build(deps): bump the npm_and_yarn group across 1 directory with 12 updates#498
build(deps): bump the npm_and_yarn group across 1 directory with 12 updates#498dependabot[bot] wants to merge 1 commit into
Conversation
📝 WalkthroughWalkthroughpackage.json の devDependencies で、jsdom と webpack-dev-server のバージョン指定が更新されています。 Changes開発依存関係の更新
Estimated code review effort: 1 (Trivial) | ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@package.json`:
- Line 55: The package update added jsdom@^29.1.1 which requires a newer Node
and incompatible `@types/jsdom`; update project configuration to pin compatible
versions and Node engine: set engines.node to ">=22.13.0" (or ">=24.0.0" if you
prefer upgrading to 24+), update .nvmrc and CI workflow node-version to match
that same minimum, and upgrade `@types/jsdom` to a release that supports jsdom 29
(remove the old `@types/jsdom`@^21.1.7 entry and replace it with the proper types
package/version for jsdom v29), then run a full TypeScript build with
declaration: true to verify no type/declaration breakages and fix any typing
errors exposed by the new types.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: bee7d353-94a9-4f1e-af35-dc241dc90eb0
⛔ Files ignored due to path filters (1)
package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (1)
package.json
| "eslint-plugin-react-hooks": "^7.0.1", | ||
| "globals": "^16.5.0", | ||
| "jsdom": "^20.0.3", | ||
| "jsdom": "^29.1.1", |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== package.json dependency versions =="
python - <<'PY'
import json
with open("package.json", "r", encoding="utf-8") as f:
p=json.load(f)
dev=p.get("devDependencies", {})
print("jsdom:", dev.get("jsdom"))
print("`@types/jsdom`:", dev.get("`@types/jsdom`"))
print("webpack-dev-server:", dev.get("webpack-dev-server"))
print("engines.node:", p.get("engines", {}).get("node"))
PY
echo
echo "== Node version policy declarations in repo =="
fd -HI '(\.nvmrc|\.node-version|\.tool-versions|package\.json|Dockerfile|.*\.ya?ml)$'
echo
echo "== Potential Node-version pins in config/workflows =="
rg -n -C2 'engines"\s*:\s*\{|node-version|setup-node|FROM node:|volta|NODE_VERSION'
echo
echo "== jsdom usage surfaces in tests/source =="
rg -n --type=ts -C2 '\bJSDOM\b|from\s+[\"\x27]jsdom[\"\x27]'
echo
echo "== Typecheck-related scripts (if present) =="
rg -n -C2 '"scripts"\s*:\s*\{|typecheck|tsc'Repository: geolonia/embed
Length of output: 50512
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== package.json engines / scripts / dep versions around jsdom & webpack-dev-server =="
python - <<'PY'
import json
from pathlib import Path
p=json.loads(Path("package.json").read_text(encoding="utf-8"))
print("engines:", p.get("engines"))
print("devDependencies jsdom:", (p.get("devDependencies") or {}).get("jsdom"))
print("devDependencies `@types/jsdom`:", (p.get("devDependencies") or {}).get("`@types/jsdom`"))
print("devDependencies webpack-dev-server:", (p.get("devDependencies") or {}).get("webpack-dev-server"))
print("scripts:", p.get("scripts", {}))
PY
echo
echo "== .nvmrc =="
if [ -f .nvmrc ]; then cat .nvmrc; else echo "missing .nvmrc"; fi
echo
echo "== workflows/setup-node node-version (build.yml) =="
rg -n "setup-node|node-version|NODE_VERSION" .github/workflows -S || true
echo
echo "== vitest config: environment jsdom =="
rg -n --glob='*vitest.config.*' -S "environment.*jsdom" . || true
rg -n --glob='*vitest.config.*' -S "environment" . || true
echo
echo "== jsdom usage in ts files =="
rg -n --type=ts -C2 "from ['\"]jsdom['\"]|\\bJSDOM\\b" . || true
echo
echo "== webpack-dev-server usage =="
rg -n -S "webpack-dev-server|webpack serve|serve --config" package.json docs -S || true
echo
echo "== tsconfig(s) typing / lib DOM / types =="
fd -e tsconfig -e json -S -t f . -a || true
# Prefer exact files
if [ -f tsconfig.json ]; then echo "--- tsconfig.json ---"; cat tsconfig.json; fi
for f in $(fd -a -t f "tsconfig*.json" .); do echo "--- $f ---"; head -n 200 "$f"; done
echo
echo "== Read vitest.config.ts and src/lib/util.test.ts (if exist) =="
if [ -f vitest.config.ts ]; then cat -n vitest.config.ts; fi
if [ -f src/lib/util.test.ts ]; then cat -n src/lib/util.test.ts; fiRepository: geolonia/embed
Length of output: 23418
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== package.json engines / scripts / dep versions around jsdom & webpack-dev-server =="
python - <<'PY'
import json
from pathlib import Path
p=json.loads(Path("package.json").read_text(encoding="utf-8"))
print("engines:", p.get("engines"))
dev=p.get("devDependencies") or {}
print("devDependencies jsdom:", dev.get("jsdom"))
print("devDependencies `@types/jsdom`:", dev.get("`@types/jsdom`"))
print("devDependencies webpack-dev-server:", dev.get("webpack-dev-server"))
print("scripts:", p.get("scripts", {}))
PY
echo
echo "== .nvmrc =="
if [ -f .nvmrc ]; then cat .nvmrc; else echo "missing .nvmrc"; fi
echo
echo "== workflows/setup-node node-version (build.yml) =="
rg -n "setup-node|node-version|NODE_VERSION" .github/workflows -S || true
echo
echo "== vitest config: environment jsdom =="
rg -n --glob='*vitest.config.*' -S "environment.*jsdom" . || true
rg -n --glob='*vitest.config.*' -S "environment" . || true
echo
echo "== jsdom usage in ts files =="
rg -n --type=ts -C2 "from ['\"]jsdom['\"]|\\bJSDOM\\b" . || true
echo
echo "== webpack-dev-server usage =="
rg -n -S "webpack-dev-server|webpack serve|serve --config" package.json docs -S || true
echo
echo "== tsconfig(s) DOM typings =="
for f in $(fd -a -t f "tsconfig*.json" .); do
echo "--- $f (first 220 lines) ---"
head -n 220 "$f"
done
echo
echo "== Read vitest.config.ts and src/lib/util.test.ts (if exist) =="
if [ -f vitest.config.ts ]; then cat -n vitest.config.ts; fi
if [ -f src/lib/util.test.ts ]; then cat -n src/lib/util.test.ts; fiRepository: geolonia/embed
Length of output: 22584
🌐 Web query:
jsdom 29.1.1 engines node requirement
💡 Result:
The jsdom version 29.1.1 requires a Node.js version of ^20.19.0 || ^22.13.0 || >=24.0.0, as specified in its package.json engines field [1][2].
Citations:
🌐 Web query:
webpack-dev-server 5.2.4 engines node requirement
💡 Result:
The webpack-dev-server version 5.2.4 requires Node.js version 18.12.0 or higher [1]. While some earlier versions of the package may have specified different engines, this is the requirement noted for this specific release [1].
Citations:
🌐 Web query:
@types/jsdom 21.1.7 compatibility with jsdom 29 types bundled
💡 Result:
The package @types/jsdom version 21.1.7 is not compatible with jsdom version 29.0.0 and above [1][2][3]. JSDom does not bundle its own TypeScript type definitions; it relies on the DefinitelyTyped community to maintain them via the @types/jsdom package [1][4][5]. Using @types/jsdom 21.1.7 with JSDom 29 will result in significant type inaccuracies and build errors [6][7]. JSDom 29, released in March 2026, introduced major changes to its internal implementations (such as CSSOM and resource loading) [3][7], which require the corresponding updates in the type definitions found in @types/jsdom version 28.x and later [1][2][7]. If you are upgrading to JSDom 29, you must also upgrade your @types/jsdom dependency to the latest 28.x version to ensure your type definitions match the JSDom API [1][6][2].
