]> source.dussan.org Git - jquery.git/log
jquery.git
9 months agoRelease: remove scripts and dev deps from dist package.json
Timmy Willison [Mon, 5 Feb 2024 15:36:47 +0000 (10:36 -0500)]
Release: remove scripts and dev deps from dist package.json

- this became necessary due to the addition of the prepare script
- scripts aren't needed and don't work in the dist repo

Close gh-5404

9 months agoRelease: update build command in Release.generateArtifacts
Timmy Willison [Wed, 31 Jan 2024 14:18:41 +0000 (09:18 -0500)]
Release: update build command in Release.generateArtifacts

Close gh-5399

9 months agoAttributes: Shave off a couple of bytes
Michał Gołębiowski-Owczarek [Wed, 31 Jan 2024 00:47:11 +0000 (01:47 +0100)]
Attributes: Shave off a couple of bytes

The `attrHooks` entries for boolean attributes are only defined for jQuery 4+;
jQuery 3.x used a separate mechanism - assigning them to
`jQuery.expr.attrHandle`. That object used to be maintained by Sizzle, since
jQuery 3.7.0 it's kept in the selector module. Because of that, the `isXMLDoc`
check used to be require in this hook.

Now that standard `attrHooks` are used, the `isXMLDoc` check already happens
inside of `jQuery.attr` and there's no need to repeat it in the test. Note that
this repetition is even incorrect - while Sizzle's `jQuery.find.attr` used to
treat an `undefined` output of the hooks from `jQuery.expr.attrHandle` as a way
to opt out of the hook, jQuery's `attrHooks` use `null` to opt out of a getter
hook.

Apart from the size, this patch also avoids unnecessary extra checks.

Closes gh-5398

9 months agoData: Refactor to reduce size
Richard Gibson [Tue, 23 Jan 2024 03:13:23 +0000 (22:13 -0500)]
Data: Refactor to reduce size

* Return the new value from `set(owner, key, value)`.
* Use `set(owner, key, value)` rather than `access(owner, key, value)`.

Close gh-5392

9 months agoBuild: migrate grunt authors to a custom script
Timmy Willison [Tue, 23 Jan 2024 02:08:16 +0000 (21:08 -0500)]
Build: migrate grunt authors to a custom script

- the new script pulls all authors from the Sizzle repo
- added temporary grunt task for releases

Close gh-5395

10 months agoManipulation: Generalize a test to support IE
Richard Gibson [Fri, 12 Jan 2024 23:19:33 +0000 (18:19 -0500)]
Manipulation: Generalize a test to support IE

Ref gh-5378
Closes gh-5391

10 months agoSelector: Make `selector.js` module depend on `attributes/attr.js`
Michał Gołębiowski-Owczarek [Fri, 12 Jan 2024 00:18:03 +0000 (01:18 +0100)]
Selector: Make `selector.js` module depend on `attributes/attr.js`

This fixes custom builds using the `--include` switch that don't include
the `attributes` module.

Fixes gh-5379
Closes gh-5384

Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
10 months agoBuild: Bump follow-redirects from 1.15.1 to 1.15.4
dependabot[bot] [Fri, 12 Jan 2024 00:12:52 +0000 (01:12 +0100)]
Build: Bump follow-redirects from 1.15.1 to 1.15.4

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.1 to 1.15.4.
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.1...v1.15.4)

Closes gh-5389

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
10 months agoManipulation: Support $el.html(selfRemovingScript) (#5378)
Richard Gibson [Mon, 8 Jan 2024 17:30:39 +0000 (12:30 -0500)]
Manipulation: Support $el.html(selfRemovingScript) (#5378)

Don't try to remove a script element that has already removed itself.

Also, compress `DOMEval.js`.

Fixes gh-5377
Closes gh-5378

10 months agoSelector: Eliminate `selector.js` depenencies from various modules
Michał Gołębiowski-Owczarek [Thu, 4 Jan 2024 00:06:40 +0000 (01:06 +0100)]
Selector: Eliminate `selector.js` depenencies from various modules

There are two main reasons for why some of those dependencies are no longer
needed:
1. `jQuery.contains` which is now a part of `core`.
2. `jQuery.find.attr` no longer exists, native `getAttribute` is used instead.

Closes gh-5383
Ref gh-5379

10 months agoBuild: Bump actions/setup-node and github/codeql-action
dependabot[bot] [Mon, 1 Jan 2024 00:53:22 +0000 (00:53 +0000)]
Build: Bump actions/setup-node and github/codeql-action

1: Bump actions/setup-node from 4.0.0 to 4.0.1

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/8f152de45cc393bb48ce5d89d36b731f54556e65...b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

2: Bump github/codeql-action from 2.22.5 to 3.22.12

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.22.5 to 3.22.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/74483a38d39275f33fcff5f35b679b5ca4a26a99...012739e5082ff0c22ca6d6ab32e07c36df03c4a4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Closes gh-5381
Closes gh-5382

Signed-off-by: dependabot[bot] <support@github.com>
12 months agoBuild: Reformat GitHub workflow Yaml files
Michał Gołębiowski-Owczarek [Mon, 20 Nov 2023 17:20:16 +0000 (18:20 +0100)]
Build: Reformat GitHub workflow Yaml files

Use Prettier 3.1.0 to reformat the Yaml files. This makes their format identical
to the one used on `3.x-stable`, making for much easier cherry-picks.

The main difference is the list under `steps:` was not indented while all other
lists were.

Closes gh-5364

12 months agoBuild: Bump @babel/traverse & multiple actions
Michał Gołębiowski-Owczarek [Mon, 13 Nov 2023 17:44:30 +0000 (18:44 +0100)]
Build: Bump @babel/traverse & multiple actions

1: Bump actions/cache from 3.3.1 to 3.3.2

Bumps [actions/cache](https://github.com/actions/cache) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8...704facf57e6136b1bc63b828d79edcd491f0ee84)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

2: Bump actions/checkout from 3.6.0 to 4.1.1

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.6.0 to 4.1.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/f43a0e5ff2bd294095638e18286ca9a3d1956744...b4ffde65f46336ab88eb53be808477a3936bae11)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

3: Bump github/codeql-action from 2.21.5 to 2.22.5

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.5 to 2.22.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/00e563ead9f72a8461b24876bee2d0c2e8bd2ee8...74483a38d39275f33fcff5f35b679b5ca4a26a99)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

4: Bump actions/setup-node from 3.8.1 to 4.0.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.8.1 to 4.0.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d...8f152de45cc393bb48ce5d89d36b731f54556e65)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

5: Bump @babel/traverse from 7.22.5 to 7.23.2

Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.22.5 to 7.23.2.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.23.2/packages/babel-traverse)

---
updated-dependencies:
- dependency-name: "@babel/traverse"
  dependency-type: indirect
...

Closes gh-5341
Closes gh-5349
Closes gh-5354
Closes gh-5355
Closes gh-5356
Closes gh-5363

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
12 months agoBuild: Don't run CI push workflows for dependabot branches
Michał Gołębiowski-Owczarek [Mon, 13 Nov 2023 17:18:20 +0000 (18:18 +0100)]
Build: Don't run CI push workflows for dependabot branches

Without this change, dependabot PRs run double checks - one set for the `push`
part and one for the `pull_request` part.

Closes gh-5353

12 months agoCSS: Fix reliableTrDimensions support test for initially hidden iframes
Michał Gołębiowski-Owczarek [Mon, 6 Nov 2023 23:35:52 +0000 (00:35 +0100)]
CSS: Fix reliableTrDimensions support test for initially hidden iframes

Closes gh-5358
Ref gh-5317
Ref gh-5359

12 months agoBuild: Update ESLint-related packages, fix linting errors
Michał Gołębiowski-Owczarek [Wed, 1 Nov 2023 23:48:50 +0000 (00:48 +0100)]
Build: Update ESLint-related packages, fix linting errors

The main change is the new rule in `eslint-config-jquery`:
`template-curly-spacing`.

Closes gh-5347
Ref jquery/eslint-config-jquery#21
Ref gh-5348

13 months agoBuild: Run pretest before test:* npm scripts
Michał Gołębiowski-Owczarek [Mon, 16 Oct 2023 16:54:54 +0000 (18:54 +0200)]
Build: Run pretest before test:* npm scripts

Build was already happening in scripts like `test:browser` but those scripts
were missing `pretest`, meaning that running `npm install && npm test:browser`
may have failed if `pretest` wasn't run before or if its results were out of
date.

Even worse, with such stale data some tests may erroneously succeed.

This also removes a separate `pretest` step from GitHub Actions as it's no
longer needed.

Closes gh-5338

14 months agoDocs: Fix module links in the package README
Michał Gołębiowski-Owczarek [Thu, 21 Sep 2023 23:39:05 +0000 (01:39 +0200)]
Docs: Fix module links in the package README

The package README used to show examples importing from a regular jQuery file;
this won't work natively. Instead, use module versions of jQuery in these
examples.

Closes gh-5336

14 months agoBuild: sort branches in compare_size; last run last
Timmy Willison [Thu, 21 Sep 2023 21:45:33 +0000 (17:45 -0400)]
Build: sort branches in compare_size; last run last

Close gh-5333

14 months agoBuild: run pretest in jenkins script
Timmy Willison [Wed, 20 Sep 2023 22:07:35 +0000 (18:07 -0400)]
Build: run pretest in jenkins script

14 months agoBuild: fix inconsistent builds in Node 20
Timmy Willison [Wed, 20 Sep 2023 21:19:21 +0000 (17:19 -0400)]
Build: fix inconsistent builds in Node 20

- one fileOverrides per build
- only run the lint build when running lint

Close gh-5332

14 months agoDocs: update watch task in CONTRIBUTING.md
Timmy Willison [Wed, 20 Sep 2023 22:10:57 +0000 (18:10 -0400)]
Docs: update watch task in CONTRIBUTING.md

Close gh-5331

14 months agoBuild: add commit SHAs and last runs to comparisons
Timmy Willison [Wed, 20 Sep 2023 01:15:45 +0000 (21:15 -0400)]
Build: add commit SHAs and last runs to comparisons

- only remove the short SHA and .dirty from version strings
- automatically reset the cache on version mismatch

Close gh-5329

14 months agoBuild: add new factory files to dist eslint
Timmy Willison [Wed, 20 Sep 2023 02:20:10 +0000 (22:20 -0400)]
Build: add new factory files to dist eslint

14 months agoCSS:Selector: Align with 3.x, remove the outer `selector.js` wrapper
Michał Gołębiowski-Owczarek [Wed, 20 Sep 2023 00:31:35 +0000 (02:31 +0200)]
CSS:Selector: Align with 3.x, remove the outer `selector.js` wrapper

Bring some changes from `3.x-stable`:
* rename `rtrim` to `rtrimCSS` to distinguish from the previous `rtrim`
  regex used for `jQuery.trim`
* backport one `id` selector test that avoids the selector engine path

Other changes:
* remove the inner function wrapper from `selector.js` by renaming
  the imported `document.js` value
* use `jQuery.error` in `selectorError`
* make Selector tests pass in all-modules runs by fixing a sinon mistake
  in Core tests - Core tests had a spy set up for `jQuery.error` that wasn't
  cleaned up, influencing Selector tests when all were run together

Closes gh-5295

14 months agoCore: Add more info about named exports
Michał Gołębiowski-Owczarek [Tue, 19 Sep 2023 23:29:05 +0000 (01:29 +0200)]
Core: Add more info about named exports

Also, fix an example importing from `jquery/src/css.js` as that is supposed
to use named exports now.

Closes gh-5328

14 months agoCore: Simplify code post browser support reduction
Michał Gołębiowski-Owczarek [Tue, 19 Sep 2023 22:54:40 +0000 (00:54 +0200)]
Core: Simplify code post browser support reduction

Summary of the changes:
* Core: Simplify code post browser support reduction
* Tests: Remove legacy jQuery.cache & oldIE leftovers
* Tests: Reformat JavaScript in delegatetest.html
* Docs: "jQuery Foundation Projects" -> "jQuery Projects"
* Tests: Drop an unused localfile.html file (modern browsers don't support
  the `file:` protocol this way, there's no point in keeping the file around)
* Effects: Remove a redundant `!fn` check (`fn || !fn && easing` is equivalent
  to `fn || easing`; simplify the code)
* CSS: Explain the fallback to direct object access in curCSS better
* Tests: Deduplicate `jQuery.parseHTML` test titles
* Dimensions: Add a test for fractional values
* Tests: Fix a buggy WebKit regex

Closes gh-5296

14 months agoCore: Move the factory to separate exports
Michał Gołębiowski-Owczarek [Tue, 19 Sep 2023 16:58:24 +0000 (18:58 +0200)]
Core: Move the factory to separate exports

Since versions 1.11.0/2.1.0, jQuery has used a module wrapper with one strange
addition - in CommonJS environments, if a global `window` with a `document` was
not present, jQuery exported a factory accepting a `window` implementation and
returning jQuery.

This approach created a number of problems:
1. Properly typing jQuery would be a nightmare as the exported value depends on
   the environment. In practice, typing definitions ignored the factory case.
2. Since we now use named exports for the jQuery module version, it felt weird
   to have `jQuery` and `$` pointing to the factory instead of real jQuery.

Instead, for jQuery 4.0 we leverage the just added `exports` field in
`package.json` to expose completely separate factory entry points: one for the
full build, one for the slim one.

Exports definitions for `./factory` & `./factory-slim` are simpler than for `.`
and `./slim` - this is because it's a new entry point, we only expose a named
export and so there's no issue with just pointing Node.js to the CommonJS
version (we cannot use the module version for `import` from Node.js to avoid
double package hazard). The factory entry points are also not meant for the Web
browser which always has a proper `window` - and they'd be unfit for an
inclusion in a regular script tag anyway. Because of that, we also don't
generate minified versions of these entry points.

The factory files are not pushed to the CDN since they are mostly aimed
at Node.js.

