Update dependency @xmldom/xmldom to v0.9.10

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@xmldom/xmldom	0.8.13 → 0.9.10

---

Release Notes

xmldom/xmldom (@​xmldom/xmldom)

v0.9.10

Compare Source

Fixed

• Security: XMLSerializer.serializeToString() (and Node.toString(), NodeList.toString()) now accept a requireWellFormed option. When { requireWellFormed: true } is passed, the serializer throws InvalidStateError for injection-prone node content, preventing XML injection via attacker-controlled node data. GHSA-j759-j44w-7fr8 GHSA-x6wf-f3px-wcqx GHSA-f6ww-3ggp-fr8h
  • Comment: throws when data contains -- anywhere, ends with -, or contains characters outside the XML Char production
  • ProcessingInstruction: throws when target contains : or matches xml (case-insensitive), or data contains characters outside the XML Char production or contains ?>
  • DocumentType: throws when publicId fails PubidLiteral, systemId fails SystemLiteral, or internalSubset contains ]>
• Security: DOM traversal operations (XMLSerializer.serializeToString(), Node.prototype.normalize(), Node.prototype.cloneNode(true), Document.prototype.importNode(node, true), node.textContent getter, getElementsByTagName() / getElementsByTagNameNS() / getElementsByClassName() / getElementById(), Node.prototype.isEqualNode()) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable RangeError. GHSA-2v35-w6hq-6mfw
• isEqualNode now correctly returns false for CDATASection nodes with different data

Deprecated

• The splitCDATASections serializer option is deprecated and will be removed in the next breaking release. The automatic splitting of "]]>" in CDATASection data was introduced as a workaround; use requireWellFormed: true or ensure CDATASection data does not contain "]]>" before serialization.

Chore

• updated dependencies

Thank you,
@​Jvr2022,
@​praveen-kv,
@​TharVid,
@​decsecre583,
@​tlsbollei,
@​KarimTantawey,
for your contributions

v0.9.9

Compare Source

Added

• implement ParentNode.children getter #960 / #410

Fixed

• Security: createCDATASection now throws InvalidCharacterError when data contains "]]>", as required by the WHATWG DOM spec. GHSA-wh4c-j3r5-mjhp
• Security: XMLSerializer now splits CDATASection nodes whose data contains "]]>" into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (appendData, replaceData, .data =, .textContent =). GHSA-wh4c-j3r5-mjhp
• correctly traverse ancestor chain in Node.contains #931

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Chore

• updated dependencies

Thank you,
@​stevenobiajulu,
@​yoshi389111,
@​thesmartshadow,
for your contributions

v0.9.8

Compare Source

Fixed

• fix: replace \u2029 as part of normalizeLineEndings #839 / #838
• perf: speed up line detection #847 / #838

Chore

• updated dependencies
• drop jazzer and rxjs devDependencies #845

Thank you,
@​kboshold,
@​Ponynjaa,
for your contributions.

v0.9.7

Compare Source

Added

• Implementation of hasAttributes #804

Fixed

• locator is now true even when other options are being used for the DOMParser #802 / #803
• allow case-insensitive DOCTYPE in HTML #817 / #819

Performance

• simplify DOM.compareDocumentPosition #805

Chore

• updated devDependencies

Thank you,
@​zorkow,
@​Ponynjaa,
@​WesselKroos,
for your contributions.

v0.9.6

Compare Source

Fixed

• lower error level for unicode replacement character #790 / #794 / #797

Chore

• updated devDependencies
• migrate renovate config #792

Thank you, @​eglitise, for your contributions.

v0.9.5

Compare Source

Fixed

• fix: re-index childNodes on insertBefore #763 / #766

Thank you,
@​mureinik,
for your contributions.

v0.9.4

Compare Source

Fixed

• restore performance for large amount of child nodes #748 / #760
• types: correct error handler level to warning (#​759) #754 / #759

Docs

• test: verify BOM handling #758

Thank you,
@​luffynando,
@​mattiasw,
@​JoinerDev,
for your contributions.

v0.9.3

Compare Source

Fixed

• restore more Node and ProcessingInstruction types #725 / #726
• getElements* methods return LiveNodeList<Element> #731 / #734
• Add more missing Node props #728, triggered by unclosed #724

Docs

• Update supported runtimes in readme (NodeJS >= 14.6 and other ES5 compatible runtimes)

Chore

• updates devDependencies

Thank you,
@​Ponynjaa,
@​ayZagen,
@​sserdyuk,
@​wydengyre,
@​mykola-mokhnach,
@​benkroeger,
for your contributions.

v0.9.2

Compare Source

Feature

• add Element.getElementsByClassName #722

Fixed

• add missing types for Document.documentElement and Element.tagName #721 #720

Thank you, @​censujiang, @​Mathias-S, for your contributions

v0.9.1

Compare Source

Fixed

• DOMParser.parseFromString requires mimeType as second argument #713
• correct spelling of isHTMLMimeType in type definition #715 / #712
• sync types with exports #717 / #285 / #695

Other

• minimum tested node version is 14 #710

Thank you, @​krystofwoldrich, @​marvinruder, @​amacneil, @​defunctzombie,
@​tjhorner, @​danon, for your contributions

v0.9.0

Compare Source

• Discussion
• Summary on dev.to

Features

• feat: expose all DOM level 2 element prototypes #637 / #40
• feat: add iterator function to NodeList and NamedNodeMap #634 / #633

Fixed

• parse empty/whitspace only doctype internal subset #692
• avoid prototype clash in namespace prefix #554
• report fatalError when doctype is inside elements #550

Other

• test: add fuzz target and regression tests #556
• chore: improve .gitignore and provide .envrc.template #697
• chore: Apply security best practices #546
• ci: check test coverage in PRs #524
• docs: add missing commas to readme #566
• docs: click to copy install command in readme #644
• docs: enhance jsdoc comments #511

Thank you, @​kboshold, @​edi9999, @​apupier,
@​shunkica, @​homer0, @​jhauga,
@​UdayKharatmol, for your contributions

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: ddc9274

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.80%. Comparing base (c6d3119) to head (ddc9274).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #261   +/-   ##
=======================================
  Coverage   68.80%   68.80%           
=======================================
  Files          19       19           
  Lines         638      638           
  Branches      117      117           
=======================================
  Hits          439      439           
  Misses        195      195           
  Partials        4        4           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.