chore(deps): bump jsdom from 24.1.3 to 29.1.1

[dependabot]

Bumps jsdom from 24.1.3 to 29.1.1.

Release notes

Sourced from jsdom's releases.

v29.1.1

• Fixed 'border-radius' computed style serialization. (@​asamuzaK)
• Fixed computed style computation when using 'background-origin' and 'background-clip' CSS properties. (@​asamuzaK)
• Significantly optimized initial calls to getComputedStyle(), before the cache warms up. (@​asamuzaK)

v29.1.0

• Added basic support for the ratio CSS type. (@​asamuzaK)
• Fixed getComputedStyle() sometimes returning outdated results after CSS was modified. (@​asamuzaK)

v29.0.2

• Significantly improved and sped up getComputedStyle(). Computed value rules are now applied across a broader set of properties, and include fixes related to inheritance, defaulting keywords, custom properties, and color-related values such as currentcolor and system colors. (@​asamuzaK)
• Fixed CSS 'background' and 'border' shorthand parsing. (@​asamuzaK)

v29.0.1

• Fixed CSS parsing of 'border', 'background', and their sub-shorthands containing keywords or var(). (@​asamuzaK)
• Fixed getComputedStyle() to return a more functional CSSStyleDeclaration object, including indexed access support, which regressed in v29.0.0.

v29.0.0

Breaking changes:

• Node.js v22.13.0+ is now the minimum supported v22 version (was v22.12.0+).

Other changes:

• Overhauled the CSSOM implementation, replacing the @acemir/cssom and cssstyle dependencies with fresh internal implementations built on webidl2js wrappers and the css-tree parser. Serialization, parsing, and API behavior is improved in various ways, especially around edge cases.
• Added CSSCounterStyleRule and CSSNamespaceRule to jsdom Windows.
• Added cssMediaRule.matches and cssSupportsRule.matches getters.
• Added proper media query parsing in MediaList, using css-tree instead of naive comma-splitting. Invalid queries become "not all" per spec.
• Added cssKeyframeRule.keyText getter/setter validation.
• Added cssStyleRule.selectorText setter validation: invalid selectors are now rejected.
• Added styleSheet.ownerNode, styleSheet.href, and styleSheet.title.
• Added bad port blocking per the fetch specification, preventing fetches to commonly-abused ports.
• Improved Document initialization performance by lazily initializing the CSS selector engine, avoiding ~0.5 ms of overhead per Document. (@​thypon)
• Fixed a memory leak when stylesheets were removed from the document.
• Fixed CSSStyleDeclaration modifications to properly trigger custom element reactions.
• Fixed nested @media rule parsing.
• Fixed CSSStyleSheet's "disallow modification" flag not being checked in all mutation methods.
• Fixed XMLHttpRequest's response getter returning parsed JSON during the LOADING state instead of null.
• Fixed getComputedStyle() crashing in XHTML documents when stylesheets contained at-rules such as @page or @font-face.
• Fixed a potential hang in synchronous XMLHttpRequest caused by a race condition with the worker thread's idle timeout.

v28.1.0

• Added blob.text(), blob.arrayBuffer(), and blob.bytes() methods.
• Improved getComputedStyle() to account for CSS specificity when multiple rules apply. (@​asamuzaK)
• Improved synchronous XMLHttpRequest performance by using a persistent worker thread, avoiding ~400ms of setup overhead on every synchronous request after the first one.
• Improved performance of node.getRootNode(), node.isConnected, and event.dispatchEvent() by caching the root node of document-connected trees.
• Fixed getComputedStyle() to correctly handle !important priority. (@​asamuzaK)
• Fixed document.getElementById() to return the first element in tree order when multiple elements share the same ID.
• Fixed <svg> elements to no longer incorrectly proxy event handlers to the Window.
• Fixed FileReader event timing and fileReader.result state to more closely follow the spec.

