Commit Graph

6600 Commits

Author SHA1 Message Date
dependabot[bot]
582785e047
Build: Bump actions/setup-node from 3.5.1 to 3.6.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.1...v3.6.0)

Closes gh-5200

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 7e7bd06207)
2023-02-06 16:43:26 +01:00
Michał Gołębiowski-Owczarek
732592c2a7
Tests: Fix selector tests in Chrome
For older Safari/iOS we needed to add the `safari` UA check as their reported
`WebKit` version was not new enough. However, that check should have also
excluded Chrome which was missed in the first iteration. This has been fixed.

Also, fix code formatting in `test/unit/css.js`.
2023-01-24 11:51:57 +01:00
Michał Gołębiowski-Owczarek
da7057e9b0
Build: Run GitHub Action browser tests on Playwright WebKit
So far, we've been running browser tests on GitHub Actions in Chrome
and Firefox. Regular Safari is not available in GitHub Actions but
Playwright WebKit comes close to a dev version of Safari.

With this change, our GitHub CI & local test runs will invoke tests on
all actively developed browser engines on all PRs.

Also, our GitHub Actions browser tests are now running on Node.js 18.

Detection of the Playwright WebKit browser in support unit tests is done
by checking if the `test_browser` query parameter is set to `"Playwright"`;
this is a `karma-webkit-launcher` feature. Detecting that browser via
user agent as we normally do is hard as the UA on Linux is very similar
to a real Safari one but it actually uses a newer version of the engine.

In addition, we now allow to pass custom browsers when one needs it;
e.g., to run the tests in all three engines on Linux/macOS, run:
```
grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main
```

Closes gh-5190

(cherry picked from commit b02a257f98)
2023-01-24 00:12:55 +01:00
Michał Gołębiowski-Owczarek
6b2abbdc46
Build: Migrate middleware-mockserver to modern JS
The `test/middleware-mockserver.js` file used to have the same ESLint
settings applied as other test files that are directly run in tested
browsers. Now it shares settings of other Node.js files.

The file is now also written using modern JS, leveraging ES2018.

Closes gh-5196

(cherry picked from commit ce90a48450)
2023-01-23 23:30:08 +01:00
Timmy Willison
e062f9cbc6
Docs: Remove stale badge from README
Close gh-5148

(cherry picked from commit bcd9c2bc3d)
2022-12-20 22:05:21 +01:00
fecore1
e0c670e66d
Docs: update irc to Libera and fix LAMP dead link
(cherry picked from commit 175db73ec7)
2022-12-20 22:05:07 +01:00
Timmy Willison
37b04d5aba
Build: remove stale Insight package from custom builds
Close gh-5181
2022-12-20 20:53:36 +00:00
Michał Gołębiowski-Owczarek
6b2094da79
Tests: Skip the native :valid tests in IE 9
A newly added test making sure a native selector containing
the `:valid` pseudo works when no jQuery-specific selectors
are used was failing in IE 9 as that browser lacks support
for this pseudo. This commit disables that test in IE 9.

Ref gh-5178
2022-12-19 19:56:59 +01:00
Michał Gołębiowski-Owczarek
848de62542
Selector: Make selector lists work with qSA again
jQuery 3.6.2 started using `CSS.supports( "selector(SELECTOR)" )` before using
`querySelectorAll` on the selector. This was to solve gh-5098 - some selectors,
like `:has()`, now had their parameters parsed in a forgiving way, meaning
that `:has(:fakepseudo)` no longer throws but just returns 0 results, breaking
that jQuery mechanism.

A recent spec change made `CSS.supports( "selector(SELECTOR)" )` always use
non-forgiving parsing, allowing us to use this API for what we've used
`try-catch` before.

To solve the issue on the spec side for older jQuery versions, `:has()`
parameters are no longer using forgiving parsing in the latest spec update
but our new mechanism is more future-proof anyway.

