Commit Graph

48 Commits

Author SHA1 Message Date
dependabot[bot]
3ebe89f6be
Build: Bump the github-actions group with 3 updates
Some checks failed
Browserstack / ${{ matrix.BROWSER }} (Chrome_latest) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (Chrome_latest-1) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (Edge_latest) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (Edge_latest-1) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (Firefox_latest) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (Firefox_latest-1) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (IE_11) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (Opera_latest) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (Safari_latest) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (Safari_latest-1) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (__iOS_15) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (__iOS_16) (push) Has been cancelled
Browserstack / ${{ matrix.BROWSER }} (__iOS_17) (push) Has been cancelled
Code scanning - action / CodeQL-Build (push) Has been cancelled
Filestash / Update Filestash (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome, 20.x, test:esm) (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome, 20.x, test:no-deprecated) (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome, 20.x, test:selector-native) (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome, 20.x, test:slim) (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Chrome/Firefox, 20.x, test:browser) (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Firefox ESR (new), 20.x, test:firefox) (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Firefox ESR (old), 20.x, test:firefox) (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Node, 18.x, test:browserless) (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Node, 20.x, lint) (push) Has been cancelled
Node / ${{ matrix.NPM_SCRIPT }} - ${{ matrix.NAME }} (${{ matrix.NODE_VERSION }}) (Node, 20.x, test:browserless) (push) Has been cancelled
Node / test:ie - IE (push) Has been cancelled
Node / test:safari - Safari (push) Has been cancelled
Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 4.1.7 to 4.2.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](692973e3d9...d632683dd7)

Updates `actions/setup-node` from 4.0.3 to 4.0.4
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](1e60f620b9...0a44ba7841)

Updates `github/codeql-action` from 3.26.6 to 3.26.10
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4dd16135b6...e2b3eafc8d)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Closes gh-5562
2024-09-30 20:23:58 -04:00
Michał Gołębiowski-Owczarek
6d78c0768d
Tests: Run tests in Edge in IE mode in GitHub Actions
While Edge in IE mode is not guaranteed to match IE 11 in every aspect,
in practice it generally does. Testing in this mode in GitHub Actions
will allow us to catch most IE-breaking issues at the PR level.

This change also adds missing npm scripts: `test:chrome`, `test:edge`
& `test:ie`.

Closes gh-5540
2024-09-09 18:24:28 +02:00
Michał Gołębiowski-Owczarek
4b7ecbad24
Tests: Run tests on both real Firefox ESRs
1. At the same time, there may be two supported versions of Firefox ESR. Run
   tests on both, installed locally.
2. Don't run tests on Firefox 115 on BrowserStack - it was added as there's
   an ESR version of Firefox 115, but ESR versions may be different, e.g. for
   some time ServiceWorker was disabled on ESR versions:
   https://bugzilla.mozilla.org/show_bug.cgi?id=1547023

Closes gh-5547
2024-09-06 14:35:55 +02:00
dependabot[bot]
a6feeaa740
Build: Bump github/codeql-action from 3.25.15 to 3.26.6 in the github-actions group
Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 3.25.15 to 3.26.6
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](afb54ba388...4dd16135b6)

Closes gh-5545

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-02 23:24:03 +02:00
dependabot[bot]
55bc35bcd4
Build: Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/setup-node](https://github.com/actions/setup-node) and [github/codeql-action](https://github.com/github/codeql-action).

Closes gh-5528

Updates `actions/setup-node` from 4.0.2 to 4.0.3
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4.0.2...1e60f620b9541d16bece96c5465dc8ee9832be0b)

Updates `github/codeql-action` from 3.25.11 to 3.25.15
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b611370bb5...afb54ba388)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-01 11:04:29 +02:00
Timmy Willison
53ad94f319 Release: correct build date in verification; other improvements
- the date is actually the date of the commit *prior*
  to the tag commit, as the files are built and then committed.
- also, the CDN should still be checked for non-stable releases,
  and should use different filenames (including in the map files).
- certain files should be skipped when checking the CDN.
- removed file diffing because it ended up being far too noisy,
  making it difficult to find the info I needed.
- because the build script required an addition, release
  verification will not work until the next release.
- print all files in failure case and whether each matched
- avoid npm script log in GH release notes changelog
- exclude changelog.md from release:clean command
- separate the post-release script from release-it for now, so we
  can keep manual verification before each push. The exact command is
  printed at the ened for convenience.

Closes gh-5521
2024-07-29 12:34:41 -04:00
Timmy Willison
3e612aeeb3
Release: ensure builds have the proper version
- order hooks in execution order
- update workflow actions

Closes gh-5519
2024-07-17 09:32:02 -04:00
Timmy Willison
2646a8b07f Release: migrate release process to release-it
*Authors*
- Checking and updating authors has been migrated
  to a custom script in the repo

*Changelog*
- changelogplease is no longer maintained
- generate changelog in markdown for GitHub releases
- generate changelog in HTML for blog posts
- generate contributors list in HTML for blog posts

*dist*
- clone dist repo, copy files, and commit/push
- commit tag with dist files on main branch;
  remove dist files from main branch after release

*cdn*
- clone cdn repo, copy files, and commit/push
- create versioned and unversioned copies in cdn/
- generate md5 sums and archives for Google and MSFT

*build*
- implement reproducible builds and verify release builds
  * uses the last modified date for the latest commit
  * See https://reproducible-builds.org/
- the verify workflow also ensures all files were
  properly published to the CDN and npm

*docs*
- the new release workflow is documented at build/release/README.md

*misc*
- now that we don't need the jquery-release script and
  now that we no longer need to build on Node 10, we can
  use ESM in all files in the build folder
- move dist wrappers to "wrappers" folders for easy removal
  of all built files
- limit certain workflows to the main repo (not forks)
- version in package.json has been set to beta.1 so that
  the next release will be beta.2
- release-it added the `preReleaseBase` option and we
  now always set it to `1` in the npm script. This is
  a noop for stable releases.

Fixes jquery/jquery-release#114
Closes gh-5512
2024-07-11 10:00:56 -04:00
dependabot[bot]
3a98ef91df
Build: Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).

Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](a5ac7e51b4...692973e3d9)

Updates `github/codeql-action` from 3.25.8 to 3.25.11
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2e230e8fe0...b611370bb5)

Closes gh-5515

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-05 18:45:08 +02:00
dependabot[bot]
46b9e4803e
Build: Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 4.1.2 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](9bb56186c3...a5ac7e51b4)

Updates `github/codeql-action` from 3.24.9 to 3.25.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1b1aada464...2e230e8fe0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Closes gh-5505
2024-06-06 00:05:28 +02:00
Timmy Willison
fa73e2f1b2
Tests: revert concurrency group change
- It's common for us to merge to main and cherry pick to 3.x-stable,
  so it's best if concurrency is shared between branches, which
  is effectively what we had already as it matches on workflow name
  and browser. Ideally, it could also match on the corresponding commit,
  but it seems the commit message is not available in the github context.

Close gh-5492
2024-05-29 11:06:23 -04:00
Timmy Willison
5880e02707
Tests: include github ref in concurrency group
- fixes cancelled workflows when multiple PRs are merged
  in quick succession to both the main and 3.x-stable branches

Close gh-5481
2024-04-25 13:07:55 -04:00
dependabot[bot]
df1df9503a
Build: Bump actions/cache, actions/checkout & github/codeql-action
1. Bump actions/cache from 4.0.1 to 4.0.2

Bumps [actions/cache](https://github.com/actions/cache) from 4.0.1 to 4.0.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](ab5e6d0c87...0c45773b62)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

2. Bump github/codeql-action from 3.24.6 to 3.24.9

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8a470fddaf...1b1aada464)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Bump actions/checkout from 4.1.1 to 4.1.2

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](b4ffde65f4...9bb56186c3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Closes gh-5462

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 23:35:25 +02:00
Timmy Willison
822362e6ef
Tests: add --hard-retries option to test runner
- Add the ability to retry by restarting the worker and
  getting a different browser instance, after all
  normal retries have been exhausted. This can sometimes
  be successful when a refresh is not.

Close gh-5438
2024-03-11 10:39:38 -04:00
dependabot[bot]
ae67ace649
Build: Bump github/codeql-action from 3.24.0 to 3.24.6
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](e8893c57a1...8a470fddaf)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Close gh-5425
2024-03-10 10:37:30 -04:00
dependabot[bot]
68f772e003
Build: Bump actions/cache from 4.0.0 to 4.0.1
Bumps [actions/cache](https://github.com/actions/cache) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](13aacd865c...ab5e6d0c87)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Close gh-5424
2024-03-10 10:36:56 -04:00
Timmy Willison
5aa7ed888d Build: drop support for Node 10
Close gh-5436
2024-03-09 10:36:47 -05:00
Timmy Willison
0293d3e30d
Build: add GitHub Actions workflow to update Filestash
Close gh-5434
2024-03-08 15:07:52 -05:00
Timmy Willison
95a4c94b81
Tests: reuse browser workers in BrowserStack tests (#5428)
- reuse BrowserStack workers.
- add support for "latest" and "latest-1" in browser version filters
- add support for specifying non-final browser versions, such as beta versions
- more accurate eslint for files in test/runner
- switched `--no-isolate` command flag to `--isolate`. Now that browser instances are shared, it made more sense to me to default to no isolation unless specified. This turned out to be cleaner because the only place we isolate is in browserstack.yml.
- fixed an issue with retries where it wasn't always waiting for the retried test run
- enable strict mode in test yargs command
2024-03-05 14:44:01 -05:00
Timmy Willison
dfc693ea25
Tests: migrate testing infrastructure to minimal dependencies
This is a complete rework of our testing infrastructure. The main goal is to modernize and drop deprecated or undermaintained dependencies (specifically, grunt, karma, and testswarm). We've achieved that by limiting our dependency list to ones that are unlikely to drop support any time soon. The new dependency list includes:

- `qunit` (our trusty unit testing library)
- `selenium-webdriver` (for spinning up local browsers)
- `express` (for starting a test server and adding middleware)
  - express middleware includes uses of `body-parser` and `raw-body`
- `yargs` (for constructing a CLI with pretty help text)
- BrowserStack (for running each of our QUnit modules separately in all of our supported browsers)
  - `browserstack-local` (for opening a local tunnel. This is the same package still currently used in the new Browserstack SDK)
  - We are not using any other BrowserStack library. The newest BrowserStack SDK does not fit our needs (and isn't open source). Existing libraries, such as `node-browserstack` or `browserstack-runner`, either do not quite fit our needs, are under-maintained and out-of-date, or are not robust enough to meet all of our requirements. We instead call the [BrowserStack REST API](https://github.com/browserstack/api) directly.

## BrowserStack Runner
- automatically retries individual modules in case of test failure(s)
- automatically attempts to re-establish broken tunnels
- automatically refreshes the page in case a test run has stalled
- runs all browsers concurrently and uses as many sessions as are available under the BrowserStack plan. It will wait for available sessions if there are none.
- supports filtering the available list of browsers by browser name, browser version, device, OS, and OS version (see `npm run test:unit -- --list-browsers` for more info). It will retrieve the latest matching browser available if any of those parameters are not specified.
- cleans up after itself (closes the local tunnel, stops the test server, etc.)
- Requires `BROWSERSTACK_USERNAME` and `BROWSERSTACK_ACCESS_KEY` environment variables.

## Selenium Runner
- supports running any local browser as long as the driver is installed, including support for headless mode in Chrome, FF, and Edge
- supports running `basic` tests on the latest [jsdom](https://github.com/jsdom/jsdom#readme), which can be seen in action in this PR (see `test:browserless`)
- Node tests will run as before in PRs and all non-dependabot branches, but now includes tests on real Safari in a GH actions macos image instead of playwright-webkit.
- can run multiple browsers and multiple modules concurrently

Other notes:
- Stale dependencies have been removed and all remaining dependencies have been upgraded with a few exceptions:
  - `sinon`: stopped supporting IE in version 10. But, `sinon` has been updated to 9.x.
  - `husky`: latest does not support Node 10 and runs on `npm install`. Needed for now until git builds are migrated to GitHub Actions.
  - `rollup`: latest does not support Node 10. Needed for now until git builds are migrated to GitHub Actions.
- BrowserStack tests are set to run on each `main` branch commit
- `debug` mode leaves Selenium browsers open whether they pass or fail and leaves browsers with test failures open on BrowserStack. The latter is to avoid leaving open too many sessions.
- This PR includes a workflow to dispatch BrowserStack runs on-demand
- The Node version used for most workflow tests has been upgraded to 20.x
- updated supportjQuery to 3.7.1

Run `npm run test:unit -- --help` for CLI documentation

Close gh-5418
2024-02-26 09:42:10 -05:00
dependabot[bot]
bf11739f6c
Build: Bump actions/cache & github/codeql-action (#5402)
* Build: Bump actions/cache from 3.3.2 to 4.0.0

Bumps [actions/cache](https://github.com/actions/cache) from 3.3.2 to 4.0.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](704facf57e...13aacd865c)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build: Bump github/codeql-action from 3.22.12 to 3.24.0

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.22.12 to 3.24.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](012739e508...e8893c57a1)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

---------

Closes gh-5402
Closes gh-5415

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-11 01:45:15 +01:00
dependabot[bot]
99151d7ab0
Build: Bump actions/setup-node and github/codeql-action
1: Bump actions/setup-node from 4.0.0 to 4.0.1

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](8f152de45c...b39b52d121)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

2: Bump github/codeql-action from 2.22.5 to 3.22.12

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.5 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](74483a38d3...012739e508)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Closes gh-5381
Closes gh-5382

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-03 16:30:28 +01:00
Michał Gołębiowski-Owczarek
c98597eaf5
Build: Reformat GitHub workflow Yaml files
Use Prettier 3.1.0 to reformat the Yaml files. This makes their format identical
to the one used on `3.x-stable`, making for much easier cherry-picks.

The main difference is the list under `steps:` was not indented while all other
lists were.

Closes gh-5364
2023-11-20 18:20:16 +01:00
Michał Gołębiowski-Owczarek
fb0cc27291
Build: Bump @babel/traverse & multiple actions
1: Bump actions/cache from 3.3.1 to 3.3.2

Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](88522ab9f3...704facf57e)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

2: Bump actions/checkout from 3.6.0 to 4.1.1

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](f43a0e5ff2...b4ffde65f4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

3: Bump github/codeql-action from 2.21.5 to 2.22.5

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.22.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](00e563ead9...74483a38d3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

4: Bump actions/setup-node from 3.8.1 to 4.0.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.8.1 to 4.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](5e21ff4d9b...8f152de45c)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

5: Bump @babel/traverse from 7.22.5 to 7.23.2

Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.5 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Closes gh-5341
Closes gh-5349
Closes gh-5354
Closes gh-5355
Closes gh-5356
Closes gh-5363

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-13 18:44:30 +01:00
Michał Gołębiowski-Owczarek
635cb152e7
Build: Don't run CI push workflows for dependabot branches
Without this change, dependabot PRs run double checks - one set for the `push`
part and one for the `pull_request` part.

Closes gh-5353
2023-11-13 18:18:20 +01:00
Michał Gołębiowski-Owczarek
1ad66aeb6d
Build: Run pretest before test:* npm scripts
Build was already happening in scripts like `test:browser` but those scripts
were missing `pretest`, meaning that running `npm install && npm test:browser`
may have failed if `pretest` wasn't run before or if its results were out of
date.

Even worse, with such stale data some tests may erroneously succeed.

This also removes a separate `pretest` step from GitHub Actions as it's no
longer needed.

Closes gh-5338
2023-10-16 18:54:54 +02:00
Timmy Willison
7ef9099d32 Build: fix inconsistent builds in Node 20
- one fileOverrides per build
- only run the lint build when running lint

Close gh-5332
2023-09-20 18:20:59 -04:00
Timmy Willison
2bdecf8b7b
Build: migrate most grunt tasks off of grunt
Updated tasks include:

- lint
- npmcopy
- build, minify, and process for distribution.
- new custom build command using yargs
- compare size of minified/gzip built files
- pretest scripts, including qunit-fixture, babel transpilation, and npmcopy
- node smoke tests
- promises aplus tests
- new watch task using `rollup.watch` directly

Also:

- upgraded husky and added the new lint command
- updated lint config to use new "flat" config format. See https://eslint.org/docs/latest/use/configure/configuration-files-new
- Temporarily disabled one lint rule until flat config is supported by eslint-plugin-import. See https://github.com/import-js/eslint-plugin-import/issues/2556
- committed package-lock.json
- updated all test scripts to use the new build
- added an express test server that uses middleware-mockserver (this can be used to run tests without karma)
- build-all-variants is now build:all

Close gh-5318
2023-09-18 12:39:00 -04:00
dependabot[bot]
42e50f8c21
Build: Bump actions/checkout, actions/setup-node & github/codeql-action
1: Bump actions/checkout from 3.5.3 to 3.6.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](c85c95e3d7...f43a0e5ff2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

2: Bump actions/setup-node from 3.6.0 to 3.8.1

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.6.0 to 3.8.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](64ed1c7eab...5e21ff4d9b)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

3: Bump github/codeql-action from 2.20.1 to 2.21.5

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f6e388ebf0...00e563ead9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Closes gh-5311
Closes gh-5312
Closes gh-5313

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-06 16:39:00 +02:00
dependabot[bot]
4a13266efd
Build: Bump github/codeql-action & actions/checkout
1: Bump github/codeql-action from 2.3.6 to 2.20.1

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](83f0fe6c49...f6e388ebf0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

2: Build: Bump actions/checkout from 3.5.2 to 3.5.3

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8e5e7e5ab8...c85c95e3d7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Closes gh-5283
Closes gh-5284
2023-07-02 20:10:07 +02:00
Michał Gołębiowski-Owczarek
5701957b72
Build: Drop individual AMD modules
With this change, jQuery build no longer generates the `amd` directory with
AMD modules transpiled from source `src` ECMAScript Modules. To use individual
jQuery modules from source, ESM is now required.

Note that this DOES NOT affect the main `"jquery"` AMD module defined by built
jQuery files; those remain supported.

Closes gh-5276
2023-06-27 18:23:58 +02:00
Gabriela Gutierrez
784b9ba6e4
Build: Reference GitHub Actions by commit SHAs
The SHAs are verified to come from the original repositories and not forks.

For reference:

https://github.com/github/codeql-action/releases/tag/v2.3.6
83f0fe6c49

https://github.com/actions/checkout/releases/tag/v3.5.2
8e5e7e5ab8

https://github.com/actions/cache/releases/tag/v3.3.1
88522ab9f3

https://github.com/actions/setup-node/releases/tag/v3.6.0
64ed1c7eab

Fixes gh-5266
Closes gh-5269

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-06-13 23:22:07 +02:00
Michał Gołębiowski-Owczarek
6616acff0a
Build: Test on Node.js 20, stop testing on Node.js 14 & 19
Closes gh-5250
2023-05-22 16:21:35 +02:00
Michał Gołębiowski-Owczarek
e77bd9d64f
Build: Only install Playwright dependencies when needed
PR gh-5190 added support for running tests on Playwright WebKit
in CI. For efficiency reasons, Playwright dependencies are only
installed for the `test:browser` npm script. However, that same
script is also used for Firefox ESR testing.

This change makes Playwright dependencies installed only for cases
where `WebKitHeadless` exists on the list of tested browsers.

Closes gh-5204
Ref gh-5190
2023-03-20 17:13:31 +01:00
dependabot[bot]
7e7bd06207
Build: Bump actions/setup-node from 3.5.1 to 3.6.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.1...v3.6.0)

Closes gh-5200

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-02 01:43:00 +01:00
Michał Gołębiowski-Owczarek
b02a257f98
Build: Run GitHub Action browser tests on Playwright WebKit
So far, we've been running browser tests on GitHub Actions in Chrome
and Firefox. Regular Safari is not available in GitHub Actions but
Playwright WebKit comes close to a dev version of Safari.

With this change, our GitHub CI & local test runs will invoke tests on
all actively developed browser engines on all PRs.

Also, our GitHub Actions browser tests are now running on Node.js 18.

Detection of the Playwright WebKit browser in support unit tests is done
by checking if the `test_browser` query parameter is set to `"Playwright"`;
this is a `karma-webkit-launcher` feature. Detecting that browser via
user agent as we normally do is hard as the UA on Linux is very similar
to a real Safari one but it actually uses a newer version of the engine.

In addition, we now allow to pass custom browsers when one needs it;
e.g., to run the tests in all three engines on Linux/macOS, run:
```
grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main
```

Closes gh-5190
2023-01-23 23:49:44 +01:00
Alex
c909d6b1ff
Build: Limit permissions for GitHub workflows
Add explicit permissions section[^1] to workflows. This is a security
best practice because by default workflows run with extended set
of permissions[^2] (except from `on: pull_request` from external forks[^3].
By specifying any permission explicitly all others are set to none. By using
the principle of least privilege the damage a compromised workflow can do
(because of an injection[^4] or compromised third party tool or action) is
restricted. It is recommended to have most strict permissions on the top
level[^5] and grant write permissions on job level[^6] on a case by case
basis.

[^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
[^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
[^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[^4]: https://securitylab.github.com/research/github-actions-untrusted-input/
[^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
[^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Closes gh-5119
2022-12-01 14:23:17 +01:00
Michał Gołębiowski-Owczarek
4c1171f2ed
Selector: Re-introduce selector-native.js
Re-introduce the `selector-native` similar to the one on the `3.x-stable`
branch. One difference is since the `main` branch inlined Sizzle, some
selector utils can be shared between the main `selector` module and
`selector-native`.

The main `selector` module can be disabled in favor of `selector-native`
via:

    grunt custom:-selector

Other changes:
* Tests: Fix Safari detection - Chrome Headless has a different user
  agent than Safari and a browser check in selector tests didn't take
  that into account.
* Tests: Run selector-native tests in `npm test`
* Selector: Fix querying on document fragments

Ref gh-4395
Closes gh-5085
2022-11-21 23:23:39 +01:00
Michał Gołębiowski-Owczarek
f62d8e2159
Build: Test on Node.js 18 & 19, stop testing on Node 12
Closes gh-5160
2022-11-17 13:22:21 +01:00
dependabot[bot]
0208224b5b
Build: Bump actions/setup-node from 3.5.0 to 3.5.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1)

Closes gh-5153

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-01 20:58:52 +01:00
dependabot[bot]
25400750fb
Build: Bump actions/setup-node from 3.4.1 to 3.5.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.4.1...v3.5.0)

Closes gh-5133

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-03 16:58:47 +02:00
dependabot[bot]
78321f078c
Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1)

Closes gh-5078

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-12 15:45:20 +02:00
Baoshuo Ren
016872ffe0
Docs: Remove git.io from a GitHub Actions comment
All links on git.io are deprecated and may stop redirecting at a certain point.

See https://github.blog/changelog/2022-04-25-git-io-deprecation/

Closes gh-5036
2022-07-12 17:27:04 +02:00
Michał Gołębiowski-Owczarek
52f452b2e8
Build: Update GitHub Actions
* Build(deps): Bump github/codeql-action from 1 to 2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/cache from 2 to 3

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Closes gh-5067
2022-06-27 18:53:31 +02:00
Michał Gołębiowski-Owczarek
2525cffc42
Build: Test on Node 17, update Grunt & karma-* packages
This adds testing on Node.js 17 in addition to the currently tested 10, 12, 14
and 16 versions.

Also, update Grunt & `karma-*` packages.

Testing in Karma on jsdom is broken in Node 17 at the moment; until we find
a fix, this change disables such testing on Node 17 or newer.

Node smoke tests & promises aplus tests are disabled on Node.js 10 as they
depend on jsdom and the latest jsdom version doesn't run properly on Node 10.

Closes gh-5023
2022-03-14 17:58:41 +01:00
Michał Gołębiowski-Owczarek
eef972508c
Build: Separate the install step from running tests in GitHub Actions
Also, update the "Run test" label to "Run tests".

Closes gh-4992
2022-01-04 16:27:42 +01:00
ygj6
e23190e63c
Build: Migrate CI to GitHub Actions
Closes gh-4800
2021-11-30 23:56:39 +01:00
Timmy Willison
39c5778c64
build: set up periodic code scanning analysis 2020-06-25 17:32:02 -04:00