Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 17 commits
- 20 files changed
- 5 contributors
Commits on Aug 26, 2022
Commits on Sep 12, 2022
-
Upgrade: Bump actions/setup-node from 3.3.0 to 3.4.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v3.3.0...v3.4.1) Closes gh-5078 (cherry picked from commit 78321f0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Commits on Sep 19, 2022
-
CSS: Don’t trim whitespace of undefined custom property
Fixes gh-5105 Closes gh-5106 Signed-off-by: Anders Kaseorg <[email protected]> (cherry picked from commit ed306c0)
Commits on Sep 21, 2022
-
Tests: Make Ajax tests pass in iOS 9
Accept "HTTP/2.0 200" as a valid `statusText` for successful requests to make ajax tests pass in iOS 9. At this point, normalizing this in code doesn't seem to make a lot of sense. Closes gh-5121
Commits on Oct 3, 2022
-
Build: Bump actions/setup-node from 3.4.1 to 3.5.0
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.4.1 to 3.5.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v3.4.1...v3.5.0) Closes gh-5133 --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 2540075)
-
CSS: Return
undefinedfor whitespace-only CSS variable values (#5120)The spec requires that CSS variable values are trimmed. In browsers that do this - mainly, Safari, but also Firefox if the value only has leading whitespace - we currently return undefined; in other browsers, we return an empty string as the logic to fall back to undefined happens before trimming. This commit adds another explicit callback to `undefined` to have it consistent across browsers. Also, more explicit comments about behaviors we need to work around in various browsers have been added. Closes gh-5120 Ref gh-5106 (cherry picked from commit 7eb0019)
-
Tests: Remove a workaround for a Firefox XML parsing issue
Firefox 96-100 used to report the column number smaller by 2 than it should in the `parsererror` element generated for invalid XML documents. Since that version range is unsupported now and it includes no ESR versions, the workaround can now be dropped. Closes gh-5109 Ref gh-5018 (cherry picked from commit e7ffe1f)
-
Docs: Update the README of the published package
The previous details were showing their age, e.g. mentions about browsers not supporting ES2015. The story with ES modules is more complex as it's also about loaders but to keep the README simple, let's just make it more up to date with typical usage. Closes gh-5108 (cherry picked from commit edccabf)
-
Build: Update Grunt from 1.4.1 to 1.5.3
This will resolve the following security issues: * Path Traversal in Grunt: GHSA-j383-35pm-c5h4 * Race Condition in Grunt: GHSA-rm36-94g8-835r Closes gh-5134 (cherry picked from commit aa231cd)
Commits on Oct 4, 2022
-
Selector: Update Sizzle from 2.3.6 to 2.3.7
Fixes gh-5098 Closes gh-5135 Ref jquery/sizzle#486 Ref gh-5107
Commits on Nov 1, 2022
-
Build: Bump actions/setup-node from 3.5.0 to 3.5.1
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v3.5.0...v3.5.1) Closes gh-5153 --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 0208224)
Commits on Nov 16, 2022
-
Selector:Manipulation: Fix DOM manip within template contents
The `<template/>` element `contents` property is a document fragment that may have a `null` `documentElement`. In Safari 16 this happens in more cases due to recent spec changes - in particular, even if that document fragment is explicitly adopted into an outer document. We're testing both of those cases now. The crash used to happen in `jQuery.contains` which is an alias for `Sizzle.contains` in jQuery 3.x. The Sizzle fix is at jquery/sizzle#490, released in Sizzle `2.3.8`. This version of Sizzle is included in the parent commit. A fix similar to the one from gh-5158 has also been applied here to the `selector-native` version. Fixes gh-5147 Closes gh-5159 Ref jquery/sizzle#490 Ref gh-5158
Commits on Nov 17, 2022
Commits on Dec 1, 2022
-
Build: Limit permissions for GitHub workflows
Add explicit permissions section[^1] to workflows. This is a security best practice because by default workflows run with extended set of permissions[^2] (except from `on: pull_request` from external forks[^3]. By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an injection[^4] or compromised third party tool or action) is restricted. It is recommended to have most strict permissions on the top level[^5] and grant write permissions on job level[^6] on a case by case basis. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions [^2]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token [^3]: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ [^4]: https://securitylab.github.com/research/github-actions-untrusted-input/ [^5]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions [^6]: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs Closes gh-5119 (cherry picked from commit c909d6b)
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 3.6.1...3.6.2