Build: Make middleware-mockserver not crash on reading nonexistent files
`fs.readFileSync` crashes when a non-existing file is passed to it. Some APIs
of `middleware-mockserver` read a file the path of which depends on query
parameters, making it possible to crash it by providing such a parameter. The
old PHP server doesn't have these issues.
To fix this, wrap all `fs.readFileSync` occurrences with a function that falls
back to the string `"ERROR"`.
Changes:
1. Update the link to "help wanted" or "patch welcome" issues to only include
open ones.
2. Replace info about the jQuery Forum & IRC with Matrix & Stack Overflow.
3. Update the test reduction WebKit blog post link.
4. Update the Git clone instructions to not rely on the legacy `git://`
protocol.
5. Fix a few typos.
Tests: Switch to an updated fork of promises-aplus-tests
The upstream package has been unmaintained for years, with dependencies
with long-reported security issues. Switching to a fork allows to resolve
all the security reports against the jQuery development environment.
The fork is maintained by @mgol and has the following changes:
1. The `underscore` dependency has been removed.
2. `sinon` has been updated from v1 to v19.
3. `mocha` has been updated from v2 to v10.
Changes to the source are minimal; it will be easy to rebase the fixes
if the upstream package is ever updated.
In addition to the above, the `q` dependency has been removed.
It's been added in gh-1996 but never really used.
Manipulation: Make jQuery.cleanData not skip elements during cleanup
When passing a result of `getElementByTagsName` to `jQuery.cleanData`, convert
it to an array first. Otherwise, a live NodeList is passed and if any of the
event cleanups remove the element itself, a collection is modified during the
iteration, making `jQuery.cleanData` skip cleanup for some elements.
Fixes gh-5214
Closes gh-5523
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com> Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
(cherry picked from commit 3cad5c435aa2333c39baa55a8bceb2b6bf1e2721)
Tests: Run tests in Edge in IE mode in GitHub Actions
While Edge in IE mode is not guaranteed to match IE 11 in every aspect,
in practice it generally does. Testing in this mode in GitHub Actions
will allow us to catch most IE-breaking issues at the PR level.
This change also adds missing npm scripts: `test:chrome`, `test:edge`
& `test:ie`.
1. At the same time, there may be two supported versions of Firefox ESR. Run
tests on both, installed locally.
2. Contrary to what we did in gh-5547, still run tests on Firefox 115 on
BrowserStack - on `main`, we deleted it since we support only the versions
supported upstream. In jQuery 3.x, we're testing on all versions matching ESR
lines starting with Firefox 48, so for consistency let's keep Firefox 115
there as well.
*Authors*
- Checking and updating authors has been migrated
to a custom script in the repo
*Changelog*
- changelogplease is no longer maintained
- generate changelog in markdown for GitHub releases
- generate changelog in HTML for blog posts
- generate contributors list in HTML for blog posts
*dist*
- clone dist repo, copy files, and commit/push
- commit tag with dist files on main branch;
remove dist files from main branch after release
*cdn*
- clone cdn repo, copy files, and commit/push
- create versioned and unversioned copies in cdn/
- generate md5 sums and archives for Google and MSFT
*build*
- implement reproducible builds and verify release builds
* uses the last modified date for the latest commit
* See https://reproducible-builds.org/
- the verify workflow also ensures all files were
properly published to the CDN and npm
*docs*
- the new release workflow is documented at build/release/README.md
*verify*
- use the last modified date of the commit before the tag
- use versioned filenames when checking map files on the CDN
- skip factory and package.json files when verifying CDN
*misc*
- now that we don't need the jquery-release script and
now that we no longer need to build on Node 10, we can
use ESM in all files in the build folder
- limit certain workflows to the main repo (not forks)
- version has been set to the previously released version 3.7.1,
as release-it expects
- release-it added the `preReleaseBase` option and we
now always set it to `1` in the npm script. This is
a noop for stable releases.
- include post-release script to be run manually after a release,
with further steps that should be verified manually
Timmy Willison [Sat, 15 Jun 2024 13:10:59 +0000 (09:10 -0400)]
Build: upgrade dependencies, including eslint 9.4.0 and uglify 3.7.7
- Sinon is already at the latest version that supports IE9.
- Upgraded uglify to 3.7.7, which is the latest that worked with IE9.
I tried 3.9.4, which we are using in jquery-migrate, and 3.8.1,
but there were failures in traversing ("Permission denied" errors).
