Commit Graph

6601 Commits

Author SHA1 Message Date
Timmy Willison
f088c36631
Release: add support for md5 sums in windows
Close gh-5219
2023-03-09 20:19:07 +00:00
Michał Gołębiowski-Owczarek
68aa2ef757
Selector: Stop relying on CSS.supports( "selector(...)" )
`CSS.supports( "selector(...)" )` has different semantics than selectors passed
to `querySelectorAll`. Apart from the fact that the former returns `false` for
unrecognized selectors and the latter throws, `qSA` is more forgiving and
accepts some invalid selectors, auto-correcting them where needed - for
example, mismatched brackers are auto-closed. This behavior difference is
breaking for many users.

To add to that, a recent CSSWG resolution made `:is()` & `:where()` the only
pseudos with forgiving parsing; browsers are in the process of making `:has()`
parsing unforgiving.

Taking all that into account, we go back to our previous try-catch approach
without relying on `CSS.supports( "selector(...)" )`. The only difference
is we detect forgiving parsing in `:has()` and mark the selector as buggy.

The PR also updates `playwright-webkit` so that we test against a version
of WebKit that already has non-forgiving `:has()`.

Fixes gh-5194
Closes gh-5206
Ref gh-5098
Ref gh-5107
Ref w3c/csswg-drafts#7676

Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
2023-02-14 10:11:40 +01:00
Michał Gołębiowski-Owczarek
2e644e8450
Selector: Backport jQuery selection context logic to selector-native
This makes:
```js
$div.find("div > *")
```
no longer matching children of `$div`.

Also, leading combinators now work, e.g.:
```js
$div.find( "> *" );
```
returns children of `$div`.

As a result of that, a number of tests are no longer skipped in the
`selector-native` mode.

Also, rename `rcombinators` to `rleadingCombinator`.

Fixes gh-5185
Closes gh-5186
Ref gh-5085
2023-02-13 18:34:41 +01:00
dependabot[bot]
7e7bd06207
Build: Bump actions/setup-node from 3.5.1 to 3.6.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.1...v3.6.0)

Closes gh-5200

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-02-02 01:43:00 +01:00
Michał Gołębiowski-Owczarek
a7ed9a7b63
Ajax: Support binary data (including FormData)
Two changes have been applied:
* prefilters are now applied before data is converted to a string;
  this allows prefilters to disable such a conversion
* a prefilter for binary data is added; it disables data conversion
  for non-string non-plain-object `data`; for `FormData` bodies, it
  removes manually-set `Content-Type` header - this is required
  as browsers need to append their own boundary to the header

Ref gh-4150
Closes gh-5197
2023-02-01 13:48:35 +01:00
Michał Gołębiowski-Owczarek
0b9c5037f7
Deferred: Respect source maps in jQuery.Deferred.exceptionHook
So far, `jQuery.Deferred.exceptionHook` used to log error message and stack
separately. However, that breaks browser applying source maps against the stack
trace - most browsers require logging an error instance. This change makes us
do exactly that.

One drawback of the change is that in IE 11 previously stack was printed
directly and now just the error summary; to get to the actual stack
trace, three clicks are required. This seems to be a low price to pay
for having source maps work in all the other browsers, though.

Safari with the new change requires one click to get to the stack trace
which sounds manageable.

Fixes gh-3179
Closes gh-5192
Ref https://crbug.com/622227
2023-02-01 13:46:44 +01:00
Michał Gołębiowski-Owczarek
6d1364431b
Ajax: Support headers for script transport even when cross-domain
The AJAX script transport has two versions: XHR + `jQuery.globalEval` or
appending a script tag (note that `jQuery.globalEval` also appends a
script tag now, but inline). The former cannot support the `headers`
option which has so far not been taken into account.

For jQuery 3.x, the main consequence was the option not being respected
for cross-domain requests. Since in 4.x we use the latter way more
often, the option was being ignored in more cases.

The transport now checks whether the `headers` option is specified and
uses the XHR way unless `scriptAttrs` are specified as well.

Fixes gh-5142
Closes gh-5193
2023-02-01 13:40:55 +01:00
Michał Gołębiowski-Owczarek
b02a257f98
Build: Run GitHub Action browser tests on Playwright WebKit
So far, we've been running browser tests on GitHub Actions in Chrome
and Firefox. Regular Safari is not available in GitHub Actions but
Playwright WebKit comes close to a dev version of Safari.

With this change, our GitHub CI & local test runs will invoke tests on
all actively developed browser engines on all PRs.

