| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v3.3.0...v3.4.1)
Closes gh-5078
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
| |
The third parameter of `jQuery.fn.init` - `root` - was just needed to support
`jQuery.sub`. Since this API has been removed in jQuery 1.9.0 and Migrate 3.x
is not filling it in, this parameter is no longer needed.
This parameter has never been documented but it's safer to remove it in a major
update.
Closes gh-5096
|
|
|
|
|
|
|
|
| |
Without this fix, the layout is fine during the test run but all the CSS is gone
when tests finish and the results are shown.
This affects commands like `grunt karma:chrome-debug`.
Closes gh-5090
|
|
|
|
|
|
|
| |
All links on git.io are deprecated and may stop redirecting at a certain point.
See https://github.blog/changelog/2022-04-25-git-io-deprecation/
Closes gh-5036
|
|
|
|
|
| |
Webpack has migrated to https://webpack.js.org/ since version 2.
Closes gh-5037
|
|
|
|
|
|
|
|
|
|
| |
Introduces a new test API, `includesModule`. The method returns whether
a particular module like "ajax" or "deprecated" is included in the current
jQuery build; it handles the slim build as well. The util was created so that
we don't treat presence of particular APIs to decide whether to run a test as
then if we accidentally remove an API, the tests would still not fail.
Fixes gh-5069
Closes gh-5046
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Build(deps): Bump github/codeql-action from 1 to 2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-major
...
* Build(deps): Bump actions/cache from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-major
...
* Build(deps): Bump actions/setup-node from 2.1.2 to 3.3.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v2.1.2...v3.3.0)
---
updated-dependencies:
- dependency-name: actions/setup-node
dependency-type: direct:production
update-type: version-update:semver-major
...
* Build(deps): Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Closes gh-5067
|
|
|
|
|
|
| |
This makes dependabot issue automated PRs to update
GitHub Action versions monthly.
Closes gh-5057
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds testing on Node.js 17 in addition to the currently tested 10, 12, 14
and 16 versions.
Also, update Grunt & `karma-*` packages.
Testing in Karma on jsdom is broken in Node 17 at the moment; until we find
a fix, this change disables such testing on Node 17 or newer.
Node smoke tests & promises aplus tests are disabled on Node.js 10 as they
depend on jsdom and the latest jsdom version doesn't run properly on Node 10.
Closes gh-5023
|
|
|
|
|
|
|
| |
`jQuery.fx.interval` has been deprecated since jQuery 3.0.0 but it has been
still used in jQuery code until this change. This commit removes the definition
and explicitly uses the `13` number in its place.
Closes gh-5017
|
|
|
|
|
| |
See https://bugzilla.mozilla.org/show_bug.cgi?id=1751796
Closes gh-5018
|
|
|
| |
Close gh-5009
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes jQuery skip falsy values in `addClass( array )`
& `removeClass( array )` instead of stopping iteration when the first falsy
value is detected. This makes code like:
```js
elem.addClass( [ "a", "", "b" ] );
```
add both the `a` & `b` classes.
The code was also optimized for size a bit so it doesn't increase the
minified gzipped size.
Fixes gh-4998
Closes gh-5003
|
|
|
|
|
|
|
|
|
|
| |
Without this fix calling `jQuery.uniqueSort` on an array-like can result in:
TypeError: results.splice is not a function
at Function.jQuery.uniqueSort (https://code.jquery.com/jquery-git.js:664:12)
at jQuery.fn.init.find (https://code.jquery.com/jquery-git.js:2394:27)
at gocusihafe.js:3:4
Closes gh-4986
|
|
|
|
|
|
|
|
| |
PR gh-4993 changed a few too many issue references to `trac-NUMBER` ones. This
change fixes them. It also fixes a typo in one Trac issue number in selector
tests.
Ref gh-4993
Closes gh-4995
|
| |
|
|
|
|
| |
Ref gh-4981
Ref gh-4991
|
|
|
|
|
|
|
|
| |
Neither of the removed links is crucial; one of them refers to a site that has
since started being malicious; while the Web Archive links remain safe, some
scanners warn about such links. Removing them is the safest thing to do.
Fixes gh-4981
Closes gh-4991
|
|
|
|
|
| |
Also, update the "Run test" label to "Run tests".
Closes gh-4992
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The GitHub UI treats `#NUMBER` as referring to its own issues which is confusing
when in jQuery source it's usually referring to the old deprecated Trac instance
at https://bugs.jquery.com. This change replaces all such Trac references with
`trac-NUMBER`.
A few of the references came with the Sizzle integration and referred to the
Sizzle GitHub bug tracker. Those have been replaced with full links instead.
A new entry describing issue reference conventions has been added to README.
Closes gh-4993
|
|
|
|
|
|
|
| |
CSS does not acknowledge carriage return or form feed characters
as whitespace but it does replace them with whitespace, making it
acceptable to use `rtrim`.
Closes gh-4956
|
|
|
|
| |
We've migrated to GH actions on jQuery core and have already disabled travis builds for core.
|
|
|
|
|
|
|
| |
TestSwarm is now proxied via Cloudflare which cuts out headers relevant for
ETag tests, failing them. We're still running those tests in Karma on Chrome
& Firefox (including Firefox ESR).
Closes gh-4974
|
|
|
|
|
|
|
|
|
|
|
|
| |
In HTTP/2, status message is not supported and whatever is reported as
statusText differs between browsers. In Chrome & Safari it's "success", in
Firefox & IE it's "OK". So far "success" wasn't allowed. This made the tests
pass locally if you're running an HTTP/1.1 server but on TestSwarm which is
now proxied via an HTTP/2-equipped Cloudflare, the relevant test started failing
in Chrome & Safari.
Allow "success" to resolve the issue.
Closes gh-4973
|
|
|
| |
Closes gh-4800
|
|
|
|
|
|
|
| |
It used to say https://code.jquery.com/jquery.js but that's a frozen URL
to jQuery 1.11.1. Let's switch that to the URL to the Git build, i.e.
https://releases.jquery.com/git/jquery-git.js.
Closes gh-4972
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stringifying attributes in the setter was needed for IE <=9 but it breaks
trusted types enforcement when setting a script `src` attribute.
Note that this doesn't mean script execution works. Since jQuery disables all
scripts by changing their type and then executes them by creating fresh script
tags with proper `src` & possibly other attributes, this unwraps any trusted
`src` wrappers, making the script not execute under strict CSP settings.
We might try to fix it in the future in a separate change.
Fixes gh-4948
Closes gh-4949
|
|
|
|
|
|
|
|
|
| |
Since the default Karma browser no activity timeout was lower than the QUnit
timeout, a single timing out test was interrupting the whole test run of
a browser.
The QUnit timeout is set to 1 minute so I set the Karma one to 2 minutes.
Closes gh-4943
|
|
|
|
|
|
|
|
|
|
| |
Latest `main` started failing the build after some transitive dependencies
got updated, incorrectly recognizing some files with default exports as unused.
Since the new ESLint no longer supports Node 10 which we have to build on due
to use in our CI, skip ESLint in Node 10.
Ref gh-3225
Closes gh-4961
|
|
|
|
|
|
|
|
|
| |
The EasyCLA status check is required so this won't get missed. The old JSF CLA
is dead, the provided link doesn't return meaningful information. There's no
good replacement link for the old CLA; PR authors are just supposed to sign the
new CLA by clicking on a link posted by the EasyCLA bot when they submit their
first PR since EasyCLA was enabled for the repo.
Closes gh-4937
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures HTML wrapped in TrustedHTML can be used as an input to jQuery
manipulation methods in a way that doesn't violate the
`require-trusted-types-for` Content Security Policy directive.
This commit builds on previous work needed for trusted types support, including
gh-4642 and gh-4724.
One restriction is that while any TrustedHTML wrapper should work as input
for jQuery methods like `.html()` or `.append()`, for passing directly to the
`jQuery` factory the string must start with `<` and end with `>`; no trailing
or leading whitespaces are allowed. This is necessary as we cannot parse out
a part of the input for further construction; that would violate the CSP rule -
and that's what's done to HTML input not matching these constraints.
No trusted types API is used explicitly in source; the majority of the work is
ensuring we don't pass the input converted to string to APIs that would
eventually assign it to `innerHTML`. This extra cautiousness is caused by the
API being Blink-only, at least for now.
The ban on passing strings to `innerHTML` means support tests relying on such
assignments are impossible. We don't currently have such tests on the `main`
branch but we used to have many of them in the 3.x & older lines. If there's
a need to re-add such a test, we'll need an escape hatch to skip them for apps
needing CSP-enforced TrustedHTML.
See https://web.dev/trusted-types/ for more information about TrustedHTML.
