chore: Bump the npm_and_yarn group across 2 directories with 3 updates (#3787)

Bumps the npm_and_yarn group with 3 updates in the / directory:
[happy-dom](https://github.com/capricorn86/happy-dom),
[js-yaml](https://github.com/nodeca/js-yaml) and
[node-forge](https://github.com/digitalbazaar/forge).
Bumps the npm_and_yarn group with 1 update in the
/packages/snaps-sandbox directory:
[happy-dom](https://github.com/capricorn86/happy-dom).

Updates `happy-dom` from 17.4.4 to 20.0.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/capricorn86/happy-dom/releases">happy-dom's
releases</a>.</em></p>
<blockquote>
<h2>v20.0.2</h2>
<h3>:construction_worker_man: Patch fixes</h3>
<ul>
<li>Adds frozen intrinsics flag to workers in
<code>@happy-dom/server-renderer</code> - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1934">#1934</a></li>
</ul>
<h2>v20.0.1</h2>
<h3>:construction_worker_man: Patch fixes</h3>
<ul>
<li>Adds warning for environment with unfrozen intrinsics (builtins)
when JavaScript evaluation is enabled- By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1932">#1932</a>
<ul>
<li>A security advisory has been reported showing that the recommended
preventive measure of running Node.js with
<code>--disallow-code-generation-from-strings</code> wasn't enough to
protect against attackers escaping the VM context and accessing
process-level functions. Big thanks to <a
href="https://github.com/cristianstaicu"><code>@​cristianstaicu</code></a>
for reporting this!</li>
<li>The documentation for how to run Happy DOM with JavaScript
evaluation enabled in a safer way has been updated. Read more about it
in the <a
href="https://github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning">Wiki</a></li>
</ul>
</li>
</ul>
<h2>v20.0.0</h2>
<p>I avoid making breaking changes as much as possible in Happy DOM.
When I have to make a breaking change, I try to keep it as minimal as
possible. This could be a breaking change that impacts many projects,
and I am truly sorry if you are negatively affected by this.</p>
<h3>:bomb: Breaking Changes</h3>
<ul>
<li>Due to security risks, JavaScript evaluation is now disabled by
default - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1930">#1930</a>
<ul>
<li>A security advisory (GHSA-37j7-fg3j-429f) has been reported that
shows a security vulnerability where it's possible to escape the VM
context and get access to process level functionality. Big thanks to <a
href="https://github.com/Mas0nShi"><code>@​Mas0nShi</code></a> for
reporting this!</li>
<li>Due to this security risk, JavaScript evaluation is now disabled by
default to prevent that consumers accidentally executes untrusted code
without taking precautions</li>
<li>JavaScript evaluation can be enabled by setting <a
href="https://github.com/capricorn86/happy-dom/wiki/IOptionalBrowserSettings">enableJavaScriptEvaluation</a>
to &quot;true&quot;. Read more about how to enable this in a safer way
in the <a
href="https://github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning">Wiki</a></li>
</ul>
</li>
</ul>
<h2>v19.0.2</h2>
<h3>:construction_worker_man: Patch fixes</h3>
<ul>
<li>Fixes issue related to CSS pseudo selector <code>:scope</code> that
didn't work correctly for direct descendants to root - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1620">#1620</a></li>
</ul>
<h2>v19.0.1</h2>
<h3>:construction_worker_man: Patch fixes</h3>
<ul>
<li>Fixes issue with sending in URLs as string in
<code>@happy-dom/server-renderer</code> config using CLI - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1908">#1908</a></li>
</ul>
<h2>v19.0.0</h2>
<h3>:bomb: Breaking Changes</h3>
<ul>
<li>Removes support for CommonJS - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a>
<ul>
<li>Support for CommonJS is no longer needed as Node.js v18 is
deprecated and v20 and above supports loading ES modules from CommonJS
using <code>require()</code></li>
</ul>
</li>
<li>Updates Jest to v30 in the <code>@happy-dom/jest-environment</code>
package - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Makes Jest packages peer dependencies to make it easier to align
versions with the project using <code>@happy-dom/jest-environment</code>
- By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
</ul>
<h3>:art: Features</h3>
<ul>
<li>Adds a new package called <code>@happy-dom/server-renderer</code> -
By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a>
<ul>
<li>This package provides a simple way to statically render (SSG) or
server-side render (SSR) your client-side application</li>
<li>Read more in the Wiki under <a
href="https://github.com/capricorn86/happy-dom/wiki/Server-Renderer">Server-Renderer</a></li>
</ul>
</li>
<li>Adds support for <code>import.meta</code> to the ESM compiler - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for the CSS pseudo selector <code>:scope</code> - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1620">#1620</a></li>
<li>Improves support for <code>MediaList</code> - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for <code>CSSKeywordValue</code>,
<code>CSSStyleValue</code>, <code>StylePropertyMap</code>,
<code>StylePropertyMap</code>, <code>StylePropertyMapReadOnly</code> -
By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Improves debug information in the ESM compiler - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds validation of browser settings when creating a new
<code>Browser</code> instance - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for the browser setting <a
href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings">navigation.beforeContentCallback</a>
which makes it possible to inject event listeners or logic before
content is loaded to the document when navigating a browser frame - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for the browser setting <a
href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings">fetch.requestHeaders</a>
which provides with a declarative and simple way to add request headers
- By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for setting an object to <a
href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings">timer.preventTimerLoops</a>
which makes it possible to define different settings for
<code>setTimeout()</code> and <code>requestAnimationFrame()</code> - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for the browser setting <a
href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings">viewport</a>
which makes it possible to define a default viewport size - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/f4bd4ebe3fe5abd2be2bcea1c07043c8b0b70eea"><code>f4bd4eb</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/0">#0</a>
Adds frozen intrinsics flag to server-renderer workers (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1934">#1934</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/f45d92e176acf0232aade63ee4ddac8747252a79"><code>f45d92e</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/0">#0</a>
Adds warning for environemnt with unfrozen builtins (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1932">#1932</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/819d15ba289495439eda8be360d92a614ce22405"><code>819d15b</code></a>
BREAKING CHANGE: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/0">#0</a>
Changes JavaScript evaluation to be disabled by default...</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/c80a08f30ad97b04fbb251ab11b87cb9d5706207"><code>c80a08f</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1620">#1620</a>
Fixes issue related to CSS pseudo selector :scope (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1911">#1911</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/220df23dea106ad29c60393e6ebcffe5d2ce3af7"><code>220df23</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1908">#1908</a>
Fixes issue with sending in URLs as string in server-renderer co...</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/9849f8bb186b0bc1eff766186f86f8735bdab09b"><code>9849f8b</code></a>
chore: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1906">#1906</a>
Fixes failing unit test caused by package version (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1907">#1907</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/48d174ec33bf07beabb31483a6925e3961fd65d2"><code>48d174e</code></a>
chore: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1904">#1904</a>
Updates conventional commit package (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1905">#1905</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/275efe5f9a0ae0e0d840e94fd5ca4de126ba8ce4"><code>275efe5</code></a>
BREAKING CHANGE: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1620">#1620</a>
Release v18.0.0</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/cf74f5f63ca562e075c9c14b77ecfbb8fbc43dea"><code>cf74f5f</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1841">#1841</a>
Addresses an issue where an error occurred if the Element ID was...</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/bfd0fffc12f23c6f31174953f65c4f57925e7212"><code>bfd0fff</code></a>
chore: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1154">#1154</a>
Fixes failing unit test (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1843">#1843</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/capricorn86/happy-dom/compare/v17.4.4...v20.0.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `js-yaml` from 3.14.1 to 3.14.2
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's
changelog</a>.</em></p>
<blockquote>
<h2>[3.14.2] - 2025-11-15</h2>
<h3>Security</h3>
<ul>
<li>Backported v4.1.1 fix to v3</li>
</ul>
<h2>[4.1.1] - 2025-11-12</h2>
<h3>Security</h3>
<ul>
<li>Fix prototype pollution issue in yaml merge (&lt;&lt;)
operator.</li>
</ul>
<h2>[4.1.0] - 2021-04-15</h2>
<h3>Added</h3>
<ul>
<li>Types are now exported as <code>yaml.types.XXX</code>.</li>
<li>Every type now has <code>options</code> property with original
arguments kept as they were
(see <code>yaml.types.int.options</code> as an example).</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>Schema.extend()</code> now keeps old type order in case of
conflicts
(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as
<code>abcd</code> instead of <code>cbad</code>).</li>
</ul>
<h2>[4.0.0] - 2021-01-03</h2>
<h3>Changed</h3>
<ul>
<li>Check <a
href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration
guide</a> to see details for all breaking changes.</li>
<li>Breaking: &quot;unsafe&quot; tags <code>!!js/function</code>,
<code>!!js/regexp</code>, <code>!!js/undefined</code> are
moved to <a
href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a>
package.</li>
<li>Breaking: removed <code>safe*</code> functions. Use
<code>load</code>, <code>loadAll</code>, <code>dump</code>
instead which are all now safe by default.</li>
<li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and
<code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use
