[security](deps-dev): bump happy-dom from 20.5.0 to 20.8.8 in the npm_and_yarn group across 1 directory#132
Conversation
Bumps the npm_and_yarn group with 1 update in the / directory: [happy-dom](https://github.com/capricorn86/happy-dom). Updates `happy-dom` from 20.5.0 to 20.8.8 - [Release notes](https://github.com/capricorn86/happy-dom/releases) - [Commits](capricorn86/happy-dom@v20.5.0...v20.8.8) --- updated-dependencies: - dependency-name: happy-dom dependency-version: 20.8.8 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
Required keyword not found in PR title or description. |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 36dd7d28b0
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| "@vitejs/plugin-react": "^5.1.3", | ||
| "axe-core": "^4.11.1", | ||
| "happy-dom": "^20.5.0", | ||
| "happy-dom": "^20.8.8", |
There was a problem hiding this comment.
This bump changes the test/tooling runtime (happy-dom) but the same commit does not update the project memory doc, which violates the hard rule in /workspace/Design-System/AGENTS.md requiring FORJAMIE.md updates for any behavior/config/tooling change in the same change-set. Leaving this undocumented makes the repo’s canonical map stale (especially for security-related dependency baselines) and breaks the documented “definition of done” process.
Useful? React with 👍 / 👎.
Bumps the npm_and_yarn group with 1 update in the / directory: happy-dom.
Updates
happy-domfrom 20.5.0 to 20.8.8Release notes
Sourced from happy-dom's releases.
... (truncated)
Commits
5437fdffix: #2113 Fixes issue where export names can be interpolated as executable...7e97acbfix: #1845 Replace implementing Node js Console with common IConsole interf...3373929fix: #2106Request.formData()should honorContent-Typeheader (#2107)55c17bafix: #2110 Fixes error thrown when modifying DOM structure in connectedCall...82a0888fix: #1845 Replace ConsoleConstructor import with indexed access type (#2095)5998eeafix: #2054 Throw error if event is not of type Event in dispatchEvent (#2092)7a11238fix: #2090 Resets cancelBubble and defaultPrevented when calling initEvent ...7d27984fix: #1422 Make inert attribute block focus interactions (#2083)53e4ec9feat: #1733 Adds support for setPointerCapture, hasPointerCapture, and rele...1c73c3ffix: Properly decode CSS escape sequences in attribute selector values (#2080)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.