Skip to content

deps(deps-dev): bump jsdom from 26.1.0 to 29.0.2#7

Open
dependabot[bot] wants to merge 61 commits into
mainfrom
dependabot/npm_and_yarn/jsdom-29.0.2
Open

deps(deps-dev): bump jsdom from 26.1.0 to 29.0.2#7
dependabot[bot] wants to merge 61 commits into
mainfrom
dependabot/npm_and_yarn/jsdom-29.0.2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 18, 2026
edited
Loading

Bumps jsdom from 26.1.0 to 29.0.2.

Release notes

Sourced from jsdom's releases.

v29.0.2

  • Significantly improved and sped up getComputedStyle(). Computed value rules are now applied across a broader set of properties, and include fixes related to inheritance, defaulting keywords, custom properties, and color-related values such as currentcolor and system colors. (@​asamuzaK)
  • Fixed CSS 'background' and 'border' shorthand parsing. (@​asamuzaK)

v29.0.1

  • Fixed CSS parsing of 'border', 'background', and their sub-shorthands containing keywords or var(). (@​asamuzaK)
  • Fixed getComputedStyle() to return a more functional CSSStyleDeclaration object, including indexed access support, which regressed in v29.0.0.

v29.0.0

Breaking changes:

  • Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

  • Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
  • Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
  • Added cssMediaRule.matches and cssSupportsRule.matches getters.
  • Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
  • Added cssKeyframeRule.keyText getter/setter validation.
  • Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
  • Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
  • Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
  • Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (@​thypon)
  • Fixed a memory leak when stylesheets were removed from the document.
  • Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
  • Fixed nested @media rule parsing.
  • Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
  • Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
  • Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
  • Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

v28.1.0

  • Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
  • Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (@​asamuzaK)
  • Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
  • Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
  • Fixed getComputedStyle() to correctly handle !important priority. (@​asamuzaK)
  • Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
  • Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
  • Fixed FileReader event timing and fileReader.result state to more closely follow the spec.
  • Fixed a potential hang when synchronous XMLHttpRequest encountered dispatch errors.
  • Fixed compatibility with environments where Node.js's built-in fetch() has been used before importing jsdom, by working around undici v6/v7 incompatibilities.

v28.0.0

  • Overhauled resource loading customization. See the new README for details on the new API.
  • Added MIME type sniffing to <iframe> and <frame> loads.
  • Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
  • Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
  • Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)

... (truncated)

Commits
  • 2a1e2cd 29.0.2
  • 4097d66 Resolve computed CSS values lazily in CSSStyleDeclaration
  • cf5523f Add more test cases for nested color-mix with currentColor
  • b33b616 Add test that getComputedStyle() works with !important
  • 6bf559c Add test for custom property inheritance in computed styles
  • 6817657 Fix border shorthand handling
  • 470f5c5 Consolidate color helpers
  • 3db53cb Fix background shorthand handlers
  • 678e840 Remove some longhand property files
  • d526a07 Add regression test for getComputedStyle() liveness
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jsdom since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

@taberoajorge
feat(core): extract worktree primitives into ralph-core
634edbb
@taberoajorge
refactor(core): extract story scheduler
587eb40
@taberoajorge
test(core): add worktree regression coverage
360e0c6
@taberoajorge
test(core): cover scheduler merge behavior
43f33b2
@taberoajorge
feat(core): add worktree domain primitives
2c0b152
@taberoajorge
feat(core): add parallel worktree scheduler
0029104
@taberoajorge
feat(core): provision per-story worktrees
d2f22cb
@taberoajorge
feat(core): serialize shared artifact writes
a25c8a0
@taberoajorge
feat(core): run ready stories in parallel
7e3fd76
@taberoajorge
refactor(tauri): serialize loop artifact merges
758d2dd
@taberoajorge
refactor(tauri): extract monitor services behind adapters
da26d6d
@taberoajorge
refactor(tauri): route project commands through app core
10f10ce
@taberoajorge
fix(tauri): centralize plan session cleanup
433689d
@taberoajorge
refactor(tauri): route atomizer orchestration through app core
0a40048
@taberoajorge
test(frontend): add phase one monitor hard-gate checks
ea1df99
@taberoajorge
refactor(tauri): decommission tauri and react shell
e51fcd2
@taberoajorge
feat(tokens): add native shell theming
efd85fc
@taberoajorge
feat(frontend): port dashboard to native shell
eeaedd7
@taberoajorge
feat(frontend): add native project lifecycle actions
f48f40a
@taberoajorge
feat(frontend): add native planning flow
bcd6916
@taberoajorge
feat(frontend): add native atomization flow
28cd779
@taberoajorge
feat(frontend): add native loop monitor
931257b
@taberoajorge
feat(core): restore persisted loop sessions on restart
a153a8d
@taberoajorge
feat(frontend): enhance atomization flow with activity tracking and p…
7c22e0e 
…ipeline state management

