aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Build: Updating the 3.6-stable version to 3.6.5-pre.3.6-stableTimmy Willison2023-03-081-1/+1
|
* Release: add support for md5 sums in windowsTimmy Willison2023-03-081-2/+15
| | | Close gh-5218
* Build: Update Sizzle from 2.3.9 to 2.3.10Michał Gołębiowski-Owczarek2023-02-144-60/+32
| | | | Fixes gh-5194 Closes gh-5209
* Build: Updating the 3.6-stable version to 3.6.4-pre.Timmy Willison2022-12-201-1/+1
|
* Build: remove stale Insight package from custom buildsTimmy Willison2022-12-202-43/+2
| | | Close gh-5180
* Selector: Update Sizzle from 2.3.8 to 2.3.9Michał Gołębiowski-Owczarek2022-12-194-10/+9
| | | | | | Fixes gh-5177 Ref gh-5178 Ref jquery/sizzle#491
* Build: Updating the 3.x-stable version to 3.6.3-pre.Timmy Willison2022-12-131-1/+1
|
* Release: update authorsTimmy Willison2022-12-121-0/+2
|
* Build: Limit permissions for GitHub workflowsAlex2022-12-011-0/+3
| | | | | | | | | | | | | | | | | | | | | | | Add explicit permissions section[^1] to workflows. This is a security best practice because by default workflows run with extended set of permissions[^2] (except from `on: pull_request` from external forks[^3]. By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an injection[^4] or compromised third party tool or action) is restricted. It is recommended to have most strict permissions on the top level[^5] and grant write permissions on job level[^6] on a case by case basis. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions [^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token [^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ [^4]: https://securitylab.github.com/research/github-actions-untrusted-input/ [^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions [^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Closes gh-5119 (cherry picked from commit c909d6b1ff444e68618b6da13d9c21714f681925)
* Build: Test on Node.js 18 & 19, stop testing on Node 12Michał Gołębiowski-Owczarek2022-11-171-1/+1
| | | Closes gh-5161
* Selector:Manipulation: Fix DOM manip within template contentsMichał Gołębiowski-Owczarek2022-11-162-3/+45
| | | | | | | | | | | | | | | | | | | | | | The `<template/>` element `contents` property is a document fragment that may have a `null` `documentElement`. In Safari 16 this happens in more cases due to recent spec changes - in particular, even if that document fragment is explicitly adopted into an outer document. We're testing both of those cases now. The crash used to happen in `jQuery.contains` which is an alias for `Sizzle.contains` in jQuery 3.x. The Sizzle fix is at jquery/sizzle#490, released in Sizzle `2.3.8`. This version of Sizzle is included in the parent commit. A fix similar to the one from gh-5158 has also been applied here to the `selector-native` version. Fixes gh-5147 Closes gh-5159 Ref jquery/sizzle#490 Ref gh-5158
* Selector: Update Sizzle from 2.3.7 to 2.3.8Michał Gołębiowski-Owczarek2022-11-164-7/+14
| | | | | | Fixes gh-5147 Ref gh-5158 Ref jquery/sizzle#490
* Build: Bump actions/setup-node from 3.5.0 to 3.5.1dependabot[bot]2022-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | | Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.5.0...v3.5.1) Closes gh-5153 --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 0208224b5b76d54a39986f78aac97dbf1cccbe38)
* Selector: Update Sizzle from 2.3.6 to 2.3.7Michał Gołębiowski-Owczarek2022-10-044-7/+65
| | | | | | Fixes gh-5098 Closes gh-5135 Ref jquery/sizzle#486 Ref gh-5107
* Build: Update Grunt from 1.4.1 to 1.5.3Michał Gołębiowski-Owczarek2022-10-031-1/+1
| | | | | | | | | | This will resolve the following security issues: * Path Traversal in Grunt: https://github.com/advisories/GHSA-j383-35pm-c5h4 * Race Condition in Grunt: https://github.com/advisories/GHSA-rm36-94g8-835r Closes gh-5134 (cherry picked from commit aa231cd21421503d319ad6068e7df0fb3baa7fea)
* Docs: Update the README of the published packageMichał Gołębiowski-Owczarek2022-10-031-5/+3
| | | | | | | | | | | The previous details were showing their age, e.g. mentions about browsers not supporting ES2015. The story with ES modules is more complex as it's also about loaders but to keep the README simple, let's just make it more up to date with typical usage. Closes gh-5108 (cherry picked from commit edccabf10d37b57cbd4eeebc44f3acb67cb2739c)
* Tests: Remove a workaround for a Firefox XML parsing issueMichał Gołębiowski-Owczarek2022-10-031-7/+1
| | | | | | | | | | | | Firefox 96-100 used to report the column number smaller by 2 than it should in the `parsererror` element generated for invalid XML documents. Since that version range is unsupported now and it includes no ESR versions, the workaround can now be dropped. Closes gh-5109 Ref gh-5018 (cherry picked from commit e7ffe1f135dfa68ce3065b2bd319a29a57866dc6)
* CSS: Return `undefined` for whitespace-only CSS variable values (#5120)Michał Gołębiowski-Owczarek2022-10-032-5/+27
| | | | | | | | | | | | | | | | | | | The spec requires that CSS variable values are trimmed. In browsers that do this - mainly, Safari, but also Firefox if the value only has leading whitespace - we currently return undefined; in other browsers, we return an empty string as the logic to fall back to undefined happens before trimming. This commit adds another explicit callback to `undefined` to have it consistent across browsers. Also, more explicit comments about behaviors we need to work around in various browsers have been added. Closes gh-5120 Ref gh-5106 (cherry picked from commit 7eb0019640a5856c42b451551eb7f995d913eba9)
* Build: Bump actions/setup-node from 3.4.1 to 3.5.0dependabot[bot]2022-10-031-1/+1
| | | | | | | | | | | | | | | | | | | | | Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.4.1...v3.5.0) Closes gh-5133 --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 25400750fb2e08b0a7e1a752a3ca0e9eaec16163)
* Tests: Make Ajax tests pass in iOS 9Michał Gołębiowski-Owczarek2022-09-211-1/+7
| | | | | | | Accept "HTTP/2.0 200" as a valid `statusText` for successful requests to make ajax tests pass in iOS 9. At this point, normalizing this in code doesn't seem to make a lot of sense. Closes gh-5121
* CSS: Don’t trim whitespace of undefined custom propertyAnders Kaseorg2022-09-192-2/+5
| | | | | | | | | Fixes gh-5105 Closes gh-5106 Signed-off-by: Anders Kaseorg <andersk@mit.edu> (cherry picked from commit ed306c0261ab63746040e5d58bb4477c3069a427)
* Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1dependabot[bot]2022-09-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1) Closes gh-5078 (cherry picked from commit 78321f078ce04ce78aeade8e2860ac41d05fae54) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Build: Updating the 3.x-stable version to 3.6.2-pre.Timmy Willison2022-08-261-1/+1
|
* Release: update AUTHORS.txtTimmy Willison2022-08-151-0/+4
|
* Deprecated: Improve $.trim performance for strings with lots of whitespaceVladimir Sitnikov2022-07-201-2/+4
| | | | | | | | | | Regex imp implementation takes `O(N^2)` time to trim the string when multiple adjacent spaces were present. The new expression require that the "whitespace run" starts from a non-whitespace to avoid `O(N^2)` behavior when the engine would try matching `\s+$` at each space position. Closes gh-5068
* Docs: Update webpack website in READMESimon Legner2022-07-121-1/+1
| | | | | | | | Webpack has migrated to https://webpack.js.org/ since version 2. Closes gh-5037 (cherry picked from commit 01819bc3bcc44282e5bb9301c3478d837d1e5152)
* Tests: Exclude tests based on compilation flags, not API presence (3.x version)Michał Gołębiowski-Owczarek2022-07-1224-75/+162
| | | | | | | | | | | | | Introduces a new test API, `includesModule`. The method returns whether a particular module like "ajax" or "deprecated" is included in the current jQuery build; it handles the slim build as well. The util was created so that we don't treat presence of particular APIs to decide whether to run a test as then if we accidentally remove an API, the tests would still not fail. Closes gh-5071 Fixes gh-5069 Ref gh-5046 (partially cherry picked from commit fae5fee8b435cc20352d28b0a384b9784b1ad9ed)