<code>yaml.DEFAULT_SCHEMA</code> instead.</li>
<li><code>yaml.Schema.create(schema, tags)</code> is removed, use
<code>schema.extend(tags)</code> instead.</li>
<li><code>!!binary</code> now always mapped to <code>Uint8Array</code>
on load.</li>
<li>Reduced nesting of <code>/lib</code> folder.</li>
<li>Parse numbers according to YAML 1.2 instead of YAML 1.1
(<code>01234</code> is now decimal,
<code>0o1234</code> is octal, <code>1:23</code> is parsed as string
instead of base60).</li>
<li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>,
<code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>,
<a
href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li>
<li>Line and column in exceptions are now formatted as
<code>(X:Y)</code> instead of
<code>at line X, column Y</code> (also present in compact format), <a
href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li>
<li>Code snippet created in exceptions now contains multiple lines with
line numbers.</li>
<li><code>dump()</code> now serializes <code>undefined</code> as
<code>null</code> in collections and removes keys with
<code>undefined</code> in mappings, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li>
<li><code>dump()</code> with <code>skipInvalid=true</code> now
serializes invalid items in collections as null.</li>
<li>Custom tags starting with <code>!</code> are now dumped as
<code>!tag</code> instead of <code>!&lt;!tag&gt;</code>, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li>
<li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now
shorthanded using <code>!!</code>, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Added <code>.mjs</code> (es modules) support.</li>
<li>Added <code>quotingType</code> and <code>forceQuotes</code> options
for dumper to configure
string literal style, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>,
<a
href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li>
<li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper
(serializes <code>{ foo: null }</code> as &quot;<code>foo:
</code>&quot;), <a
href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0"><code>9963d36</code></a>
3.14.2 released</li>
<li><a
href="https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1"><code>10d3c8e</code></a>
dist rebuild</li>
<li><a
href="https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266"><code>5278870</code></a>
fix prototype pollution in merge (&lt;&lt;) (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/731">#731</a>)</li>
<li>See full diff in <a
href="https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `node-forge` from 1.3.1 to 1.3.3
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md">node-forge's
changelog</a>.</em></p>
<blockquote>
<h2>1.3.3 - 2025-12-02</h2>
<h3>Fixed</h3>
<ul>
<li>[pkcs12] Make digestAlgorithm parameters optional to fix PKCS#12/PFX
issues
introduced in 1.3.2.</li>
</ul>
<h2>1.3.2 - 2025-11-25</h2>
<h3>Security</h3>
<ul>
<li><strong>HIGH</strong>: ASN.1 Validator Desynchronization
<ul>
<li>An Interpretation Conflict (CWE-436) vulnerability in node-forge
versions
1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1
structures to desynchronize schema validations, yielding a semantic
divergence that may bypass downstream cryptographic verifications and
security decisions.</li>
<li>Reported by Hunter Wodzenski.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2025-12816">CVE-2025-12816</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq">GHSA-5gfm-wpxj-wjgq</a></li>
</ul>
</li>
<li><strong>HIGH</strong>: ASN.1 Unbounded Recursion
<ul>
<li>An Uncontrolled Recursion (CWE-674) vulnerability in node-forge
versions
1.3.1 and below enables remote, unauthenticated attackers to craft deep
ASN.1 structures that trigger unbounded recursive parsing. This leads to
a
Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER
inputs.</li>
<li>Reported by Hunter Wodzenski.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66031">CVE-2025-66031</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27">GHSA-554w-wpv2-vw27</a></li>
</ul>
</li>
<li><strong>MODERATE</strong>: ASN.1 OID Integer Truncation
<ul>
<li>An Integer Overflow (CWE-190) vulnerability in node-forge versions
1.3.1
and below enables remote, unauthenticated attackers to craft ASN.1
structures containing OIDs with oversized arcs. These arcs may be
decoded
as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the
bypass of downstream OID-based security decisions.</li>
<li>Reported by Hunter Wodzenski.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66030">CVE-2025-66030</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g">GHSA-65ch-62r8-g69g</a></li>
</ul>
</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>[asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12
MAC
verification bypass due to missing macData enforcement and improper
asn1.validate routine.</li>
<li>[asn1] Add <code>fromDer()</code> max recursion depth check.
<ul>
<li>Add a <code>asn1.maxDepth</code> global configurable maximum depth
of 256.</li>
<li>Add a <code>asn1.fromDer()</code> per-call <code>maxDepth</code>
option.</li>
<li><strong>NOTE</strong>: The default maximum is assumed to be higher
than needed for valid
data. If this assumption is false then this could be a breaking change.
Please file an issue if there are use cases that need a higher
maximum.</li>
<li><strong>NOTE</strong>: The per-call <code>maxDepth</code> parameter
has not been exposed up through
