Commit Graph

26 Commits

Author SHA1 Message Date
Michał Gołębiowski-Owczarek
559bc5ac58
Tests: Switch to an updated fork of promises-aplus-tests
The upstream package has been unmaintained for years, with dependencies
with long-reported security issues. Switching to a fork allows to resolve
all the security reports against the jQuery development environment.

The fork is maintained by @mgol and has the following changes:
1. The `underscore` dependency has been removed.
2. `sinon` has been updated from v1 to v19.
3. `mocha` has been updated from v2 to v10.

Changes to the source are minimal; it will be easy to rebase the fixes
if the upstream package is ever updated.

In addition to the above, the `q` dependency has been removed.
It's been added in gh-1996 but never really used.

Closes gh-5559
2024-09-30 18:48:46 +02:00
dependabot[bot]
147964e162
Build: Bump rollup from 4.19.0 to 4.22.4
Bumps [rollup](https://github.com/rollup/rollup) from 4.19.0 to 4.22.4.
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rollup/rollup/compare/v4.19.0...v4.22.4)

Closes gh-5558

---
updated-dependencies:
- dependency-name: rollup
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-25 01:03:42 +02:00
dependabot[bot]
3658caf129
Build: Bump webpack from 5.93.0 to 5.94.0
Bumps [webpack](https://github.com/webpack/webpack) from 5.93.0 to 5.94.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.93.0...v5.94.0)

Closes gh-5544

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-02 23:25:45 +02:00
Timmy Willison
c85454a843
Tests: replace express with basic Node server
Close gh-5527
2024-08-08 22:10:29 -04:00
Timmy Willison
a7d3383e66 Build: upgrade dependencies, including requirejs to 2.3.7 2024-07-29 12:34:41 -04:00
Timmy Willison
51fffe9f73
Release: 4.0.0-beta.2 2024-07-17 09:43:43 -04:00
Timmy Willison
3e612aeeb3
Release: ensure builds have the proper version
- order hooks in execution order
- update workflow actions

Closes gh-5519
2024-07-17 09:32:02 -04:00
Timmy Willison
2646a8b07f Release: migrate release process to release-it
*Authors*
- Checking and updating authors has been migrated
  to a custom script in the repo

*Changelog*
- changelogplease is no longer maintained
- generate changelog in markdown for GitHub releases
- generate changelog in HTML for blog posts
- generate contributors list in HTML for blog posts

*dist*
- clone dist repo, copy files, and commit/push
- commit tag with dist files on main branch;
  remove dist files from main branch after release

*cdn*
- clone cdn repo, copy files, and commit/push
- create versioned and unversioned copies in cdn/
- generate md5 sums and archives for Google and MSFT

*build*
- implement reproducible builds and verify release builds
  * uses the last modified date for the latest commit
  * See https://reproducible-builds.org/
- the verify workflow also ensures all files were
  properly published to the CDN and npm

*docs*
- the new release workflow is documented at build/release/README.md

*misc*
- now that we don't need the jquery-release script and
  now that we no longer need to build on Node 10, we can
  use ESM in all files in the build folder
- move dist wrappers to "wrappers" folders for easy removal
  of all built files
- limit certain workflows to the main repo (not forks)
- version in package.json has been set to beta.1 so that
  the next release will be beta.2
- release-it added the `preReleaseBase` option and we
  now always set it to `1` in the npm script. This is
  a noop for stable releases.

