Bump happy-dom from 17.4.4 to 20.0.7

[dependabot]

Bumps happy-dom from 17.4.4 to 20.0.7.

Release notes

Sourced from happy-dom's releases.

v20.0.7

👷‍♂️ Patch fixes

• Fix incorrect handling of >= operator in media query parser - By @​lkritsimas in task #1869

v20.0.6

👷‍♂️ Patch fixes

• Changes implementation for DOMTokenList.forEach(), Headers.forEach() and NodeList.forEach() to be spec compliant - By @​ikeyan in task #1858

v20.0.5

👷‍♂️ Patch fixes

• The setter TreeWalker.currentNode should validate if the value is a Node - By @​capricorn86 in task #1935

v20.0.4

👷‍♂️ Patch fixes

• Only adds buttons to FormData if they are the submitter - By @​maxmil and @ karpiuMG in task #1859

v20.0.3

👷‍♂️ Patch fixes

• Moves URL resolution to after checking if module preloading is enabled to prevent URL errors to be thrown when unresolvable - By @​iam-medvedev in task #1851
• Fixes issue where CSS variables aren't parsed correctly when inside CSS functions - By @​fimion in task #1837

v20.0.2

👷‍♂️ Patch fixes

• Adds frozen intrinsics flag to workers in @happy-dom/server-renderer - By @​capricorn86 in task #1934

v20.0.1

👷‍♂️ Patch fixes

• Adds warning for environment with unfrozen intrinsics (builtins) when JavaScript evaluation is enabled- By @​capricorn86 in task #1932
  • A security advisory has been reported showing that the recommended preventive measure of running Node.js with --disallow-code-generation-from-strings wasn't enough to protect against attackers escaping the VM context and accessing process-level functions. Big thanks to @​cristianstaicu for reporting this!
  • The documentation for how to run Happy DOM with JavaScript evaluation enabled in a safer way has been updated. Read more about it in the Wiki

v20.0.0

I avoid making breaking changes as much as possible in Happy DOM. When I have to make a breaking change, I try to keep it as minimal as possible. This could be a breaking change that impacts many projects, and I am truly sorry if you are negatively affected by this.

💣 Breaking Changes

• Due to security risks, JavaScript evaluation is now disabled by default - By @​capricorn86 in task #1930
  • A security advisory (GHSA-37j7-fg3j-429f) has been reported that shows a security vulnerability where it's possible to escape the VM context and get access to process level functionality. Big thanks to @​Mas0nShi for reporting this!
  • Due to this security risk, JavaScript evaluation is now disabled by default to prevent that consumers accidentally executes untrusted code without taking precautions
  • JavaScript evaluation can be enabled by setting enableJavaScriptEvaluation to "true". Read more about how to enable this in a safer way in the Wiki

v19.0.2

👷‍♂️ Patch fixes

• Fixes issue related to CSS pseudo selector :scope that didn't work correctly for direct descendants to root - By @​capricorn86 in task #1620

v19.0.1

👷‍♂️ Patch fixes

• Fixes issue with sending in URLs as string in @happy-dom/server-renderer config using CLI - By @​capricorn86 in task #1908

v19.0.0

... (truncated)

Commits

• 7852969 fix: #1869 Fix incorrect handling of >= operator in media query parser (#...
• aab20c3 fix: #1858 forEach should accept callback's this value and pass `this...
• 0eb4e65 fix: #1935 The setter TreeWalker currentNode should validate if the value i...
• 5da6c37 fix: #1859 Only add buttons to FormData if they are the submitter (#1860)
• 45d6948 chore: #1856 Change IterableIterator return type to ArrayIterator (#1857)
• 9e1bd67 fix: #1851 Moves URL resolution to after checking if module preloading is e...
• 620fb2f fix: #1837 Fixes issue where CSS var() isn't parsed correctly when inside C...
• f4bd4eb fix: #0 Adds frozen intrinsics flag to server-renderer workers (#1934)
• f45d92e fix: #0 Adds warning for environemnt with unfrozen builtins (#1932)
• 819d15b BREAKING CHANGE: #0 Changes JavaScript evaluation to be disabled by default...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)