Citations:
- 1: https://registry.npmjs.org/@types/jsdom
- 2: https://www.npmjs.com/package/@types/jsdom?activeTab=versions
- 3: https://github.com/jsdom/jsdom/releases/tag/v29.0.0
- 4: https://github.com/jsdom/jsdom/blob/v29.0.2/README.md
- 5: https://libraries.io/npm/@types%2Fjsdom
- 6: hifiwi-fi/breadcrum.net@8bea698
- 7: [jsdom] Update type for new resources options in v28 DefinitelyTyped/DefinitelyTyped#74506
jsdom@^29.1.1(55行目)と webpack-dev-server@^5.2.4(66行目)の更新で、Node要件と @types/jsdom を整合させてください。
- Node:
jsdom@29は^22.13.0以上(または>=24等)が必要。現状.nvmrc: v22/ GitHub Actions が22.xなので、22.13未満を踏む可能性がありengines.nodeを追加し、.nvmrcと workflow のnode-versionを22.13+(または>=24)に寄せる対応が必要。 - 型:
@types/jsdom@^21.1.7はjsdom@29と不整合なので、@types/jsdomを jsdom 29 に対応する世代へ更新して、宣言生成/ビルド(declaration: true)で破綻しないことを確認してください。
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@package.json` at line 55, The package update added jsdom@^29.1.1 which
requires a newer Node and incompatible `@types/jsdom`; update project
configuration to pin compatible versions and Node engine: set engines.node to
">=22.13.0" (or ">=24.0.0" if you prefer upgrading to 24+), update .nvmrc and CI
workflow node-version to match that same minimum, and upgrade `@types/jsdom` to a
release that supports jsdom 29 (remove the old `@types/jsdom`@^21.1.7 entry and
replace it with the proper types package/version for jsdom v29), then run a full
TypeScript build with declaration: true to verify no type/declaration breakages
and fix any typing errors exposed by the new types.
…pdates Bumps the npm_and_yarn group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [webpack](https://github.com/webpack/webpack) | `5.102.1` | `5.108.4` | | [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.2` | `5.2.5` | | [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `removed` | | [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.3` | | [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` | | [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` | | [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.3.0` | | [postcss](https://github.com/postcss/postcss) | `8.5.8` | `8.5.16` | | [protocol-buffers-schema](https://github.com/mafintosh/protocol-buffers-schema) | `3.6.0` | `3.6.1` | | [shell-quote](https://github.com/ljharb/shell-quote) | `1.8.3` | `1.9.0` | | [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `8.0.2` | `8.1.3` | Updates `webpack` from 5.102.1 to 5.108.4 - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](webpack/webpack@v5.102.1...v5.108.4) Updates `webpack-dev-server` from 4.15.2 to 5.2.5 - [Release notes](https://github.com/webpack/webpack-dev-server/releases) - [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md) - [Commits](webpack/webpack-dev-server@v4.15.2...v5.2.5) Removes `@tootallnate/once` Updates `fast-uri` from 3.1.0 to 3.1.3 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.1.0...v3.1.3) Updates `flatted` from 3.3.3 to 3.4.2 - [Commits](WebReflection/flatted@v3.3.3...v3.4.2) Updates `follow-redirects` from 1.15.11 to 1.16.0 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.11...v1.16.0) Updates `js-yaml` from 4.1.0 to 4.3.0 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.3.0) Updates `postcss` from 8.5.8 to 8.5.16 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.8...8.5.16) Updates `protocol-buffers-schema` from 3.6.0 to 3.6.1 - [Commits](mafintosh/protocol-buffers-schema@v3.6.0...v3.6.1) Updates `qs` from 6.13.0 to 6.15.3 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.13.0...v6.15.3) Updates `shell-quote` from 1.8.3 to 1.9.0 - [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md) - [Commits](ljharb/shell-quote@v1.8.3...v1.9.0) Updates `vite` from 8.0.2 to 8.1.3 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.1.3/packages/vite) --- updated-dependencies: - dependency-name: "@tootallnate/once" dependency-version: dependency-type: indirect - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: indirect - dependency-name: postcss dependency-version: 8.5.15 dependency-type: indirect - dependency-name: protocol-buffers-schema dependency-version: 3.6.1 dependency-type: indirect - dependency-name: qs dependency-version: 6.15.2 dependency-type: indirect - dependency-name: shell-quote dependency-version: 1.8.4 dependency-type: indirect - dependency-name: vite dependency-version: 8.0.16 dependency-type: indirect - dependency-name: webpack dependency-version: 5.107.2 dependency-type: direct:development - dependency-name: webpack-dev-server dependency-version: 5.2.4 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
52df28c to
d1b9d99
Compare
Bumps the npm_and_yarn group with 11 updates in the / directory:
5.102.15.108.44.15.25.2.52.0.0removed3.1.03.1.33.3.33.4.21.15.111.16.04.1.04.3.08.5.88.5.163.6.03.6.11.8.31.9.08.0.28.1.3Updates
webpackfrom 5.102.1 to 5.108.4Release notes
Sourced from webpack's releases.
... (truncated)
Changelog
Sourced from webpack's changelog.
... (truncated)
Commits
bb9ccfdchore(release): new release (#21319)7639066fix: invalidate provided-exports cache with lazy barrel (#21326)ae28c54perf: reduce CPU and memory overhead of the HTML and CSS pipelines (#21332)e6fb547perf: re-encode the HTML AST as struct-of-arrays behind a path-based visitor ...5ce1c22fix(html): resolve asset URLs against <base href> (#21329)0e43c4atest(html): cover generateError, ignored-source, and null-character parse pat...cebd793refactor: build export-presence guards from a lazy boolean formula (#21320)c2628cffix: don't resolve new URL() directory references as modules (#21312)00d8b2fperf: speed up non-CSS-Modules CSS parsing by skipping unused AST work (#21324)f7a3f6dperf: reduce HTML parser memory and CPU with parser-level skip options (#21323)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for webpack since your current version.
Updates
webpack-dev-serverfrom 4.15.2 to 5.2.5Release notes
Sourced from webpack-dev-server's releases.
... (truncated)
Changelog
Sourced from webpack-dev-server's changelog.
... (truncated)
Commits
c3ee325chore(release): new release (#5682)60173befeat: add changeset validation and release workflow (#5680)948d5e6fix(proxy): match the HMR upgrade path exactly like the ws server (#5678)93e8996fix: skip HMR websocket path when forwarding upgrades to user-defined proxies...fd40130chore(release): 5.2.4ece4f36chore: update deps (#5661)a216144ci: fix test (#5658)df073c5Merge commit from forkb550a70chore(release): 5.2.39704dc5chore: upgrade selfsigned to v5 and remove node-forge dependency (#5618)Maintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for webpack-dev-server since your current version.
Install script changes
This version modifies
preparescript that runs during installation. Review the package contents before updating.Removes
@tootallnate/onceUpdates
fast-urifrom 3.1.0 to 3.1.3Release notes
Sourced from fast-uri's releases.
