Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump jquery from 3.3.1 to 3.5.1 #27266

Merged
merged 3 commits into from
Nov 19, 2021
Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 29, 2021

Bumps jquery from 3.3.1 to 3.6.0 3.5.1.

Release notes

Sourced from jquery's releases.

jQuery 3.6.0 Released!

https://blog.jquery.com/2021/03/02/jquery-3-6-0-released/

jQuery 3.5.0 Released!

See the blog post: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ and the upgrade guide: https://jquery.com/upgrade-guide/3.5/

NOTE: Despite being a minor release, this update includes a breaking change that we had to make to fix a security issue ( CVE-2020-11022). Please follow the blog post & the upgrade guide for more details.

Commits
  • 0cc1ad6 3.6.0
  • aed59da Release: remove the need to install grunt globally
  • 8606ce4 Release: update version to 3.6.0-pre
  • 8b50fbe Release: drop the need for npm as a local dependency
  • a21a4b2 Release: upgrade release dependencies
  • c208deb Release: update AUTHORS.txt
  • 1654874 Selector: Update Sizzle from 2.3.5 to 2.3.6
  • f8bdb12 Support: ensure display is set to block for the support div (#4844)
  • 627c573 Build: Rename master to main across the repository
  • 15b62a2 Deferred: Rename master to primary
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @nextcloud-command.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Copy link
Member

@nextcloud-bot nextcloud-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github May 29, 2021

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from 92ce213 to e36b835 Compare May 29, 2021 13:14
Copy link
Member

@nextcloud-bot nextcloud-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from e36b835 to bb613d1 Compare May 31, 2021 08:36
Copy link
Member

@nextcloud-bot nextcloud-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from bb613d1 to 951a2dc Compare June 8, 2021 21:59
Copy link
Member

@nextcloud-bot nextcloud-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from 951a2dc to a291a7a Compare June 12, 2021 03:06
Copy link
Member

@nextcloud-bot nextcloud-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@juliusknorr juliusknorr added this to the Nextcloud 23 milestone Jun 22, 2021
Copy link
Member

@juliusknorr juliusknorr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs some further careful testing as this showed some issues in #24107

@juliusknorr juliusknorr added 2. developing Work in progress and removed 3. to review Waiting for reviews labels Jun 23, 2021
@skjnldsv

This comment has been minimized.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from a291a7a to 8efc70b Compare July 23, 2021 06:59
Copy link
Member

@nextcloud-bot nextcloud-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from 8efc70b to 415e1b3 Compare July 28, 2021 16:07
Copy link
Contributor

@nextcloud-command nextcloud-command left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dependabot merge

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from 415e1b3 to 70bda72 Compare July 28, 2021 22:41
@PVince81 PVince81 force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from 440cd2d to 30d72cb Compare October 27, 2021 07:39
@PVince81
Copy link
Member

fix for the share button is here: 30d72cb

let's see if more tests pass now...

@PVince81
Copy link
Member

cool, only one failing JS test remains:

1) triggers default action when clicking on the thumbnail
     OCA.Files.MainFileInfoDetailView tests events
     Expected false to equal true.
    at Object.<anonymous> (apps/files/tests/js/mainfileinfodetailviewSpec.js:265:37)

@PVince81
Copy link
Member

I wasn't able to find this view in the UI so couldn't test.
It looks like MainFileInfoView is not even used any more since the move to Vue, so probably we could just delete the test or even remove the class. (but need to be careful if a backport is needed)

@PVince81
Copy link
Member

regardless, I tried to debug the failing test and noticed that the "thumbnail" div is getting rendered twice, somehow it again seems like a problem with Handlebars like with the previous issues.

I'm wondering if jquery is causing side effects with Handlebars or if Handlebars is using jquery internally...

@PVince81
Copy link
Member

alright, I managed to fix it... once again there was an HTML element <div ... /> and if I make if it into <div ...></div> it renders properly... this looks suspicious and it's likely that other templates will break...

@PVince81
Copy link
Member

alright, so this is a jquery 3.5 thing: https://jquery.com/upgrade-guide/3.5/

it is said that for all div, p and span they must not be self-closing... so it means need to check all apps that use jquery still to make sure they work correctly

which means this update is likely not safely backportable

@skjnldsv FYI

@MichaIng
Copy link
Member

Great debugging, many thanks! That this may break apps, including custom ones, is an issue I guess, not only for backports. I'd personally still vote for merging it with NC24, also since the global jQuery is deprecated for a long time, in favour of shipping an own one for apps, but I guess that Nextcloud practice enforces a conservative approach.

@MichaIng MichaIng added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Nov 18, 2021
dependabot bot and others added 2 commits November 18, 2021 15:41
Bumps [jquery](https://github.com/jquery/jquery) from 3.3.1 to 3.6.0.
- [Release notes](https://github.com/jquery/jquery/releases)
- [Commits](jquery/jquery@3.3.1...3.6.0)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
Expanded the empty span tag to resolve issue with wrong appending done
by either handlebars or jquery.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
@MichaIng MichaIng force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from 22c87d8 to ec9ea7b Compare November 18, 2021 14:42
@PVince81
Copy link
Member

restarted build due to weird failure

@MichaIng
Copy link
Member

Ah sorry, when rebaseing and resolving conflicts, I removed the compiled JS changes but didn't do /compile amend / yet.

@MichaIng
Copy link
Member

/compile amend /

Since the jquery update to 3.5.0, it seems Handlebars doesn't correctly
render self-closed elements. This fixes mainfileinfodetailsview template
to not use self-closed elements and fixes the JS unit tests.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
@nextcloud-command nextcloud-command force-pushed the dependabot/npm_and_yarn/jquery-3.6.0 branch from ec9ea7b to 49e35ff Compare November 19, 2021 13:42
@PVince81
Copy link
Member

approved by three bots but only one human, haha

I agree with moving forward with this early in NC 24 so that apps can adjust when needed

@MichaIng
Copy link
Member

MichaIng commented Nov 19, 2021

I agree with moving forward with this early in NC 24 so that apps can adjust when needed

Good argument to merge it as early as possible into a new major NC version. I won't approve simply because I cannot estimate how many apps may be affected by this and whether it's better to have the need for removing the self-closing tags removed somehow announced to (app) developers earlier. So better if a second person with more insights does this. But otherwise the global jQuery has been deprecated a long time ago: https://github.com/nextcloud/server/blob/4322aab/core/src/globals.js#L105

There are so many more deprecation messages with a removal announced for NC 20 already. Probably it makes sense to be stricter with such announcements, else developers won't take them serious anymore and we're in a vicious cycle or not being able to get rid of deprecated code. Of course this means that migrating related code in core can be assured until the deadline, which is by far not the case currently 😉.

@dependabot dependabot bot merged commit 11c29c1 into master Nov 19, 2021
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/jquery-3.6.0 branch November 19, 2021 14:28
@PVince81
Copy link
Member

@MichaIng I just came here to approve but our robots overlord already overruled

@MichaIng
Copy link
Member

MichaIng commented Nov 19, 2021

Ah of course the bots merge autonomously when CI passes, sometimes I forget about that. Should be fine, and as last resort it can be easily reverted before NC24 enters RC stage.

@PVince81
Copy link
Member

ok, so this only updated to 3.5.1 according to package.lock.
I'll adjust the title accordingly.

now either we need to wait for the bot to make the proposal for 3.6.0 or do it manually?

@PVince81 PVince81 changed the title Bump jquery from 3.3.1 to 3.6.0 Bump jquery from 3.3.1 to 3.5.1 Nov 19, 2021
@MichaIng
Copy link
Member

Probably we can wait for the weekly dependabot check tomorrow (at Saturdays).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants