea106ad29c60393e6ebcffe5d2ce3af7";><code>220df23</code></a> fix: <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1908";>#1908</a> Fixes issue with sending in URLs as string in server-renderer co...</li> <li><a href="https://github.com/capricorn86/happy-dom/commit/9849f8bb186b0bc1eff766186f86f8735bdab09b";><code>9849f8b</code></a> chore: <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1906";>#1906</a> Fixes failing unit test caused by package version (<a href="https://redirect.github.com/capricorn86/happy-dom/issues/1907";>#1907</a>)</li> <li><a href="https://github.com/capricorn86/happy-dom/commit/48d174ec33bf07beabb31483a6925e3961fd65d2";><code>48d174e</code></a> chore: <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1904";>#1904</a> Updates conventional commit package (<a href="https://redirect.github.com/capricorn86/happy-dom/issues/1905";>#1905</a>)</li> <li><a href="https://github.com/capricorn86/happy-dom/commit/275efe5f9a0ae0e0d840e94fd5ca4de126ba8ce4";><code>275efe5</code></a> BREAKING CHANGE: <a href="https://redirect.github.com/capricorn86/happy-dom/issues/1620";>#1620</a> Release v18.0.0</li> <li>See full diff in <a href="https://github.com/capricorn86/happy-dom/compare/v18.0.1...v20.0.2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/bigtop-manager/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