all of the API stack due to the complexities involved. Please file an
issue
if there are use cases that require this instead of changing the
default</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/digitalbazaar/forge/commit/1cea0aff4901589ae86e314f25782bbe312f9f69"><code>1cea0af</code></a>
Release 1.3.3.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/5265989cf5e54cfe1e27a10d71523007ce0507b1"><code>5265989</code></a>
Update changelog.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/e4f3961406395dd8e985dcf841852ceca73ac3a9"><code>e4f3961</code></a>
Fix changelog for release.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/503979b0295cf633a30199d6bd937f4a222481a0"><code>503979b</code></a>
Update changelog.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/c3b3b32a8c157ac57752934d3af63b5f798b58b8"><code>c3b3b32</code></a>
Make digestAlgorithm parameters optional</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/6f70043a6db1abb9f3304f3d432efed3ba50fcca"><code>6f70043</code></a>
Update CVE details.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/f547b0d292745094190ecb250429d21e8804a375"><code>f547b0d</code></a>
Start 1.3.3-0.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/235ad3e70e4fdfdca4fdeb662dfba6588e2c38bd"><code>235ad3e</code></a>
Release 1.3.2.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/25982441171dc9815c87d3d886c5c8a1d092b334"><code>2598244</code></a>
Update changelog.</li>
<li><a
href="https://github.com/digitalbazaar/forge/commit/0032dd0be8b6fb1b1092ef754d1dde91c10a95ad"><code>0032dd0</code></a>
Fix typos.</li>
<li>Additional commits viewable in <a
href="https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `happy-dom` from 17.6.3 to 20.0.11
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/capricorn86/happy-dom/releases">happy-dom's
releases</a>.</em></p>
<blockquote>
<h2>v20.0.2</h2>
<h3>:construction_worker_man: Patch fixes</h3>
<ul>
<li>Adds frozen intrinsics flag to workers in
<code>@happy-dom/server-renderer</code> - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1934">#1934</a></li>
</ul>
<h2>v20.0.1</h2>
<h3>:construction_worker_man: Patch fixes</h3>
<ul>
<li>Adds warning for environment with unfrozen intrinsics (builtins)
when JavaScript evaluation is enabled- By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1932">#1932</a>
<ul>
<li>A security advisory has been reported showing that the recommended
preventive measure of running Node.js with
<code>--disallow-code-generation-from-strings</code> wasn't enough to
protect against attackers escaping the VM context and accessing
process-level functions. Big thanks to <a
href="https://github.com/cristianstaicu"><code>@​cristianstaicu</code></a>
for reporting this!</li>
<li>The documentation for how to run Happy DOM with JavaScript
evaluation enabled in a safer way has been updated. Read more about it
in the <a
href="https://github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning">Wiki</a></li>
</ul>
</li>
</ul>
<h2>v20.0.0</h2>
<p>I avoid making breaking changes as much as possible in Happy DOM.
When I have to make a breaking change, I try to keep it as minimal as
possible. This could be a breaking change that impacts many projects,
and I am truly sorry if you are negatively affected by this.</p>
<h3>:bomb: Breaking Changes</h3>
<ul>
<li>Due to security risks, JavaScript evaluation is now disabled by
default - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1930">#1930</a>
<ul>
<li>A security advisory (GHSA-37j7-fg3j-429f) has been reported that
shows a security vulnerability where it's possible to escape the VM
context and get access to process level functionality. Big thanks to <a
href="https://github.com/Mas0nShi"><code>@​Mas0nShi</code></a> for
reporting this!</li>
<li>Due to this security risk, JavaScript evaluation is now disabled by
default to prevent that consumers accidentally executes untrusted code
without taking precautions</li>
<li>JavaScript evaluation can be enabled by setting <a
href="https://github.com/capricorn86/happy-dom/wiki/IOptionalBrowserSettings">enableJavaScriptEvaluation</a>
to &quot;true&quot;. Read more about how to enable this in a safer way
in the <a
href="https://github.com/capricorn86/happy-dom/wiki/JavaScript-Evaluation-Warning">Wiki</a></li>
</ul>
</li>
</ul>
<h2>v19.0.2</h2>
<h3>:construction_worker_man: Patch fixes</h3>
<ul>
<li>Fixes issue related to CSS pseudo selector <code>:scope</code> that
didn't work correctly for direct descendants to root - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1620">#1620</a></li>
</ul>
<h2>v19.0.1</h2>
<h3>:construction_worker_man: Patch fixes</h3>
<ul>
<li>Fixes issue with sending in URLs as string in
<code>@happy-dom/server-renderer</code> config using CLI - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1908">#1908</a></li>
</ul>
<h2>v19.0.0</h2>
<h3>:bomb: Breaking Changes</h3>
<ul>
<li>Removes support for CommonJS - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a>
<ul>
<li>Support for CommonJS is no longer needed as Node.js v18 is
deprecated and v20 and above supports loading ES modules from CommonJS
using <code>require()</code></li>
</ul>
</li>
<li>Updates Jest to v30 in the <code>@happy-dom/jest-environment</code>
package - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Makes Jest packages peer dependencies to make it easier to align
versions with the project using <code>@happy-dom/jest-environment</code>
- By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
</ul>
<h3>:art: Features</h3>
<ul>
<li>Adds a new package called <code>@happy-dom/server-renderer</code> -
By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a>
<ul>
<li>This package provides a simple way to statically render (SSG) or
server-side render (SSR) your client-side application</li>
<li>Read more in the Wiki under <a
href="https://github.com/capricorn86/happy-dom/wiki/Server-Renderer">Server-Renderer</a></li>
</ul>
</li>
<li>Adds support for <code>import.meta</code> to the ESM compiler - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for the CSS pseudo selector <code>:scope</code> - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1620">#1620</a></li>
<li>Improves support for <code>MediaList</code> - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for <code>CSSKeywordValue</code>,
<code>CSSStyleValue</code>, <code>StylePropertyMap</code>,
<code>StylePropertyMap</code>, <code>StylePropertyMapReadOnly</code> -
By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Improves debug information in the ESM compiler - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds validation of browser settings when creating a new
<code>Browser</code> instance - By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for the browser setting <a
href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings">navigation.beforeContentCallback</a>
which makes it possible to inject event listeners or logic before
content is loaded to the document when navigating a browser frame - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for the browser setting <a
href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings">fetch.requestHeaders</a>
which provides with a declarative and simple way to add request headers
- By <strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for setting an object to <a
href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings">timer.preventTimerLoops</a>
which makes it possible to define different settings for
<code>setTimeout()</code> and <code>requestAnimationFrame()</code> - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
<li>Adds support for the browser setting <a
href="https://github.com/capricorn86/happy-dom/wiki/IBrowserSettings">viewport</a>
which makes it possible to define a default viewport size - By
<strong><a
href="https://github.com/capricorn86"><code>@​capricorn86</code></a></strong>
in task <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1730">#1730</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/f4bd4ebe3fe5abd2be2bcea1c07043c8b0b70eea"><code>f4bd4eb</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/0">#0</a>
Adds frozen intrinsics flag to server-renderer workers (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1934">#1934</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/f45d92e176acf0232aade63ee4ddac8747252a79"><code>f45d92e</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/0">#0</a>
Adds warning for environemnt with unfrozen builtins (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1932">#1932</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/819d15ba289495439eda8be360d92a614ce22405"><code>819d15b</code></a>
BREAKING CHANGE: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/0">#0</a>
Changes JavaScript evaluation to be disabled by default...</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/c80a08f30ad97b04fbb251ab11b87cb9d5706207"><code>c80a08f</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1620">#1620</a>
Fixes issue related to CSS pseudo selector :scope (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1911">#1911</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/220df23dea106ad29c60393e6ebcffe5d2ce3af7"><code>220df23</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1908">#1908</a>
Fixes issue with sending in URLs as string in server-renderer co...</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/9849f8bb186b0bc1eff766186f86f8735bdab09b"><code>9849f8b</code></a>
chore: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1906">#1906</a>
Fixes failing unit test caused by package version (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1907">#1907</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/48d174ec33bf07beabb31483a6925e3961fd65d2"><code>48d174e</code></a>
chore: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1904">#1904</a>
Updates conventional commit package (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1905">#1905</a>)</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/275efe5f9a0ae0e0d840e94fd5ca4de126ba8ce4"><code>275efe5</code></a>
BREAKING CHANGE: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1620">#1620</a>
Release v18.0.0</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/cf74f5f63ca562e075c9c14b77ecfbb8fbc43dea"><code>cf74f5f</code></a>
fix: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1841">#1841</a>
Addresses an issue where an error occurred if the Element ID was...</li>
<li><a
href="https://github.com/capricorn86/happy-dom/commit/bfd0fffc12f23c6f31174953f65c4f57925e7212"><code>bfd0fff</code></a>
chore: <a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1154">#1154</a>
Fixes failing unit test (<a
href="https://redirect.github.com/capricorn86/happy-dom/issues/1843">#1843</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/capricorn86/happy-dom/compare/v17.4.4...v20.0.2">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/MetaMask/snaps/network/alerts).

</details>

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Upgrades happy-dom in snaps-sandbox and updates yarn.lock, also
bumping js-yaml and node-forge with new transitive dependencies.
> 
> - **Dependencies**:
> - Bump `happy-dom` to `^20.0.11` in
`packages/snaps-sandbox/package.json`.
> - **Lockfile updates**:
> - Resolve `[email protected]` with new transitive deps
(`@types/node@20`, `@types/whatwg-mimetype`, `undici-types`).
>   - Apply security/patch bumps: `[email protected]`, `[email protected]`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
41e9faf. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Frederik Bolding <[email protected]>

Author: dependabot[bot]

packages/snaps-sandbox/package.json

@@ -58,7 +58,7 @@
     "depcheck": "^1.4.7",
     "eslint": "^9.11.0",
     "fast-deep-equal": "^3.1.3",
-    "happy-dom": "^17.4.4",
+    "happy-dom": "^20.0.11",
     "jotai": "^2.12.2",
     "monaco-editor": "patch:monaco-editor@npm%3A0.52.2#~/.yarn/patches/monaco-editor-npm-0.52.2-584d16bfa6.patch",
     "nanoid": "^3.3.10",

yarn.lock

@@ -4505,7 +4505,7 @@ __metadata:
     depcheck: "npm:^1.4.7"
     eslint: "npm:^9.11.0"
     fast-deep-equal: "npm:^3.1.3"
-    happy-dom: "npm:^17.4.4"
+    happy-dom: "npm:^20.0.11"
     jotai: "npm:^2.12.2"
     monaco-editor: "patch:monaco-editor@npm%3A0.52.2#~/.yarn/patches/monaco-editor-npm-0.52.2-584d16bfa6.patch"
     nanoid: "npm:^3.3.10"
@@ -6297,6 +6297,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/node@npm:^20.0.0":
+  version: 20.19.27
+  resolution: "@types/node@npm:20.19.27"
+  dependencies:
+    undici-types: "npm:~6.21.0"
+  checksum: 10/a36bdbbf3c3e25bd75454f295b01c72729128a7ab38e99b75dba5fad2ff44fb96179462197345381a086c85de462c10d994fe32868c9a07d42b852566a2e63a7
+  languageName: node
+  linkType: hard
+
 "@types/parse-json@npm:^4.0.0":
   version: 4.0.0
   resolution: "@types/parse-json@npm:4.0.0"
@@ -6508,6 +6517,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/whatwg-mimetype@npm:^3.0.2":
+  version: 3.0.2
+  resolution: "@types/whatwg-mimetype@npm:3.0.2"
+  checksum: 10/609607beeaa8b50b9e00541d8f571880d651b26b6b006103370099aba00784037de54433627c9fe775a5558e3d1fc09c2a48f54c8af91988e9bebeaf6a698eeb
+  languageName: node
+  linkType: hard
+
 "@types/ws@npm:^8.5.10":
   version: 8.18.1
   resolution: "@types/ws@npm:8.18.1"
@@ -11865,13 +11881,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"happy-dom@npm:^17.4.4":
-  version: 17.4.4
-  resolution: "happy-dom@npm:17.4.4"
+"happy-dom@npm:^20.0.11":
+  version: 20.0.11
+  resolution: "happy-dom@npm:20.0.11"
   dependencies:
-    webidl-conversions: "npm:^7.0.0"
+    "@types/node": "npm:^20.0.0"
+    "@types/whatwg-mimetype": "npm:^3.0.2"
     whatwg-mimetype: "npm:^3.0.0"
-  checksum: 10/14a059d054687851767dcde8f0956d1e230ddf1ce05ca2facd349d2b50286317ab89797af57c38b3565b28f365ea93248a0acfc068e55aa46dcd876abdd2c478
+  checksum: 10/0f2cd2a2c394a79ce3ff15b5c00edd4071a5c5ece14f3ee810b954a1c3ee826a3920be37a349c7dc1b5bd3cd49b550f5e6291aa7e109ee4a27c3f6476f4b5d91
   languageName: node
   linkType: hard
 