- Upgraded eslint to version 9, which required some changes.
Mainly, unused arguments in catch expressions error by default in 9+.
The config now makes use of `caughtErrorsIgnorePattern`,
which is set to `"^_"`, the same as unused function params.
- Ignored main branch dist files when switching branches.
Timmy Willison [Mon, 10 Jun 2024 18:50:28 +0000 (14:50 -0400)]
Tests: fix supportsScroll feature test in offset
- iOS 12 and below do not support scrollTop/Left on the
window or document. Before 82169df, window.supportsScroll
was always undefined. There were 2 issues: (1) iOS <=12 do
support scroll props on the body, so the support test
wasn't helpful. (2) one test checked the wrong window and
the value was always undefined, which meant those tests
never ran in any browser.
dependabot[bot] [Wed, 5 Jun 2024 22:05:28 +0000 (00:05 +0200)]
Build: Bump the github-actions group with 2 updates
Bumps the github-actions group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).
Updates `actions/checkout` from 4.1.2 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/9bb56186c3b09b4f86b1c65136769dd318469633...a5ac7e51b41094c92402da3b24376905380afc29)
Updates `github/codeql-action` from 3.24.9 to 3.25.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/1b1aada464948af03b950897e5eb522f92603cc2...2e230e8fe0ad3a14a340ad0815ddb96d599d2aff)
Build: Group dependabot PRs updating GitHub Actions
We have monthly automatic dependabot PRs for GitHub Actions. Unfortunately,
as of now we get a separate PR for every dependency which is a bit spammy
compared to regular commits updating source.
Thankfully, there's now a way to tell dependabot to submit a single PR per
a defined group. This change defines a single group to have a single dependabot
PR for all action updates.
CSS:Tests: Fix tests & support tests under CSS Zoom (3.x version)
Firefox 126+ implements CSS zoom in a way it affects width computed style
very slightly (`100.008px` instead of `100px`); accept that difference.
Also, skip the width setter under zoom test in Firefox 126 completely - that
version has CSS zoom affecting `offsetWidth` values. This has been fixed in
Firefox 127 so it's not worth working around it.
Add a test for support tests resolving the same under CSS zoom & without one.
That test uncovered Chrome failing the `reliableTrDimensions` support test
under zoom; the test has been fixed.
Tests: Make `:has` selector tests not vulnerable to unrelated failures
Use `assert.selectInFixture` consistently in `:has` tests. Previously, any test
failure that happened before this test run made it fail due to an additional
paragraph with id `qunit-testresult` injected by QUnit.
Timmy Willison [Wed, 29 May 2024 15:06:42 +0000 (11:06 -0400)]
Tests: revert concurrency group change
- It's common for us to merge to main and cherry pick to 3.x-stable,
so it's best if concurrency is shared between branches, which
is effectively what we had already as it matches on workflow name
and browser. Ideally, it could also match on the corresponding commit,
but it seems the commit message is not available in the github context.
Event: Increase robustness of an inner native event in leverageNative
In Firefox, alert displayed just before blurring an element dispatches
the native blur event twice which tripped the jQuery logic if a jQuery blur
handler was not attached before the trigger call.
This was because the `leverageNative` logic part for triggering first checked if
setup was done before (which, for example, is done if a jQuery handler was
registered before for this element+event pair) and - if it was not - added
a dummy handler that just returned `true`. The `leverageNative` logic made that
`true` then saved into private data, replacing the previous `saved` array. Since
`true` passed the truthy check, the second native inner handler treated `true`
as an array, crashing on the `slice` call.
The same issue could happen if a handler returning `true` is attached before
triggering. A bare `length` check would not be enough as the user handler may
return an array-like as well. To remove this potential data shape clash, capture
the inner result in an object with a `value` property instead of saving it
directly.
Since it's impossible to call `alert()` in unit tests, simulate the issue by
replacing the `addEventListener` method on a test button with a version that
calls attached blur handlers twice.
Tests: Make the beforeunload event tests work regardless of extensions
Some browser extensions, like React DevTools, send messages to the content area.
Since our beforeunload event test listens for all messages, it used to catch
those as well, failing the test.
Add a `source` field to the payload JSON and check for it before treating the
message as coming from our own test to make sure the test passes even with such
browser extensions installed.
