build(deps-dev): swap happy-dom for jsdom as Vitest DOM environment

[NiveditJain]

Summary

Swap the Vitest DOM environment from happy-dom to jsdom.

• happy-dom is single-maintainer and has a past critical CVE (AIKIDO-2024-10426).
• jsdom has 6 maintainers, ~7x the weekly downloads (~49M vs ~7M), a 100/100 Snyk maintenance score, and broader DOM API coverage.
• Trade-off: jsdom is 2-4x slower in raw DOM ops. With our ~1.7k tests / 82 files, total suite time stays under 5s, so the supply-chain hygiene wins outweigh the speed cost.
• Supersedes Dependabot PR build(deps-dev): Bump happy-dom from 20.9.0 to 20.10.2 #415 (which bumped happy-dom 20.9.0 -> 20.10.2) — that PR can be closed.

Changes

• vitest.config.mts: environment: "happy-dom" -> "jsdom"
• package.json: drop happy-dom ^20.7.0, add jsdom ^29.1.1
• bun.lock: regenerated
• docs/testing.mdx + 14 translated mirrors: replace happy-dom mention with jsdom
• CHANGELOG.md: entry under ### Dependencies for 0.0.11-beta.3

Test plan

• bun run test:run — 1691 tests pass across 82 files on jsdom
• bun run lint — 0 errors (2 pre-existing warnings unrelated)
• bunx tsc --noEmit — clean
• bun run build — Next.js + dist bundle build green
• Wait for CI (quality + test + build + test-e2e) to confirm parity in clean env

Generated with Claude Code

Summary by CodeRabbit

• Documentation

  • Updated testing documentation across all supported languages to reflect the current test environment configuration.

• Chores

  • Updated testing environment configuration and dependencies to improve test suite stability and maintenance.

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
failproofai	🟢 Ready	View Preview	Jun 9, 2026, 1:03 AM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4d068192-0936-4b05-b7dc-7aa237a8d066

📥 Commits

Reviewing files that changed from the base of the PR and between 696c7d3 and 7331281.

⛔ Files ignored due to path filters (1)

• bun.lock is excluded by !**/*.lock

📒 Files selected for processing (18)

• CHANGELOG.md
• docs/ar/testing.mdx
• docs/de/testing.mdx
• docs/es/testing.mdx
• docs/fr/testing.mdx
• docs/he/testing.mdx
• docs/hi/testing.mdx
• docs/it/testing.mdx
• docs/ja/testing.mdx
• docs/ko/testing.mdx
• docs/pt-br/testing.mdx
• docs/ru/testing.mdx
• docs/testing.mdx
• docs/tr/testing.mdx
• docs/vi/testing.mdx
• docs/zh/testing.mdx
• package.json
• vitest.config.mts

---

📝 Walkthrough

Walkthrough

Vitest's DOM test environment is migrated from happy-dom to jsdom across configuration, dependencies, changelog, and documentation. The test suite remains green under the new environment.

Changes

Test Environment Migration

Layer / File(s)	Summary
Test environment configuration vitest.config.mts, package.json	Test environment setting in Vitest configuration switches from happy-dom to jsdom; dev dependency updated from happy-dom@^20.7.0 to jsdom@^29.1.1.
Release documentation CHANGELOG.md	Changelog entry for 0.0.11-beta.3 documents the environment switch under Dependencies, noting security maintenance rationale and that tests pass under jsdom.
Testing documentation updates docs/testing.mdx, docs/*/testing.mdx	Base English testing documentation and 14 localized versions (Arabic, German, Spanish, French, Hebrew, Hindi, Italian, Japanese, Korean, Portuguese-Brazil, Russian, Turkish, Vietnamese, Chinese) all updated to specify jsdom instead of happy-dom for unit test environment.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~4 minutes

Poem

🐰 From happy-dom to jsdom we hop,
A library swap that won't stop,
With tests all green and secure,
Across every tongue, the docs stay pure! 🌍✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description comprehensively covers the rationale, changes, and test plan, but does not follow the required template structure with Type of Change checkboxes and completion checklist.	Restructure the description to match the repository template: add 'Type of Change' section with checkboxes (Refactor applies here) and 'Checklist' section documenting completion status of lint, tsc, test:run, and build steps.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: swapping happy-dom for jsdom as the Vitest DOM environment, directly reflecting the core changeset across configuration, dependencies, and documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

docs/ar/testing.mdx

ESLint skipped: missing config or dependency (missing-dependency). The ESLint configuration references a package that is not available in the sandbox.

docs/de/testing.mdx

ESLint skipped: the ESLint configuration for this file references a package that is not available in the sandbox.

docs/es/testing.mdx

ESLint skipped: the ESLint configuration for this file references a package that is not available in the sandbox.

• 12 others

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	jsdom@​29.1.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm css-tree is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/jsdom@29.1.1 → npm/css-tree@3.2.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/css-tree@3.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm data-urls is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/jsdom@29.1.1 → npm/data-urls@7.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/data-urls@7.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm jsdom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → npm/jsdom@29.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@29.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm jsdom is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → npm/jsdom@29.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/jsdom@29.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report