@@ -13458,14 +13475,14 @@ __metadata:
   linkType: hard
 
 "js-yaml@npm:^3.13.1, js-yaml@npm:^3.14.1":
-  version: 3.14.1
-  resolution: "js-yaml@npm:3.14.1"
+  version: 3.14.2
+  resolution: "js-yaml@npm:3.14.2"
   dependencies:
     argparse: "npm:^1.0.7"
     esprima: "npm:^4.0.0"
   bin:
     js-yaml: bin/js-yaml.js
-  checksum: 10/9e22d80b4d0105b9899135365f746d47466ed53ef4223c529b3c0f7a39907743fdbd3c4379f94f1106f02755b5e90b2faaf84801a891135544e1ea475d1a1379
+  checksum: 10/172e0b6007b0bf0fc8d2469c94424f7dd765c64a047d2b790831fecef2204a4054eabf4d911eb73ab8c9a3256ab8ba1ee8d655b789bf24bf059c772acc2075a1
   languageName: node
   linkType: hard
 
@@ -14660,9 +14677,9 @@ __metadata:
   linkType: hard
 
 "node-forge@npm:^1":
-  version: 1.3.1
-  resolution: "node-forge@npm:1.3.1"
-  checksum: 10/05bab6868633bf9ad4c3b1dd50ec501c22ffd69f556cdf169a00998ca1d03e8107a6032ba013852f202035372021b845603aeccd7dfcb58cdb7430013b3daa8d
+  version: 1.3.3
+  resolution: "node-forge@npm:1.3.3"
+  checksum: 10/f41c31b9296771a4b8c955d58417471712f54f324603a35f8e6cbac19d5e6eaaf5fd5fd14584dfedecbf46a05438ded6eee60a5f2f0822fc5061aaa073cfc75d
   languageName: node
   linkType: hard
 
@@ -18304,6 +18321,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"undici-types@npm:~6.21.0":
+  version: 6.21.0
+  resolution: "undici-types@npm:6.21.0"
+  checksum: 10/ec8f41aa4359d50f9b59fa61fe3efce3477cc681908c8f84354d8567bb3701fafdddf36ef6bff307024d3feb42c837cf6f670314ba37fc8145e219560e473d14
+  languageName: node
+  linkType: hard
+
 "unicode-canonical-property-names-ecmascript@npm:^2.0.0":
   version: 2.0.0
   resolution: "unicode-canonical-property-names-ecmascript@npm:2.0.0"
@@ -18743,13 +18767,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"webidl-conversions@npm:^7.0.0":
-  version: 7.0.0
-  resolution: "webidl-conversions@npm:7.0.0"
-  checksum: 10/4c4f65472c010eddbe648c11b977d048dd96956a625f7f8b9d64e1b30c3c1f23ea1acfd654648426ce5c743c2108a5a757c0592f02902cf7367adb7d14e67721
-  languageName: node
-  linkType: hard
-
 "webpack-bundle-analyzer@npm:^4.10.2":
   version: 4.10.2
   resolution: "webpack-bundle-analyzer@npm:4.10.2"