Tests: share queue/browser handling for all worker types
- one queue to rule them all: browserstack, selenium, and jsdom
- retries and hard retries are now supported in selenium
- selenium tests now re-use browsers in the same way as browserstack
Timmy Willison [Mon, 11 Mar 2024 14:45:17 +0000 (10:45 -0400)]
Tests: add --hard-retries option to test runner
- Add the ability to retry by restarting the worker and
getting a different browser instance, after all
normal retries have been exhausted. This can sometimes
be successful when a refresh is not.
Timmy Willison [Tue, 5 Mar 2024 18:53:39 +0000 (13:53 -0500)]
Tests: migrate testing infrastructure to minimal dependencies
This is a complete rework of our testing infrastructure. The main goal is to modernize and drop deprecated or undermaintained dependencies (specifically, grunt, karma, and testswarm). We've achieved that by limiting our dependency list to ones that are unlikely to drop support any time soon. The new dependency list includes:
- `qunit` (our trusty unit testing library)
- `selenium-webdriver` (for spinning up local browsers)
- `express` (for starting a test server and adding middleware)
- express middleware includes uses of `body-parser` and `raw-body`
- `yargs` (for constructing a CLI with pretty help text)
- BrowserStack (for running each of our QUnit modules separately in all of our supported browsers)
- `browserstack-local` (for opening a local tunnel. This is the same package still currently used in the new Browserstack SDK)
- We are not using any other BrowserStack library. The newest BrowserStack SDK does not fit our needs (and isn't open source). Existing libraries, such as `node-browserstack` or `browserstack-runner`, either do not quite fit our needs, are under-maintained and out-of-date, or are not robust enough to meet all of our requirements. We instead call the [BrowserStack REST API](https://github.com/browserstack/api) directly.
**BrowserStack**
- automatically retries individual modules in case of test failure(s)
- automatically attempts to re-establish broken tunnels
- automatically refreshes the page in case a test run has stalled
- Browser workers are reused when running isolated modules in the same browser
- runs all browsers concurrently and uses as many sessions as are available under the BrowserStack plan. It will wait for available sessions if there are none.
- supports filtering the available list of browsers by browser name, browser version, device, OS, and OS version (see `npm run test:unit -- --list-browsers` for more info). It will retrieve the latest matching browser available if any of those parameters are not specified. Supports latest and latest-\d+ in place of browser version.
- cleans up after itself (closes the local tunnel, stops the test server, etc.)
- Requires `BROWSERSTACK_USERNAME` and `BROWSERSTACK_ACCESS_KEY` environment variables.
**Selenium**
- supports running any local browser as long as the driver is installed, including support for headless mode in Chrome, FF, and Edge
- supports running `basic` tests on the latest [jsdom](https://github.com/jsdom/jsdom#readme), which can be seen in action in this PR (see `test:browserless`)
- Node tests will run as before in PRs and all non-dependabot branches, but now includes tests on real Safari in a GH actions macos image instead of playwright-webkit.
- can run multiple browsers and multiple modules concurrently
Other notes:
- Stale dependencies have been removed and all remaining dependencies have been upgraded with a few exceptions:
- `sinon`: stopped supporting IE in version 10. But, `sinon` has been updated to 9.x.
- `husky`: latest does not support Node 10 and runs on `npm install`. Needed for now until git builds are migrated to GitHub Actions.
- `rollup`: latest does not support Node 10. Needed for now until git builds are migrated to GitHub Actions.
- BrowserStack tests are set to run on each `main` branch commit
- `debug` mode leaves Selenium browsers open whether they pass or fail and leaves browsers with test failures open on BrowserStack. The latter is to avoid leaving open too many sessions.
- This PR includes a workflow to dispatch BrowserStack runs on-demand
- The Node version used for most workflow tests has been upgraded to 20.x
- updated supportjQuery to 3.7.1
Run `npm run test:unit -- --help` for CLI documentation
Timmy Willison [Tue, 6 Feb 2024 15:16:05 +0000 (10:16 -0500)]
Release: use buildDefaultFiles directly and pass version (#5409)
- also add the ability to pass VERSION in env to test final builds
- adjust sha regex to account for lack of shas
- set the version on the dist package.json
Stephen Sigwart [Thu, 2 Nov 2023 09:48:08 +0000 (05:48 -0400)]
CSS: Fix support test results for initially hidden iframes
If the iframe is not initially visible, the `scrollboxSize` support test is
failing. jQuery then cached this value and and applied the wrong result
undefinitely.
This breaks jQuery UI's Dialogs inside initially invisible iframes.
Build was already happening in scripts like `test:browser` but those scripts
were missing `pretest`, meaning that running `npm install && npm test:browser`
may have failed if `pretest` wasn't run before or if its results were out of
date.
Even worse, with such stale data some tests may erroneously succeed.
This also removes a separate `pretest` step from GitHub Actions as it's no
longer needed.
Build: migrate most grunt tasks off of grunt (3.x)
Close gh-5330
- lint
- npmcopy
- build, minify, and process for distribution.
- new custom build command using yargs
- compare size of minified/gzip built files
- pretest scripts, including qunit-fixture, babel transpilation, and npmcopy
- node smoke tests
- promises aplus tests
- new watch task using nodemon, which runs `npm run build:all` on `src` changes.
Also:
- upgraded husky and added the new lint command
- updated lint config to use new "flat" config format.
See https://eslint.org/docs/latest/use/configure/configuration-files-new
- Temporarily disabled one lint rule until flat config is
supported by eslint-plugin-import.
See https://github.com/import-js/eslint-plugin-import/issues/2556
- committed package-lock.json
- updated all test scripts to use the new build
- added an express test server that uses middleware-mockserver
this can be used to run tests without karma
- build-all-variants is now build:all
- run pretest script in jenkins
---------
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
Core: Simplify code post browser support reduction
Summary of the changes:
* Tests: Remove legacy jQuery.cache & oldIE leftovers
* Tests: Reformat JavaScript in delegatetest.html
* Docs: "jQuery Foundation Projects" -> "jQuery Projects"
* Tests: Drop an unused localfile.html file (modern browsers don't support
the `file:` protocol this way, there's no point in keeping the file around)
* Effects: Remove a redundant `!fn` check (`fn || !fn && easing` is equivalent
to `fn || easing`; simplify the code)
* CSS: Explain the fallback to direct object access in curCSS better
* Tests: Deduplicate `jQuery.parseHTML` test titles
* Dimensions: Add a test for fractional values
* Tests: Fix a buggy WebKit regex
Build: Generate the slim build on `grunt` & run `compare_size` on it
Summary of the changes:
* expand `node_smoke_tests` to test the full & slim builds
* run `compare_size` on all built minified files; don't run it anymore on
unminified files where they don't provide lots of value
The main goal of this change is to make it easier to compare sizes of both the
full & slim builds between the `3.x-stable` & `main` branches.
That threw our `reliableTrDimensions` support test off. This change fixes the
support test and adds a unit test ensuring support test values on a page
including Bootstrap 5 CSS are the same as on a page without it.
Selector: Only attach the unload handler in IE & Edge Legacy
Both IE & Edge Legacy need the workaround of calling `setDocument()` in an
`unload` handler to avoid "permission denied" errors. However, due to not being
possible to feature-detect this issue, the handler has been applied in all
browsers for windows different than the one in which jQuery was loaded.
jQuery 4.0, which drops Edge Legacy support, guards this workaround with
a `document.documentMode` check. This won't work in the 3.x line due to still
supporting Edge Legacy but we can check for
`document.documentElement.msMatchesSelector` instead as that API is
supported in IE 9+ and all Edge Legacy versions.
Tests: Disable the ":lang respects escaped backslashes" test
Firefox 114+ no longer match on backslashes in `:lang()`, even when escaped.
It is an intentional change as `:lang()` parameters are supposed to be valid
BCP 47 strings. Therefore, we won't attempt to patch it.
We'll keep this test here until other browsers match the behavior.
`Sizzle.tokenize` is an internal Sizzle API, but exposed. As a result,
it has historically been available in jQuery via `jQuery.find.tokenize`.
That got dropped during Sizzle removal; this change restores the API.
In addition to that, Sizzle tests have been backported for the following
APIs:
* `jQuery.find.matchesSelector`
* `jQuery.find.matches`
* `jQuery.find.compile`
* `jQuery.find.select`
A new test was also added for `jQuery.find.tokenize` - even Sizzle was
missing one.
Docs: Remove the "Grunt build" section from the PR template
Now that unit tests are run on GitHub Actions in all three major
engines and for multiple custom jQuery builds, the request for PR
authors to run unit tests locally and confirm they pass is needless
overhead; let's drop the checkbox.