However, the jQuery implementation has a bug - in
`CSS.supports( "selector(SELECTOR)" )`, `SELECTOR` needs to be
a `<complex-selector>` and not a `<complex-selector-list>`. Which means that
selector lists now skip `qSA` and go to the jQuery custom traversal:
```js
CSS.supports("selector(div:valid, span)"); // false
CSS.supports("selector(div:valid)"); // true
CSS.supports("selector(span)"); // true
```

To solve this, this commit wraps the selector list passed to
`CSS.supports( "selector(:is(SELECTOR))" )` with `:is`, making it a single
selector again.

See:
* https://w3c.github.io/csswg-drafts/css-conditional-4/#at-supports-ext
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector-list

Fixes gh-5177
Closes gh-5178
Ref w3c/csswg-drafts#7280

(cherry picked from commit 09d988b774)
2022-12-19 19:30:42 +01:00
Michał Gołębiowski-Owczarek
0acbe6433c
Selector: Implement the uniqueSort chainable method
Some APIs, like `.prevAll()`, return elements in the reversed order, causing
confusing behavior when used with wrapping methods (see gh-5149 for more info)
 To provide an easy workaround, this commit implements a chainable `uniqueSort`
method on jQuery objects, an equivalent of `jQuery.uniqueSort`.

Fixes gh-5166
Closes gh-5168

(cherry picked from commit 5266f23cf4)
2022-12-14 01:54:41 +01:00
Michał Gołębiowski-Owczarek
6306ca4994
Selector: Inline Sizzle into the selector module: 3.x version (#5113)
This commit removes Sizzle from jQuery, inlining its code & removing obsolete
workarounds where applicable.

The Sizzle AUTHORS.txt file has been merged with the jQuery one - people are
sorted by their first contributions to either of the two repositories.

The main `selector` module can be disabled in favor of `selector-native`
via:

    grunt custom:-selector

For backwards compatibility, the legacy `sizzle` alias is also supported (it
will be dropped in jQuery `4.0.0`):

    grunt custom:-selector

Sizzle tests have been ported to jQuery ones. Ones that are not compatible
with the `selector-native` module are disabled if the regular selector module
is excluded.

Backwards compatibility is still kept for all `Sizzle` utils - they continue to be
available under `jQuery.find` - but the primary implementation is now attached
directly to jQuery.

Some selector utils shared by `selector` & `selector-native` have been
extracted & deduplicated. `jQuery.text` and `jQuery.isXMLDoc` have been
moved to the `core` module.

The commit reduces the gzipped jQuery size by 851 bytes compared to the
`3.x-stable` branch.

Closes gh-5113
Ref gh-4395
Ref gh-4406
2022-12-14 01:41:31 +01:00
Michał Gołębiowski-Owczarek
96675fa7c8
Build: Updating the 3.x-stable version to 3.7.0-pre. 2022-12-14 00:48:46 +01:00
Timmy Willison
2c5b47c4de
Build: Updating the 3.x-stable version to 3.6.3-pre. 2022-12-13 09:58:45 -05:00
Timmy Willison
2215119529
Release: update authors 2022-12-12 20:55:26 -05:00
Alex
0d9fae4c3a
Build: Limit permissions for GitHub workflows
Add explicit permissions section[^1] to workflows. This is a security
best practice because by default workflows run with extended set
of permissions[^2] (except from `on: pull_request` from external forks[^3].
By specifying any permission explicitly all others are set to none. By using
the principle of least privilege the damage a compromised workflow can do
(because of an injection[^4] or compromised third party tool or action) is
restricted. It is recommended to have most strict permissions on the top
level[^5] and grant write permissions on job level[^6] on a case by case
basis.

[^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
[^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
[^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[^4]: https://securitylab.github.com/research/github-actions-untrusted-input/
[^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
[^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Closes gh-5119

(cherry picked from commit c909d6b1ff)
2022-12-01 14:27:11 +01:00
Michał Gołębiowski-Owczarek
f4809f9b4a
Build: Test on Node.js 18 & 19, stop testing on Node 12
Closes gh-5161
2022-11-17 13:22:38 +01:00
Michał Gołębiowski-Owczarek
5318e3111a Selector:Manipulation: Fix DOM manip within template contents
The `<template/>` element `contents` property is a document fragment that may
have a `null` `documentElement`. In Safari 16 this happens in more cases due
to recent spec changes - in particular, even if that document fragment is
explicitly adopted into an outer document. We're testing both of those cases
now.

The crash used to happen in `jQuery.contains` which is an alias for
`Sizzle.contains` in jQuery 3.x.

The Sizzle fix is at jquery/sizzle#490, released in Sizzle `2.3.8`. This
version of Sizzle is included in the parent commit.

A fix similar to the one from gh-5158 has also been applied here to the
`selector-native` version.

Fixes gh-5147
Closes gh-5159
Ref jquery/sizzle#490
Ref gh-5158
2022-11-16 23:58:17 +01:00
Michał Gołębiowski-Owczarek
a1b7ae3b3f Selector: Update Sizzle from 2.3.7 to 2.3.8
Fixes gh-5147
Ref gh-5158
Ref jquery/sizzle#490
2022-11-16 23:58:17 +01:00
dependabot[bot]
28241b7f92 Build: Bump actions/setup-node from 3.5.0 to 3.5.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1)

Closes gh-5153

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 0208224b5b)
2022-11-01 20:59:39 +01:00
Michał Gołębiowski-Owczarek
ee0fec052b
Selector: Update Sizzle from 2.3.6 to 2.3.7
Fixes gh-5098
Closes gh-5135
Ref jquery/sizzle#486
Ref gh-5107
2022-10-04 18:02:52 +02:00
Michał Gołębiowski-Owczarek
ed02835585 Build: Update Grunt from 1.4.1 to 1.5.3
This will resolve the following security issues:
* Path Traversal in Grunt: https://github.com/advisories/GHSA-j383-35pm-c5h4
* Race Condition in Grunt: https://github.com/advisories/GHSA-rm36-94g8-835r

Closes gh-5134

(cherry picked from commit aa231cd214)
2022-10-03 23:08:08 +02:00
Michał Gołębiowski-Owczarek
76edd26ebb Docs: Update the README of the published package
The previous details were showing their age, e.g. mentions about browsers
not supporting ES2015. The story with ES modules is more complex as it's also
about loaders but to keep the README simple, let's just make it more up to date
with typical usage.

Closes gh-5108

(cherry picked from commit edccabf10d)
2022-10-03 22:56:17 +02:00
Michał Gołębiowski-Owczarek
965391ab93 Tests: Remove a workaround for a Firefox XML parsing issue
Firefox 96-100 used to report the column number smaller by 2 than it should
in the `parsererror` element generated for invalid XML documents. Since that
version range is unsupported now and it includes no ESR versions, the workaround
can now be dropped.

Closes gh-5109
Ref gh-5018

(cherry picked from commit e7ffe1f135)
2022-10-03 22:54:18 +02:00
Michał Gołębiowski-Owczarek
8bea1dec18 CSS: Return undefined for whitespace-only CSS variable values (#5120)
The spec requires that CSS variable values are trimmed. In browsers that do
this - mainly, Safari, but also Firefox if the value only has leading
whitespace - we currently return undefined; in other browsers, we return
an empty string as the logic to fall back to undefined happens before
trimming.

This commit adds another explicit callback to `undefined` to have it consistent
across browsers.

Also, more explicit comments about behaviors we need to work around in various
browsers have been added.

Closes gh-5120
Ref gh-5106

(cherry picked from commit 7eb0019640)
2022-10-03 22:45:52 +02:00
dependabot[bot]
9eb47cceba Build: Bump actions/setup-node from 3.4.1 to 3.5.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.4.1...v3.5.0)

Closes gh-5133

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 25400750fb)
2022-10-03 16:59:45 +02:00
Michał Gołębiowski-Owczarek
d051e0e3a2
Tests: Make Ajax tests pass in iOS 9
Accept "HTTP/2.0 200" as a valid `statusText` for successful requests
to make ajax tests pass in iOS 9. At this point, normalizing this in code
doesn't seem to make a lot of sense.

Closes gh-5121
2022-09-21 17:46:18 +02:00
Anders Kaseorg
c0db6d7032 CSS: Don’t trim whitespace of undefined custom property
Fixes gh-5105
Closes gh-5106

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

(cherry picked from commit ed306c0261)
2022-09-19 23:20:14 +02:00
dependabot[bot]
f14064cabf Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1)

Closes gh-5078

(cherry picked from commit 78321f078c)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-12 15:47:46 +02:00
Timmy Willison
8f6136fc70
Build: Updating the 3.x-stable version to 3.6.2-pre. 2022-08-26 13:54:28 -04:00
Timmy Willison
ba2665f3cd
Release: update AUTHORS.txt 2022-08-15 11:54:39 -04:00
Vladimir Sitnikov
699401008f
Deprecated: Improve $.trim performance for strings with lots of whitespace
Regex imp implementation takes `O(N^2)` time to trim the string when
multiple adjacent spaces were present.

The new expression require that the "whitespace run" starts from
a non-whitespace to avoid `O(N^2)` behavior when the engine would
try matching `\s+$` at each space position.

Closes gh-5068
2022-07-20 10:51:13 +02:00
Simon Legner
410d5cf0c3 Docs: Update webpack website in README
Webpack has migrated to https://webpack.js.org/ since version 2.

Closes gh-5037

(cherry picked from commit 01819bc3bc)
2022-07-12 17:17:18 +02:00
Michał Gołębiowski-Owczarek
bc16512879
Tests: Exclude tests based on compilation flags, not API presence (3.x version)
Introduces a new test API, `includesModule`. The method returns whether
a particular module like "ajax" or "deprecated" is included in the current
jQuery build; it handles the slim build as well. The util was created so that
we don't treat presence of particular APIs to decide whether to run a test as
then if we accidentally remove an API, the tests would still not fail.

Closes gh-5071
Fixes gh-5069
Ref gh-5046

(partially cherry picked from commit fae5fee8b4)
2022-07-12 17:12:27 +02:00
Michał Gołębiowski-Owczarek
0f6c3d9efc Build: Update GitHub Actions
* Build(deps): Bump actions/cache from 2 to 3

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Closes gh-5067

(cherry picked from commit 52f452b2e8)
2022-06-27 18:59:57 +02:00
Christian Oliff
5a363017cf Build: Add dependabot.yml config (GitHub Actions)
This makes dependabot issue automated PRs to update
GitHub Action versions monthly.

Closes gh-5057

(cherry picked from commit 3f8bb2a46d)
2022-06-27 18:34:50 +02:00
Michał Gołębiowski-Owczarek
9bc0df70be Build: Test on Node 17, update Grunt & karma-* packages
This adds testing on Node.js 17 in addition to the currently tested 10, 12, 14
and 16 versions.

Also, update Grunt & `karma-*` packages.

Testing in Karma on jsdom is broken in Node 17 at the moment; until we find
a fix, this change disables such testing on Node 17 or newer.

Node smoke tests & promises aplus tests are disabled on Node.js 10 as they
depend on jsdom and the latest jsdom version doesn't run properly on Node 10.

Closes gh-5023

(cherry picked from commit 2525cffc42)
2022-03-14 18:31:49 +01:00
Michał Gołębiowski-Owczarek
be3bd560f4 Tests: Workaround an XML parsing bug in Firefox
See https://bugzilla.mozilla.org/show_bug.cgi?id=1751796

Closes gh-5018

(cherry picked from commit af1cd6f218)
2022-02-28 18:28:14 +01:00
Timmy Willison
b24e83bd9d
Docs: add link to preview the new CLAs
Closes gh-5010
2022-02-07 17:09:55 +00:00
Michał Gołębiowski-Owczarek
9b34bdb1c3 CSS: Skip falsy values in addClass( array ), compress code
This change makes jQuery skip falsy values in `addClass( array )`
& `removeClass( array )` instead of stopping iteration when the first falsy
value is detected. This makes code like:
```js
elem.addClass( [ "a", "", "b" ] );
```
add both the `a` & `b` classes.

The code was also optimized for size a bit so it doesn't increase the
minified gzipped size.

Fixes gh-4998
Closes gh-5003

(partially cherry picked from commit a338b407f2)
2022-01-25 00:35:50 +01:00
Michał Gołębiowski-Owczarek
95e34b6955
Docs: Replace #NUMBER Trac issue references with trac-NUMBER
This is a version of gh-4993 for the `3.x-stable` branch.

The GitHub UI treats `#NUMBER` as referring to its own issues which is confusing
when in jQuery source it's usually referring to the old deprecated Trac instance
at https://bugs.jquery.com. This change replaces all such Trac references with
`trac-NUMBER`.

A few of the references came with the Sizzle integration and referred to the
Sizzle GitHub bug tracker. Those have been replaced with full links instead.

A new entry describing issue reference conventions has been added to README.

Closes gh-4994
Ref gh-4993
Ref 5d5ea01511
2022-01-12 23:23:10 +01:00
Timmy Willison
fa70e8fd3c
Tests: lock colors version to 1.4.0 2022-01-10 15:40:24 -05:00
Timmy Willison
c3c4d20736
Docs: remove expired links from old jquery source
Ref gh-4981
Ref gh-4991
2022-01-07 12:41:21 -05:00
Michał Gołębiowski-Owczarek
4b0d8900ec Docs: Remove links to Web Archive from source
Neither of the removed links is crucial; one of them refers to a site that has
since started being malicious; while the Web Archive links remain safe, some
scanners warn about such links. Removing them is the safest thing to do.

Fixes gh-4981
Closes gh-4991

(cherry picked from commit e24f2dcf3f)
2022-01-04 16:36:20 +01:00
Michał Gołębiowski-Owczarek
cb35067f1b Build: Separate the install step from running tests in GitHub Actions
Also, update the "Run test" label to "Run tests".

Closes gh-4992

(cherry picked from commit eef972508c)
2022-01-04 16:34:40 +01:00
Richard Gibson
a1373e2e4f CSS: Justify use of rtrim on CSS property values
CSS does not acknowledge carriage return or form feed characters
as whitespace but it does replace them with whitespace, making it
acceptable to use `rtrim`.

Closes gh-4956

(cherry picked from commit 655c0ed5e2)
2022-01-03 14:07:49 +01:00
Timmy Willison
5566988359
Build: remove travis.yml and travis mentions from core (#4984)
We've migrate jquery core to GH actions and have already disabled core builds on travis
2021-12-13 12:22:34 -05:00
Michał Gołębiowski-Owczarek
81fa1e2ae9 Tests: Skip ETag AJAX tests on TestSwarm
TestSwarm is now proxied via Cloudflare which cuts out headers relevant for
ETag tests, failing them. We're still running those tests in Karma on Chrome
& Firefox (including Firefox ESR).

Closes gh-4974

(cherry picked from commit 00c060d161)
2021-12-01 13:25:52 +01:00
Michał Gołębiowski-Owczarek
7439e221c0 Tests: Allow statusText to be "success" in AJAX tests
In HTTP/2, status message is not supported and whatever is reported as
statusText differs between browsers. In Chrome & Safari it's "success", in
Firefox & IE it's "OK". So far "success" wasn't allowed. This made the tests
pass locally if you're running an HTTP/1.1 server but on TestSwarm which is
now proxied via an HTTP/2-equipped Cloudflare, the relevant test started failing
in Chrome & Safari.

Allow "success" to resolve the issue.

Closes gh-4973

(cherry picked from commit 19ced963c6)
2021-12-01 13:25:43 +01:00
ygj6
b39cfa1505 Build: Migrate CI to GitHub Actions
Closes gh-4800

(cherry picked from commit e23190e63c)
2021-12-01 00:03:59 +01:00
Michał Gołębiowski-Owczarek
4bb7d069ca Docs: Update the URL to the latest jQuery build in CONTRIBUTING.md
It used to say https://code.jquery.com/jquery.js but that's a frozen URL
to jQuery 1.11.1. Let's switch that to the URL to the Git build, i.e.
https://releases.jquery.com/git/jquery-git.js.

Closes gh-4972

(cherry picked from commit 9bdb16cd19)
2021-11-18 22:56:32 +01:00