Also, our GitHub Actions browser tests are now running on Node.js 18.

Detection of the Playwright WebKit browser in support unit tests is done
by checking if the `test_browser` query parameter is set to `"Playwright"`;
this is a `karma-webkit-launcher` feature. Detecting that browser via
user agent as we normally do is hard as the UA on Linux is very similar
to a real Safari one but it actually uses a newer version of the engine.

In addition, we now allow to pass custom browsers when one needs it;
e.g., to run the tests in all three engines on Linux/macOS, run:
```
grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main
```

Closes gh-5190
2023-01-23 23:49:44 +01:00
Michał Gołębiowski-Owczarek
ce90a48450
Build: Migrate middleware-mockserver to modern JS
The `test/middleware-mockserver.js` file used to have the same ESLint
settings applied as other test files that are directly run in tested
browsers. Now it shares settings of other Node.js files.

The file is now also written using modern JS, leveraging ES2018.

Closes gh-5196
2023-01-23 23:20:08 +01:00
Timmy Willison
c66d4700dc
Build: remove stale Insight package from custom builds
Close gh-5182
2022-12-20 20:57:49 +00:00
Michał Gołębiowski-Owczarek
09d988b774
Selector: Make selector lists work with qSA again
jQuery 3.6.2 started using `CSS.supports( "selector(SELECTOR)" )` before using
`querySelectorAll` on the selector. This was to solve gh-5098 - some selectors,
like `:has()`, now had their parameters parsed in a forgiving way, meaning
that `:has(:fakepseudo)` no longer throws but just returns 0 results, breaking
that jQuery mechanism.

A recent spec change made `CSS.supports( "selector(SELECTOR)" )` always use
non-forgiving parsing, allowing us to use this API for what we've used
`try-catch` before.

To solve the issue on the spec side for older jQuery versions, `:has()`
parameters are no longer using forgiving parsing in the latest spec update
but our new mechanism is more future-proof anyway.

However, the jQuery implementation has a bug - in
`CSS.supports( "selector(SELECTOR)" )`, `SELECTOR` needs to be
a `<complex-selector>` and not a `<complex-selector-list>`. Which means that
selector lists now skip `qSA` and go to the jQuery custom traversal:
```js
CSS.supports("selector(div:valid, span)"); // false
CSS.supports("selector(div:valid)"); // true
CSS.supports("selector(span)"); // true
```

To solve this, this commit wraps the selector list passed to
`CSS.supports( "selector(:is(SELECTOR))" )` with `:is`, making it a single
selector again.

See:
* https://w3c.github.io/csswg-drafts/css-conditional-4/#at-supports-ext
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector-list

Fixes gh-5177
Closes gh-5178
Ref w3c/csswg-drafts#7280
2022-12-19 18:43:30 +01:00
Michał Gołębiowski-Owczarek
024d87195a
Core:Selector: Move jQuery.contains from the selector to the core module
The `jQuery.contains` method is quite simple in jQuery 4+. On the other side,
it's a dependency of the core `isAttached` util which is not ideal; moving
it from the `selector` the `core` module resolves the issue.

Closes gh-5167
2022-12-12 22:27:59 +01:00
Alex
c909d6b1ff
Build: Limit permissions for GitHub workflows
Add explicit permissions section[^1] to workflows. This is a security
best practice because by default workflows run with extended set
of permissions[^2] (except from `on: pull_request` from external forks[^3].
By specifying any permission explicitly all others are set to none. By using
the principle of least privilege the damage a compromised workflow can do
(because of an injection[^4] or compromised third party tool or action) is
restricted. It is recommended to have most strict permissions on the top
level[^5] and grant write permissions on job level[^6] on a case by case
basis.

[^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
[^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
[^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[^4]: https://securitylab.github.com/research/github-actions-untrusted-input/
[^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
[^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Closes gh-5119
2022-12-01 14:23:17 +01:00
Michał Gołębiowski-Owczarek
5266f23cf4
Selector: Implement the uniqueSort chainable method
Some APIs, like `.prevAll()`, return elements in the reversed order, causing
confusing behavior when used with wrapping methods (see gh-5149 for more info)
 To provide an easy workaround, this commit implements a chainable `uniqueSort`
method on jQuery objects, an equivalent of `jQuery.uniqueSort`.

Fixes gh-5166
Closes gh-5168
2022-11-28 18:10:33 +01:00
Michał Gołębiowski-Owczarek
716130e094
Tests: Indicate Firefox 106+ passes the cssSupportsSelector test
Firefox 106 adjusted to the spec mandating that `CSS.supports("selector(...)")`
uses non-forgiving parsing which makes it pass the relevant support test.

Closes gh-5141
2022-11-25 00:54:56 +01:00
Michał Gołębiowski-Owczarek
4c1171f2ed
Selector: Re-introduce selector-native.js
Re-introduce the `selector-native` similar to the one on the `3.x-stable`
branch. One difference is since the `main` branch inlined Sizzle, some
selector utils can be shared between the main `selector` module and
`selector-native`.

The main `selector` module can be disabled in favor of `selector-native`
via:

    grunt custom:-selector

Other changes:
* Tests: Fix Safari detection - Chrome Headless has a different user
  agent than Safari and a browser check in selector tests didn't take
  that into account.
* Tests: Run selector-native tests in `npm test`
* Selector: Fix querying on document fragments

Ref gh-4395
Closes gh-5085
2022-11-21 23:23:39 +01:00
Michał Gołębiowski-Owczarek
f62d8e2159
Build: Test on Node.js 18 & 19, stop testing on Node 12
Closes gh-5160
2022-11-17 13:22:21 +01:00
Michał Gołębiowski-Owczarek
3299236c89
Selector:Manipulation: Fix DOM manip within template contents
The `<template/>` element `contents` property is a document fragment that may
have a `null` `documentElement`. In Safari 16 this happens in more cases due
to recent spec changes - in particular, even if that document fragment is
explicitly adopted into an outer document. We're testing both of those cases
now.

The crash used to happen in `jQuery.contains`. As it turns out, we don't need
to query the supposed container `documentElement` if it has the
`Node.DOCUMENT_NODE` (9) `nodeType`; we can call `.contains()` directly on
the `document`. That avoids the crash.

Fixes gh-5147
Closes gh-5158
2022-11-14 23:17:23 +01:00
dependabot[bot]
0208224b5b
Build: Bump actions/setup-node from 3.5.0 to 3.5.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1)

Closes gh-5153

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-11-01 20:58:52 +01:00
Timmy Willison
bcd9c2bc3d
Docs: Remove stale badge from README
Close gh-5148
2022-10-24 11:00:25 -04:00
Michał Gołębiowski-Owczarek
74978b7e89
Ajax: Support null as success functions in jQuery.get
According to the docs, one can use `null` as a success function in `jQuery.get`
of `jQuery.post` so the following:

```js
await jQuery.get( "https://httpbin.org/json", null, "text" )
```

should get the text result. However, this shortcut hasn't been working so far.

Fixes gh-4989
Closes gh-5139
2022-10-17 18:54:28 +02:00
Michał Gołębiowski-Owczarek
8c7da22cae
Selector: Drop support for legacy pseudos, test custom pseudos
This backports custom pseudos tests from Sizzle; they were missed in original
test backports. Also, the support for legacy custom pseudos has been dropped.

The `jQuery.expr` test cleanup has been wrapped in `try-finally` for cleaner
test isolation in case anything goes wrong.

Closes gh-5137
2022-10-11 11:55:46 +02:00
Michał Gołębiowski-Owczarek
ee6e874075
Manipulation: Extract domManip to a separate file
We've already had `buildFragment` extracted to a separate file long ago.
`domManip` is quite a complex & crucial API and so far it has existed within
the `manipulation.js` module. Extracting it makes the module shorter and easier
to understand.

A few comments / messages in tests have also been updated to not suggest there's
a public `jQuery.domManip` API - it's been private since 3.0.0.

Closes gh-5138
2022-10-10 18:15:34 +02:00
Michał Gołębiowski-Owczarek
aa231cd214
Build: Update Grunt from 1.4.1 to 1.5.3
This will resolve the following security issues:
* Path Traversal in Grunt: https://github.com/advisories/GHSA-j383-35pm-c5h4
* Race Condition in Grunt: https://github.com/advisories/GHSA-rm36-94g8-835r

Closes gh-5134
2022-10-03 23:06:37 +02:00
Michał Gołębiowski-Owczarek
edccabf10d
Docs: Update the README of the published package
The previous details were showing their age, e.g. mentions about browsers
not supporting ES2015. The story with ES modules is more complex as it's also
about loaders but to keep the README simple, let's just make it more up to date
with typical usage.

Closes gh-5108
2022-10-03 22:55:49 +02:00
Michał Gołębiowski-Owczarek
e7ffe1f135
Tests: Remove a workaround for a Firefox XML parsing issue
Firefox 96-100 used to report the column number smaller by 2 than it should
in the `parsererror` element generated for invalid XML documents. Since that
version range is unsupported now and it includes no ESR versions, the workaround
can now be dropped.

Closes gh-5109
Ref gh-5018
2022-10-03 22:53:39 +02:00
Michał Gołębiowski-Owczarek
7eb0019640
CSS: Return undefined for whitespace-only CSS variable values (#5120)
The spec requires that CSS variable values are trimmed. In browsers that do
this - mainly, Safari, but also Firefox if the value only has leading
whitespace - we currently return undefined; in other browsers, we return
an empty string as the logic to fall back to undefined happens before
trimming.

This commit adds another explicit callback to `undefined` to have it consistent
across browsers.

Also, more explicit comments about behaviors we need to work around in various
browsers have been added.

Closes gh-5120
Ref gh-5106
2022-10-03 18:10:42 +02:00
dependabot[bot]
25400750fb
Build: Bump actions/setup-node from 3.4.1 to 3.5.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.4.1...v3.5.0)

Closes gh-5133

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-03 16:58:47 +02:00
Anders Kaseorg
ed306c0261
CSS: Don’t trim whitespace of undefined custom property
Fixes gh-5105
Closes gh-5106

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-09-19 23:08:12 +02:00
Michał Gołębiowski-Owczarek
d153c375e6
Selector: Use jQuery :has if CSS.supports(selector(...)) non-compliant
jQuery has followed the following logic for selector handling for ages:
1. Modify the selector to adhere to scoping rules jQuery mandates.
2. Try `qSA` on the modified selector. If it succeeds, use the results.
3. If `qSA` threw an error, run the jQuery custom traversal instead.

It worked fine so far but now CSS has a concept of forgiving selector lists that
some selectors like `:is()` & `:has()` use. That means providing unrecognized
selectors as parameters to `:is()` & `:has()` no longer throws an error, it will
just return no results. That made browsers with native `:has()` support break
selectors using jQuery extensions inside, e.g. `:has(:contains("Item"))`.

Detecting support for selectors can also be done via:

```js
CSS.supports( "selector(SELECTOR_TO_BE_TESTED)" )
```
which returns a boolean. There was a recent spec change requiring this API to
always use non-forgiving parsing:
https://github.com/w3c/csswg-drafts/issues/7280#issuecomment-1143852187
However, no browsers have implemented this change so far.

To solve this, two changes are being made:
1. In browsers supports the new spec change to `CSS.supports( "selector()" )`,
   use it before trying `qSA`.
2. Otherwise, add `:has` to the buggy selectors list.

Fixes gh-5098
Closes gh-5107
Ref w3c/csswg-drafts#7676
2022-09-19 20:56:02 +02:00
dependabot[bot]
78321f078c
Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1)

Closes gh-5078

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-12 15:45:20 +02:00
Michał Gołębiowski-Owczarek
d2436df36a
Core: Drop the root parameter of jQuery.fn.init
The third parameter of `jQuery.fn.init` - `root` - was just needed to support
`jQuery.sub`. Since this API has been removed in jQuery 1.9.0 and Migrate 3.x
is not filling it in, this parameter is no longer needed.

This parameter has never been documented but it's safer to remove it in a major
update.

Closes gh-5096
2022-08-29 19:03:12 +02:00
Michał Gołębiowski-Owczarek
8cf39b78e6
Tests: Fix the link to QUnit CSS file
Without this fix, the layout is fine during the test run but all the CSS is gone
when tests finish and the results are shown.

This affects commands like `grunt karma:chrome-debug`.

Closes gh-5090
2022-08-29 17:44:10 +02:00
Baoshuo Ren
016872ffe0
Docs: Remove git.io from a GitHub Actions comment
All links on git.io are deprecated and may stop redirecting at a certain point.

See https://github.blog/changelog/2022-04-25-git-io-deprecation/

Closes gh-5036
2022-07-12 17:27:04 +02:00
Simon Legner
01819bc3bc
Docs: Update webpack website in README
Webpack has migrated to https://webpack.js.org/ since version 2.

Closes gh-5037
2022-07-12 17:16:24 +02:00
Michał Gołębiowski-Owczarek
fae5fee8b4
Tests: Exclude tests based on compilation flags, not API presence
Introduces a new test API, `includesModule`. The method returns whether
a particular module like "ajax" or "deprecated" is included in the current
jQuery build; it handles the slim build as well. The util was created so that
we don't treat presence of particular APIs to decide whether to run a test as
then if we accidentally remove an API, the tests would still not fail.

Fixes gh-5069
Closes gh-5046
2022-06-28 12:39:01 +02:00
Michał Gołębiowski-Owczarek
52f452b2e8
Build: Update GitHub Actions
* Build(deps): Bump github/codeql-action from 1 to 2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/cache from 2 to 3

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Closes gh-5067
2022-06-27 18:53:31 +02:00
Christian Oliff
3f8bb2a46d
Build: Add dependabot.yml config (GitHub Actions)
This makes dependabot issue automated PRs to update
GitHub Action versions monthly.

Closes gh-5057
2022-06-27 18:33:41 +02:00
Timmy Willison
924b7ce825
Docs: add link to patchwelcome and help wanted issues 2022-06-27 12:15:59 -04:00
Michał Gołębiowski-Owczarek
2525cffc42
Build: Test on Node 17, update Grunt & karma-* packages
This adds testing on Node.js 17 in addition to the currently tested 10, 12, 14
and 16 versions.

Also, update Grunt & `karma-*` packages.

Testing in Karma on jsdom is broken in Node 17 at the moment; until we find
a fix, this change disables such testing on Node 17 or newer.

Node smoke tests & promises aplus tests are disabled on Node.js 10 as they
depend on jsdom and the latest jsdom version doesn't run properly on Node 10.

Closes gh-5023
2022-03-14 17:58:41 +01:00
Michał Gołębiowski-Owczarek
6c2c7362fb
Effects: Remove jQuery.fx.interval
`jQuery.fx.interval` has been deprecated since jQuery 3.0.0 but it has been
still used in jQuery code until this change. This commit removes the definition
and explicitly uses the `13` number in its place.

Closes gh-5017
2022-03-01 14:11:50 +01:00
Michał Gołębiowski-Owczarek
af1cd6f218
Tests: Workaround an XML parsing bug in Firefox
See https://bugzilla.mozilla.org/show_bug.cgi?id=1751796

Closes gh-5018
2022-02-28 18:26:53 +01:00
Timmy Willison
683ceb8ff0
Docs: add link to preview the new CLAs
Close gh-5009
2022-01-31 22:20:23 +00:00
Michał Gołębiowski-Owczarek
a338b407f2
CSS: Skip falsy values in addClass( array ), compress code
This change makes jQuery skip falsy values in `addClass( array )`
& `removeClass( array )` instead of stopping iteration when the first falsy
value is detected. This makes code like:
```js
elem.addClass( [ "a", "", "b" ] );
```
add both the `a` & `b` classes.

The code was also optimized for size a bit so it doesn't increase the
minified gzipped size.

Fixes gh-4998
Closes gh-5003
2022-01-24 18:56:49 +01:00
Bruno PIERRE
9c6f64c7b5
Core: Don't rely on splice being present on input
Without this fix calling `jQuery.uniqueSort` on an array-like can result in:

TypeError: results.splice is not a function
    at Function.jQuery.uniqueSort (https://code.jquery.com/jquery-git.js:664:12)
    at jQuery.fn.init.find (https://code.jquery.com/jquery-git.js:2394:27)
    at gocusihafe.js:3:4

Closes gh-4986
2022-01-24 18:55:16 +01:00
Michał Gołębiowski-Owczarek
eb9ceb2fac
Docs: Fix incorrect trac-NUMBER references
PR gh-4993 changed a few too many issue references to `trac-NUMBER` ones. This
change fixes them. It also fixes a typo in one Trac issue number in selector
tests.

Ref gh-4993
Closes gh-4995
2022-01-12 23:23:42 +01:00
Timmy Willison
9603b3c899
Tests: lock colors version to 1.4.0 2022-01-10 12:54:24 -05:00
Timmy Willison
ed066ac702
Docs: remove expired links from old jquery source (#4997)
Ref gh-4981
Ref gh-4991
2022-01-07 17:44:51 +00:00
Michał Gołębiowski-Owczarek
e24f2dcf3f
Docs: Remove links to Web Archive from source
Neither of the removed links is crucial; one of them refers to a site that has
since started being malicious; while the Web Archive links remain safe, some
scanners warn about such links. Removing them is the safest thing to do.

Fixes gh-4981
Closes gh-4991
2022-01-04 16:33:43 +01:00
Michał Gołębiowski-Owczarek
eef972508c
Build: Separate the install step from running tests in GitHub Actions
Also, update the "Run test" label to "Run tests".

Closes gh-4992
2022-01-04 16:27:42 +01:00