Closes gh-5293

14 months agoBuild: Bump qs, socket.io-parser, socket.io & json5
dependabot[bot] [Mon, 18 Sep 2023 16:39:28 +0000 (16:39 +0000)]
Build: Bump qs, socket.io-parser, socket.io & json5

1: Bump json5 from 2.2.0 to 2.2.3

Bumps [json5](https://github.com/json5/json5) from 2.2.0 to 2.2.3.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](https://github.com/json5/json5/compare/v2.2.0...v2.2.3)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

2: Bump socket.io-parser and socket.io

Bumps [socket.io-parser](https://github.com/socketio/socket.io-parser)
and [socket.io](https://github.com/socketio/socket.io). These dependencies
needed to be updated together.

Updates `socket.io-parser` from 4.0.5 to 4.2.4
- [Release notes](https://github.com/socketio/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io-parser/compare/4.0.5...4.2.4)

Updates `socket.io` from 4.5.1 to 4.7.2
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/compare/4.5.1...4.7.2)

---
updated-dependencies:
- dependency-name: socket.io-parser
  dependency-type: indirect
- dependency-name: socket.io
  dependency-type: indirect
...

3: Bump qs from 6.5.2 to 6.5.3

Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3.
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ljharb/qs/compare/v6.5.2...v6.5.3)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: indirect
...

Closes gh-5324
Closes gh-5325
Closes gh-5326

Signed-off-by: dependabot[bot] <support@github.com>
14 months agoBuild: migrate most grunt tasks off of grunt
Timmy Willison [Mon, 18 Sep 2023 16:39:00 +0000 (12:39 -0400)]
Build: migrate most grunt tasks off of grunt

Updated tasks include:

- lint
- npmcopy
- build, minify, and process for distribution.
- new custom build command using yargs
- compare size of minified/gzip built files
- pretest scripts, including qunit-fixture, babel transpilation, and npmcopy
- node smoke tests
- promises aplus tests
- new watch task using `rollup.watch` directly

Also:

- upgraded husky and added the new lint command
- updated lint config to use new "flat" config format. See https://eslint.org/docs/latest/use/configure/configuration-files-new
- Temporarily disabled one lint rule until flat config is supported by eslint-plugin-import. See https://github.com/import-js/eslint-plugin-import/issues/2556
- committed package-lock.json
- updated all test scripts to use the new build
- added an express test server that uses middleware-mockserver (this can be used to run tests without karma)
- build-all-variants is now build:all

Close gh-5318

14 months agoCore: Use named exports in `src/`
Michał Gołębiowski-Owczarek [Tue, 12 Sep 2023 00:27:19 +0000 (02:27 +0200)]
Core: Use named exports in `src/`

The `default` export is treated differently across tooling when transpiled
to CommonJS - tools differ on whether `module.exports` represents the full
module object or just its default export. Switch `src/` modules to named
exports for tooling consistency.

Fixes gh-5262
Closes gh-5292

14 months agoBuild: Bump actions/checkout, actions/setup-node & github/codeql-action
dependabot[bot] [Fri, 1 Sep 2023 00:37:59 +0000 (00:37 +0000)]
Build: Bump actions/checkout, actions/setup-node & github/codeql-action

1: Bump actions/checkout from 3.5.3 to 3.6.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/c85c95e3d7251135ab7dc9ce3241c5835cc595a9...f43a0e5ff2bd294095638e18286ca9a3d1956744)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

2: Bump actions/setup-node from 3.6.0 to 3.8.1

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.6.0 to 3.8.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c...5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

3: Bump github/codeql-action from 2.20.1 to 2.21.5

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/f6e388ebf0efc915c6c5b165b019ee61a6746a38...00e563ead9f72a8461b24876bee2d0c2e8bd2ee8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Closes gh-5311
Closes gh-5312
Closes gh-5313

Signed-off-by: dependabot[bot] <support@github.com>
14 months agoBuild: Update mailmap entry for Krinkle
Timo Tijhof [Fri, 25 Aug 2023 14:19:15 +0000 (15:19 +0100)]
Build: Update mailmap entry for Krinkle

Close gh-5309

15 months agoBuild: replace CRLF with LF during minify
Timmy Willison [Fri, 11 Aug 2023 01:13:24 +0000 (21:13 -0400)]
Build: replace CRLF with LF during minify

- SWC is not respecting the git setting and does not have
  an option to force LF. This fixes the build on Windows.

Close gh-5305

16 months agoBuild: Add `exports` to package.json, export slim & esm builds
Michał Gołębiowski-Owczarek [Mon, 10 Jul 2023 17:14:08 +0000 (19:14 +0200)]
Build: Add `exports` to package.json, export slim & esm builds

Summary of the changes:
* define the `exports` field in `package.json`; `jQuery` & `$` are also
  exported as named exports in ESM builds now
* declare `"type": "module"` globally except for the `build` folder
* add the `--esm` option to `grunt custom`, generating jQuery as an ECMAScript
  module into the `dist-module` folder
* expand `node_smoke_tests` to test the slim & ESM builds and their various
  combinations; also, test both jQuery loaded via a path to the file as well
  as from module specifiers that should be parsed via the `exports` feature
* add details about ESM usage to the release package README
* run `compare_size` on all built minified files; don't run it anymore on
  unminified files where they don't provide lots of value
* remove the remove_map_comment task; SWC doesn't insert the
`//# sourceMappingURL=` pragma by default so there's nothing to strip

Fixes gh-4592
Closes gh-5255

16 months agoCSS: Make the reliableTrDimensions support test work with Bootstrap CSS
Michał Gołębiowski-Owczarek [Mon, 10 Jul 2023 16:33:05 +0000 (18:33 +0200)]
CSS: Make the reliableTrDimensions support test work with Bootstrap CSS

Bootstrap 5 includes the following CSS on the page:

```css
*,
*::before,
*::after {
  box-sizing: border-box;
}
```

That threw our `reliableTrDimensions` support test off. This change fixes the
support test and adds a unit test ensuring support test values on a page
including Bootstrap 5 CSS are the same as on a page without it.

Fixes gh-5270
Closes gh-5278
Ref gh-5279

16 months agoBuild: Switch form Terser to SWC for JS minification (#5286)
Michał Gołębiowski-Owczarek [Mon, 10 Jul 2023 16:23:07 +0000 (18:23 +0200)]
Build: Switch form Terser to SWC for JS minification (#5286)

Also, as part of this, fix the `file` & `sources` properties of the source map
file.

Fixes gh-5285
Closes gh-5286
Ref gh-5258

16 months agoBuild: Make sure `*.cjs` & `*.mjs` files use UNIX line endings as well
Michał Gołębiowski-Owczarek [Mon, 10 Jul 2023 16:19:52 +0000 (18:19 +0200)]
Build: Make sure `*.cjs` & `*.mjs` files use UNIX line endings as well

We've had this rule for `*.js` files so far but we now have two new JS
extensions.

Closes gh-5290

16 months agoBuild: switch preferred email for timmywil
Timmy Willison [Mon, 10 Jul 2023 14:59:12 +0000 (10:59 -0400)]
Build: switch preferred email for timmywil

Close gh-5288

16 months agoBuild: Bump github/codeql-action & actions/checkout
dependabot[bot] [Sat, 1 Jul 2023 00:28:46 +0000 (00:28 +0000)]
Build: Bump github/codeql-action & actions/checkout

1: Bump github/codeql-action from 2.3.6 to 2.20.1

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/83f0fe6c4988d98a455712a27f0255212bba9bd4...f6e388ebf0efc915c6c5b165b019ee61a6746a38)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

2: Build: Bump actions/checkout from 3.5.2 to 3.5.3

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/8e5e7e5ab8b370d6c329ec480221332ada57f0ab...c85c95e3d7251135ab7dc9ce3241c5835cc595a9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Closes gh-5283
Closes gh-5284

16 months agoDocs: Fix typos found by codespell
Dimitri Papadopoulos Orfanos [Tue, 27 Jun 2023 22:29:29 +0000 (00:29 +0200)]
Docs: Fix typos found by codespell

Closes gh-5165

16 months agoBuild: Drop individual AMD modules
Michał Gołębiowski-Owczarek [Tue, 27 Jun 2023 16:23:58 +0000 (18:23 +0200)]
Build: Drop individual AMD modules

With this change, jQuery build no longer generates the `amd` directory with
AMD modules transpiled from source `src` ECMAScript Modules. To use individual
jQuery modules from source, ESM is now required.

Note that this DOES NOT affect the main `"jquery"` AMD module defined by built
jQuery files; those remain supported.

Closes gh-5276

16 months agoTests: Disable the ":lang respects escaped backslashes" test
Michał Gołębiowski-Owczarek [Tue, 27 Jun 2023 16:05:46 +0000 (18:05 +0200)]
Tests: Disable the ":lang respects escaped backslashes" test

Firefox 114+ no longer match on backslashes in `:lang()`, even when escaped.
It is an intentional change as `:lang()` parameters are supposed to be valid
BCP 47 strings. Therefore, we won't attempt to patch it.
We'll keep this test here until other browsers match the behavior.

Fixes gh-5271
Closes gh-5277
Ref https://bugzilla.mozilla.org/show_bug.cgi?id=1839747#c1
Ref https://github.com/w3c/csswg-drafts/issues/8720#issuecomment-1509242961

16 months agoDocs: remove stale gitter badge from readme
Timmy Willison [Fri, 23 Jun 2023 13:43:26 +0000 (09:43 -0400)]
Docs: remove stale gitter badge from readme

Close gh-5273

17 months agoBuild: Reference GitHub Actions by commit SHAs
Gabriela Gutierrez [Tue, 13 Jun 2023 21:22:07 +0000 (21:22 +0000)]
Build: Reference GitHub Actions by commit SHAs

The SHAs are verified to come from the original repositories and not forks.

For reference:

https://github.com/github/codeql-action/releases/tag/v2.3.6
https://github.com/github/codeql-action/commit/83f0fe6c4988d98a455712a27f0255212bba9bd4

https://github.com/actions/checkout/releases/tag/v3.5.2
https://github.com/actions/checkout/commit/8e5e7e5ab8b370d6c329ec480221332ada57f0ab

https://github.com/actions/cache/releases/tag/v3.3.1
https://github.com/actions/cache/commit/88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8

https://github.com/actions/setup-node/releases/tag/v3.6.0
https://github.com/actions/setup-node/commit/64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c

Fixes gh-5266
Closes gh-5269

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
17 months agoCore: Fix regression in jQuery.text() on HTMLDocument objects
Timo Tijhof [Mon, 12 Jun 2023 21:12:15 +0000 (22:12 +0100)]
Core: Fix regression in jQuery.text() on HTMLDocument objects

Fixes gh-5264
Closes gh-5265

(cherry picked from commit 44c56f87a31fbc1f43ac575cfd06a0df12073352)

17 months agoSelector: Re-expose jQuery.find.{tokenize,select,compile,setDocument}
Michał Gołębiowski-Owczarek [Mon, 12 Jun 2023 20:58:55 +0000 (22:58 +0200)]
Selector: Re-expose jQuery.find.{tokenize,select,compile,setDocument}

`Sizzle.tokenize` is an internal Sizzle API, but exposed. As a result,
it has historically been available in jQuery via `jQuery.find.tokenize`.
That got dropped during Sizzle removal; this change restores the API.

Some other APIs so far only exposed on the `3.x` line are also added
back:
* `jQuery.find.select`
* `jQuery.find.compile`
* `jQuery.find.setDocument`

In addition to that, Sizzle tests have been backported for the following
APIs:
* `jQuery.find.matchesSelector`
* `jQuery.find.matches`
* `jQuery.find.compile`
* `jQuery.find.select`

A new test was also added for `jQuery.find.tokenize` - even Sizzle was
missing one.

Fixes gh-5259
Closes gh-5263
Ref gh-5260
Ref jquery/sizzle#242
Ref gh-5113
Ref gh-4395
Ref gh-4406

17 months agoBuild: Switch the minifier from UglifyJS to Terser
Michał Gołębiowski-Owczarek [Wed, 31 May 2023 16:59:35 +0000 (18:59 +0200)]
Build: Switch the minifier from UglifyJS to Terser

UglifyJS is ES5-only, while Terser supports newer ECMAScript versions. jQuery
is authored in ES5 but jQuery 4.x will also have an ESM build that cannot be
minified using UglifyJS directly.

We could strip the `export` statement, minify via UglifyJS and re-add one but
that increases complexity & may not fully play nice with source maps.

On the other hand, switching to Terser increases the minfied size by just 324
bytes and the minified gzipped one by just 70 bytes. Such differences largely
disappear among bigger size gains from the `3.x-stable` line - around 2.7 KB
minified gzipped as of now.

Closes gh-5258

17 months agoDocs: Remove the "Grunt build" section from the PR template
Michał Gołębiowski-Owczarek [Wed, 31 May 2023 16:57:13 +0000 (18:57 +0200)]
Docs: Remove the "Grunt build" section from the PR template

Now that unit tests are run on GitHub Actions in all three major
engines and for multiple custom jQuery builds, the request for PR
authors to run unit tests locally and confirm they pass is needless
overhead; let's drop the checkbox.

Closes gh-5261

17 months agoBuild: Make the `eslint:dev` task not lint the `dist/` folder
Michał Gołębiowski-Owczarek [Wed, 31 May 2023 16:55:29 +0000 (18:55 +0200)]
Build: Make the `eslint:dev` task not lint the `dist/` folder

There was a mistake in paths logic that made the `dist/` folder linted
even in the `eslint:dev` task which is run before the build. Fix that by
explicitly ignoring the `dist/` folder at the end of the file list.

Closes gh-5257

18 months agoDeprecated: Define `.hover()` using non-deprecated methods
Michał Gołębiowski-Owczarek [Mon, 22 May 2023 16:23:19 +0000 (18:23 +0200)]
Deprecated: Define `.hover()` using non-deprecated methods

Make the deprecated `.hover()` method not rely on other deprecated
methods: `.mouseenter()` & `.mouseleave()`. Use `.on()` instead.

Closes gh-5251

18 months agoBuild: Test on Node.js 20, stop testing on Node.js 14 & 19
Michał Gołębiowski-Owczarek [Mon, 22 May 2023 14:21:35 +0000 (16:21 +0200)]
Build: Test on Node.js 20, stop testing on Node.js 14 & 19

Closes gh-5250

19 months agoTests: Indicate Chrome 112 & Safari 16.4 pass the cssHas support test
Michał Gołębiowski-Owczarek [Tue, 4 Apr 2023 22:25:20 +0000 (00:25 +0200)]
Tests: Indicate Chrome 112 & Safari 16.4 pass the cssHas support test

Chrome 112 & Safari 16.4 introduce two changes:
* `:has()` is non-forgiving
* `CSS.supports( "selector(...)" )` parses everything in a non-forgiving way

We no longer care about the latter but the former means the `cssHas` support
test now passes.