Commits
0549fe3Bumped v3.1.32a6d357Merge commit from fork919dd8eBumped v3.1.2c65ba57fixup: linting6c86c17Merge commit from forka95158aHandle malformed fragment decoding without throwing (#171)cea547cBumped v3.1.1876ce79Merge commit from forkdcdf690ci: add lock-threads workflow (#169)c860e65build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (#167)Updates
flattedfrom 3.3.3 to 3.4.2Commits
3bf09093.4.2885ddccfix CWE-13210bdba70added flatted-view to the benchmark2a02dce3.4.1fba4e8fMerge pull request #89 from WebReflection/python-fix5fe8648added "when in Rome" also a test for PHP53517adsome minor improvementb3e2a0cFixing recursion issue in Python tooc4b46dbAdd SECURITY.md for security policy and reportingf86d071Create dependabot.yml for version updatesUpdates
follow-redirectsfrom 1.15.11 to 1.16.0Commits
0c23a22Release version 1.16.0 of the npm package.844c4d3Add sensitiveHeaders option.5e8b8d0ci: add Node.js 24.x to the CI matrix7953e22ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v686dc1f8Sanitizing input.Updates
js-yamlfrom 4.1.0 to 4.3.0Changelog
Sourced from js-yaml's changelog.
... (truncated)
Commits
33d05b54.3.0 released663bfabDrop demo publish, to not override new v5 one.1cb8c7bAdd v4-legacy tag for publish02f27afRestore umd builds back to es58be84edFix es5 compatibility59423c6ReplacemaxMergeSeqLengthoption withmaxTotalMergeKeys(more robust). Ba...6842ef6doc polish590dbab4.2.0 releasedf944dc5Add package.json funding fieldf692719Changelog updateUpdates
postcssfrom 8.5.8 to 8.5.16Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
92ccc93Release 8.5.16 version818bdd6Update formatting46e4510FixInput#origin()returning incorrect position (#2036)34942ceFix testsd4feed6Don't clone root-less child nodes in container constructor (#2097)da323fcRevert version update to fix old Node.js on CI8863369Update dependencies3828982Preserve node raws when rehydrating a JSON AST (#2100)d1e80b8Fix Node#rangeBy() ignoring index 0 (#2091)b91e4a6Fix Node.js 26 testsMaintainer changes
This version was pushed to npm by GitHub Actions, a new releaser for postcss since your current version.
Updates
protocol-buffers-schemafrom 3.6.0 to 3.6.1Commits
46c34bd3.6.12351031Fixed parse.js to prevent Prototype Pollution (#70)Updates
qsfrom 6.13.0 to 6.15.3Changelog
Sourced from qs's changelog.
... (truncated)
Commits
18d085ev6.15.3c38af42[Deps] updateside-channeladce539[Dev Deps] updateeslint,mock-property,tape74a0f6a[Robustness]utils: enforcearrayLimitconsistently acrossmerge's arra...f4938f5[Tests]parse: characterize current lenient handling of unbalanced bracket ...5d5f723[Perf]utils: makecompactO(n) via a side-channel visited-set instead of...52afe00[Robustness]parse: throw thearrayLimiterror before splitting oversized...963e538[Fix]parse: enforcethrowOnLimitExceededfor cumulative array growth via...59da434[Fix]utils: respect encoding of surrogate pairs across chunks9532969[Robustness]utils.merge/utils.assign: avoid invoking__proto__sette...Updates
shell-quotefrom 1.8.3 to 1.9.0Changelog
Sourced from shell-quote's changelog.
Commits
db09fc7v1.9.07ff5488[Fix]parse: finalize tokens in linear time (GHSA-395f-4hp3-45gv)b4bafa2[actions] Windows + node 5/7: install deps with a modern node3fb739d[actions] Windows + node 4/6/7: pin eslint to 9 before install, since npm 2/3...abe0163[actions] retrynpm installon Windows to survive npm 2/3 staging-rename flake7a76c1a[Fix]quote: escape leading~to prevent shell tilde-expansion75e8497[actions] update workflowsdca6e21[New] add types9aa9e8f[Dev Deps] updateeslint9ba368a[Dev Deps] apparentlyjackspeakis no longer in the graphUpdates
vitefrom 8.0.2 to 8.1.3Release notes
Sourced from vite's releases.
... (truncated)
Changelog
Sourced from vite's changelog.