* Build: Update GitHub ActionsMichał Gołębiowski-Owczarek2022-06-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Build(deps): Bump actions/cache from 2 to 3 Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major ... * Build(deps): Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Closes gh-5067 (cherry picked from commit 52f452b2e8881e5ec5c9e880e277c8ecf633e8dc)
* Build: Add dependabot.yml config (GitHub Actions)Christian Oliff2022-06-271-0/+6
| | | | | | | | | This makes dependabot issue automated PRs to update GitHub Action versions monthly. Closes gh-5057 (cherry picked from commit 3f8bb2a46daf76f1427f49810d06a210ffbc7016)
* Build: Test on Node 17, update Grunt & `karma-*` packagesMichał Gołębiowski-Owczarek2022-03-143-24/+47
| | | | | | | | | | | | | | | | | This adds testing on Node.js 17 in addition to the currently tested 10, 12, 14 and 16 versions. Also, update Grunt & `karma-*` packages. Testing in Karma on jsdom is broken in Node 17 at the moment; until we find a fix, this change disables such testing on Node 17 or newer. Node smoke tests & promises aplus tests are disabled on Node.js 10 as they depend on jsdom and the latest jsdom version doesn't run properly on Node 10. Closes gh-5023 (cherry picked from commit 2525cffc42934c0d5c7aa085bc45dd6a8282e840)
* Tests: Workaround an XML parsing bug in FirefoxMichał Gołębiowski-Owczarek2022-02-281-1/+7
| | | | | | | | See https://bugzilla.mozilla.org/show_bug.cgi?id=1751796 Closes gh-5018 (cherry picked from commit af1cd6f218f699abc34b1582a910c0df00312aee)
* Docs: add link to preview the new CLAsTimmy Willison2022-02-071-1/+2
| | | Closes gh-5010
* CSS: Skip falsy values in `addClass( array )`, compress codeMichał Gołębiowski-Owczarek2022-01-252-36/+72
| | | | | | | | | | | | | | | | | | This change makes jQuery skip falsy values in `addClass( array )` & `removeClass( array )` instead of stopping iteration when the first falsy value is detected. This makes code like: ```js elem.addClass( [ "a", "", "b" ] ); ``` add both the `a` & `b` classes. The code was also optimized for size a bit so it doesn't increase the minified gzipped size. Fixes gh-4998 Closes gh-5003 (partially cherry picked from commit a338b407f2479f82df40635055effc163835183f)
* Docs: Replace `#NUMBER` Trac issue references with `trac-NUMBER`Michał Gołębiowski-Owczarek2022-01-1256-398/+404
| | | | | | | | | | | | | | | | | This is a version of gh-4993 for the `3.x-stable` branch. The GitHub UI treats `#NUMBER` as referring to its own issues which is confusing when in jQuery source it's usually referring to the old deprecated Trac instance at https://bugs.jquery.com. This change replaces all such Trac references with `trac-NUMBER`. A few of the references came with the Sizzle integration and referred to the Sizzle GitHub bug tracker. Those have been replaced with full links instead. A new entry describing issue reference conventions has been added to README. Closes gh-4994 Ref gh-4993 Ref 5d5ea015114092c157311c4948f7cc3d8c8e7f8a
* Tests: lock colors version to 1.4.0Timmy Willison2022-01-101-0/+1
|
* Docs: remove expired links from old jquery sourceTimmy Willison2022-01-071-2/+0
| | | | | Ref gh-4981 Ref gh-4991
* Docs: Remove links to Web Archive from sourceMichał Gołębiowski-Owczarek2022-01-042-2/+0
| | | | | | | | | | | Neither of the removed links is crucial; one of them refers to a site that has since started being malicious; while the Web Archive links remain safe, some scanners warn about such links. Removing them is the safest thing to do. Fixes gh-4981 Closes gh-4991 (cherry picked from commit e24f2dcf3f6bda1a672502e0233c732065cbbe89)
* Build: Separate the install step from running tests in GitHub ActionsMichał Gołębiowski-Owczarek2022-01-041-2/+5
| | | | | | | | Also, update the "Run test" label to "Run tests". Closes gh-4992 (cherry picked from commit eef972508c8be6cc3cd0039d34dc9fe16bac916c)
* CSS: Justify use of rtrim on CSS property valuesRichard Gibson2022-01-031-0/+6
| | | | | | | | | | CSS does not acknowledge carriage return or form feed characters as whitespace but it does replace them with whitespace, making it acceptable to use `rtrim`. Closes gh-4956 (cherry picked from commit 655c0ed5e204b1f6427e09d615a49586a7bc84eb)
