Chore: Upgrade jest-environment-jsdom, auth0.js, component-cdn-uploader and validator

[ankita10119]

Changes

This PR completes the migration from the deprecated jest-environment-jsdom-global package to the
standard jest-environment-jsdom, fixing all test failures and resolving security vulnerabilities.

Package Updates

• Removed deprecated jest-environment-jsdom-global dependency
• Using jest-environment-jsdom@30.2.0 (already at target version)
• Updated validator from ^13.6.0 to ^13.15.22 (security fix)
• Keeping auth0-js@9.29.0 (latest v9.x)
• Keeping @auth0/component-cdn-uploader@2.4.2

Test Infrastructure Changes

• Created custom Jest environment to expose jsdom instance
• Enhanced setURL() utility with dual-approach window.location mocking
• Updated 2 snapshot files
• Cleaned up unnecessary code in setup-tests.js

Testing

• No functional changes in production code.
• All test suites continue to pass with the updated setup.
• Minor snapshot changes due to rendering differences in updated jsdom and Jest versions.

Checklist

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct
• All code quality tools/guidelines have been run/followed
• All relevant assets have been compiled

[gyaneshgouraw-okta]

@claude

[github-actions]

Claude finished @gyaneshgouraw-okta's task —— View job

---

Review Progress

• Gather PR context and diff
• Read project architecture documentation
• Perform code quality review
• Perform security review
• Perform performance review
• Provide overall assessment

---

Overall Assessment

✅ This PR successfully addresses the deprecation of jest-environment-jsdom-global and includes important security updates. All CI checks are passing (Build and Test, Snyk, CodeQL). The implementation is sound with a clever dual-approach fallback strategy for URL mocking. However, there are several concerns around major version bumps and edge case handling that should be addressed before merging to ensure long-term stability and maintainability.

Key Findings

Security Updates (Positive)

• validator upgraded from ^13.6.0 to ^13.15.22 addresses security vulnerabilities
• Snyk checks passing confirms no known vulnerabilities
• CodeQL analysis completed successfully

Testing Infrastructure (Mostly Good)

• Custom Jest environment cleanly exposes jsdom instance
• Dual-approach URL mocking provides good fallback support
• All test suites passing with the new setup

Concerns to Address

1. Major version jumps: jest-environment-jsdom (v29→v30) and implicit superagent (v7→v10 via auth0-js) changes need careful validation
2. Edge case handling: Missing error handling in custom environment and URL mocking could cause cryptic failures
3. Test coverage gaps: Fallback mechanisms not independently tested, risking future breakage
4. Cleanup logic: Potential issues with window.location restoration in test teardown

Recommendation: Address the inline comments regarding error handling, test coverage, and validation of major dependency upgrades before merging.

---

[github-actions]

The property name this.dom is not guaranteed to be stable across jsdom versions. Consider adding error handling or version checking to ensure this property exists before exposing it globally.

Suggested change

	this.global.jsdom = this.dom;
	// Expose jsdom instance globally so tests can call jsdom.reconfigure()
	if (this.dom) {
	this.global.jsdom = this.dom;
	}

[github-actions]

The delete window.location operation can fail in strict mode or certain JavaScript environments. Consider wrapping this in a try-catch block to handle potential errors gracefully.

Additionally, the fallback approach may not fully replicate jsdom's behavior for all location-dependent operations. Consider documenting which test scenarios work with each approach.