Skip to content

chore(deps)(deps-dev): bump happy-dom from 20.8.9 to 20.10.6#1278

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/happy-dom-20.10.6
Open

chore(deps)(deps-dev): bump happy-dom from 20.8.9 to 20.10.6#1278
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/happy-dom-20.10.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps happy-dom from 20.8.9 to 20.10.6.

Release notes

Sourced from happy-dom's releases.

v20.10.6

👷‍♂️ Patch fixes

v20.10.5

👷‍♂️ Patch fixes

  • Adds cache to query selector parser - By @​capricorn86 in task #2142
    • The selector parser degraded in performance in v20.6.3 to solve more complex selectors
    • Parsing is still a bit slower, but the cache will hopefully mitigate most of the problem

v20.10.4

👷‍♂️ Patch fixes

  • Coerce null qualifiedName to empty string in createDocument - By @​Firer in task #2206

v20.10.3

👷‍♂️ Patch fixes

  • Fix "~=" attribute selector matching hyphenated substrings in CSS selectors - By @​mixelburg in task #2194

v20.10.2

👷‍♂️ Patch fixes

v20.10.0

🎨 Features

v20.9.0

🎨 Features

  • Adds support for event listener properties on Window (e.g. Window.onkeydown) - By @​capricorn86 in task #2131
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for happy-dom since your current version.


@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, npm, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Comment thread pnpm-lock.yaml Outdated
vitest:
specifier: ^4.0.18
version: 4.0.18(@types/node@22.19.11)(happy-dom@20.8.9(bufferutil@4.1.0)(utf-8-validate@5.0.10))(jiti@2.7.0)(tsx@4.21.0)(yaml@2.9.0)
version: 4.0.18(@types/node@26.0.0)(happy-dom@20.8.9(bufferutil@4.1.0)(utf-8-validate@5.0.10))(jiti@2.7.0)(tsx@4.21.0)(yaml@2.9.0)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Issue: The lockfile now resolves most Vitest/Vite peer sets through @types/node@26.0.0, even though the only manifest change is the packages/node-ui happy-dom bump and the root manifest still declares @types/node as ^22. This creates broad, unrelated dependency churn and makes future lockfile reviews harder; it can also let tooling type-check against a different Node API surface than the repo declares. Please regenerate the lockfile with the existing Node types resolution, or make an explicit manifest change if moving the workspace to Node 26 types is intended.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Issue: Keep the lockfile update scoped to the node-ui dependency bump

What's wrong
A package-local DOM test dependency bump is re-resolving Vitest/Vite peer sets across many unrelated workspaces. That makes the lockfile much harder to audit, couples node-ui maintenance to repo-wide type-tooling drift, and leaves future maintainers guessing whether @types/node@26 is intentional or just install noise.

Example
devnet/conviction-lazy-settle only declares vitest, but its lockfile resolution now points at @types/node@26.0.1 even though that package is unrelated to the packages/node-ui happy-dom bump.

Suggested direction
Regenerate the lockfile with the update constrained to packages/node-ui, or restore unrelated peer-resolution churn. If the repo should move to @types/node@26, declare that intentionally in the appropriate manifest instead of letting it appear as incidental lockfile noise.

Confidence note
This assumes the PR intent is the package-local happy-dom bump shown in packages/node-ui/package.json; no manifest change makes the workspace-wide @types/node resolution drift explicit.

For Agents
Review pnpm-lock.yaml importers and snapshots. Preserve the behavior of updating packages/node-ui to happy-dom@20.10.6, but regenerate or edit the lockfile so unrelated workspace importers keep their prior @types/node@22.19.11 peer resolutions. If Node 26 types are intended, make that an explicit root/package manifest change and likely a separate dependency-maintenance PR.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Issue: Keep the lockfile update scoped to the dependency being bumped

What's wrong
The lockfile change is much broader than the manifest change: a single happy-dom bump in packages/node-ui causes many unrelated workspace importers to resolve Vitest/Vite through @types/node@26.0.1 while the root package still declares @types/node as ^22. That kind of incidental dependency drift makes dependency reviews noisy and obscures the actual ownership boundary of the change.

Example
A reader auditing this dependency bump now has to separate the intended packages/node-ui happy-dom update from a workspace-wide @types/node peer-resolution churn. If the Node type migration is intentional, it deserves its own manifest change; if not, the lockfile should stay focused on the happy-dom update.

Suggested direction
Regenerate the lockfile in a way that only updates the packages/node-ui happy-dom resolution, or make the @types/node 26 migration explicit in package metadata and split it into a separate dependency-hygiene change.

For Agents
Look at pnpm-lock.yaml peer resolutions for Vitest/Vite and the root package.json @types/node declaration. Preserve the packages/node-ui happy-dom bump, but regenerate or constrain the lockfile so unrelated importers do not drift to @types/node@26.0.1 unless that migration is explicitly declared and reviewed separately.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Issue: Lockfile churn upgrades unrelated peer resolutions across the workspace

What's wrong
This PR reads like a one-package test DOM update, but the lockfile now changes dependency-resolution state for many unrelated devnet and package importers. That makes dependency review much harder because future readers cannot tell which peer-resolution changes are intentional, and it leaves the lockfile with extra duplicated vite/vitest/coverage snapshot variants for combinations that are not part of the manifest change. The maintainable structure here is a tight lockfile diff whose blast radius matches the manifest edit.