Fixes gh-4409
Closes gh-4927
Ref gh-4642
Ref gh-4724
|
|
|
|
|
|
| |
For some reason the current setup worked fine with Apache but broke for me when
I migrated to nginx.
Closes gh-4936
|
| |
|
|
|
|
|
|
|
|
| |
The spec has recently changed and CSS Custom Properties values are trimmed now.
This change makes jQuery polyfill that new behavior for all browsers.
Ref w3c/csswg-drafts#774
Fixes gh-4926
Closes gh-4930
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When evaluating scripts, jQuery strips out the possible wrapping HTML comment
and a CDATA section. However, all supported browsers are already doing that
when loading JS via appending a script tag to the DOM which is how we've been
doing `jQuery.globalEval` since jQuery 3.0.0. jQuery logic was imperfect, e.g.
it just stripped the `<!--` and `-->` markers, respectively at the beginning or
the end of the script contents. However, browsers are also stripping everything
following those markers in the same line, treating them as single-line comments
delimiters; this is now also mandated by ECMAScript 2015 in Annex B. Instead
of fixing the jQuery logic, just let the browser do its thing.
We also used to strip CDATA sections. However, this shouldn't be needed as in
XML documents they're already not visible when inspecting element contents and
in HTML documents they have no meaning. We've preserved that behavior for
backwards compatibility in 3.x but we're removing it for 4.0.
Fixes gh-4904
Closes gh-4906
|
|
|
|
|
|
| |
Node.js 10 is kept for now despite being EOL'd as that's what our current
infrastructure relies on.
Closes gh-4902
|
|
|
|
|
| |
Also, remove unused `expected` property in `css` test cases.
Closes gh-4866
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `_default` function in the special event settings for focus/blur has
always returned `true` since gh-4813 as the event was already being fired
from `leverageNative`. However, that only works if there's an active handler
on that element; this made a quick consecutive call:
```js
elem.on( "focus", function() {} ).off( "focus" );
```
make subsequent `.trigger( "focus" )` calls to not do any triggering.
The solution, already used in a similar `_default` method for the `click` event,
is to check for the `dataPriv` entry on the element for the focus event
(similarly for blur).
Fixes gh-4867
Closes gh-4885
|
|
|
|
|
|
|
|
|
|
|
| |
Only allow alphanumeric characters & underscores for callback parameters.
The change is done both for the PHP server as well as the Node.js-based version.
This is only test code so we're not fixing any security issue but it happens
often enough that the whole jQuery repository directory structure is deployed
onto the server with PHP enabled that it makes is easy to introduce security
issues if this cleanup is not done.
Ref gh-4764
Closes gh-4871
|
|
|
|
|
|
|
| |
Chrome & Firefox now support complex `:not()` selectors so those test can run
in them even without custom jQuery selector code. In the past, it was only
possible in Safari, now we only need to exclude IE.
Closes gh-4864
|
|
|
|
|
|
|
| |
That package was missed in gh-4865 as it only broke browsers needing the
polyfill which is just IE at the moment. Thus, it broke Core tests in IE only.
Ref gh-4865
Closes gh-4870
|
|
|
|
|
|
|
|
|
|
|
|
| |
In gh-4466, we removed the `external` directory in favor of loading some files
directly from `node_modules`. This works fine locally but when deploying code
for tests, this makes it impossible to not deploy `node_modules` as well. To
avoid the issue, this change restores usage of the `external` directory.
One change is that we no longer commit this directory to the repository, its
only purpose is to have clear isolation from `node_modules`.
Ref gh-4466
Closess gh-4865
|
| |
|
|
|
|
| |
- Remove unused npm dependency
|
|
|
|
|
|
|
|
|
|
| |
* Support: ensure display is set to block for the support div
- Fixes an issue with the support test in iframes in Android 8 Chrome 86+,
where display: inline resulted in unexpected height values.
Close gh-4845
Fixes gh-4832
|
|
|
|
|
|
| |
The default branch was updated, this updates the remaining occurrences in code
& comments.
Closes gh-4838
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PR gh-2588 made jQuery stop auto-execute cross-domain scripts unless
`dataType: "script"` was explicitly provided; this change landed in jQuery
3.0.0. This change extends that logic same-domain scripts as well.
After this change, to request a script under a provided URL to be evaluated,
you need to provide `dataType: "script` in `jQuery.ajax` options or to use
`jQuery.getScript`.
Fixes gh-4822
Closes gh-4825
Ref gh-2432
Ref gh-2588
|
|
|
| |
Closes gh-4828
|