Skip to content

Bump @testing-library/jest-dom from 5.16.5 to 6.9.1 #316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump @testing-library/jest-dom from 5.16.5 to 6.9.1 #316

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Oct 6, 2025
edited
Loading

Bumps @testing-library/jest-dom from 5.16.5 to 6.9.1.

Release notes

Sourced from @​testing-library/jest-dom's releases.

v6.9.1

6.9.1 (2025-10-01)

Bug Fixes

v6.9.0

6.9.0 (2025-09-30)

Features

  • Add .toAppearBefore/.toAppearAfter matcher (#702) (95f870a)

v6.8.0

6.8.0 (2025-08-20)

Features

v6.7.0

6.7.0 (2025-08-13)

Features

v6.6.4

6.6.4 (2025-07-26)

Performance Improvements

v6.6.3

6.6.3 (2024-10-31)

Bug Fixes

  • add vitest import when extending vitest matchers (#646) (5ba0156)

v6.6.2

6.6.2 (2024-10-17)

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump @testing-library/jest-dom from 5.16.5 to 6.9.1
3fa2642 
Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 5.16.5 to 6.9.1.
- [Release notes](https://github.com/testing-library/jest-dom/releases)
- [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md)
- [Commits](testing-library/jest-dom@v5.16.5...v6.9.1)

---
updated-dependencies:
- dependency-name: "@testing-library/jest-dom"
  dependency-version: 6.9.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Oct 6, 2025
@dependabot dependabot bot mentioned this pull request Oct 6, 2025
Closed
@fossabot
Copy link

fossabot bot commented Oct 6, 2025
edited
Loading

Needs Review

I recommend reviewing this upgrade before merging because it introduces a critical breaking change that will cause all tests to fail. The deprecated import path '@​testing-library/jest-dom/extend-expect' is actively used in the test setup file and must be updated to '@​testing-library/jest-dom'. Additionally, while the upgrade resolves two high-severity security vulnerabilities in transitive dependencies (including CVE-2021-3807 ReDoS vulnerability), the breaking change requires manual code modification to restore test functionality. The fix is straightforward and well-documented, but the change must be implemented before tests can run successfully.

What we checked

  • Critical breaking change: Uses removed import path '@​testing-library/jest-dom/extend-expect' which was removed in v6.0. This must be changed to import '@​testing-library/jest-dom' to prevent all tests from failing. [1]
  • Dependency upgraded from v5.16.5 to v6.9.1, introducing breaking changes requiring Jest 27+ (currently using Jest 29.5.0, which is compatible) [2]
  • Jest configuration references test_setup.js which contains the deprecated import. This setup file is executed before all tests via setupFilesAfterEnv. [3]
  • Official documentation of v6.0 breaking change: the /extend-expect import path was removed and replaced with a simpler direct import pattern [4]
  • Security fix: Upgrade addresses high-severity vulnerability by upgrading @​adobe/css-tools to 4.3.1 [5]

Dependency Usage

This testing library serves as the global test infrastructure foundation for Mastodon's JavaScript frontend codebase, configured in the Jest test setup file to automatically extend all test assertions with DOM-specific matchers. The dependency enables quality assurance across the entire React-based social networking application by providing expressive assertions for testing UI components, user interactions, and accessibility features. This represents a centralized architectural pattern where a single setup file applies enhanced testing capabilities across all Jest test suites in the application.

  • @​testing-library/jest-dom: app/javascript/mastodon/test_setup.js:1 - This code imports the '@​testing-library/jest-dom/extend-expect' library, which extends Jest's expect functionality with additional custom matchers for more expressive and readable DOM-related assertions in testing.
Other Usages (1)

These usages were analyzed but no breaking changes were detected:

@​testing-library/jest-dom

Changes

@​testing-library/jest-dom upgraded its @​adobe/css-tools dependency to address a security vulnerability and deprecated the toHaveErrorMessage matcher in favor of the spec-compliant toHaveAccessibleErrorMessage. The update also introduces nine new matchers including toAppearBefore, toAppearAfter, toBePressed, toBePartiallyPressed, toHaveSelection, and toHaveRole for enhanced accessibility testing.

View 37 more changes
References (5)

[1]: Critical breaking change: Uses removed import path '@​testing-library/jest-dom/extend-expect' which was removed in v6.0. This must be changed to import '@​testing-library/jest-dom' to prevent all tests from failing.

mastodon/app/javascript/mastodon/test_setup.js

Line 1 in 3fa2642

import '@testing-library/jest-dom/extend-expect';

[2]: Dependency upgraded from v5.16.5 to v6.9.1, introducing breaking changes requiring Jest 27+ (currently using Jest 29.5.0, which is compatible)

mastodon/package.json

Line 144 in 3fa2642

"@testing-library/jest-dom": "^6.9.1",

[3]: Jest configuration references test_setup.js which contains the deprecated import. This setup file is executed before all tests via setupFilesAfterEnv.

mastodon/jest.config.js

Line 13 in 3fa2642

setupFilesAfterEnv: ['<rootDir>/app/javascript/mastodon/test_setup.js'],

[4]: Official documentation of v6.0 breaking change: the /extend-expect import path was removed and replaced with a simpler direct import pattern (source link)

[5]: Security fix: Upgrade addresses high-severity vulnerability by upgrading @​adobe/css-tools to 4.3.1 (source link)

fossabot analyzed this PR using static analysis and dependency research.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant