chore(deps-dev): bump jsdom and global-jsdom

[dependabot]

Bumps jsdom and global-jsdom. These dependencies needed to be updated together.
Updates jsdom from 27.4.0 to 28.0.0

Release notes

Sourced from jsdom's releases.

Version 28.0.0

• Overhauled resource loading customization. See the new README for details on the new API.
• Added MIME type sniffing to <iframe> and <frame> loads.
• Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
• Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
• Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)
• Fixed the referrer of a document to be set correctly when redirects are involved; it is now the initiating page, not the last hop in the redirect chain.
• Fixed correctness bugs when passing ArrayBuffers or typed arrays to various APIs, where they would not correctly snapshot the data.
• Fixed require("url").parse() deprecation warning when using WebSockets.
• Fixed <iframe>, <frame>, and <img> (when canvas is installed) to fire load events, not error events, on non-OK HTTP responses.
• Fixed many small issues in XMLHttpRequest.

Changelog

Sourced from jsdom's changelog.

28.0.0

• Overhauled resource loading customization. See the new README for details on the new API.
• Added MIME type sniffing to <iframe> and <frame> loads.
• Regression: WebSockets are no longer correctly throttled to one connection per origin. This is a result of the bug at nodejs/undici#4743.
• Fixed decoding of the query components of <a> and <area> elements in non-UTF-8 documents.
• Fixed XMLHttpRequest fetches and WebSocket upgrade requests to be interceptable by the new customizable resource loading. (Except synchronous XMLHttpRequests.)
• Fixed the referrer of a document to be set correctly when redirects are involved; it is now the initiating page, not the last hop in the redirect chain.
• Fixed correctness bugs when passing ArrayBuffers or typed arrays to various APIs, where they would not correctly snapshot the data.
• Fixed require("url").parse() deprecation warning when using WebSockets.
• Fixed <iframe>, <frame>, and <img> (when canvas is installed) to fire load events, not error events, on non-OK HTTP responses.
• Fixed many small issues in XMLHttpRequest.

Commits

• 20f614d Version 28.0.0
• 2b65c6a Replace the resource loader API
• 638bd68 Decode <a> and <area> query strings using document's encoding
• 457bd4b Add AGENTS.md (and CLAUDE.md)
• bf1dc15 Mark header-values tests as fail-slow due to Node.js bug
• 92f269e Update dependencies and dev dependencies
• 7d6e667 Improve spec alignment of Headers and header type tests
• 2c29aed Fix Windows-specific task kill timeouts
• d941216 Add failing regression test for animation-name case-sensitivity
• 56a833d Update style benchmark
• Additional commits viewable in compare view

Updates global-jsdom from 27.0.0 to 28.0.0

Changelog

Sourced from global-jsdom's changelog.

{28.0.0} - {2026-02-02}

• Raise minimum jsdom peer dependency to v28

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

size-limit report 📦

Path	Size
JS	16.68 KB (0%)
JS ES6 with querystring only import (tree shaking)	533 B (0%)
JS ES6 with leadingZero only import (tree shaking)	34 B (0%)
JS ES6 with decodeHTMLEntities only import (tree shaking)	446 B (0%)
JS ES6 with decodeHTMLFullEntities only import (tree shaking)	9.9 KB (0%)

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.07%. Comparing base (1ffb61e) to head (e9154d2).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #827   +/-   ##
=======================================
  Coverage   97.07%   97.07%           
=======================================
  Files          22       22           
  Lines        3585     3585           
  Branches      111      111           
=======================================
  Hits         3480     3480           
  Misses        103      103           
  Partials        2        2           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.