Fixes jquery/jquery-release#114
Closes gh-5512
2024-07-11 10:00:56 -04:00
Timmy Willison
cb8ab6ccdb
Build: upgrade dependencies; fix bundler tests on windows
- account for newly unused parameters in the slim builds

Closes gh-5509
2024-06-15 09:11:34 -04:00
dependabot[bot]
691c0aeede
Build: Bump express from 4.18.3 to 4.19.2
Bumps [express](https://github.com/expressjs/express) from 4.18.3 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](https://github.com/expressjs/express/compare/4.18.3...4.19.2)

Closes gh-5461

---
updated-dependencies:
- dependency-name: express
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-29 21:23:24 +01:00
Timmy Willison
44fb7fa220
Tests: add diffing to test reporter
Close gh-5445
2024-03-14 14:28:20 -04:00
Michał Gołębiowski-Owczarek
60f11b58bf
Core: Fix the exports setup to make bundlers work with ESM & CommonJS
We cannot pass a single file via the `module` condition as then
`require( "jquery" )` will not return jQuery but instead the module object
with `default`, `$` & `jQuery` as keys. Instead:

1. For Node.js, detected via the `node` condition:
    1. Expose a regular CommonJS version to `require`
    2. Expose a tiny wrapper over CommonJS to `import`
2. For bundlers, detected via the `module` condition:
    1. Expose a regular ESM version to `import`
    2. Expose a tiny wrapper over ESM to `require`
3. If neither Node.js nor bundlers are detected (no `node` or `module`
   conditions`):
    1. Expose a regular CommonJS version to `require`
    2. Expose a regular ESM version to `import`

The reasons for such definitions are as follows:
1. In Node.js, one can synchronously import from a CommonJS file inside of
   an ESM one but not vice-versa. To use an ESM file in a CommonJS one,
   a dynamic import is required and that forces asynchronicity.
2. In some bundlers CommonJS is not necessarily enabled - e.g. in Rollup without
   the CommonJS plugin. Therefore, the ESM version needs to be pure ESM.
   However, bundlers allow synchronously calling `require` on an ESM file. This
   is possible since bundlers merge the files before they are passed to
   the browser to execute and the final bundles no longer contain async import
   code.
3. Bare ESM & CommonJS versions are provided to non-Node non-bundler
   environments where we cannot assume interoperability between ESM & CommonJS
   is supported.
4. Bare versions cannot be supplied to Node or bundlers as projects using both
   ESM & CommonJS to fetch jQuery would result in duplicate jQuery instances,
   leading to increased JS size and disjoint data storage.

In addition to the above changes, the `script` condition has been dropped. Only
Webpack documents this condition and it's not clear when exactly it's triggered.
Adding support for a new condition can be added later without a breaking change;
removing is not so easy.

The `production` & `development` conditions have been removed as well. They were
not really applied correctly; we'd need to provide both of them to each current
leaf which would double the size of the definition for the `.` & `./slim` entry
points. In jQuery, the only difference between development & production builds
is minification; there are no logic changes so we can pass unminified versions
to all the tooling, expecting minification down the line.

As for the factory entry points:
1. Node.js always gets the CommonJS version
2. Bundlers always get the ESM version
3. Other tools take the ESM version when using `import` and the CommonJS when
   using `require`.

The complexity is lower than for the `.` & `./slim` entry points because there's
no default export to handle so Node/bundler wrapper files are not necessary.

Other changes:
* Tests: Change "node:assert" to "node:assert/strict"; the former is deprecated
* Docs: Mention that the CommonJS module doesn't expose named exports
* Tests: Run Node & bundler tests for all the above cases

Fixes gh-5416
Closes gh-5429
2024-03-12 00:39:34 +01:00
Timmy Willison
5aa7ed888d Build: drop support for Node 10
Close gh-5436
2024-03-09 10:36:47 -05:00
Timmy Willison
dfc693ea25
Tests: migrate testing infrastructure to minimal dependencies
This is a complete rework of our testing infrastructure. The main goal is to modernize and drop deprecated or undermaintained dependencies (specifically, grunt, karma, and testswarm). We've achieved that by limiting our dependency list to ones that are unlikely to drop support any time soon. The new dependency list includes:

- `qunit` (our trusty unit testing library)
- `selenium-webdriver` (for spinning up local browsers)
- `express` (for starting a test server and adding middleware)
  - express middleware includes uses of `body-parser` and `raw-body`
- `yargs` (for constructing a CLI with pretty help text)
- BrowserStack (for running each of our QUnit modules separately in all of our supported browsers)
  - `browserstack-local` (for opening a local tunnel. This is the same package still currently used in the new Browserstack SDK)
  - We are not using any other BrowserStack library. The newest BrowserStack SDK does not fit our needs (and isn't open source). Existing libraries, such as `node-browserstack` or `browserstack-runner`, either do not quite fit our needs, are under-maintained and out-of-date, or are not robust enough to meet all of our requirements. We instead call the [BrowserStack REST API](https://github.com/browserstack/api) directly.

## BrowserStack Runner
- automatically retries individual modules in case of test failure(s)
- automatically attempts to re-establish broken tunnels
- automatically refreshes the page in case a test run has stalled
- runs all browsers concurrently and uses as many sessions as are available under the BrowserStack plan. It will wait for available sessions if there are none.
- supports filtering the available list of browsers by browser name, browser version, device, OS, and OS version (see `npm run test:unit -- --list-browsers` for more info). It will retrieve the latest matching browser available if any of those parameters are not specified.
- cleans up after itself (closes the local tunnel, stops the test server, etc.)
- Requires `BROWSERSTACK_USERNAME` and `BROWSERSTACK_ACCESS_KEY` environment variables.

## Selenium Runner
- supports running any local browser as long as the driver is installed, including support for headless mode in Chrome, FF, and Edge
- supports running `basic` tests on the latest [jsdom](https://github.com/jsdom/jsdom#readme), which can be seen in action in this PR (see `test:browserless`)
- Node tests will run as before in PRs and all non-dependabot branches, but now includes tests on real Safari in a GH actions macos image instead of playwright-webkit.
- can run multiple browsers and multiple modules concurrently

Other notes:
- Stale dependencies have been removed and all remaining dependencies have been upgraded with a few exceptions:
  - `sinon`: stopped supporting IE in version 10. But, `sinon` has been updated to 9.x.
  - `husky`: latest does not support Node 10 and runs on `npm install`. Needed for now until git builds are migrated to GitHub Actions.
  - `rollup`: latest does not support Node 10. Needed for now until git builds are migrated to GitHub Actions.
- BrowserStack tests are set to run on each `main` branch commit
- `debug` mode leaves Selenium browsers open whether they pass or fail and leaves browsers with test failures open on BrowserStack. The latter is to avoid leaving open too many sessions.
- This PR includes a workflow to dispatch BrowserStack runs on-demand
- The Node version used for most workflow tests has been upgraded to 20.x
- updated supportjQuery to 3.7.1

Run `npm run test:unit -- --help` for CLI documentation

Close gh-5418
2024-02-26 09:42:10 -05:00
Timmy Willison
af79c99939
Build: migrate grunt authors to a custom script
- the new script pulls all authors from the Sizzle repo
- added temporary grunt task for releases

Close gh-5395
2024-01-22 21:08:16 -05:00
dependabot[bot]
5613939470
Build: Bump follow-redirects from 1.15.1 to 1.15.4
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.1 to 1.15.4.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.1...v1.15.4)

Closes gh-5389

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-12 01:12:52 +01:00
Michał Gołębiowski-Owczarek
fb0cc27291
Build: Bump @babel/traverse & multiple actions
1: Bump actions/cache from 3.3.1 to 3.3.2

Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](88522ab9f3...704facf57e)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

2: Bump actions/checkout from 3.6.0 to 4.1.1

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](f43a0e5ff2...b4ffde65f4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

3: Bump github/codeql-action from 2.21.5 to 2.22.5

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.22.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](00e563ead9...74483a38d3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

4: Bump actions/setup-node from 3.8.1 to 4.0.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.8.1 to 4.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](5e21ff4d9b...8f152de45c)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

5: Bump @babel/traverse from 7.22.5 to 7.23.2

Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.5 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Closes gh-5341
Closes gh-5349
Closes gh-5354
Closes gh-5355
Closes gh-5356
Closes gh-5363

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-13 18:44:30 +01:00
Michał Gołębiowski-Owczarek
f47c6a8337
Build: Update ESLint-related packages, fix linting errors
The main change is the new rule in `eslint-config-jquery`:
`template-curly-spacing`.

