Commit Graph

7371 Commits

Author SHA1 Message Date
Michał Gołębiowski-Owczarek
5fa0db48d7
Core: Fix dependencies in ui/core.js
The `jquery-patch` reference was included with the `.js` extension which is
not allowed in AMD.

Fixes gh-2107
Closes gh-2109
2022-08-18 13:28:26 +02:00
Michał Gołębiowski-Owczarek
4bae79d534
Docs: Add a security policy in SECURITY.md
This is needed so that people know how to report security issues.

Closes gh-2103
2022-07-19 20:59:15 +02:00
Michał Gołębiowski-Owczarek
0df6e65830
All: Update JS Foundation mentions to OpenJS Foundation
Closes gh-2104
2022-07-19 09:36:55 +02:00
Michał Gołębiowski-Owczarek
1f16dbb803 Build: Updating the main version to 1.13.3-pre. 2022-07-14 21:13:21 +02:00
Michał Gołębiowski-Owczarek
8cc5bae1ca
Checkboxradio: Don't re-evaluate text labels as HTML
If you generate a Checkboxradio from a checkbox/radio with a label that
contains encoded HTML, e.g. `<em>test</em>` this will work fine
at first. If, however a refresh is triggered on that instance (explicitly or
e.g. by turning it into a `Controlgroup`), the previously escaped HTML will
now be evaluated.

If the label was created based on some user input, this could lead to
unexpected code execution even though the initial output was escaped.

Fixes gh-2101
Closes gh-2102
2022-07-14 20:52:02 +02:00
Michał Gołębiowski-Owczarek
b53e7beb68 All: Remove deprecated .click() usage in demos/tests 2022-07-14 20:34:29 +02:00
Michał Gołębiowski-Owczarek
bb00536756 Build: Update AUTHORS.txt 2022-07-14 19:54:38 +02:00
Denny Septian Panggabean
9d1fc97b4e
Datepicker: Capitalize some Indonesian words
Closes gh-2067
2022-07-14 19:53:59 +02:00
James Hinderks
1f467baaac
Selectmenu: Remove a call to the deprecated .focus() method
Replaces a call to the deprecated jQuery `.focus()` method
with `.trigger("focus")`.

Closes gh-2053
2022-07-14 19:43:16 +02:00
Michał Gołębiowski-Owczarek
ac1866f20d Build: Update AUTHORS.txt 2022-07-14 19:07:27 +02:00
Felix Nagel
395aa7d056 Datepicker: Add missing localization for prevText and nextText
Fixes gh-2048
Closes gh-2050
Closes gh-2100
2022-07-14 18:47:30 +02:00
Felix Nagel
218c6af95a Datepicker: Remove symbols in localization
Follow-up to dfff5e7e999453f5d080c184bd4e3fdbfc93b83e

Fixes gh-2048
Closes gh-2050
2022-07-14 18:47:30 +02:00
Adam Lidén Hällgren
3126e12869 Datepicker: Remove symbols in localization
Fixes gh-2048
Closes gh-2050
Ref gh-2067
2022-07-14 18:47:30 +02:00
dependabot[bot]
e853971b0a
Build(deps): Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

Closes gh-2098

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-11 12:22:26 +02:00
dependabot[bot]
d55645c0c4
Build(deps): Bump actions/cache from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

Closes gh-2097

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-11 12:17:24 +02:00
dependabot[bot]
a4060a2b83
Build(deps): Bump actions/setup-node from 1 to 3
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 1 to 3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v1...v3)

Closes gh-2096

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-11 12:17:01 +02:00
Christian Oliff
d66fdd5c9a
Build: Add dependabot.yml config (GitHub Actions)
Closes gh-2093
Ref jquery/jquery#5057
2022-06-29 15:14:31 +02:00
Michał Gołębiowski-Owczarek
50d35e60f1
Build: Update Grunt to resolve CVE-2022-1537
More details:
https://github.com/advisories/GHSA-rm36-94g8-835r

Fixes gh-2090
Closes gh-2091
2022-06-22 12:58:05 +02:00
Michał Gołębiowski-Owczarek
e21a2543b5
Build: Include all the files published to the CDN in npm/Bower packages
Both unminified & minified versions of JS & CSS files are included, for all
themes, as well as images.

Fixes gh-2011
Closes gh-2059
2022-03-23 12:05:10 +01:00
Michał Gołębiowski-Owczarek
54074fcb1d Build: Updating the main version to 1.13.2-pre. 2022-01-20 14:04:17 +01:00
Michał Gołębiowski-Owczarek
d2779bde26 Build: Update some npm dependencies
Unfortunately, we cannot update all of them to their latest versions as some
of them now require Node.js 12 and we need to be able to build on Node 10 as
that's what our Jenkins runs.
2022-01-20 13:29:50 +01:00
Michał Gołębiowski-Owczarek
0c5becce0e
Widget: Optimize attachment of the _untrackClassesElement listener
jQuery UI 1.13.0 changed the logic attaching the `_untrackClassesElement`
listener in the `_classes` widget method; one of the side effects was calling
`this._on` for each node that needed the listener. That caused a severe
performance degradation for large comboboxes as each `_on` jQuery UI call
causes a jQuery `add` call that calls Sizzle's `uniqueSort` underneath.

Instead, collect the nodes that need the listener and then, outside of the loop,
create a jQuery object out of them and attach the listener once. That's still
slower than the jQuery 1.12 version but only slightly: 936 ms to 1.03s on a very
large list on a recent MacBook Pro, compared to ~30 seconds before this patch.

Fixes gh-2014
Closes gh-2037
2022-01-15 01:26:23 +01:00
Michał Gołębiowski-Owczarek
4a7cec365b
Build: Add Felix to .mailmap, update AUTHORS.txt
Beyond the `AUTHORS.txt` changes, this accounts for a recent email change in
one of the commits.

Closes gh-2039
2022-01-15 01:26:00 +01:00
Ben Mullins
933ce5d779
Autocomplete: Rewrite with a delay instead of appending the live region
This fixes the issue caused by https://bugs.jqueryui.com/ticket/9357.
We now empty the live region instead of appending to it, and we do so
after a brief timeout so the live region isn't updated on every mousemove
event or when quickly traversing through options.

Fixes gh-2002
Closes gh-2031
2022-01-05 11:35:34 +01:00
Felix Nagel
e90096e9dd Build: Add extra Github action job for PR required checks configuration 2021-12-06 20:47:34 +01:00
Felix Nagel
e0a78d4400
Build: Switch from Travis to GitHub actions
Closes gh-2021
2021-11-30 16:47:11 +01:00
Michał Gołębiowski-Owczarek
ed637b04d7
Widget: Make contextless widget construction work
Due to the fact the widget factory code is now in strict mode, the check for
being called without using the `new` keyword started breaking if you save the
widget constructor to a variable before calling it:
```js
var customWidget = $.custom.customWidget;
customWidget( {}, elem );
```
as then `this` is undefined and checking for `this._createWidget` crashes.
Account for that with an additional check.

Fixes gh-2015
Closes gh-2019
2021-11-19 00:47:56 +01:00
Michał Gołębiowski-Owczarek
b52ee4012d
Sortable: Fix positioning when moving a Draggable item into a Sortable
PR gh-1793 removed setting `this.offset.parent` in the Draggable
`refreshPositions` method which broke position calculations when moving
a Draggable item into a connected Sortable. restore that assignment.

Ref gh-1793
Fixes gh-2001
Closes gh-2009
2021-11-15 18:39:25 +01:00
Michał Gołębiowski-Owczarek
efe3b22517
Sortable: Allow 0-height containers to be sortable as in 1.12.1
Note that container specific events will not fire when the dragged element
is interacting with zero height containers.

Fixes gh-1998
Closes gh-2008

Co-authored-by: A. Wells <borgboyone@users.noreply.github.com>
2021-11-08 18:21:03 +01:00
Josep Sanz
85fba3f107
Tooltip: Don't crash on empty content
Commit 1f2011ece removed a `try-catch` around triggering the `remove` handlers
in the `jQuery.cleanData` override. The `try-catch` was meant for old IE but it was
also catching an error coming from the tooltip `remove` handler depending on
being able to find a relevant tooltip. The `_find` method returns `null`, though,
when the tooltip cotent is empty.

Instead of restoring the `try-catch`, handle the `null` case in the `remove` handler.

Fixes gh-1990
Closes gh-1994

Co-authored-by: Claas Augner <github@caugner.de>
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
2021-11-08 11:53:45 +01:00
Michał Gołębiowski-Owczarek
1f0851b538
Docs: Update the bug tracker from bugs.jqueryui.com to GitHub
Also, remove the Weekly Meetings section from README as the meetings are no
longer happening.

Closes gh-1972
2021-10-07 16:48:39 +02:00
Michał Gołębiowski-Owczarek
0a23b09e8c Build: Updating the main version to 1.13.1-pre. 2021-10-07 16:21:24 +02:00
Michał Gołębiowski-Owczarek
c3749ca924 Tests: Take development jQuery versions from releases.jquery.com
code.jquery.com is now used just for the specific versions.
2021-09-29 19:07:43 +02:00
Michał Gołębiowski-Owczarek
232fe3bafa Tests: Load the TestSwarm listener via HTTPS 2021-09-29 17:22:17 +02:00
Michał Gołębiowski-Owczarek
2802058ba8 Release: Update the download.jqueryui.com dependency 2021-09-27 15:13:30 +02:00
Michał Gołębiowski-Owczarek
0fe05e5223
Theme: Revert three theme commits that are causing styling issues (#1983)
* Revert "Theme: Removes css for ui-state-checked its not used any more"

This reverts commit 1b0e947f46.

