chore(soc-2): update dependencies and eliminate critical dependencies

[egordidenko]

Description

Checklist

• Tests (if applicable)
• Documentation (if applicable)
• Changelog stub (or use conventional commit messages)

Summary by CodeRabbit

• Chores
  • Updated development tooling dependencies to latest compatible versions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A dependency version in package.json was updated: "@happy-dom/global-registrator" was bumped from ^16.8.1 to ^20.1.0. No other code or configuration changes are present.

Changes

Cohort / File(s)	Summary
Dependency Version Update package.json	Updated "@happy-dom/global-registrator" devDependency from ^16.8.1 to ^20.1.0

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	Description is entirely empty. All required sections (related issue link, brief description, code snippets) are present as template comments but contain no actual content, and checklist items are unchecked.	Fill in the description sections with: related issue link, explanation of why @happy-dom/global-registrator was bumped, and mark applicable checklist items as complete or explain why they are not applicable.
Title check	❓ Inconclusive	Title is related to the changeset but overstates scope. The PR only bumps one dependency version in package.json, not broadly 'update dependencies' or 'eliminate critical dependencies'.	Clarify the title to accurately reflect the actual change, e.g., 'chore(soc-2): bump @happy-dom/global-registrator to ^20.1.0' or provide context on what critical dependencies were eliminated.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6fd74a2 and 006578c.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (1)

package.json (1)

117-117: Update justified by critical security vulnerabilities; verify build succeeds with v20.

The version bump (v16.8.1 → v20.1.0) addresses CVE-2025-61927 and CVE-2024-51757—critical RCE/code execution vulnerabilities in happy-dom. Breaking changes between v16 and v20 are real (v20 disables JavaScript evaluation by default), but the codebase usage is minimal: GlobalRegistrator.register() in build-ssr-stubs.ts and environment: 'happy-dom' in vitest config. Neither pattern requires dynamic code evaluation, so v20's security defaults should not break existing functionality. Confirm that the build script (build:ssr-stubs) executes successfully with v20.1.0.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}