Example
A devnet importer that did not change now has vitest: 4.0.18(...)(@types/node@26.0.1)(happy-dom@20.8.9...), even though the PR only updates packages/node-ui's happy-dom manifest entry.

Suggested direction
Keep dependency metadata narrowly scoped: rerun the package manager in a way that updates only packages/node-ui's happy-dom resolution, or restore the unrelated @types/node/vite/vitest peer snapshot churn. If the workspace really needs Node type resolution 26, declare that as its own intentional dependency-policy change rather than smuggling it through a patch-level happy-dom bump.

For Agents
Regenerate or edit the lockfile so the diff is scoped to the packages/node-ui happy-dom update and its direct transitive changes. Preserve the intended happy-dom@20.10.6 resolution for node-ui. If @types/node@26.0.1 is intentional, make that a declared dependency/version-policy change in a separate, explicit commit/PR and verify the lockfile no longer contains accidental peer-resolution churn.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Issue: Keep the lockfile scoped to the happy-dom update

What's wrong
The manifest change is a narrow node-ui happy-dom bump, but the lockfile has broad peer-resolution churn to @types/node@26.1.0 across Vite/Vitest entries that are not backed by any changed package manifest. That makes the dependency graph harder to review and maintain because unrelated environment or resolver drift is mixed into a focused package update.

Example
A reviewer trying to audit this happy-dom patch now has to separate the intentional happy-dom upgrade from an unrelated workspace-wide @types/node peer-context rewrite. For example, packages/node-ui/package.json does not declare an @types/node change, but pnpm-lock.yaml records Vite/Vitest under @types/node@26.1.0.

Suggested direction
Regenerate the lockfile from a clean workspace using the existing @types/node constraints, or split the Node typings/peer-context upgrade into its own explicit PR. The cleaner structure is a minimal dependency diff where each changed lockfile entry traces back to the manifest change being reviewed.

For Agents
In pnpm-lock.yaml, preserve the packages/node-ui happy-dom 20.10.6 resolution but regenerate or edit the lockfile so unrelated Vite/Vitest peer contexts stay on the existing explicit Node typings version unless this PR is intentionally upgrading Node typings. If the Node typings upgrade is intentional, add the corresponding manifest change and make that a deliberate dependency update. Verify the resulting diff is scoped to node-ui's happy-dom upgrade plus its direct transitive dependencies.

@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Dependabot can't resolve your JavaScript dependency files. Because of this, Dependabot cannot update this pull request.

2 similar comments
@dependabot @github

dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor Author

Dependabot can't resolve your JavaScript dependency files. Because of this, Dependabot cannot update this pull request.

@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Dependabot can't resolve your JavaScript dependency files. Because of this, Dependabot cannot update this pull request.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/happy-dom-20.10.6 branch from 4d813d7 to 901eee8 Compare June 30, 2026 07:24
"@vitest/coverage-v8": "^4.0.18",
"cross-env": "^10.1.0",
"happy-dom": "20.8.9",
"happy-dom": "20.10.6",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Issue: The happy-dom bump lacks validation evidence

What's wrong
This PR changes the DOM implementation used by Vitest for node-ui, but the diff adds no test and the provided review notes say no tests were run. Because happy-dom is the runtime substrate for UI tests, a minor bump can change observable DOM behavior and also the trustworthiness of existing tests.

Example
A node-ui component test that relies on happy-dom behavior for events, layout-related DOM APIs, or resource loading could start passing or failing differently after this bump; without at least running the node-ui Vitest suite, the PR does not show that the test environment still exercises the app the same way.

Suggested direction
Add evidence from the relevant package test run, or add a focused regression test if this dependency bump is intended to fix a specific DOM behavior.

Confidence note
The provided notes say only the unified diff was reviewed and no tests were run, so this is based on missing validation evidence rather than a locally reproduced failure.

For Agents
Look at packages/node-ui test scripts and CI config. Run the relevant node-ui test suite, preferably with coverage if that is the normal gate, and record the command/result in the PR. If the bump targets a specific happy-dom fix, add or point to a regression test that fails on 20.8.9 and passes on 20.10.6.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/happy-dom-20.10.6 branch 2 times, most recently from 48dd91a to ae2d864 Compare June 30, 2026 21:08
Bumps [happy-dom](https://github.com/capricorn86/happy-dom) from 20.8.9 to 20.10.6.
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v20.8.9...v20.10.6)

---
updated-dependencies:
- dependency-name: happy-dom
  dependency-version: 20.10.6
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/happy-dom-20.10.6 branch from ae2d864 to be8fbec Compare July 1, 2026 14:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant