Commit Graph

6615 Commits

Author SHA1 Message Date
Michał Gołębiowski-Owczarek
9ab26aa508
Event: Simplify the check for saved data in leverageNative
Previously, when `leverageNative` handled async events, there was
a case where an empty placeholder object was set as a result.
Covering both such an object and `false` required a `length` check.
However, this is not necessary since gh-5223 and the check was
already simplified in other places; this one was missed.

Closes gh-5236
Ref gh-5223

(cherry picked from commit dfe212d5a1)
2023-04-03 18:21:30 +02:00
Michał Gołębiowski-Owczarek
14685b318a
Selector: Remove an obsolete comment
There was a comment claiming that there are two implementations
of `safeActiveElement`. However, the one in `event.js` got removed
in gh-5224, even before the comment was added.

This commit removes this obsolete comment.

Closes gh-5237
Ref gh-5224
2023-04-03 18:16:43 +02:00
Michał Gołębiowski-Owczarek
759232e5af
Tests: Fix tests added in gh-5233 2023-03-27 22:54:35 +02:00
Michał Gołębiowski-Owczarek
3eed28209e
CSS: Add missing jQuery.cssNumber entries
New entries cover `aspect-ratio`, `scale`, and a few others.

Also, remove quotes around `cssNumber` keys

A few properties have been taken from React:
afea1d0c53/packages/react-dom-bindings/src/shared/CSSProperty.js\#L8-L58

Fixes gh-5179
Closes gh-5233
2023-03-27 21:50:26 +02:00
Michał Gołębiowski-Owczarek
3936cf3ef3
Selector: Wrap activeElement access in try-catch
In IE 9 accessing `document.activeElement` may throw; see
https://bugs.jquery.com/ticket/13393. We've already guarded
against this in event code but not in selector.

Closes gh-5229
2023-03-27 21:48:38 +02:00
Michał Gołębiowski-Owczarek
754108fbbf
Event: Make trigger(focus/blur/click) work with native handlers
In `leverageNative`, instead of calling `event.stopImmediatePropagation()`
which would abort both native & jQuery handlers, set the wrapper's
`isImmediatePropagationStopped` property to a function returning `true`.
Since for each element + type pair jQuery attaches only one native handler,
there is also only one wrapper jQuery event so this achieves the goal:
on the target element jQuery handlers don't fire but native ones do.

Unfortunately, this workaround doesn't work for handlers on ancestors
- since the native event is re-wrapped by a jQuery one on each level of
the propagation, the only way to stop it for jQuery was to stop it for
everyone via native `stopPropagation()`. This is not a problem for
`focus`/`blur` which don't bubble, but it does also stop `click` on
checkboxes and radios. We accept this limitation.

Fixes gh-5015
Closes gh-5228

(cherry picked from commit 6ad3651dbf)
2023-03-27 21:47:24 +02:00
Michał Gołębiowski-Owczarek
59f7b55bf6
Event: Simulate focus/blur in IE via focusin/focusout (3.x version)
In IE (all versions), `focus` & `blur` handlers are fired asynchronously
but `focusin` & `focusout` are run synchronously. In other browsers, all
those handlers are fired synchronously. Asynchronous behavior of these
handlers in IE caused issues for IE (gh-4856, gh-4859).

We now simulate `focus` via `focusin` & `blur` via `focusout` in IE to avoid
these issues. This also let us simplify some tests.

This commit also simplifies `leverageNative` - with IE now using `focusin`
to simulate `focus` and `focusout` to simulate `blur`, we don't have to deal
with async events in `leverageNative`. This also fixes broken `focus` triggers
after first triggering it on a hidden element - previously, `leverageNative`
assumed that the native `focus` handler not firing after calling the native 
`focus` method meant it would be handled later, asynchronously, which
was not the case (gh-4950).

To preserve relative `focusin`/`focus` & `focusout`/`blur` event order
guaranteed on the 3.x branch, attach a single handler for both events in IE.

A side effect of this is that to reduce size the `event/focusin` module
no longer exists and it's impossible to disable the `focusin` patch
in modern browsers via the jQuery custom build system.

Fixes gh-4856
Fixes gh-4859
Fixes gh-4950
Ref gh-5223
Closes gh-5224

Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
2023-03-27 21:24:42 +02:00
Michał Gołębiowski-Owczarek
4837a95b36
Tests: Add tests for arary data in ajax
PR gh-5197 started treating all non-string non-plain-object
`data` values as binary. However, `jQuery.ajax` also supports
arrays as values of `data`. This change didn't land on `3.x-stable`;
however... Surprisingly, we had no tests for array `data` values.
This change backports a few such missing tests added in gh-5203.

Ref gh-5197
Ref gh-5203
2023-03-21 00:36:51 +01:00
Michał Gołębiowski-Owczarek
212b6a4fce
Build: Only install Playwright dependencies when needed
PR gh-5190 added support for running tests on Playwright WebKit
in CI. For efficiency reasons, Playwright dependencies are only
installed for the `test:browser` npm script. However, that same
script is also used for Firefox ESR testing.

This change makes Playwright dependencies installed only for cases
where `WebKitHeadless` exists on the list of tested browsers.

Closes gh-5204
Ref gh-5190

(cherry picked from commit e77bd9d64f)
2023-03-20 17:14:15 +01:00
Michał Gołębiowski-Owczarek
98dd622a55
Tests: Skip jQuery.Deferred.exceptionHook tests in IE 9
The non-deprecated test was already skipped there, the deprecated
one is now skipped as well.

Ref gh-5212
2023-03-15 12:21:54 +01:00
Michał Gołębiowski-Owczarek
18139213ff
Tests: Test AJAX deprecated event aliases properly
PR gh-5046 erroneously changed AJAX deprecated event alias
usage in deprecated tests to `.on()` calls. This change
reverses this mistake.

Closes gh-5195
Ref gh-5046

(cherry picked from commit cff2899885)
2023-03-15 11:45:26 +01:00
Michał Gołębiowski-Owczarek
cca7118658
Deferred: Rename getStackHook to getErrorHook (3.x version)
Rename `jQuery.Deferred.getStackHook` to `jQuery.Deferred.getErrorHook`
to indicate passing an error instance is usually a better choice - it
works with source maps while a raw stack generally does not.

In jQuery `3.7.0`, we'll keep both names, marking the old one as
deprecated. In jQuery `4.0.0` we'll just keep the new one. This
change implements the `3.7.0` version; PR gh-5211 implements
the `4.0.0` one.

Fixes gh-5201
Closes gh-5212
Ref gh-5211
2023-03-14 22:32:57 +01:00
Timmy Willison
3b7bf19998
Release: add support for md5 sums in windows
Close gh-5220
2023-03-09 20:19:28 +00:00
Michał Gołębiowski-Owczarek
63c3af481c
Selector: Stop relying on CSS.supports( "selector(...)" )
`CSS.supports( "selector(...)" )` has different semantics than selectors passed
to `querySelectorAll`. Apart from the fact that the former returns `false` for
unrecognized selectors and the latter throws, `qSA` is more forgiving and
accepts some invalid selectors, auto-correcting them where needed - for
example, mismatched brackers are auto-closed. This behavior difference is
breaking for many users.

To add to that, a recent CSSWG resolution made `:is()` & `:where()` the only
pseudos with forgiving parsing; browsers are in the process of making `:has()`
parsing unforgiving.

Taking all that into account, we go back to our previous try-catch approach
without relying on `CSS.supports( "selector(...)" )`. The only difference
is we detect forgiving parsing in `:has()` and mark the selector as buggy.

The PR also updates `playwright-webkit` so that we test against a version
of WebKit that already has non-forgiving `:has()`.

Fixes gh-5194
Closes gh-5207
Ref gh-5206
Ref gh-5098
Ref gh-5107
Ref w3c/csswg-drafts#7676
2023-02-14 11:42:29 +01:00
Michał Gołębiowski-Owczarek
ac1c59a354
Selector: Rename rcombinators to rleadingCombinator
Closes gh-5208
2023-02-13 18:35:02 +01:00
dependabot[bot]
582785e047
Build: Bump actions/setup-node from 3.5.1 to 3.6.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.1...v3.6.0)

Closes gh-5200

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 7e7bd06207)
2023-02-06 16:43:26 +01:00
Michał Gołębiowski-Owczarek
732592c2a7
Tests: Fix selector tests in Chrome
For older Safari/iOS we needed to add the `safari` UA check as their reported
`WebKit` version was not new enough. However, that check should have also
excluded Chrome which was missed in the first iteration. This has been fixed.

Also, fix code formatting in `test/unit/css.js`.
2023-01-24 11:51:57 +01:00
Michał Gołębiowski-Owczarek
da7057e9b0
Build: Run GitHub Action browser tests on Playwright WebKit
So far, we've been running browser tests on GitHub Actions in Chrome
and Firefox. Regular Safari is not available in GitHub Actions but
Playwright WebKit comes close to a dev version of Safari.

With this change, our GitHub CI & local test runs will invoke tests on
all actively developed browser engines on all PRs.

Also, our GitHub Actions browser tests are now running on Node.js 18.

Detection of the Playwright WebKit browser in support unit tests is done
by checking if the `test_browser` query parameter is set to `"Playwright"`;
this is a `karma-webkit-launcher` feature. Detecting that browser via
user agent as we normally do is hard as the UA on Linux is very similar
to a real Safari one but it actually uses a newer version of the engine.

In addition, we now allow to pass custom browsers when one needs it;
e.g., to run the tests in all three engines on Linux/macOS, run:
```
grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main
```

Closes gh-5190

(cherry picked from commit b02a257f98)
2023-01-24 00:12:55 +01:00
Michał Gołębiowski-Owczarek
6b2abbdc46
Build: Migrate middleware-mockserver to modern JS
The `test/middleware-mockserver.js` file used to have the same ESLint
settings applied as other test files that are directly run in tested
browsers. Now it shares settings of other Node.js files.

The file is now also written using modern JS, leveraging ES2018.

Closes gh-5196

(cherry picked from commit ce90a48450)
2023-01-23 23:30:08 +01:00
Timmy Willison
e062f9cbc6
Docs: Remove stale badge from README
Close gh-5148

(cherry picked from commit bcd9c2bc3d)
2022-12-20 22:05:21 +01:00
fecore1
e0c670e66d
Docs: update irc to Libera and fix LAMP dead link
(cherry picked from commit 175db73ec7)
2022-12-20 22:05:07 +01:00
Timmy Willison
37b04d5aba
Build: remove stale Insight package from custom builds
Close gh-5181
2022-12-20 20:53:36 +00:00
Michał Gołębiowski-Owczarek
6b2094da79
Tests: Skip the native :valid tests in IE 9
A newly added test making sure a native selector containing
the `:valid` pseudo works when no jQuery-specific selectors
are used was failing in IE 9 as that browser lacks support
for this pseudo. This commit disables that test in IE 9.

Ref gh-5178
2022-12-19 19:56:59 +01:00
Michał Gołębiowski-Owczarek
848de62542
Selector: Make selector lists work with qSA again
jQuery 3.6.2 started using `CSS.supports( "selector(SELECTOR)" )` before using
`querySelectorAll` on the selector. This was to solve gh-5098 - some selectors,
like `:has()`, now had their parameters parsed in a forgiving way, meaning
that `:has(:fakepseudo)` no longer throws but just returns 0 results, breaking
that jQuery mechanism.

A recent spec change made `CSS.supports( "selector(SELECTOR)" )` always use
non-forgiving parsing, allowing us to use this API for what we've used
`try-catch` before.

To solve the issue on the spec side for older jQuery versions, `:has()`
parameters are no longer using forgiving parsing in the latest spec update
but our new mechanism is more future-proof anyway.

However, the jQuery implementation has a bug - in
`CSS.supports( "selector(SELECTOR)" )`, `SELECTOR` needs to be
a `<complex-selector>` and not a `<complex-selector-list>`. Which means that
selector lists now skip `qSA` and go to the jQuery custom traversal:
```js
CSS.supports("selector(div:valid, span)"); // false
CSS.supports("selector(div:valid)"); // true
CSS.supports("selector(span)"); // true
```

To solve this, this commit wraps the selector list passed to
`CSS.supports( "selector(:is(SELECTOR))" )` with `:is`, making it a single
selector again.

See:
* https://w3c.github.io/csswg-drafts/css-conditional-4/#at-supports-ext
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector-list

Fixes gh-5177
Closes gh-5178
Ref w3c/csswg-drafts#7280

(cherry picked from commit 09d988b774)
2022-12-19 19:30:42 +01:00
Michał Gołębiowski-Owczarek
0acbe6433c
Selector: Implement the uniqueSort chainable method
Some APIs, like `.prevAll()`, return elements in the reversed order, causing
confusing behavior when used with wrapping methods (see gh-5149 for more info)
 To provide an easy workaround, this commit implements a chainable `uniqueSort`
method on jQuery objects, an equivalent of `jQuery.uniqueSort`.

Fixes gh-5166
Closes gh-5168

(cherry picked from commit 5266f23cf4)
2022-12-14 01:54:41 +01:00
Michał Gołębiowski-Owczarek
6306ca4994
Selector: Inline Sizzle into the selector module: 3.x version (#5113)
This commit removes Sizzle from jQuery, inlining its code & removing obsolete
workarounds where applicable.

The Sizzle AUTHORS.txt file has been merged with the jQuery one - people are
sorted by their first contributions to either of the two repositories.

The main `selector` module can be disabled in favor of `selector-native`
via:

    grunt custom:-selector

For backwards compatibility, the legacy `sizzle` alias is also supported (it
will be dropped in jQuery `4.0.0`):

    grunt custom:-selector

Sizzle tests have been ported to jQuery ones. Ones that are not compatible
with the `selector-native` module are disabled if the regular selector module
is excluded.

Backwards compatibility is still kept for all `Sizzle` utils - they continue to be
available under `jQuery.find` - but the primary implementation is now attached
directly to jQuery.

Some selector utils shared by `selector` & `selector-native` have been
extracted & deduplicated. `jQuery.text` and `jQuery.isXMLDoc` have been
moved to the `core` module.

The commit reduces the gzipped jQuery size by 851 bytes compared to the
`3.x-stable` branch.

Closes gh-5113
Ref gh-4395
Ref gh-4406
2022-12-14 01:41:31 +01:00
Michał Gołębiowski-Owczarek
96675fa7c8
Build: Updating the 3.x-stable version to 3.7.0-pre. 2022-12-14 00:48:46 +01:00
Timmy Willison
2c5b47c4de
Build: Updating the 3.x-stable version to 3.6.3-pre. 2022-12-13 09:58:45 -05:00
Timmy Willison
2215119529
Release: update authors 2022-12-12 20:55:26 -05:00
Alex
0d9fae4c3a
Build: Limit permissions for GitHub workflows
Add explicit permissions section[^1] to workflows. This is a security
best practice because by default workflows run with extended set
of permissions[^2] (except from `on: pull_request` from external forks[^3].
By specifying any permission explicitly all others are set to none. By using
the principle of least privilege the damage a compromised workflow can do
(because of an injection[^4] or compromised third party tool or action) is
restricted. It is recommended to have most strict permissions on the top
level[^5] and grant write permissions on job level[^6] on a case by case
basis.

[^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
[^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
[^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[^4]: https://securitylab.github.com/research/github-actions-untrusted-input/
[^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
[^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Closes gh-5119

(cherry picked from commit c909d6b1ff)
2022-12-01 14:27:11 +01:00
Michał Gołębiowski-Owczarek
f4809f9b4a
Build: Test on Node.js 18 & 19, stop testing on Node 12
Closes gh-5161
2022-11-17 13:22:38 +01:00
Michał Gołębiowski-Owczarek
5318e3111a Selector:Manipulation: Fix DOM manip within template contents
The `<template/>` element `contents` property is a document fragment that may
have a `null` `documentElement`. In Safari 16 this happens in more cases due
to recent spec changes - in particular, even if that document fragment is
explicitly adopted into an outer document. We're testing both of those cases
now.

The crash used to happen in `jQuery.contains` which is an alias for
`Sizzle.contains` in jQuery 3.x.

The Sizzle fix is at jquery/sizzle#490, released in Sizzle `2.3.8`. This
version of Sizzle is included in the parent commit.

A fix similar to the one from gh-5158 has also been applied here to the
`selector-native` version.

Fixes gh-5147
Closes gh-5159
Ref jquery/sizzle#490
Ref gh-5158
2022-11-16 23:58:17 +01:00
Michał Gołębiowski-Owczarek
a1b7ae3b3f Selector: Update Sizzle from 2.3.7 to 2.3.8
Fixes gh-5147
Ref gh-5158
Ref jquery/sizzle#490
2022-11-16 23:58:17 +01:00
dependabot[bot]
28241b7f92 Build: Bump actions/setup-node from 3.5.0 to 3.5.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1)

Closes gh-5153

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 0208224b5b)
2022-11-01 20:59:39 +01:00
Michał Gołębiowski-Owczarek
ee0fec052b
Selector: Update Sizzle from 2.3.6 to 2.3.7
Fixes gh-5098
Closes gh-5135
Ref jquery/sizzle#486
Ref gh-5107
2022-10-04 18:02:52 +02:00
Michał Gołębiowski-Owczarek
ed02835585 Build: Update Grunt from 1.4.1 to 1.5.3
This will resolve the following security issues:
* Path Traversal in Grunt: https://github.com/advisories/GHSA-j383-35pm-c5h4
* Race Condition in Grunt: https://github.com/advisories/GHSA-rm36-94g8-835r

Closes gh-5134

(cherry picked from commit aa231cd214)
2022-10-03 23:08:08 +02:00
Michał Gołębiowski-Owczarek
76edd26ebb Docs: Update the README of the published package
The previous details were showing their age, e.g. mentions about browsers
not supporting ES2015. The story with ES modules is more complex as it's also
about loaders but to keep the README simple, let's just make it more up to date
with typical usage.

Closes gh-5108

(cherry picked from commit edccabf10d)
2022-10-03 22:56:17 +02:00
Michał Gołębiowski-Owczarek
965391ab93 Tests: Remove a workaround for a Firefox XML parsing issue
Firefox 96-100 used to report the column number smaller by 2 than it should
in the `parsererror` element generated for invalid XML documents. Since that
version range is unsupported now and it includes no ESR versions, the workaround
can now be dropped.

Closes gh-5109
Ref gh-5018

(cherry picked from commit e7ffe1f135)
2022-10-03 22:54:18 +02:00
Michał Gołębiowski-Owczarek
8bea1dec18 CSS: Return undefined for whitespace-only CSS variable values (#5120)
The spec requires that CSS variable values are trimmed. In browsers that do
this - mainly, Safari, but also Firefox if the value only has leading
whitespace - we currently return undefined; in other browsers, we return
an empty string as the logic to fall back to undefined happens before
trimming.

This commit adds another explicit callback to `undefined` to have it consistent
across browsers.

Also, more explicit comments about behaviors we need to work around in various
browsers have been added.

Closes gh-5120
Ref gh-5106

(cherry picked from commit 7eb0019640)
2022-10-03 22:45:52 +02:00
dependabot[bot]
9eb47cceba Build: Bump actions/setup-node from 3.4.1 to 3.5.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.4.1...v3.5.0)

Closes gh-5133

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
(cherry picked from commit 25400750fb)
2022-10-03 16:59:45 +02:00
Michał Gołębiowski-Owczarek
d051e0e3a2
Tests: Make Ajax tests pass in iOS 9
Accept "HTTP/2.0 200" as a valid `statusText` for successful requests
to make ajax tests pass in iOS 9. At this point, normalizing this in code
doesn't seem to make a lot of sense.

Closes gh-5121
2022-09-21 17:46:18 +02:00
Anders Kaseorg
c0db6d7032 CSS: Don’t trim whitespace of undefined custom property
Fixes gh-5105
Closes gh-5106

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

(cherry picked from commit ed306c0261)
2022-09-19 23:20:14 +02:00
dependabot[bot]
f14064cabf Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1)

Closes gh-5078

(cherry picked from commit 78321f078c)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-12 15:47:46 +02:00
Timmy Willison
8f6136fc70
Build: Updating the 3.x-stable version to 3.6.2-pre. 2022-08-26 13:54:28 -04:00
Timmy Willison
ba2665f3cd
Release: update AUTHORS.txt 2022-08-15 11:54:39 -04:00
Vladimir Sitnikov
699401008f
Deprecated: Improve $.trim performance for strings with lots of whitespace
Regex imp implementation takes `O(N^2)` time to trim the string when
multiple adjacent spaces were present.

The new expression require that the "whitespace run" starts from
a non-whitespace to avoid `O(N^2)` behavior when the engine would
try matching `\s+$` at each space position.

Closes gh-5068
2022-07-20 10:51:13 +02:00
Simon Legner
410d5cf0c3 Docs: Update webpack website in README
Webpack has migrated to https://webpack.js.org/ since version 2.

Closes gh-5037

(cherry picked from commit 01819bc3bc)
2022-07-12 17:17:18 +02:00
Michał Gołębiowski-Owczarek
bc16512879
Tests: Exclude tests based on compilation flags, not API presence (3.x version)
Introduces a new test API, `includesModule`. The method returns whether
a particular module like "ajax" or "deprecated" is included in the current
jQuery build; it handles the slim build as well. The util was created so that
we don't treat presence of particular APIs to decide whether to run a test as
then if we accidentally remove an API, the tests would still not fail.

Closes gh-5071
Fixes gh-5069
Ref gh-5046

(partially cherry picked from commit fae5fee8b4)
2022-07-12 17:12:27 +02:00
Michał Gołębiowski-Owczarek
0f6c3d9efc Build: Update GitHub Actions
* Build(deps): Bump actions/cache from 2 to 3

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Closes gh-5067

(cherry picked from commit 52f452b2e8)
2022-06-27 18:59:57 +02:00
Christian Oliff
5a363017cf Build: Add dependabot.yml config (GitHub Actions)
This makes dependabot issue automated PRs to update
GitHub Action versions monthly.

Closes gh-5057

(cherry picked from commit 3f8bb2a46d)
2022-06-27 18:34:50 +02:00