Chore(deps-dev): Bump happy-dom from 17.5.6 to 20.0.8

[dependabot]

Bumps happy-dom from 17.5.6 to 20.0.8.

Release notes

Sourced from happy-dom's releases.

v20.0.8

👷‍♂️ Patch fixes

• Fixes issue where previousSibling() and nextSibling() didn't work in HTMLSelectElement and HTMLFormElement - By @​capricorn86 in task #1939
• Fixes issue where parsing an item without a permitted parent (e.g. <tr>) should be valid inside a \<template> element - By @​capricorn86 in task #1939

v20.0.7

👷‍♂️ Patch fixes

• Fix incorrect handling of >= operator in media query parser - By @​lkritsimas in task #1869

v20.0.6

👷‍♂️ Patch fixes

• Changes implementation for DOMTokenList.forEach(), Headers.forEach() and NodeList.forEach() to be spec compliant - By @​ikeyan in task #1858

v20.0.5

👷‍♂️ Patch fixes

• The setter TreeWalker.currentNode should validate if the value is a Node - By @​capricorn86 in task #1935

v20.0.4

👷‍♂️ Patch fixes

• Only adds buttons to FormData if they are the submitter - By @​maxmil and @ karpiuMG in task #1859

v20.0.3

👷‍♂️ Patch fixes

• Moves URL resolution to after checking if module preloading is enabled to prevent URL errors to be thrown when unresolvable - By @​iam-medvedev in task #1851
• Fixes issue where CSS variables aren't parsed correctly when inside CSS functions - By @​fimion in task #1837

v20.0.2

👷‍♂️ Patch fixes

• Adds frozen intrinsics flag to workers in @happy-dom/server-renderer - By @​capricorn86 in task #1934

v20.0.1

👷‍♂️ Patch fixes

• Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By @​capricorn86 in task #1932
  • A security advisory has been reported showing that the recommended preventive measure of running Node.js with --disallow-code-generation-from-strings wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to @​cristianstaicu for reporting this!
  • The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the Wiki

v20.0.0

I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.

💣 Breaking Changes

• Due to security risks, JavaScript evaluation is now disabled by default - By @​capricorn86 in task #1930
  • A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @​Mas0nShi for reporting this!
  • Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions
  • JavaScript evaluation can be enabled by setting enableJavaScriptEvaluation to "true". Read more about how to enable this in a safer way in the Wiki

v19.0.2

👷‍♂️ Patch fixes

• Fixes issue related to CSS pseudo selector :scope that didn't work correctly for direct descendants to root - By @​capricorn86 in task #1620

... (truncated)

Commits

• 6070199 fix: #1939 Fixes issue where HTMLSelectElement previousSibling and nextSibl...
• 7852969 fix: #1869 Fix incorrect handling of >= operator in media query parser (#...
• aab20c3 fix: #1858 forEach should accept callback's this value and pass `this...
• 0eb4e65 fix: #1935 The setter TreeWalker currentNode should validate if the value i...
• 5da6c37 fix: #1859 Only add buttons to FormData if they are the submitter (#1860)
• 45d6948 chore: #1856 Change IterableIterator return type to ArrayIterator (#1857)
• 9e1bd67 fix: #1851 Moves URL resolution to after checking if module preloading is e...
• 620fb2f fix: #1837 Fixes issue where CSS var() isn't parsed correctly when inside C...
• f4bd4eb fix: #0 Adds frozen intrinsics flag to server-renderer workers (#1934)
• f45d92e fix: #0 Adds warning for environemnt with unfrozen builtins (#1932)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cypress]

Activity    Run #2923

Run Properties:   Passed #2923  •  9501be5339: Chore(deps-dev): Bump happy-dom from 17.5.6 to 20.0.8

Project	Activity
Branch Review	dependabot/npm_and_yarn/happy-dom-20.0.8
Run status	Passed #2923
Run duration	02m 49s
Commit	9501be5339: Chore(deps-dev): Bump happy-dom from 17.5.6 to 20.0.8
Committer	dependabot[bot]
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	10
View all changes introduced in this branch ↗︎

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 37.69%. Comparing base (bf1b97f) to head (436fc38).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2174   +/-   ##
=======================================
  Coverage   37.69%   37.69%           
=======================================
  Files          43       43           
  Lines        1682     1682           
  Branches      119      119           
=======================================
  Hits          634      634           
  Misses       1047     1047           
  Partials        1        1           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.