Skip to content

chore(deps): bump whatwg-url from 14.1.1 to 17.1.0#1148

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/whatwg-url-17.1.0
Open

chore(deps): bump whatwg-url from 14.1.1 to 17.1.0#1148
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/whatwg-url-17.1.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps whatwg-url from 14.1.1 to 17.1.0.

Release notes

Sourced from whatwg-url's releases.

v17.1.0

  • Added parseURLWithValidationErrors(), which records and returns validation errors per the standard's parsing algorithm, often performing additional checks on the input.
  • Added isValidURLString(), which checks an input string against the standard's valid URL string predicate.
  • Fixed userinfo parsing for astral code points (@​spokodev, jsdom/whatwg-url#333). This was a rare instance of whatwg-url failing to match the specification.

Notably, the new validation code allowed us to make significant progress on whatwg/url#704, and as far as we can tell at this point, the two types of validation agree.

v17.0.0

Breaking change: now requires Node.js ^22.14.0 || >=24.0.0.

Updated the domain parser to have an ASCII fallback path, per whatwg/url@a8d5ca3.

16.0.1

Fixed URL.parse() to return a proper URL object, instead of an internal implementation object. This fixes, among other things, URL.parse(x) instanceof URL.

16.0.0

Breaking change: now requires Node.js versions ^20.19.0 || ^22.12.0 || >=24.0.0.

Added encoding support for query string parsing, via the new encoding options to parseURL() and basicURLParse(). (The URL API is not affected, as it always uses UTF-8.) Thanks to @​ChALkeR and his excellent @exodus/bytes package for providing the foundation!

15.1.0

Updated our tr46 dependency, which updates our international domain name support to reflect Unicode 17.0.0.

15.0.0

Breaking change: now requires Node.js v20 or later.

Made minor updates to failure cases for "host"/"hostname" and "port" state override parsing, following URL Standard changes whatwg/url@c23aec1 and whatwg/url@cc8b776. These have no impact on usage of the high-level APIs.

14.2.0

Updated our tr46 dependency, which updates our international domain name support to reflect Unicode 16.0.0. Also includes the related changes to the URL Standard:

Added U+005E (^) to the path percent-encode set, per whatwg/url@9bc33c3.

Ensured opaque paths always roundtrip, per whatwg/url@6c78200.

Commits
  • ea29b05 17.1.0
  • 146a93e Report IPv4 validation errors for non-ASCII input
  • fbaf303 Fix userinfo parsing for astral code points
  • b440eab Align URL string validation with parser
  • 877bd67 Consolidate validation tests
  • dfca5ee Update IPv6 address string validation
  • 80ef42c Reject number-ending domains in URL string validation
  • f55baa0 Handle opaque-path bases in URL string validation
  • 9dd6c2e Allow empty URL path segments
  • 1f83cb3 Simplify ends in a number checker
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for whatwg-url since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [whatwg-url](https://github.com/jsdom/whatwg-url) from 14.1.1 to 17.1.0.
- [Release notes](https://github.com/jsdom/whatwg-url/releases)
- [Commits](jsdom/whatwg-url@v14.1.1...v17.1.0)

---
updated-dependencies:
- dependency-name: whatwg-url
  dependency-version: 17.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot for dependency updates npm Used by dependabot labels Jul 14, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 14, 2026 08:04
@dependabot dependabot Bot added dependencies Used by dependabot for dependency updates npm Used by dependabot labels Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Used by dependabot for dependency updates npm Used by dependabot

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants