Commit Graph

33 Commits

Author SHA1 Message Date
Michał Gołębiowski-Owczarek
b922eed934
Build: Bump @babel/traverse & multiple actions
1: Bump actions/cache from 3.3.1 to 3.3.2

Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](88522ab9f3...704facf57e)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

2: Bump actions/checkout from 3.6.0 to 4.1.1

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](f43a0e5ff2...b4ffde65f4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

3: Bump actions/setup-node from 3.8.1 to 4.0.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.8.1 to 4.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](5e21ff4d9b...8f152de45c)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

5: Bump @babel/traverse from 7.22.5 to 7.23.2

Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.5 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Closes gh-5341
Closes gh-5349
Closes gh-5354
Closes gh-5356
Closes gh-5363

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-13 18:52:33 +01:00
Michał Gołębiowski-Owczarek
d354a45c3f
Build: Don't run CI push workflows for dependabot branches
Without this change, dependabot PRs run double checks - one set for the `push`
part and one for the `pull_request` part.

Closes gh-5353

(cherry picked from commit 635cb152e7)
2023-11-13 18:23:03 +01:00
Michał Gołębiowski-Owczarek
cd27f30662
Build: Run pretest before test:* npm scripts
Build was already happening in scripts like `test:browser` but those scripts
were missing `pretest`, meaning that running `npm install && npm test:browser`
may have failed if `pretest` wasn't run before or if its results were out of
date.

Even worse, with such stale data some tests may erroneously succeed.

This also removes a separate `pretest` step from GitHub Actions as it's no
longer needed.

Closes gh-5338

(cherry picked from commit 1ad66aeb6d)
2023-10-16 18:57:00 +02:00
Timmy Willison
ec8802bafe
Build: migrate most grunt tasks off of grunt (3.x)
Close gh-5330

- lint
- npmcopy
- build, minify, and process for distribution.
- new custom build command using yargs
- compare size of minified/gzip built files
- pretest scripts, including qunit-fixture, babel transpilation, and npmcopy
- node smoke tests
- promises aplus tests
- new watch task using nodemon, which runs `npm run build:all` on `src` changes.

Also:

- upgraded husky and added the new lint command
- updated lint config to use new "flat" config format.
	See https://eslint.org/docs/latest/use/configure/configuration-files-new
- Temporarily disabled one lint rule until flat config is
	supported by eslint-plugin-import.
	See https://github.com/import-js/eslint-plugin-import/issues/2556
- committed package-lock.json
- updated all test scripts to use the new build
- added an express test server that uses middleware-mockserver
	this can be used to run tests without karma
- build-all-variants is now build:all
- run pretest script in jenkins

---------

Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
2023-09-20 18:18:42 -04:00
dependabot[bot]
a7cc3a0f04
Build: Bump actions/checkout & actions/setup-node
1: Bump actions/checkout from 3.5.3 to 3.6.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](c85c95e3d7...f43a0e5ff2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

2: Bump actions/setup-node from 3.6.0 to 3.8.1

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.6.0 to 3.8.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](64ed1c7eab...5e21ff4d9b)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Closes gh-5311
Closes gh-5313

Signed-off-by: dependabot[bot] <support@github.com>

(cherry picked from commit 42e50f8c21)
2023-09-06 16:44:49 +02:00
dependabot[bot]
a370d7df42
Build: Build: Bump actions/checkout from 3.5.2 to 3.5.3
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8e5e7e5ab8...c85c95e3d7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Closes gh-5283

(cherry picked from commit 4a13266efd)
2023-07-02 20:15:23 +02:00
Gabriela Gutierrez
0ea85dadaa
Build: Reference GitHub Actions by commit SHAs
The SHAs are verified to come from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/actions/cache/releases/tag/v3.3.1
88522ab9f3

https://github.com/actions/setup-node/releases/tag/v3.6.0
64ed1c7eab

Fixes gh-5266
Closes gh-5269

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>

(cherry picked from commit 784b9ba6e4)
2023-06-13 23:30:48 +02:00
Michał Gołębiowski-Owczarek
992a66538b
Docs: Remove the "Grunt build" section from the PR template
Now that unit tests are run on GitHub Actions in all three major
engines and for multiple custom jQuery builds, the request for PR
authors to run unit tests locally and confirm they pass is needless
overhead; let's drop the checkbox.

Closes gh-5261

(cherry picked from commit 988a56847d)
2023-05-31 18:57:29 +02:00
Michał Gołębiowski-Owczarek
b473729d0e
Build: Test on Node.js 20, stop testing on Node.js 14 & 19
Closes gh-5250

(cherry picked from commit 6616acff0a)
2023-05-22 16:23:04 +02:00
Michał Gołębiowski-Owczarek
212b6a4fce
Build: Only install Playwright dependencies when needed
PR gh-5190 added support for running tests on Playwright WebKit
in CI. For efficiency reasons, Playwright dependencies are only
installed for the `test:browser` npm script. However, that same
script is also used for Firefox ESR testing.

This change makes Playwright dependencies installed only for cases
where `WebKitHeadless` exists on the list of tested browsers.

Closes gh-5204
Ref gh-5190

(cherry picked from commit e77bd9d64f)
2023-03-20 17:14:15 +01:00
dependabot[bot]
582785e047
Build: Bump actions/setup-node from 3.5.1 to 3.6.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.1...v3.6.0)

Closes gh-5200

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 7e7bd06207)
2023-02-06 16:43:26 +01:00
Michał Gołębiowski-Owczarek
da7057e9b0
Build: Run GitHub Action browser tests on Playwright WebKit
So far, we've been running browser tests on GitHub Actions in Chrome
and Firefox. Regular Safari is not available in GitHub Actions but
Playwright WebKit comes close to a dev version of Safari.

With this change, our GitHub CI & local test runs will invoke tests on
all actively developed browser engines on all PRs.

Also, our GitHub Actions browser tests are now running on Node.js 18.

Detection of the Playwright WebKit browser in support unit tests is done
by checking if the `test_browser` query parameter is set to `"Playwright"`;
this is a `karma-webkit-launcher` feature. Detecting that browser via
user agent as we normally do is hard as the UA on Linux is very similar
to a real Safari one but it actually uses a newer version of the engine.

In addition, we now allow to pass custom browsers when one needs it;
e.g., to run the tests in all three engines on Linux/macOS, run:
```
grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main
```

Closes gh-5190

(cherry picked from commit b02a257f98)
2023-01-24 00:12:55 +01:00
Michał Gołębiowski-Owczarek
6306ca4994
Selector: Inline Sizzle into the selector module: 3.x version (#5113)
This commit removes Sizzle from jQuery, inlining its code & removing obsolete
workarounds where applicable.

The Sizzle AUTHORS.txt file has been merged with the jQuery one - people are
sorted by their first contributions to either of the two repositories.

The main `selector` module can be disabled in favor of `selector-native`
via:

    grunt custom:-selector

For backwards compatibility, the legacy `sizzle` alias is also supported (it
will be dropped in jQuery `4.0.0`):

    grunt custom:-selector

Sizzle tests have been ported to jQuery ones. Ones that are not compatible
with the `selector-native` module are disabled if the regular selector module
is excluded.

Backwards compatibility is still kept for all `Sizzle` utils - they continue to be
available under `jQuery.find` - but the primary implementation is now attached
directly to jQuery.

Some selector utils shared by `selector` & `selector-native` have been
extracted & deduplicated. `jQuery.text` and `jQuery.isXMLDoc` have been
moved to the `core` module.

The commit reduces the gzipped jQuery size by 851 bytes compared to the
`3.x-stable` branch.

Closes gh-5113
Ref gh-4395
Ref gh-4406
2022-12-14 01:41:31 +01:00
Alex
0d9fae4c3a
Build: Limit permissions for GitHub workflows
Add explicit permissions section[^1] to workflows. This is a security
best practice because by default workflows run with extended set
of permissions[^2] (except from `on: pull_request` from external forks[^3].
By specifying any permission explicitly all others are set to none. By using
the principle of least privilege the damage a compromised workflow can do
(because of an injection[^4] or compromised third party tool or action) is
restricted. It is recommended to have most strict permissions on the top
level[^5] and grant write permissions on job level[^6] on a case by case
basis.

[^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
[^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
[^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[^4]: https://securitylab.github.com/research/github-actions-untrusted-input/
[^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
[^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Closes gh-5119

(cherry picked from commit c909d6b1ff)
2022-12-01 14:27:11 +01:00
Michał Gołębiowski-Owczarek
f4809f9b4a
Build: Test on Node.js 18 & 19, stop testing on Node 12
Closes gh-5161
2022-11-17 13:22:38 +01:00
dependabot[bot]
28241b7f92 Build: Bump actions/setup-node from 3.5.0 to 3.5.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1)

Closes gh-5153

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 0208224b5b)
2022-11-01 20:59:39 +01:00
dependabot[bot]
9eb47cceba Build: Bump actions/setup-node from 3.4.1 to 3.5.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.4.1...v3.5.0)

Closes gh-5133

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 25400750fb)
2022-10-03 16:59:45 +02:00
dependabot[bot]
f14064cabf Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1)

Closes gh-5078

(cherry picked from commit 78321f078c)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-12 15:47:46 +02:00
Michał Gołębiowski-Owczarek
0f6c3d9efc Build: Update GitHub Actions
* Build(deps): Bump actions/cache from 2 to 3

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Closes gh-5067

(cherry picked from commit 52f452b2e8)
2022-06-27 18:59:57 +02:00
Christian Oliff
5a363017cf Build: Add dependabot.yml config (GitHub Actions)
This makes dependabot issue automated PRs to update
GitHub Action versions monthly.

Closes gh-5057

(cherry picked from commit 3f8bb2a46d)
2022-06-27 18:34:50 +02:00
Michał Gołębiowski-Owczarek
9bc0df70be Build: Test on Node 17, update Grunt & karma-* packages
This adds testing on Node.js 17 in addition to the currently tested 10, 12, 14
and 16 versions.

Also, update Grunt & `karma-*` packages.

Testing in Karma on jsdom is broken in Node 17 at the moment; until we find
a fix, this change disables such testing on Node 17 or newer.

Node smoke tests & promises aplus tests are disabled on Node.js 10 as they
depend on jsdom and the latest jsdom version doesn't run properly on Node 10.

Closes gh-5023

(cherry picked from commit 2525cffc42)
2022-03-14 18:31:49 +01:00
Michał Gołębiowski-Owczarek
cb35067f1b Build: Separate the install step from running tests in GitHub Actions
Also, update the "Run test" label to "Run tests".

Closes gh-4992

(cherry picked from commit eef972508c)
2022-01-04 16:34:40 +01:00
ygj6
b39cfa1505 Build: Migrate CI to GitHub Actions
Closes gh-4800

(cherry picked from commit e23190e63c)
2021-12-01 00:03:59 +01:00
Michał Gołębiowski-Owczarek
934064905c Docs: Remove the CLA checkbox in the pull request template
The EasyCLA status check is required so this won't get missed. The old JSF CLA
is dead, the provided link doesn't return meaningful information. There's no
good replacement link for the old CLA; PR authors are just supposed to sign the
new CLA by clicking on a link posted by the EasyCLA bot when they submit their
first PR since EasyCLA was enabled for the repo.

Closes gh-4937

(cherry picked from commit e124893132)
2021-10-18 18:09:37 +02:00
Michał Gołębiowski-Owczarek
da44ff39c2
Build: Advise to create test cases on JS Bin or CodePen, drop JSFiddle
JSFiddle doesn't support IE (even 11) anymore so we shouldn't advise users
to use it to create test cases. To make people have a choice, add CodePen
to the list.

Also, link to specific starter templates so that novices don't need to spend
time thinking how to set up the basic structure.

Closes gh-4289
2019-01-29 14:13:53 +01:00
Dave Methvin
2348f39967 Misc: Add config for lockbot 2018-06-17 15:49:27 -04:00
Timmy Willison
d33bb9c33a Build: update PR template
- Comment out things we don't need to see in the PR description
- Change CLA link
2017-03-18 14:28:51 -04:00
Alex Louden
a8816caf26 Docs: Correct typo in issue template 2017-01-05 03:49:02 -05:00
Michał Gołębiowski
fedc1aa690 Docs: Remove supported jQuery versions from ISSUE_TEMPLATE.md
We no longer support jQuery 1.x/2.x and mentioning 3.x would just mean the text
gets out of date once we release jQuery 4. We only really support the latest
jQuery version so let's make that clear.

Closes gh-3372
2016-10-31 18:35:19 +01:00
Michał Gołębiowski
63a303f739 Docs: Use HTTPS URLs for jsfiddle & jsbin 2016-05-20 22:16:17 +02:00
Michał Gołębiowski
cfa4bfbf2a Docs: Tweak formatting of ISSUE_TEMPLATE.md 2016-05-20 22:14:45 +02:00
Dave Methvin
dbdc4b761b Docs: Add FAQ to reduce noise in issues 2016-04-27 19:47:50 -04:00
Dave Methvin
84427591cc Misc: Add issue and pull request templates
Fixes gh-2929
Closes gh-3070
2016-04-22 15:09:23 -04:00