Closes gh-5225

19 months agoCSS: Make `offsetHeight( true )`, etc. include negative margins
Michał Gołębiowski-Owczarek [Tue, 4 Apr 2023 14:00:55 +0000 (16:00 +0200)]
CSS: Make `offsetHeight( true )`, etc. include negative margins

This regressed in gh-3656 as the added logic to include scroll gutters
in `.innerWidth()` / `.innerHeight()` didn't take negative margins into
account. This broke handling of negative margins in
`.offsetHeight( true )` and `.offsetWidth( true )`. To fix it, calculate
margin delta separately and only add it after the scroll gutter
adjustment logic.

Fixes gh-3982
Closes gh-5234
Ref gh-3656

19 months agoEvent: Avoid collisions between jQuery.event.special & Object.prototype
Michał Gołębiowski-Owczarek [Mon, 3 Apr 2023 16:40:24 +0000 (18:40 +0200)]
Event: Avoid collisions between jQuery.event.special & Object.prototype

This is a follow-up to similar changes to data & event storages from
gh-4603.

Closes gh-5235
Ref gh-4603

19 months agoEvent: Simplify the check for saved data in leverageNative
Michał Gołębiowski-Owczarek [Mon, 3 Apr 2023 16:21:15 +0000 (18:21 +0200)]
Event: Simplify the check for saved data in leverageNative

Previously, when `leverageNative` handled async events, there was
a case where an empty placeholder object was set as a result.
Covering both such an object and `false` required a `length` check.
However, this is not necessary since gh-5223 and the check was
already simplified in other places; this one was missed.

Closes gh-5236
Ref gh-5223

19 months agoEvent: Make trigger(focus/blur/click) work with native handlers
Michał Gołębiowski-Owczarek [Mon, 27 Mar 2023 19:47:01 +0000 (21:47 +0200)]
Event: Make trigger(focus/blur/click) work with native handlers

In `leverageNative`, instead of calling `event.stopImmediatePropagation()`
which would abort both native & jQuery handlers, set the wrapper's
`isImmediatePropagationStopped` property to a function returning `true`.
Since for each element + type pair jQuery attaches only one native handler,
there is also only one wrapper jQuery event so this achieves the goal:
on the target element jQuery handlers don't fire but native ones do.

Unfortunately, this workaround doesn't work for handlers on ancestors
- since the native event is re-wrapped by a jQuery one on each level of
the propagation, the only way to stop it for jQuery was to stop it for
everyone via native `stopPropagation()`. This is not a problem for
`focus`/`blur` which don't bubble, but it does also stop `click` on
checkboxes and radios. We accept this limitation.

Fixes gh-5015
Closes gh-5228

19 months agoEvent: Simulate focus/blur in IE via focusin/focusout
Michał Gołębiowski-Owczarek [Mon, 27 Mar 2023 19:22:38 +0000 (21:22 +0200)]
Event: Simulate focus/blur in IE via focusin/focusout

In IE (all versions), `focus` & `blur` handlers are fired asynchronously
but `focusin` & `focusout` are run synchronously. In other browsers, all
those handlers are fired synchronously. Asynchronous behavior of these
handlers in IE caused issues for IE (gh-4856, gh-4859).

We now simulate `focus` via `focusin` & `blur` via `focusout` in IE to avoid
these issues. This also let us simplify some tests.

This commit also simplifies `leverageNative` - with IE now using `focusin`
to simulate `focus` and `focusout` to simulate `blur`, we don't have to deal
with async events in `leverageNative`. This also fixes broken `focus` triggers
after first triggering it on a hidden element - previously, `leverageNative`
assumed that the native `focus` handler not firing after calling the native
`focus` method meant it would be handled later, asynchronously, which
was not the case (gh-4950).

Fixes gh-4856
Fixes gh-4859
Fixes gh-4950
Closes gh-5223

Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
20 months agoAjax: Don't treat array data as binary
Michał Gołębiowski-Owczarek [Mon, 20 Mar 2023 23:36:00 +0000 (00:36 +0100)]
Ajax: Don't treat array data as binary

PR gh-5197 started treating all non-string non-plain-object
`data` values as binary. However, `jQuery.ajax` also supports
arrays as values of `data`. This change makes regular arrays
no longer be considered binary data.

Surprisingly, we had no tests for array `data` values; otherwise,
we'd detect the issue earlier. This change also adds
a few such missing tests.

Closes gh-5203
Ref gh-5197

20 months agoBuild: Only install Playwright dependencies when needed
Michał Gołębiowski-Owczarek [Mon, 20 Mar 2023 16:13:31 +0000 (17:13 +0100)]
Build: Only install Playwright dependencies when needed

PR gh-5190 added support for running tests on Playwright WebKit
in CI. For efficiency reasons, Playwright dependencies are only
installed for the `test:browser` npm script. However, that same
script is also used for Firefox ESR testing.

This change makes Playwright dependencies installed only for cases
where `WebKitHeadless` exists on the list of tested browsers.

Closes gh-5204
Ref gh-5190

20 months agoAjax: Allow `processData: true` even for binary data
Michał Gołębiowski-Owczarek [Mon, 20 Mar 2023 16:08:51 +0000 (17:08 +0100)]
Ajax: Allow `processData: true` even for binary data

The way gh-5197 implemented binary data handling, `processData`
was being explicitly set to `false`. This is expected but it made
it impossible to override it to `true`. The new logic will only
set `processData` to `false` if it wasn't explicitly passed
in original options.

Closes gh-5205
Ref gh-5197

20 months agoTests: Test AJAX deprecated event aliases properly
Michał Gołębiowski-Owczarek [Wed, 15 Mar 2023 10:44:08 +0000 (11:44 +0100)]
Tests: Test AJAX deprecated event aliases properly

PR gh-5046 erroneously changed AJAX deprecated event alias
usage in deprecated tests to `.on()` calls. This change
reverses this mistake.

Closes gh-5195
Ref gh-5046

20 months agoDeferred: Rename `getStackHook` to `getErrorHook`
Michał Gołębiowski-Owczarek [Tue, 14 Mar 2023 21:32:45 +0000 (22:32 +0100)]
Deferred: Rename `getStackHook` to `getErrorHook`

Rename `jQuery.Deferred.getStackHook` to `jQuery.Deferred.getErrorHook`
to indicate passing an error instance is usually a better choice - it
works with source maps while a raw stack generally does not.

In jQuery `3.7.0`, we'll keep both names, marking the old one as
deprecated. In jQuery `4.0.0` we'll just keep the new one. This
change implements the `4.0.0` version; PR gh-5212 implements
the `3.7.0` one.

