chore(deps): update dependency jsdom to v28

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
jsdom	^27.0.0 → ^28.0.0

---

Release Notes

jsdom/jsdom (jsdom)

v28.0.0

Compare Source

• Overhauled resource loading customization. See the new README for details on the new API.
• Added MIME type sniffing to <iframe> and <frame> loads.
• Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
• Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
• Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)
• Fixed the referrer of a document to be set correctly when redirects are involved; it is now the initiating page, not the last hop in the redirect chain.
• Fixed correctness bugs when passing ArrayBuffers or typed arrays to various APIs, where they would not correctly snapshot the data.
• Fixed require("url").parse() deprecation warning when using WebSockets.
• Fixed <iframe>, <frame>, and <img> (when canvas is installed) to fire load events, not error events, on non-OK HTTP responses.
• Fixed many small issues in XMLHttpRequest.

---

Configuration

📅 Schedule: Branch creation - "before 6am every weekday" in timezone America/Vancouver, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

Thanks for the PR!

Deployments, as required, will be available below:

• Frontend
• Backend

Please create PRs in draft mode. Mark as ready to enable:

• Analysis Workflow

After merge, new images are deployed in:

• Merge Workflow

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​types/​supertest@​6.0.3
	prisma@​7.3.0
	express-prom-bundle@​8.0.0
	reflect-metadata@​0.2.2
	nest-winston@​1.10.2
	swagger-ui-express@​5.0.1
	istanbul-badges-readme@​1.9.0
	rimraf@​6.1.2
	helmet@​8.1.0
	prom-client@​15.1.3
	unplugin-swc@​1.5.9
	winston@​3.19.0
	supertest@​7.2.2
	pg@​8.18.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm safer-buffer is 94.0% likely obfuscated Confidence: 0.94 Location: Package overview From: backend/package-lock.json → npm/@nestjs/cli@11.0.16 → npm/prisma@7.3.0 → npm/@nestjs/platform-express@11.1.13 → npm/swagger-ui-express@5.0.1 → npm/safer-buffer@2.1.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/safer-buffer@2.1.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report