* Build: remove travis.yml and travis mentions from core (#4984)Timmy Willison2021-12-133-58/+1
| | | We've migrate jquery core to GH actions and have already disabled core builds on travis
* Tests: Skip ETag AJAX tests on TestSwarmMichał Gołębiowski-Owczarek2021-12-011-5/+18
| | | | | | | | | | TestSwarm is now proxied via Cloudflare which cuts out headers relevant for ETag tests, failing them. We're still running those tests in Karma on Chrome & Firefox (including Firefox ESR). Closes gh-4974 (cherry picked from commit 00c060d1619d472a2d8c5b104ed76fa3afc2ce97)
* Tests: Allow statusText to be "success" in AJAX testsMichał Gołębiowski-Owczarek2021-12-011-1/+2
| | | | | | | | | | | | | | | In HTTP/2, status message is not supported and whatever is reported as statusText differs between browsers. In Chrome & Safari it's "success", in Firefox & IE it's "OK". So far "success" wasn't allowed. This made the tests pass locally if you're running an HTTP/1.1 server but on TestSwarm which is now proxied via an HTTP/2-equipped Cloudflare, the relevant test started failing in Chrome & Safari. Allow "success" to resolve the issue. Closes gh-4973 (cherry picked from commit 19ced963c63372eae5aca9e1a4baec80b78a2b8e)
* Build: Migrate CI to GitHub Actionsygj62021-12-012-4/+72
| | | | | | Closes gh-4800 (cherry picked from commit e23190e63cb121da79b92e6641a81a44dcea9252)
* Docs: Update the URL to the latest jQuery build in CONTRIBUTING.mdMichał Gołębiowski-Owczarek2021-11-181-1/+1
| | | | | | | | | | It used to say https://code.jquery.com/jquery.js but that's a frozen URL to jQuery 1.11.1. Let's switch that to the URL to the Git build, i.e. https://releases.jquery.com/git/jquery-git.js. Closes gh-4972 (cherry picked from commit 9bdb16cd19097da67950a707baac3980bda873f3)
* Tests: Disable CSS Custom Properties tests in old Safari/iOSMichał Gołębiowski-Owczarek2021-11-151-1/+11
| | | | | | | | Safari 9.1 & iOS 9.3 support CSS custom properties but that support is buggy which crashes our tests. Disable those tests there. See https://caniuse.com/css-variables Closes gh-4966
* Tests: Make Karma browser timeout larger than the QUnit oneMichał Gołębiowski-Owczarek2021-10-301-0/+4
| | | | | | | | | | | | Since the default Karma browser no activity timeout was lower than the QUnit timeout, a single timing out test was interrupting the whole test run of a browser. The QUnit timeout is set to 1 minute so I set the Karma one to 2 minutes. Closes gh-4943 (cherry picked from commit 4fd6912bfd8fffbfabc98a9b0789d28f10af0914)
* CSS: Remove a redundant extension from rtrimCSS inclusion in curCSSMichał Gołębiowski-Owczarek2021-10-191-1/+1
| | | | This breaks the AMD mode.
* CSS: Trim whitespace surrounding CSS Custom Properties valuesfecore12021-10-186-29/+69
| | | | | | | | | | | The spec has recently changed and CSS Custom Properties values are trimmed now. This change makes jQuery polyfill that new behavior for all browsers. Ref w3c/csswg-drafts#774 Fixes gh-4926 Closes gh-4930 (partially cherry picked from commit efadfe991a5c287af561a9326bf1427d726c91c1)
* Docs: Remove the CLA checkbox in the pull request templateMichał Gołębiowski-Owczarek2021-10-181-1/+0
| | | | | | | | | | | | The EasyCLA status check is required so this won't get missed. The old JSF CLA is dead, the provided link doesn't return meaningful information. There's no good replacement link for the old CLA; PR authors are just supposed to sign the new CLA by clicking on a link posted by the EasyCLA bot when they submit their first PR since EasyCLA was enabled for the repo. Closes gh-4937 (cherry picked from commit e124893132d7a979d7987f978e968a1f889348b6)
* Tests: Don't remove csp.log in the cspClean action of mock.phpMichał Gołębiowski-Owczarek2021-09-301-1/+0
| | | | | | | | | For some reason the current setup worked fine with Apache but broke for me when I migrated to nginx. Closes gh-4936 (cherry picked from commit 1019074f7b1df96ee9d6409ada3dc0562046f6c7)
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-04 04:05:59 +0000