... (truncated)

Commits

• 9b9ea7e 29.1.1
• 07efb78 Optimize computed style comparison
• 5f66329 Fix background-origin/background-clip in background shorthand
• ad8af77 Fix border shorthand handling
• 5a3e88e 29.1.0
• 73db204 Update dependencies and dev dependencies
• a7168a5 Support ratio CSS unit type
• 15346e0 Fix style cache invalidation
• 2a1e2cd 29.0.2
• 4097d66 Resolve computed CSS values lazily in CSSStyleDeclaration
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for jsdom since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

Dependency Changes Detected

This PR modifies dependency files. Please review whether these changes are intentional.

Changed files:

• package.json

Maintainer checklist:

• Confirm dependency changes are intentional
• Review package delta if lockfile changed

[lml2468]

[APPROVE — self-review, posting as COMMENT] Acceptable major bump for a dev-only dependency.

jsdom 24.1.3 → 29.1.1 (five major versions):
✅ jsdom is a devDependency used only in tests (vitest jsdom environment). Production bundle is not affected.
✅ CSS parser deps updated (@csstools/* 3→4, new @asamuzakjp/* packages) — these are jsdom internals, not user-facing.
✅ New DOM selector engine (@asamuzakjp/dom-selector) replacing older nwsapi — improved spec compliance.

🟡 Minor concern: jsdom 24→29 includes breaking changes (stricter HTML parsing, removed deprecated APIs). Existing tests that rely on lenient jsdom behavior may break. Recommend running the test suite locally before merging and checking CI results carefully.

🔵 lru-cache removed as transitive dep (replaced by @asamuzakjp/generational-cache) — expected cleanup.

Ready to merge once CI confirms tests pass.

[Jerry-Xin]

Summary: The dependency update is project-relevant, but it breaks the repository’s existing Node 18 CI test lane.

🔴 Blocking

🔴 Critical — jsdom@29.1.1 no longer supports Node 18, but CI still runs tests on Node 18.
package.json:33 upgrades jsdom to ^29.1.1, and package-lock.json:2905-2906 records its engine as ^20.19.0 || ^22.13.0 || >=24.0.0. The repository CI matrix still includes Node 18 at .github/workflows/ci.yml:77, then runs npm test at .github/workflows/ci.yml:86. I reproduced the failure with the PR branch installed by running npx -p node@18 node ./node_modules/vitest/vitest.mjs run; Vitest fails while setting up the jsdom environment with ERR_REQUIRE_ESM from html-encoding-sniffer importing @exodus/bytes. This means the PR will break the current required test path unless the project drops Node 18 in CI/docs/Docker expectations or the dependency is pinned to a Node-18-compatible jsdom version.

💬 Non-blocking

🟡 Warning — Dockerfile:1 still uses node:18-alpine for the build image. This PR’s app build path may not import jsdom, so it is secondary to the failing test lane, but it leaves the repository with mixed Node support signals after introducing a dev dependency that explicitly requires Node 20.19+.

✅ Highlights

The PR is in scope for octo-admin because vite.config.ts uses environment: 'jsdom' for Vitest. On the current local Node 24.10.0 runtime, npm ci, npm test, and npm run build completed successfully.

[lml2468]

[CHANGES_REQUESTED] Independent cross-review.

🔴 Blocking: CI red — ESM/CJS incompatibility with vitest 2.x

Unlike the ERESOLVE failures in PRs #42/#44, this one installs fine but fails at test runtime:

Error: require() of ES Module .../node_modules/@exodus/bytes/encoding-lite.js
  from .../node_modules/html-encoding-sniffer/lib/html-encoding-sniffer.js not supported.
Code: ERR_REQUIRE_ESM

Root cause: jsdom 29.x replaced the deprecated whatwg-encoding with @exodus/bytes (ESM-only). html-encoding-sniffer uses require() to load it, which fails under vitest 2.x's CJS-based module resolution.

Required fix: jsdom 25+ needs vitest 3+ for proper ESM dependency handling. This PR must wait until vitest is upgraded (see PR #42 discussion about grouping). Alternatively, stay on jsdom 24.x.

Recommended Dependabot grouping to prevent this class of issues:

groups:
  test-infra:
    patterns:
      - "vitest"
      - "@vitest/*"
      - "jsdom"

This ensures jsdom and vitest move together since they have implicit ESM compatibility constraints.