Timmy Willison [Tue, 6 Feb 2024 15:16:05 +0000 (10:16 -0500)]
Release: use buildDefaultFiles directly and pass version (#5409)
- also add the ability to pass VERSION in env to test final builds
- adjust sha regex to account for lack of shas
- set the version on the dist package.json
Stephen Sigwart [Thu, 2 Nov 2023 09:48:08 +0000 (05:48 -0400)]
CSS: Fix support test results for initially hidden iframes
If the iframe is not initially visible, the `scrollboxSize` support test is
failing. jQuery then cached this value and and applied the wrong result
undefinitely.
This breaks jQuery UI's Dialogs inside initially invisible iframes.
Build was already happening in scripts like `test:browser` but those scripts
were missing `pretest`, meaning that running `npm install && npm test:browser`
may have failed if `pretest` wasn't run before or if its results were out of
date.
Even worse, with such stale data some tests may erroneously succeed.
This also removes a separate `pretest` step from GitHub Actions as it's no
longer needed.
Build: migrate most grunt tasks off of grunt (3.x)
Close gh-5330
- lint
- npmcopy
- build, minify, and process for distribution.
- new custom build command using yargs
- compare size of minified/gzip built files
- pretest scripts, including qunit-fixture, babel transpilation, and npmcopy
- node smoke tests
- promises aplus tests
- new watch task using nodemon, which runs `npm run build:all` on `src` changes.
Also:
- upgraded husky and added the new lint command
- updated lint config to use new "flat" config format.
See https://eslint.org/docs/latest/use/configure/configuration-files-new
- Temporarily disabled one lint rule until flat config is
supported by eslint-plugin-import.
See https://github.com/import-js/eslint-plugin-import/issues/2556
- committed package-lock.json
- updated all test scripts to use the new build
- added an express test server that uses middleware-mockserver
this can be used to run tests without karma
- build-all-variants is now build:all
- run pretest script in jenkins
---------
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
Core: Simplify code post browser support reduction
Summary of the changes:
* Tests: Remove legacy jQuery.cache & oldIE leftovers
* Tests: Reformat JavaScript in delegatetest.html
* Docs: "jQuery Foundation Projects" -> "jQuery Projects"
* Tests: Drop an unused localfile.html file (modern browsers don't support
the `file:` protocol this way, there's no point in keeping the file around)
* Effects: Remove a redundant `!fn` check (`fn || !fn && easing` is equivalent
to `fn || easing`; simplify the code)
* CSS: Explain the fallback to direct object access in curCSS better
* Tests: Deduplicate `jQuery.parseHTML` test titles
* Dimensions: Add a test for fractional values
* Tests: Fix a buggy WebKit regex
Build: Generate the slim build on `grunt` & run `compare_size` on it
Summary of the changes:
* expand `node_smoke_tests` to test the full & slim builds
* run `compare_size` on all built minified files; don't run it anymore on
unminified files where they don't provide lots of value
The main goal of this change is to make it easier to compare sizes of both the
full & slim builds between the `3.x-stable` & `main` branches.
That threw our `reliableTrDimensions` support test off. This change fixes the
support test and adds a unit test ensuring support test values on a page
including Bootstrap 5 CSS are the same as on a page without it.
Selector: Only attach the unload handler in IE & Edge Legacy
Both IE & Edge Legacy need the workaround of calling `setDocument()` in an
`unload` handler to avoid "permission denied" errors. However, due to not being
possible to feature-detect this issue, the handler has been applied in all
browsers for windows different than the one in which jQuery was loaded.
jQuery 4.0, which drops Edge Legacy support, guards this workaround with
a `document.documentMode` check. This won't work in the 3.x line due to still
supporting Edge Legacy but we can check for
`document.documentElement.msMatchesSelector` instead as that API is
supported in IE 9+ and all Edge Legacy versions.
Tests: Disable the ":lang respects escaped backslashes" test
Firefox 114+ no longer match on backslashes in `:lang()`, even when escaped.
It is an intentional change as `:lang()` parameters are supposed to be valid
BCP 47 strings. Therefore, we won't attempt to patch it.
We'll keep this test here until other browsers match the behavior.
`Sizzle.tokenize` is an internal Sizzle API, but exposed. As a result,
it has historically been available in jQuery via `jQuery.find.tokenize`.
That got dropped during Sizzle removal; this change restores the API.
In addition to that, Sizzle tests have been backported for the following
APIs:
* `jQuery.find.matchesSelector`
* `jQuery.find.matches`
* `jQuery.find.compile`
* `jQuery.find.select`
A new test was also added for `jQuery.find.tokenize` - even Sizzle was
missing one.
Docs: Remove the "Grunt build" section from the PR template
Now that unit tests are run on GitHub Actions in all three major
engines and for multiple custom jQuery builds, the request for PR
authors to run unit tests locally and confirm they pass is needless
overhead; let's drop the checkbox.
Tests: Indicate Chrome 112 & Safari 16.4 pass the cssHas support test (3.x version)
Chrome 112 & Safari 16.4 introduce two changes:
* `:has()` is non-forgiving
* `CSS.supports( "selector(...)" )` parses everything in a non-forgiving way
We no longer care about the latter but the former means the `cssHas` support
test now passes.
CSS: Make `offsetHeight( true )`, etc. include negative margins
This regressed in gh-3656 as the added logic to include scroll gutters
in `.innerWidth()` / `.innerHeight()` didn't take negative margins into
account. This broke handling of negative margins in
`.offsetHeight( true )` and `.offsetWidth( true )`. To fix it, calculate
margin delta separately and only add it after the scroll gutter
adjustment logic.
Event: Simplify the check for saved data in leverageNative
Previously, when `leverageNative` handled async events, there was
a case where an empty placeholder object was set as a result.
Covering both such an object and `false` required a `length` check.
However, this is not necessary since gh-5223 and the check was
already simplified in other places; this one was missed.
There was a comment claiming that there are two implementations
of `safeActiveElement`. However, the one in `event.js` got removed
in gh-5224, even before the comment was added.
New entries cover `aspect-ratio`, `scale`, and a few others.
Also, remove quotes around `cssNumber` keys
A few properties have been taken from React:
https://github.com/facebook/react/blob/afea1d0c536e0336735b0ea5c74f635527b65785/packages/react-dom-bindings/src/shared/CSSProperty.js\#L8-L58
In IE 9 accessing `document.activeElement` may throw; see
https://bugs.jquery.com/ticket/13393. We've already guarded
against this in event code but not in selector.
Event: Make trigger(focus/blur/click) work with native handlers
In `leverageNative`, instead of calling `event.stopImmediatePropagation()`
which would abort both native & jQuery handlers, set the wrapper's
`isImmediatePropagationStopped` property to a function returning `true`.
Since for each element + type pair jQuery attaches only one native handler,
there is also only one wrapper jQuery event so this achieves the goal:
on the target element jQuery handlers don't fire but native ones do.
Unfortunately, this workaround doesn't work for handlers on ancestors
- since the native event is re-wrapped by a jQuery one on each level of
the propagation, the only way to stop it for jQuery was to stop it for
everyone via native `stopPropagation()`. This is not a problem for
`focus`/`blur` which don't bubble, but it does also stop `click` on
checkboxes and radios. We accept this limitation.
Event: Simulate focus/blur in IE via focusin/focusout (3.x version)
In IE (all versions), `focus` & `blur` handlers are fired asynchronously
but `focusin` & `focusout` are run synchronously. In other browsers, all
those handlers are fired synchronously. Asynchronous behavior of these
handlers in IE caused issues for IE (gh-4856, gh-4859).
We now simulate `focus` via `focusin` & `blur` via `focusout` in IE to avoid
these issues. This also let us simplify some tests.
This commit also simplifies `leverageNative` - with IE now using `focusin`
to simulate `focus` and `focusout` to simulate `blur`, we don't have to deal
with async events in `leverageNative`. This also fixes broken `focus` triggers
after first triggering it on a hidden element - previously, `leverageNative`
assumed that the native `focus` handler not firing after calling the native
`focus` method meant it would be handled later, asynchronously, which
was not the case (gh-4950).
To preserve relative `focusin`/`focus` & `focusout`/`blur` event order
guaranteed on the 3.x branch, attach a single handler for both events in IE.
A side effect of this is that to reduce size the `event/focusin` module
no longer exists and it's impossible to disable the `focusin` patch
in modern browsers via the jQuery custom build system.
PR gh-5197 started treating all non-string non-plain-object
`data` values as binary. However, `jQuery.ajax` also supports
arrays as values of `data`. This change didn't land on `3.x-stable`;
however... Surprisingly, we had no tests for array `data` values.
This change backports a few such missing tests added in gh-5203.
Build: Only install Playwright dependencies when needed
PR gh-5190 added support for running tests on Playwright WebKit
in CI. For efficiency reasons, Playwright dependencies are only
installed for the `test:browser` npm script. However, that same
script is also used for Firefox ESR testing.
This change makes Playwright dependencies installed only for cases
where `WebKitHeadless` exists on the list of tested browsers.
Deferred: Rename `getStackHook` to `getErrorHook` (3.x version)
Rename `jQuery.Deferred.getStackHook` to `jQuery.Deferred.getErrorHook`
to indicate passing an error instance is usually a better choice - it
works with source maps while a raw stack generally does not.
In jQuery `3.7.0`, we'll keep both names, marking the old one as
deprecated. In jQuery `4.0.0` we'll just keep the new one. This
change implements the `3.7.0` version; PR gh-5211 implements
the `4.0.0` one.
Selector: Stop relying on CSS.supports( "selector(...)" )
`CSS.supports( "selector(...)" )` has different semantics than selectors passed
to `querySelectorAll`. Apart from the fact that the former returns `false` for
unrecognized selectors and the latter throws, `qSA` is more forgiving and
accepts some invalid selectors, auto-correcting them where needed - for
example, mismatched brackers are auto-closed. This behavior difference is
breaking for many users.
To add to that, a recent CSSWG resolution made `:is()` & `:where()` the only
pseudos with forgiving parsing; browsers are in the process of making `:has()`
parsing unforgiving.
Taking all that into account, we go back to our previous try-catch approach
without relying on `CSS.supports( "selector(...)" )`. The only difference
is we detect forgiving parsing in `:has()` and mark the selector as buggy.
The PR also updates `playwright-webkit` so that we test against a version
of WebKit that already has non-forgiving `:has()`.
For older Safari/iOS we needed to add the `safari` UA check as their reported
`WebKit` version was not new enough. However, that check should have also
excluded Chrome which was missed in the first iteration. This has been fixed.
Build: Run GitHub Action browser tests on Playwright WebKit
So far, we've been running browser tests on GitHub Actions in Chrome
and Firefox. Regular Safari is not available in GitHub Actions but
Playwright WebKit comes close to a dev version of Safari.
With this change, our GitHub CI & local test runs will invoke tests on
all actively developed browser engines on all PRs.
Also, our GitHub Actions browser tests are now running on Node.js 18.
Detection of the Playwright WebKit browser in support unit tests is done
by checking if the `test_browser` query parameter is set to `"Playwright"`;
this is a `karma-webkit-launcher` feature. Detecting that browser via
user agent as we normally do is hard as the UA on Linux is very similar
to a real Safari one but it actually uses a newer version of the engine.
In addition, we now allow to pass custom browsers when one needs it;
e.g., to run the tests in all three engines on Linux/macOS, run:
```
grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main
```
The `test/middleware-mockserver.js` file used to have the same ESLint
settings applied as other test files that are directly run in tested
browsers. Now it shares settings of other Node.js files.
The file is now also written using modern JS, leveraging ES2018.
A newly added test making sure a native selector containing
the `:valid` pseudo works when no jQuery-specific selectors
are used was failing in IE 9 as that browser lacks support
for this pseudo. This commit disables that test in IE 9.
Selector: Make selector lists work with `qSA` again
jQuery 3.6.2 started using `CSS.supports( "selector(SELECTOR)" )` before using
`querySelectorAll` on the selector. This was to solve gh-5098 - some selectors,
like `:has()`, now had their parameters parsed in a forgiving way, meaning
that `:has(:fakepseudo)` no longer throws but just returns 0 results, breaking
that jQuery mechanism.
A recent spec change made `CSS.supports( "selector(SELECTOR)" )` always use
non-forgiving parsing, allowing us to use this API for what we've used
`try-catch` before.
To solve the issue on the spec side for older jQuery versions, `:has()`
parameters are no longer using forgiving parsing in the latest spec update
but our new mechanism is more future-proof anyway.
However, the jQuery implementation has a bug - in
`CSS.supports( "selector(SELECTOR)" )`, `SELECTOR` needs to be
a `<complex-selector>` and not a `<complex-selector-list>`. Which means that
selector lists now skip `qSA` and go to the jQuery custom traversal:
```js
CSS.supports("selector(div:valid, span)"); // false
CSS.supports("selector(div:valid)"); // true
CSS.supports("selector(span)"); // true
```
To solve this, this commit wraps the selector list passed to
`CSS.supports( "selector(:is(SELECTOR))" )` with `:is`, making it a single
selector again.
Selector: Implement the `uniqueSort` chainable method
Some APIs, like `.prevAll()`, return elements in the reversed order, causing
confusing behavior when used with wrapping methods (see gh-5149 for more info)
To provide an easy workaround, this commit implements a chainable `uniqueSort`
method on jQuery objects, an equivalent of `jQuery.uniqueSort`.
Selector: Inline Sizzle into the selector module: 3.x version (#5113)
This commit removes Sizzle from jQuery, inlining its code & removing obsolete
workarounds where applicable.
The Sizzle AUTHORS.txt file has been merged with the jQuery one - people are
sorted by their first contributions to either of the two repositories.
The main `selector` module can be disabled in favor of `selector-native`
via:
grunt custom:-selector
For backwards compatibility, the legacy `sizzle` alias is also supported (it
will be dropped in jQuery `4.0.0`):
grunt custom:-selector
Sizzle tests have been ported to jQuery ones. Ones that are not compatible
with the `selector-native` module are disabled if the regular selector module
is excluded.
Backwards compatibility is still kept for all `Sizzle` utils - they continue to be
available under `jQuery.find` - but the primary implementation is now attached
directly to jQuery.
Some selector utils shared by `selector` & `selector-native` have been
extracted & deduplicated. `jQuery.text` and `jQuery.isXMLDoc` have been
moved to the `core` module.
The commit reduces the gzipped jQuery size by 851 bytes compared to the
`3.x-stable` branch.
Alex [Thu, 1 Dec 2022 13:23:17 +0000 (15:23 +0200)]
Build: Limit permissions for GitHub workflows
Add explicit permissions section[^1] to workflows. This is a security
best practice because by default workflows run with extended set
of permissions[^2] (except from `on: pull_request` from external forks[^3].
By specifying any permission explicitly all others are set to none. By using
the principle of least privilege the damage a compromised workflow can do
(because of an injection[^4] or compromised third party tool or action) is
restricted. It is recommended to have most strict permissions on the top
level[^5] and grant write permissions on job level[^6] on a case by case
basis.
Selector:Manipulation: Fix DOM manip within template contents
The `<template/>` element `contents` property is a document fragment that may
have a `null` `documentElement`. In Safari 16 this happens in more cases due
to recent spec changes - in particular, even if that document fragment is
explicitly adopted into an outer document. We're testing both of those cases
now.
The crash used to happen in `jQuery.contains` which is an alias for
`Sizzle.contains` in jQuery 3.x.
The Sizzle fix is at jquery/sizzle#490, released in Sizzle `2.3.8`. This
version of Sizzle is included in the parent commit.
A fix similar to the one from gh-5158 has also been applied here to the
`selector-native` version.
This will resolve the following security issues:
* Path Traversal in Grunt: https://github.com/advisories/GHSA-j383-35pm-c5h4
* Race Condition in Grunt: https://github.com/advisories/GHSA-rm36-94g8-835r
The previous details were showing their age, e.g. mentions about browsers
not supporting ES2015. The story with ES modules is more complex as it's also
about loaders but to keep the README simple, let's just make it more up to date
with typical usage.
Tests: Remove a workaround for a Firefox XML parsing issue
Firefox 96-100 used to report the column number smaller by 2 than it should
in the `parsererror` element generated for invalid XML documents. Since that
version range is unsupported now and it includes no ESR versions, the workaround
can now be dropped.
CSS: Return `undefined` for whitespace-only CSS variable values (#5120)
The spec requires that CSS variable values are trimmed. In browsers that do
this - mainly, Safari, but also Firefox if the value only has leading
whitespace - we currently return undefined; in other browsers, we return
an empty string as the logic to fall back to undefined happens before
trimming.
This commit adds another explicit callback to `undefined` to have it consistent
across browsers.
Also, more explicit comments about behaviors we need to work around in various
browsers have been added.
Accept "HTTP/2.0 200" as a valid `statusText` for successful requests
to make ajax tests pass in iOS 9. At this point, normalizing this in code
doesn't seem to make a lot of sense.
Deprecated: Improve $.trim performance for strings with lots of whitespace
Regex imp implementation takes `O(N^2)` time to trim the string when
multiple adjacent spaces were present.
The new expression require that the "whitespace run" starts from
a non-whitespace to avoid `O(N^2)` behavior when the engine would
try matching `\s+$` at each space position.
Tests: Exclude tests based on compilation flags, not API presence (3.x version)
Introduces a new test API, `includesModule`. The method returns whether
a particular module like "ajax" or "deprecated" is included in the current
jQuery build; it handles the slim build as well. The util was created so that
we don't treat presence of particular APIs to decide whether to run a test as
then if we accidentally remove an API, the tests would still not fail.
Build: Test on Node 17, update Grunt & `karma-*` packages
This adds testing on Node.js 17 in addition to the currently tested 10, 12, 14
and 16 versions.
Also, update Grunt & `karma-*` packages.
Testing in Karma on jsdom is broken in Node 17 at the moment; until we find
a fix, this change disables such testing on Node 17 or newer.
Node smoke tests & promises aplus tests are disabled on Node.js 10 as they
depend on jsdom and the latest jsdom version doesn't run properly on Node 10.
CSS: Skip falsy values in `addClass( array )`, compress code
This change makes jQuery skip falsy values in `addClass( array )`
& `removeClass( array )` instead of stopping iteration when the first falsy
value is detected. This makes code like:
```js
elem.addClass( [ "a", "", "b" ] );
```
add both the `a` & `b` classes.
The code was also optimized for size a bit so it doesn't increase the
minified gzipped size.
Docs: Replace `#NUMBER` Trac issue references with `trac-NUMBER`
This is a version of gh-4993 for the `3.x-stable` branch.
The GitHub UI treats `#NUMBER` as referring to its own issues which is confusing
when in jQuery source it's usually referring to the old deprecated Trac instance
at https://bugs.jquery.com. This change replaces all such Trac references with
`trac-NUMBER`.
A few of the references came with the Sizzle integration and referred to the
Sizzle GitHub bug tracker. Those have been replaced with full links instead.
A new entry describing issue reference conventions has been added to README.
Neither of the removed links is crucial; one of them refers to a site that has
since started being malicious; while the Web Archive links remain safe, some
scanners warn about such links. Removing them is the safest thing to do.
Richard Gibson [Mon, 3 Jan 2022 12:28:49 +0000 (07:28 -0500)]
CSS: Justify use of rtrim on CSS property values
CSS does not acknowledge carriage return or form feed characters
as whitespace but it does replace them with whitespace, making it
acceptable to use `rtrim`.