Closes gh-5347
Ref jquery/eslint-config-jquery#21
Ref gh-5348
2023-11-02 00:48:50 +01:00
dependabot[bot]
b923047d29
Build: Bump qs, socket.io-parser, socket.io & json5
1: Bump json5 from 2.2.0 to 2.2.3

Bumps [json5](https://github.com/json5/json5) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v2.2.0...v2.2.3)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

2: Bump socket.io-parser and socket.io

Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser)
and [socket.io](https://github.com/socketio/socket.io). These dependencies
needed to be updated together.

Updates `socket.io-parser` from 4.0.5 to 4.2.4
- [Release notes](https://github.com/socketio/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io-parser/compare/4.0.5...4.2.4)

Updates `socket.io` from 4.5.1 to 4.7.2
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/4.5.1...4.7.2)

---
updated-dependencies:
- dependency-name: socket.io-parser
  dependency-type: indirect
- dependency-name: socket.io
  dependency-type: indirect
...

3: Bump qs from 6.5.2 to 6.5.3

Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.5.2...v6.5.3)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: indirect
...

Closes gh-5324
Closes gh-5325
Closes gh-5326

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-18 23:46:32 +02:00
Timmy Willison
2bdecf8b7b
Build: migrate most grunt tasks off of grunt
Updated tasks include:

- lint
- npmcopy
- build, minify, and process for distribution.
- new custom build command using yargs
- compare size of minified/gzip built files
- pretest scripts, including qunit-fixture, babel transpilation, and npmcopy
- node smoke tests
- promises aplus tests
- new watch task using `rollup.watch` directly

Also:

- upgraded husky and added the new lint command
- updated lint config to use new "flat" config format. See https://eslint.org/docs/latest/use/configure/configuration-files-new
- Temporarily disabled one lint rule until flat config is supported by eslint-plugin-import. See https://github.com/import-js/eslint-plugin-import/issues/2556
- committed package-lock.json
- updated all test scripts to use the new build
- added an express test server that uses middleware-mockserver (this can be used to run tests without karma)
- build-all-variants is now build:all

Close gh-5318
2023-09-18 12:39:00 -04:00
Michał Gołębiowski-Owczarek
7037facc22 Build: Remove package-lock.json, add it to .gitignore
npm 5, even the version included in the latest Node.js 8.5.0 re-generates
`package-lock.json` on each install. And when it does on a system that doesn't
support all the optional dependencies that are supported on the OS where the
lockfile was generated, it removes those optional deps from the lockfile.

The effect is that everyone firing `npm install` on our repo on any OS other
than macOS will immediately get a dirty state of the repo as the `fsevents`
dependency subtree gets removed from `package-lock.json`. That's a really bad
experience.

This commit removes package-lock.json from the repository and adds it to
.gitignore. We'll start committing the file again once the issue is resolved
on npm's part.

Fixes gh-3792
2017-09-25 19:34:28 +02:00
Michał Gołębiowski-Owczarek
781647b182 Build: Drop cross-spawn, use child_process.spawn shell option 2017-09-25 19:27:50 +02:00
Henry Zhu
90bac40a51 Build: Update to Babel 7, use for-of plugin instead of preset-es2015
Closes gh-3786
2017-09-25 19:02:19 +02:00
Timmy Willison
0bf499ca24
Build: fix uglify options for uglify update
- Uses new typeofs option for compression
- See https://github.com/mishoo/UglifyJS2/issues/2198

Close gh-3710
2017-07-10 11:52:44 -04:00
Timmy Willison
ef40dbbc4d
Build: Update sinon, husky, and qunitjs 2017-07-10 11:50:21 -04:00
CDAGaming
31783e60f5
Build: update node dependencies; commit package-lock.json
- Also ignore yarn.lock
Close gh-3669
2017-06-26 11:04:51 -04:00