Tests: Indicate Chrome 112 & Safari 16.4 pass the cssHas support test (3.x version)
Chrome 112 & Safari 16.4 introduce two changes:
* `:has()` is non-forgiving
* `CSS.supports( "selector(...)" )` parses everything in a non-forgiving way
We no longer care about the latter but the former means the `cssHas` support
test now passes.
CSS: Make `offsetHeight( true )`, etc. include negative margins
This regressed in gh-3656 as the added logic to include scroll gutters
in `.innerWidth()` / `.innerHeight()` didn't take negative margins into
account. This broke handling of negative margins in
`.offsetHeight( true )` and `.offsetWidth( true )`. To fix it, calculate
margin delta separately and only add it after the scroll gutter
adjustment logic.
Event: Simplify the check for saved data in leverageNative
Previously, when `leverageNative` handled async events, there was
a case where an empty placeholder object was set as a result.
Covering both such an object and `false` required a `length` check.
However, this is not necessary since gh-5223 and the check was
already simplified in other places; this one was missed.
There was a comment claiming that there are two implementations
of `safeActiveElement`. However, the one in `event.js` got removed
in gh-5224, even before the comment was added.
New entries cover `aspect-ratio`, `scale`, and a few others.
Also, remove quotes around `cssNumber` keys
A few properties have been taken from React:
https://github.com/facebook/react/blob/afea1d0c536e0336735b0ea5c74f635527b65785/packages/react-dom-bindings/src/shared/CSSProperty.js\#L8-L58
In IE 9 accessing `document.activeElement` may throw; see
https://bugs.jquery.com/ticket/13393. We've already guarded
against this in event code but not in selector.
Event: Make trigger(focus/blur/click) work with native handlers
In `leverageNative`, instead of calling `event.stopImmediatePropagation()`
which would abort both native & jQuery handlers, set the wrapper's
`isImmediatePropagationStopped` property to a function returning `true`.
Since for each element + type pair jQuery attaches only one native handler,
there is also only one wrapper jQuery event so this achieves the goal:
on the target element jQuery handlers don't fire but native ones do.
Unfortunately, this workaround doesn't work for handlers on ancestors
- since the native event is re-wrapped by a jQuery one on each level of
the propagation, the only way to stop it for jQuery was to stop it for
everyone via native `stopPropagation()`. This is not a problem for
`focus`/`blur` which don't bubble, but it does also stop `click` on
checkboxes and radios. We accept this limitation.
Event: Simulate focus/blur in IE via focusin/focusout (3.x version)
In IE (all versions), `focus` & `blur` handlers are fired asynchronously
but `focusin` & `focusout` are run synchronously. In other browsers, all
those handlers are fired synchronously. Asynchronous behavior of these
handlers in IE caused issues for IE (gh-4856, gh-4859).
We now simulate `focus` via `focusin` & `blur` via `focusout` in IE to avoid
these issues. This also let us simplify some tests.
This commit also simplifies `leverageNative` - with IE now using `focusin`
to simulate `focus` and `focusout` to simulate `blur`, we don't have to deal
with async events in `leverageNative`. This also fixes broken `focus` triggers
after first triggering it on a hidden element - previously, `leverageNative`
assumed that the native `focus` handler not firing after calling the native
`focus` method meant it would be handled later, asynchronously, which
was not the case (gh-4950).
To preserve relative `focusin`/`focus` & `focusout`/`blur` event order
guaranteed on the 3.x branch, attach a single handler for both events in IE.
A side effect of this is that to reduce size the `event/focusin` module
no longer exists and it's impossible to disable the `focusin` patch
in modern browsers via the jQuery custom build system.
PR gh-5197 started treating all non-string non-plain-object
`data` values as binary. However, `jQuery.ajax` also supports
arrays as values of `data`. This change didn't land on `3.x-stable`;
however... Surprisingly, we had no tests for array `data` values.
This change backports a few such missing tests added in gh-5203.
Build: Only install Playwright dependencies when needed
PR gh-5190 added support for running tests on Playwright WebKit
in CI. For efficiency reasons, Playwright dependencies are only
installed for the `test:browser` npm script. However, that same
script is also used for Firefox ESR testing.
This change makes Playwright dependencies installed only for cases
where `WebKitHeadless` exists on the list of tested browsers.
projects / jquery.git / log