- Updated UI components to display activity and pipeline status.
- Introduced new hooks and IPC methods for better integration with the atomization process.
- Refactored related code for improved clarity and maintainability.
@taberoajorge
refactor(tauri): migrate wizard logic, validation and stories CRUD to…
0bfb279 
… backend

- Add wizard_logic.rs: advance_wizard_step, save_wizard_draft, mark_wizard_stale,
  validate_describe_input, validate_project_config, validate_launch_readiness,
  get_default_config, add/update/remove/reorder/get_stories commands
- Add wizard_state.rs: WizardStepState with advance/mark_stale/clear_stale
- Add validation.rs: validate_config, validate_describe, validate_launch_readiness
  with unit tests; ConfigLimits and ConfigDefaultsResponse
- Add stories_crud.rs: full CRUD over prd.json (add, update, remove, reorder, get)
- Add notification_filter.rs: should_emit_verification_failed, build_notification
- Add plan_engine/filters.rs: noise filtering for plan stream output
- Add wizard-logic.ts: IPC bindings for all new Tauri commands
- Remove draft-payload.ts: draft construction moved to save_wizard_draft (Rust)
- Remove plan-stream-filters.ts: filtering moved to plan_engine/filters.rs (Rust)
- Remove wizard store mutations for stories: all writes go through backend
- Replace hardcoded DEFAULT_CONFIG with PLACEHOLDER_CONFIG; config loaded from
  get_default_config on Configure mount
- Wire all new commands in invoke.rs
@taberoajorge
chore(core): enforce zero-warning lint baseline
e038260 
Standardize linting and formatting across frontend and Rust so Biome, TypeScript, rustfmt, and clippy run clean in strict mode through hooks and CI.
@taberoajorge
chore(docs): refresh agent and cursor rule contracts
dbf4e7e 
Align rule coverage with artifact and vertical-slice contracts while splitting guidance into focused files to reduce implementation ambiguity.
@taberoajorge
fix(ci): resolve all rust-tests compilation errors and updater signin…
4856094 
…g failure

Make AppHandle generic over R: Runtime across the test call chain so
MockRuntime tests compile. Add tauri test feature as dev-dependency,
supply missing StartLoopArgs fields, annotate closure parameter types,
and skip updater artifact creation in CI builds.
@taberoajorge
fix(lint): sort import order in tauri.ts
a8b2f70 
Move SystemReadiness to its alphabetically correct position.
@taberoajorge
fix(tests): resolve all 5 pre-existing test failures and improve atom…
d17ea0b 
…izer prompts

Fix activity, contract, invoke, and plan engine test fixtures so the
full suite passes green. Upgrade atomize templates with richer context
and clearer instructions for chunk, merge, stories, and summarize stages.
@taberoajorge
feat(projects): hydrate canonical wizard session artifacts
c3d5952
@taberoajorge
feat(queries): add project and monitor snapshot adapter
a0f88bf
@taberoajorge
refactor(native-shell): wire app to shared backend services
85a5d4d
@taberoajorge
fix(tests): align wizard persistence test with canonical session defa…
f7f64ec 
…ults
@taberoajorge
chore(git): ignore loopforge worktree scratch
0bd017a
@taberoajorge
chore(cargo): share target directory across worktrees
fb6cf28
@taberoajorge
feat(scheduler): add merge and teardown actions for worktree lifecycle
32fc902
@taberoajorge
feat(loop-engine): wire worktree merge and teardown into runtime life…
4a2111b 
…cycle
@taberoajorge
docs: add product README, contributing guide, MIT license and scrub e…
5c49842 
…xa token

Introduce a product focused README with GitHub Flavored Markdown, a short
contributing guide and the MIT license so the project is ready for open
source. Ignore OpenSpec generated agent folders and replace the hardcoded
Exa MCP bearer token with an environment variable reference.
@taberoajorge
chore: ignore local cursor mcp config
f54fbe5 
Keep the Cursor MCP configuration outside version control so API keys live
only in shell environment variables on the developer machine.
@taberoajorge
chore: ignore local cursor agent configs
6adb33c 
Keep the Cursor agent definitions outside version control because they
are workstation specific and may contain absolute paths.
@taberoajorge
feat(native-shell): add shared backend adapter
dbe81aa
@taberoajorge
feat(app-core): add shared wizard service boundary
96fb475
@taberoajorge
refactor(native-shell): reuse backend project services
037ead7
@taberoajorge
refactor(native-shell): reuse backend planning services
eb1031c
@taberoajorge
refactor(native-shell): reuse backend atomization services
bcbd650
@taberoajorge
feat(queries): add project and monitor snapshot adapter
6408cc8
@taberoajorge
chore(queries): tighten adapter line budget
08ecc72
@taberoajorge
refactor(tauri): adopt shared backend invoke contracts
a02f550
@taberoajorge
feat(projects): persist wizard session invalidation rules
056d99a
@taberoajorge
chore(security): add open source baseline security configs
bbc9da9 
Prepare the repository for open source release by adding the community
health files that GitHub looks for and by storing the automation that
will finish the lockdown when the repo becomes public.

Adds:
  * SECURITY.md with a reporting policy and scope.
  * .github/CODEOWNERS so future pull requests route to the maintainer.
  * .github/dependabot.yml with weekly updates for cargo, npm, and
    github-actions grouped by patch and minor bumps.
  * .github/ISSUE_TEMPLATE with a config that forces structured forms
    plus bug and feature request templates.
  * scripts/setup-github-security.sh that applies branch rulesets,
    secret scanning, push protection, CodeQL default setup, private
    vulnerability reporting, and SHA pinning for Actions as soon as the
    repository goes public or is upgraded to GitHub Pro.
@taberoajorge
chore(security): align required status checks with actual CI jobs
46c5b17 
The initial version of the script required status checks that did not
exist in .github/workflows/test.yml. Point the ruleset at the real job
names so the protection becomes effective as soon as the repository
goes public.

Required checks: typecheck, lint, rust-tests.
The build matrix stays out of the required list because the four
platform combinations are not needed to accept a pull request.
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 18, 2026

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@taberoajorge
chore(security): pin GitHub Actions to immutable commit shas
1e9cc7b 
GitHub now enforces sha_pinning_required for this repository, so every
uses reference in the workflows needs to point at a full 40 character
commit hash instead of a moving tag. The comments next to each hash
keep the semver visible for humans and let Dependabot bump the pin
when a new release ships.

Also drops required_signatures from the main ruleset script because
the maintainer signs commits through GitHub and does not run local
GPG or SSH signing. The rule can come back once signing keys are set
up and the signing workflow is documented.
@taberoajorge
Copy link
Copy Markdown
Owner

taberoajorge commented Apr 18, 2026

@dependabot rebase

@dependabot
deps(deps-dev): bump jsdom from 26.1.0 to 29.0.2
3a8ce53 
Bumps [jsdom](https://github.com/jsdom/jsdom) from 26.1.0 to 29.0.2.
- [Release notes](https://github.com/jsdom/jsdom/releases)
- [Commits](jsdom/jsdom@v26.1.0...v29.0.2)

---
updated-dependencies:
- dependency-name: jsdom
  dependency-version: 29.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/jsdom-29.0.2 branch from 0118288 to 93def7a Compare April 18, 2026 16:06
@dependabot dependabot Bot requested a review from taberoajorge as a code owner April 18, 2026 16:06
@taberoajorge taberoajorge force-pushed the dependabot/npm_and_yarn/jsdom-29.0.2 branch from 93def7a to 3a8ce53 Compare April 20, 2026 02:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taberoajorge taberoajorge Awaiting requested review from taberoajorge

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@taberoajorge