aboutsummaryrefslogtreecommitdiffstats
path: root/.github
Commit message (Collapse)AuthorAgeFilesLines
* Build: Reference GitHub Actions by commit SHAsGabriela Gutierrez2023-06-132-7/+7
| | | | | | | | | | | | | | | | | | | | | | The SHAs are verified to come from the original repositories and not forks. For reference: https://github.com/github/codeql-action/releases/tag/v2.3.6 https://github.com/github/codeql-action/commit/83f0fe6c4988d98a455712a27f0255212bba9bd4 https://github.com/actions/checkout/releases/tag/v3.5.2 https://github.com/actions/checkout/commit/8e5e7e5ab8b370d6c329ec480221332ada57f0ab https://github.com/actions/cache/releases/tag/v3.3.1 https://github.com/actions/cache/commit/88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 https://github.com/actions/setup-node/releases/tag/v3.6.0 https://github.com/actions/setup-node/commit/64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c Fixes gh-5266 Closes gh-5269 Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
* Docs: Remove the "Grunt build" section from the PR templateMichał Gołębiowski-Owczarek2023-05-311-1/+0
| | | | | | | | Now that unit tests are run on GitHub Actions in all three major engines and for multiple custom jQuery builds, the request for PR authors to run unit tests locally and confirm they pass is needless overhead; let's drop the checkbox. Closes gh-5261
* Build: Test on Node.js 20, stop testing on Node.js 14 & 19Michał Gołębiowski-Owczarek2023-05-221-1/+1
| | | Closes gh-5250
* Build: Only install Playwright dependencies when neededMichał Gołębiowski-Owczarek2023-03-201-1/+1
| | | | | | | | | | | | PR gh-5190 added support for running tests on Playwright WebKit in CI. For efficiency reasons, Playwright dependencies are only installed for the `test:browser` npm script. However, that same script is also used for Firefox ESR testing. This change makes Playwright dependencies installed only for cases where `WebKitHeadless` exists on the list of tested browsers. Closes gh-5204 Ref gh-5190
* Build: Bump actions/setup-node from 3.5.1 to 3.6.0dependabot[bot]2023-02-021-1/+1
| | | | | | | | | | | | | | | | | Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.5.1...v3.6.0) Closes gh-5200 --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Build: Run GitHub Action browser tests on Playwright WebKitMichał Gołębiowski-Owczarek2023-01-231-14/+18
| | | | | | | | | | | | | | | | | | | | | | | | So far, we've been running browser tests on GitHub Actions in Chrome and Firefox. Regular Safari is not available in GitHub Actions but Playwright WebKit comes close to a dev version of Safari. With this change, our GitHub CI & local test runs will invoke tests on all actively developed browser engines on all PRs. Also, our GitHub Actions browser tests are now running on Node.js 18. Detection of the Playwright WebKit browser in support unit tests is done by checking if the `test_browser` query parameter is set to `"Playwright"`; this is a `karma-webkit-launcher` feature. Detecting that browser via user agent as we normally do is hard as the UA on Linux is very similar to a real Safari one but it actually uses a newer version of the engine. In addition, we now allow to pass custom browsers when one needs it; e.g., to run the tests in all three engines on Linux/macOS, run: ``` grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main ``` Closes gh-5190
* Build: Limit permissions for GitHub workflowsAlex2022-12-012-0/+10
| | | | | | | | | | | | | | | | | | | | Add explicit permissions section[^1] to workflows. This is a security best practice because by default workflows run with extended set of permissions[^2] (except from `on: pull_request` from external forks[^3]. By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an injection[^4] or compromised third party tool or action) is restricted. It is recommended to have most strict permissions on the top level[^5] and grant write permissions on job level[^6] on a case by case basis. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions [^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token [^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ [^4]: https://securitylab.github.com/research/github-actions-untrusted-input/ [^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions [^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Closes gh-5119
* Selector: Re-introduce selector-native.jsMichał Gołębiowski-Owczarek2022-11-211-0/+4
| | | | | | | | | | | | | | | | | | | | | Re-introduce the `selector-native` similar to the one on the `3.x-stable` branch. One difference is since the `main` branch inlined Sizzle, some selector utils can be shared between the main `selector` module and `selector-native`. The main `selector` module can be disabled in favor of `selector-native` via: grunt custom:-selector Other changes: * Tests: Fix Safari detection - Chrome Headless has a different user agent than Safari and a browser check in selector tests didn't take that into account. * Tests: Run selector-native tests in `npm test` * Selector: Fix querying on document fragments Ref gh-4395 Closes gh-5085
* Build: Test on Node.js 18 & 19, stop testing on Node 12Michał Gołębiowski-Owczarek2022-11-171-1/+1
| | | Closes gh-5160
* Build: Bump actions/setup-node from 3.5.0 to 3.5.1dependabot[bot]2022-11-011-1/+1
| | | | | | | | | | | | | | | | | | | Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1) Closes gh-5153 --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Build: Bump actions/setup-node from 3.4.1 to 3.5.0dependabot[bot]2022-10-031-1/+1
| | | | | | | | | | | | | | | | | | | Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.4.1...v3.5.0) Closes gh-5133 --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1dependabot[bot]2022-09-121-1/+1
| | | | | | | | | | | | | | | | | | | Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1) Closes gh-5078 --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Docs: Remove git.io from a GitHub Actions commentBaoshuo Ren2022-07-121-1/+1
| | | | | | | All links on git.io are deprecated and may stop redirecting at a certain point. See https://github.blog/changelog/2022-04-25-git-io-deprecation/ Closes gh-5036
* Build: Update GitHub ActionsMichał Gołębiowski-Owczarek2022-06-272-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Build(deps): Bump github/codeql-action from 1 to 2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/cache from 2 to 3 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Closes gh-5067
* Build: Add dependabot.yml config (GitHub Actions)Christian Oliff2022-06-271-0/+6
| | | | | | This makes dependabot issue automated PRs to update GitHub Action versions monthly. Closes gh-5057
* Build: Test on Node 17, update Grunt & `karma-*` packagesMichał Gołębiowski-Owczarek2022-03-141-1/+2
| | | | | | | | | | | | | | This adds testing on Node.js 17 in addition to the currently tested 10, 12, 14 and 16 versions. Also, update Grunt & `karma-*` packages. Testing in Karma on jsdom is broken in Node 17 at the moment; until we find a fix, this change disables such testing on Node 17 or newer. Node smoke tests & promises aplus tests are disabled on Node.js 10 as they depend on jsdom and the latest jsdom version doesn't run properly on Node 10. Closes gh-5023
* Build: Separate the install step from running tests in GitHub ActionsMichał Gołębiowski-Owczarek2022-01-041-2/+5
| | | | | Also, update the "Run test" label to "Run tests". Closes gh-4992
* Build: Migrate CI to GitHub Actionsygj62021-11-301-0/+68
| | | Closes gh-4800
* Docs: Remove the CLA checkbox in the pull request templateMichał Gołębiowski-Owczarek2021-10-181-1/+0
| | | | | | | | | The EasyCLA status check is required so this won't get missed. The old JSF CLA is dead, the provided link doesn't return meaningful information. There's no good replacement link for the old CLA; PR authors are just supposed to sign the new CLA by clicking on a link posted by the EasyCLA bot when they submit their first PR since EasyCLA was enabled for the repo. Closes gh-4937
* build: set up periodic code scanning analysisTimmy Willison2020-06-251-0/+51
|
* Docs: Update Frequently Reported Issues in the GitHub issue templateMichał Gołębiowski-Owczarek2020-06-081-1/+1
| | | | | | | | | | The issue about selectors with '#' being broken is old and no longer frequently reported so this commit removes it from the list. On the other hand, we're now getting lots of reports about the security fix in jQuery 3.5.0 that was also a breaking change: gh-4642. This one is now mentioned in the list. Closes gh-4728 Ref gh-4642
* Build: Advise to create test cases on JS Bin or CodePen, drop JSFiddleMichał Gołębiowski-Owczarek2019-01-291-1/+1
| | | | | | | | | | JSFiddle doesn't support IE (even 11) anymore so we shouldn't advise users to use it to create test cases. To make people have a choice, add CodePen to the list. Also, link to specific starter templates so that novices don't need to spend time thinking how to set up the basic structure. Closes gh-4289
* Misc: Add config for lockbotDave Methvin2018-06-171-0/+13
|
* Build: update PR templateTimmy Willison2017-03-181-1/+5
| | | | - Comment out things we don't need to see in the PR description - Change CLA link
* Docs: Correct typo in issue templateAlex Louden2017-01-051-1/+1
|
* Docs: Remove supported jQuery versions from ISSUE_TEMPLATE.mdMichał Gołębiowski2016-10-311-1/+1
| | | | | | | | We no longer support jQuery 1.x/2.x and mentioning 3.x would just mean the text gets out of date once we release jQuery 4. We only really support the latest jQuery version so let's make that clear. Closes gh-3372
* Docs: Use HTTPS URLs for jsfiddle & jsbinMichał Gołębiowski2016-05-201-1/+1
|
* Docs: Tweak formatting of ISSUE_TEMPLATE.mdMichał Gołębiowski2016-05-201-2/+2
|
* Docs: Add FAQ to reduce noise in issuesDave Methvin2016-04-271-0/+3
|
* Misc: Add issue and pull request templatesDave Methvin2016-04-222-0/+37
Fixes gh-2929 Closes gh-3070