Fixes gh-5201
Closes gh-5211
Ref gh-5212

20 months agoRelease: add support for md5 sums in windows
Timmy Willison [Thu, 9 Mar 2023 20:19:07 +0000 (15:19 -0500)]
Release: add support for md5 sums in windows

Close gh-5219

21 months agoSelector: Stop relying on CSS.supports( "selector(...)" )
Michał Gołębiowski-Owczarek [Tue, 14 Feb 2023 09:11:40 +0000 (10:11 +0100)]
Selector: Stop relying on CSS.supports( "selector(...)" )

`CSS.supports( "selector(...)" )` has different semantics than selectors passed
to `querySelectorAll`. Apart from the fact that the former returns `false` for
unrecognized selectors and the latter throws, `qSA` is more forgiving and
accepts some invalid selectors, auto-correcting them where needed - for
example, mismatched brackers are auto-closed. This behavior difference is
breaking for many users.

To add to that, a recent CSSWG resolution made `:is()` & `:where()` the only
pseudos with forgiving parsing; browsers are in the process of making `:has()`
parsing unforgiving.

Taking all that into account, we go back to our previous try-catch approach
without relying on `CSS.supports( "selector(...)" )`. The only difference
is we detect forgiving parsing in `:has()` and mark the selector as buggy.

The PR also updates `playwright-webkit` so that we test against a version
of WebKit that already has non-forgiving `:has()`.

Fixes gh-5194
Closes gh-5206
Ref gh-5098
Ref gh-5107
Ref w3c/csswg-drafts#7676

Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
21 months agoSelector: Backport jQuery selection context logic to selector-native
Michał Gołębiowski-Owczarek [Mon, 13 Feb 2023 17:34:41 +0000 (18:34 +0100)]
Selector: Backport jQuery selection context logic to selector-native

This makes:
```js
$div.find("div > *")
```
no longer matching children of `$div`.

Also, leading combinators now work, e.g.:
```js
$div.find( "> *" );
```
returns children of `$div`.

As a result of that, a number of tests are no longer skipped in the
`selector-native` mode.

Also, rename `rcombinators` to `rleadingCombinator`.

Fixes gh-5185
Closes gh-5186
Ref gh-5085

21 months agoBuild: Bump actions/setup-node from 3.5.1 to 3.6.0
dependabot[bot] [Thu, 2 Feb 2023 00:43:00 +0000 (01:43 +0100)]
Build: Bump actions/setup-node from 3.5.1 to 3.6.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.1...v3.6.0)

Closes gh-5200

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
21 months agoAjax: Support binary data (including FormData)
Michał Gołębiowski-Owczarek [Wed, 1 Feb 2023 12:48:35 +0000 (13:48 +0100)]
Ajax: Support binary data (including FormData)

Two changes have been applied:
* prefilters are now applied before data is converted to a string;
  this allows prefilters to disable such a conversion
* a prefilter for binary data is added; it disables data conversion
  for non-string non-plain-object `data`; for `FormData` bodies, it
  removes manually-set `Content-Type` header - this is required
  as browsers need to append their own boundary to the header

Ref gh-4150
Closes gh-5197

21 months agoDeferred: Respect source maps in jQuery.Deferred.exceptionHook
Michał Gołębiowski-Owczarek [Wed, 1 Feb 2023 12:46:44 +0000 (13:46 +0100)]
Deferred: Respect source maps in jQuery.Deferred.exceptionHook

So far, `jQuery.Deferred.exceptionHook` used to log error message and stack
separately. However, that breaks browser applying source maps against the stack
trace - most browsers require logging an error instance. This change makes us
do exactly that.

One drawback of the change is that in IE 11 previously stack was printed
directly and now just the error summary; to get to the actual stack
trace, three clicks are required. This seems to be a low price to pay
for having source maps work in all the other browsers, though.

Safari with the new change requires one click to get to the stack trace
which sounds manageable.

Fixes gh-3179
Closes gh-5192
Ref https://crbug.com/622227

21 months agoAjax: Support `headers` for script transport even when cross-domain
Michał Gołębiowski-Owczarek [Wed, 1 Feb 2023 12:40:55 +0000 (13:40 +0100)]
Ajax: Support `headers` for script transport even when cross-domain

The AJAX script transport has two versions: XHR + `jQuery.globalEval` or
appending a script tag (note that `jQuery.globalEval` also appends a
script tag now, but inline). The former cannot support the `headers`
option which has so far not been taken into account.

For jQuery 3.x, the main consequence was the option not being respected
for cross-domain requests. Since in 4.x we use the latter way more
often, the option was being ignored in more cases.

The transport now checks whether the `headers` option is specified and
uses the XHR way unless `scriptAttrs` are specified as well.

Fixes gh-5142
Closes gh-5193

21 months agoBuild: Run GitHub Action browser tests on Playwright WebKit
Michał Gołębiowski-Owczarek [Mon, 23 Jan 2023 22:49:44 +0000 (23:49 +0100)]
Build: Run GitHub Action browser tests on Playwright WebKit

So far, we've been running browser tests on GitHub Actions in Chrome
and Firefox. Regular Safari is not available in GitHub Actions but
Playwright WebKit comes close to a dev version of Safari.

With this change, our GitHub CI & local test runs will invoke tests on
all actively developed browser engines on all PRs.

Also, our GitHub Actions browser tests are now running on Node.js 18.

Detection of the Playwright WebKit browser in support unit tests is done
by checking if the `test_browser` query parameter is set to `"Playwright"`;
this is a `karma-webkit-launcher` feature. Detecting that browser via
user agent as we normally do is hard as the UA on Linux is very similar
to a real Safari one but it actually uses a newer version of the engine.

In addition, we now allow to pass custom browsers when one needs it;
e.g., to run the tests in all three engines on Linux/macOS, run:
```
grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main
```

Closes gh-5190

21 months agoBuild: Migrate middleware-mockserver to modern JS
Michał Gołębiowski-Owczarek [Mon, 23 Jan 2023 22:20:08 +0000 (23:20 +0100)]
Build: Migrate middleware-mockserver to modern JS

The `test/middleware-mockserver.js` file used to have the same ESLint
settings applied as other test files that are directly run in tested
browsers. Now it shares settings of other Node.js files.

The file is now also written using modern JS, leveraging ES2018.

Closes gh-5196

23 months agoBuild: remove stale Insight package from custom builds
Timmy Willison [Tue, 20 Dec 2022 20:57:49 +0000 (20:57 +0000)]
Build: remove stale Insight package from custom builds

Close gh-5182

23 months agoSelector: Make selector lists work with `qSA` again
Michał Gołębiowski-Owczarek [Mon, 19 Dec 2022 17:43:30 +0000 (18:43 +0100)]
Selector: Make selector lists work with `qSA` again

jQuery 3.6.2 started using `CSS.supports( "selector(SELECTOR)" )` before using
`querySelectorAll` on the selector. This was to solve gh-5098 - some selectors,
like `:has()`, now had their parameters parsed in a forgiving way, meaning
that `:has(:fakepseudo)` no longer throws but just returns 0 results, breaking
that jQuery mechanism.

A recent spec change made `CSS.supports( "selector(SELECTOR)" )` always use
non-forgiving parsing, allowing us to use this API for what we've used
`try-catch` before.

To solve the issue on the spec side for older jQuery versions, `:has()`
parameters are no longer using forgiving parsing in the latest spec update
but our new mechanism is more future-proof anyway.

However, the jQuery implementation has a bug - in
`CSS.supports( "selector(SELECTOR)" )`, `SELECTOR` needs to be
a `<complex-selector>` and not a `<complex-selector-list>`. Which means that
selector lists now skip `qSA` and go to the jQuery custom traversal:
```js
CSS.supports("selector(div:valid, span)"); // false
CSS.supports("selector(div:valid)"); // true
CSS.supports("selector(span)"); // true
```

To solve this, this commit wraps the selector list passed to
`CSS.supports( "selector(:is(SELECTOR))" )` with `:is`, making it a single
selector again.

See:
* https://w3c.github.io/csswg-drafts/css-conditional-4/#at-supports-ext
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector-list

Fixes gh-5177
Closes gh-5178
Ref w3c/csswg-drafts#7280

23 months agoCore:Selector: Move jQuery.contains from the selector to the core module
Michał Gołębiowski-Owczarek [Mon, 12 Dec 2022 21:27:59 +0000 (22:27 +0100)]
Core:Selector: Move jQuery.contains from the selector to the core module

The `jQuery.contains` method is quite simple in jQuery 4+. On the other side,
it's a dependency of the core `isAttached` util which is not ideal; moving
it from the `selector` the `core` module resolves the issue.

Closes gh-5167

23 months agoBuild: Limit permissions for GitHub workflows
Alex [Thu, 1 Dec 2022 13:23:17 +0000 (15:23 +0200)]
Build: Limit permissions for GitHub workflows

Add explicit permissions section[^1] to workflows. This is a security
best practice because by default workflows run with extended set
of permissions[^2] (except from `on: pull_request` from external forks[^3].
By specifying any permission explicitly all others are set to none. By using
the principle of least privilege the damage a compromised workflow can do
(because of an injection[^4] or compromised third party tool or action) is
restricted. It is recommended to have most strict permissions on the top
level[^5] and grant write permissions on job level[^6] on a case by case
basis.

[^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
[^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
[^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
[^4]: https://securitylab.github.com/research/github-actions-untrusted-input/
[^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
[^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Closes gh-5119

23 months agoSelector: Implement the `uniqueSort` chainable method
Michał Gołębiowski-Owczarek [Mon, 28 Nov 2022 17:10:33 +0000 (18:10 +0100)]
Selector: Implement the `uniqueSort` chainable method

Some APIs, like `.prevAll()`, return elements in the reversed order, causing
confusing behavior when used with wrapping methods (see gh-5149 for more info)
 To provide an easy workaround, this commit implements a chainable `uniqueSort`
method on jQuery objects, an equivalent of `jQuery.uniqueSort`.

Fixes gh-5166
Closes gh-5168

23 months agoTests: Indicate Firefox 106+ passes the `cssSupportsSelector` test
Michał Gołębiowski-Owczarek [Thu, 24 Nov 2022 23:54:56 +0000 (00:54 +0100)]
Tests: Indicate Firefox 106+ passes the `cssSupportsSelector` test

Firefox 106 adjusted to the spec mandating that `CSS.supports("selector(...)")`
uses non-forgiving parsing which makes it pass the relevant support test.

Closes gh-5141

2 years agoSelector: Re-introduce selector-native.js
Michał Gołębiowski-Owczarek [Mon, 21 Nov 2022 22:23:39 +0000 (23:23 +0100)]
Selector: Re-introduce selector-native.js

Re-introduce the `selector-native` similar to the one on the `3.x-stable`
branch. One difference is since the `main` branch inlined Sizzle, some
selector utils can be shared between the main `selector` module and
`selector-native`.

The main `selector` module can be disabled in favor of `selector-native`
via:

    grunt custom:-selector

Other changes:
* Tests: Fix Safari detection - Chrome Headless has a different user
  agent than Safari and a browser check in selector tests didn't take
  that into account.
* Tests: Run selector-native tests in `npm test`
* Selector: Fix querying on document fragments

Ref gh-4395
Closes gh-5085

2 years agoBuild: Test on Node.js 18 & 19, stop testing on Node 12
Michał Gołębiowski-Owczarek [Thu, 17 Nov 2022 12:22:21 +0000 (13:22 +0100)]
Build: Test on Node.js 18 & 19, stop testing on Node 12

Closes gh-5160

2 years agoSelector:Manipulation: Fix DOM manip within template contents
Michał Gołębiowski-Owczarek [Mon, 14 Nov 2022 17:36:53 +0000 (18:36 +0100)]
Selector:Manipulation: Fix DOM manip within template contents

The `<template/>` element `contents` property is a document fragment that may
have a `null` `documentElement`. In Safari 16 this happens in more cases due
to recent spec changes - in particular, even if that document fragment is
explicitly adopted into an outer document. We're testing both of those cases
now.

The crash used to happen in `jQuery.contains`. As it turns out, we don't need
to query the supposed container `documentElement` if it has the
`Node.DOCUMENT_NODE` (9) `nodeType`; we can call `.contains()` directly on
the `document`. That avoids the crash.

Fixes gh-5147
Closes gh-5158

2 years agoBuild: Bump actions/setup-node from 3.5.0 to 3.5.1
dependabot[bot] [Tue, 1 Nov 2022 19:58:52 +0000 (20:58 +0100)]
Build: Bump actions/setup-node from 3.5.0 to 3.5.1

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1)

Closes gh-5153

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years agoDocs: Remove stale badge from README
Timmy Willison [Mon, 24 Oct 2022 15:00:25 +0000 (11:00 -0400)]
Docs: Remove stale badge from README

Close gh-5148

2 years agoAjax: Support `null` as success functions in `jQuery.get`
Michał Gołębiowski-Owczarek [Mon, 17 Oct 2022 16:54:28 +0000 (18:54 +0200)]
Ajax: Support `null` as success functions in `jQuery.get`

According to the docs, one can use `null` as a success function in `jQuery.get`
of `jQuery.post` so the following:

```js
await jQuery.get( "https://httpbin.org/json", null, "text" )
```

should get the text result. However, this shortcut hasn't been working so far.

Fixes gh-4989
Closes gh-5139

2 years agoSelector: Drop support for legacy pseudos, test custom pseudos
Michał Gołębiowski-Owczarek [Tue, 11 Oct 2022 09:55:46 +0000 (11:55 +0200)]
Selector: Drop support for legacy pseudos, test custom pseudos

This backports custom pseudos tests from Sizzle; they were missed in original
test backports. Also, the support for legacy custom pseudos has been dropped.

The `jQuery.expr` test cleanup has been wrapped in `try-finally` for cleaner
test isolation in case anything goes wrong.

Closes gh-5137

2 years agoManipulation: Extract domManip to a separate file
Michał Gołębiowski-Owczarek [Mon, 10 Oct 2022 16:15:34 +0000 (18:15 +0200)]
Manipulation: Extract domManip to a separate file

We've already had `buildFragment` extracted to a separate file long ago.
`domManip` is quite a complex & crucial API and so far it has existed within
the `manipulation.js` module. Extracting it makes the module shorter and easier
to understand.

A few comments / messages in tests have also been updated to not suggest there's
a public `jQuery.domManip` API - it's been private since 3.0.0.

Closes gh-5138

2 years agoBuild: Update Grunt from 1.4.1 to 1.5.3
Michał Gołębiowski-Owczarek [Mon, 3 Oct 2022 21:06:37 +0000 (23:06 +0200)]
Build: Update Grunt from 1.4.1 to 1.5.3

This will resolve the following security issues:
* Path Traversal in Grunt: https://github.com/advisories/GHSA-j383-35pm-c5h4
* Race Condition in Grunt: https://github.com/advisories/GHSA-rm36-94g8-835r

Closes gh-5134

2 years agoDocs: Update the README of the published package
Michał Gołębiowski-Owczarek [Mon, 3 Oct 2022 20:55:49 +0000 (22:55 +0200)]
Docs: Update the README of the published package

The previous details were showing their age, e.g. mentions about browsers
not supporting ES2015. The story with ES modules is more complex as it's also
about loaders but to keep the README simple, let's just make it more up to date
with typical usage.

Closes gh-5108

2 years agoTests: Remove a workaround for a Firefox XML parsing issue
Michał Gołębiowski-Owczarek [Mon, 3 Oct 2022 20:53:39 +0000 (22:53 +0200)]
Tests: Remove a workaround for a Firefox XML parsing issue

Firefox 96-100 used to report the column number smaller by 2 than it should
in the `parsererror` element generated for invalid XML documents. Since that
version range is unsupported now and it includes no ESR versions, the workaround
can now be dropped.

Closes gh-5109
Ref gh-5018

2 years agoCSS: Return `undefined` for whitespace-only CSS variable values (#5120)
Michał Gołębiowski-Owczarek [Mon, 3 Oct 2022 16:10:42 +0000 (18:10 +0200)]
CSS: Return `undefined` for whitespace-only CSS variable values (#5120)

The spec requires that CSS variable values are trimmed. In browsers that do
this - mainly, Safari, but also Firefox if the value only has leading
whitespace - we currently return undefined; in other browsers, we return
an empty string as the logic to fall back to undefined happens before
trimming.

This commit adds another explicit callback to `undefined` to have it consistent
across browsers.

Also, more explicit comments about behaviors we need to work around in various
browsers have been added.

Closes gh-5120
Ref gh-5106

2 years agoBuild: Bump actions/setup-node from 3.4.1 to 3.5.0
dependabot[bot] [Mon, 3 Oct 2022 14:58:47 +0000 (16:58 +0200)]
Build: Bump actions/setup-node from 3.4.1 to 3.5.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.4.1...v3.5.0)

Closes gh-5133

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years agoCSS: Don’t trim whitespace of undefined custom property
Anders Kaseorg [Mon, 19 Sep 2022 21:08:12 +0000 (14:08 -0700)]
CSS: Don’t trim whitespace of undefined custom property

Fixes gh-5105
Closes gh-5106

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2 years agoSelector: Use jQuery `:has` if `CSS.supports(selector(...))` non-compliant
Michał Gołębiowski-Owczarek [Mon, 19 Sep 2022 18:56:02 +0000 (21:56 +0300)]
Selector: Use jQuery `:has` if `CSS.supports(selector(...))` non-compliant

jQuery has followed the following logic for selector handling for ages:
1. Modify the selector to adhere to scoping rules jQuery mandates.
2. Try `qSA` on the modified selector. If it succeeds, use the results.
3. If `qSA` threw an error, run the jQuery custom traversal instead.

It worked fine so far but now CSS has a concept of forgiving selector lists that
some selectors like `:is()` & `:has()` use. That means providing unrecognized
selectors as parameters to `:is()` & `:has()` no longer throws an error, it will
just return no results. That made browsers with native `:has()` support break
selectors using jQuery extensions inside, e.g. `:has(:contains("Item"))`.

Detecting support for selectors can also be done via:

```js
CSS.supports( "selector(SELECTOR_TO_BE_TESTED)" )
```
which returns a boolean. There was a recent spec change requiring this API to
always use non-forgiving parsing:
https://github.com/w3c/csswg-drafts/issues/7280#issuecomment-1143852187
However, no browsers have implemented this change so far.

To solve this, two changes are being made:
1. In browsers supports the new spec change to `CSS.supports( "selector()" )`,
   use it before trying `qSA`.
2. Otherwise, add `:has` to the buggy selectors list.

Fixes gh-5098
Closes gh-5107
Ref w3c/csswg-drafts#7676

2 years agoUpgrade: Bump actions/setup-node from 3.3.0 to 3.4.1
dependabot[bot] [Mon, 12 Sep 2022 13:45:20 +0000 (15:45 +0200)]
Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1)

Closes gh-5078

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years agoCore: Drop the root parameter of jQuery.fn.init
Michał Gołębiowski-Owczarek [Mon, 29 Aug 2022 17:03:12 +0000 (19:03 +0200)]
Core: Drop the root parameter of jQuery.fn.init

The third parameter of `jQuery.fn.init` - `root` - was just needed to support
`jQuery.sub`. Since this API has been removed in jQuery 1.9.0 and Migrate 3.x
is not filling it in, this parameter is no longer needed.

This parameter has never been documented but it's safer to remove it in a major
update.

Closes gh-5096

2 years agoTests: Fix the link to QUnit CSS file
Michał Gołębiowski-Owczarek [Mon, 29 Aug 2022 15:44:10 +0000 (17:44 +0200)]
Tests: Fix the link to QUnit CSS file

Without this fix, the layout is fine during the test run but all the CSS is gone
when tests finish and the results are shown.

This affects commands like `grunt karma:chrome-debug`.

Closes gh-5090

2 years agoDocs: Remove git.io from a GitHub Actions comment
Baoshuo Ren [Tue, 12 Jul 2022 15:27:04 +0000 (23:27 +0800)]
Docs: Remove git.io from a GitHub Actions comment

All links on git.io are deprecated and may stop redirecting at a certain point.

See https://github.blog/changelog/2022-04-25-git-io-deprecation/

Closes gh-5036

2 years agoDocs: Update webpack website in README
Simon Legner [Tue, 12 Jul 2022 15:16:24 +0000 (17:16 +0200)]
Docs: Update webpack website in README

Webpack has migrated to https://webpack.js.org/ since version 2.

Closes gh-5037

2 years agoTests: Exclude tests based on compilation flags, not API presence
Michał Gołębiowski-Owczarek [Tue, 28 Jun 2022 10:39:01 +0000 (12:39 +0200)]
Tests: Exclude tests based on compilation flags, not API presence

Introduces a new test API, `includesModule`. The method returns whether
a particular module like "ajax" or "deprecated" is included in the current
jQuery build; it handles the slim build as well. The util was created so that
we don't treat presence of particular APIs to decide whether to run a test as
then if we accidentally remove an API, the tests would still not fail.

Fixes gh-5069
Closes gh-5046

2 years agoBuild: Update GitHub Actions
Michał Gołębiowski-Owczarek [Mon, 27 Jun 2022 16:53:31 +0000 (18:53 +0200)]
Build: Update GitHub Actions

* Build(deps): Bump github/codeql-action from 1 to 2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/cache from 2 to 3

Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* Build(deps): Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Closes gh-5067