* Revert "Theme: Replace missing definition for default icons"

This reverts commit dde9b83df6.

* Revert "Theme: Switch icon background to use bgColorContent"

This reverts commit 265b8f5e53.

This reverts three commits:

* Theme: Removes css for ui-state-checked its not used any more 1b0e947f46 (https://github.com/jquery/jquery-ui/pull/1753)
* Theme: Replace missing definition for default icons dde9b83df6
* Theme: Switch icon background to use bgColorContent 265b8f5e53

which caused styling issues when compared to UI 1.12.1.

This unfixes a few issues:

* https://github.com/jquery/download.jqueryui.com/issues/335
* https://bugs.jqueryui.com/ticket/15059
* https://forum.jquery.com/topic/checkboxradio-widget-checkbox-click-doesn-t-work-with-ui-lightness-theme-22-9-2016

However, old & known issues are better than new & unknown ones, especially with our current very limited resources.

Closes gh-1983
2021-09-26 00:03:44 +02:00
Michał Gołębiowski-Owczarek
87656cdf57
Theme: Fix blank icons having a background
A fix from 43254468de introduced a rule setting
`background-image` of a blank icon to none. However, the selector used for that
rule had lower specificity than another one: `.ui-button .ui-icon` which caused
dashes being shown over the icons.

We needed to increase the specificity of the `.ui-icon-blank` rule past the
above selector and past `.ui-button:hover .ui-icon`. We're doing it by repeating
the class name three times.

Closes gh-1987
2021-09-25 21:20:06 +02:00
Michał Gołębiowski-Owczarek
b0ed787d18 Build: Require jQuery >=1.8.0 <4.0.0, not >=1.6 in bower.json 2021-09-25 12:25:10 +02:00
Michał Gołębiowski-Owczarek
f381ec0513 Docs: Update jQuery used for demos to 3.6.0
jQuery 1.12.4 misses some Core APIs that jQuery UI depends on and that are not
polyfilled in demos.
2021-09-25 12:24:55 +02:00
Michał Gołębiowski-Owczarek
3f5c7201da Tests: Update the default jQuery version from 1.12.4 to 3.6.0 2021-09-25 12:24:55 +02:00
Michał Gołębiowski-Owczarek
2fd224d5cc
Effect: Define the jQuery variable before jQuery Color gets imported
We need to create a local jQuery because jQuery Color relies on it and the
global may not exist with AMD and a custom build (trac-10199). This worked
in UI 1.12 but stopped in 1.13 as jQuery Color is now sourced as an AMD module
and the variable started being defined after jQuery Color code. To restore the
proper order, move the variable declaration to a separate small module loaded
before jQuery Color.

Closes gh-1973
2021-09-03 14:42:30 +02:00
Michał Gołębiowski-Owczarek
eda9f3b0d6 Release: Update the download.jqueryui.com dependency
The latest version contains small tweaks to the "use strict" pragma placement.
2021-09-02 17:17:50 +02:00
Michał Gołębiowski-Owczarek
491ecc1bd5 Build: Update npm dependencies 2021-09-02 16:05:31 +02:00
Michał Gołębiowski-Owczarek
4ccebc5f20
Release: Update the download.jqueryui.com dependency
This is needed to make `"use strict"` pragmas not stripped out during the
build.

Closes gh-1969
2021-08-26 13:41:10 +02:00
Michał Gołębiowski-Owczarek
440f38940d
Docs: Update removal comments to mention 1.14, not 1.13
We're not removing any deprecated API or legacy browser support in 1.13,
re-target comments to mention 1.14.

It's not guaranteed 1.14 will ever get released but if it will, it sounds like
a good moment to do those removals.

Closes gh-1970
2021-08-26 13:36:06 +02:00
Michał Gołębiowski-Owczarek
349ee77924 Release: Update the download.jqueryui.com dependency 2021-08-06 16:56:51 +02:00
Michał Gołębiowski-Owczarek
03e6c45583 Release: Abort on packager errors 2021-08-06 15:07:00 +02:00
Michał Gołębiowski-Owczarek
202238b550 Release: Update dependencies for the 1.13 release
Closes gh-1966
2021-08-06 13:36:30 +02:00
Michał Gołębiowski-Owczarek
f7e7e14a69 Build: Don't save temporary npm dependencies to package.json
Past npm versions required the `--save` flag to save anything in `package.json`
when installing packages but newer ones do this by default. Pass `--no-save` to
restore the original behavior in the `release-test.js` script.

Ref gh-1966
2021-08-06 13:36:30 +02:00
Michał Gołębiowski-Owczarek
74af512794 Build: Don't publish dist/cdn to npm 2021-08-04 22:57:11 +02:00