Update to jQuery 3.2.1

8 years ago · 034fe58098
parent 18b7d13fc6
commit 034fe58098
6 changed files with 86 additions and 112 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 /js-jquery-4dec426aa2a6cbabb1b064319ba7c272d594a688.tar.gz
 /js-jquery-8f2a9d9272d6ed7f32d3a484740ab342c02541e0.tar.gz
 /jquery-2.2.4.tar.gz
 /jquery-3.2.1.tar.gz
--- a/disable-insight-tracking.patch
+++ b/disable-insight-tracking.patch
@ -0,0 +1,60 @@
 diff --git a/build/tasks/build.js b/build/tasks/build.js
 index 69916bf..58e65ad 100644
 --- a/build/tasks/build.js
 +++ b/build/tasks/build.js
@@ -10,7 +10,6 @@ module.exports = function( grunt ) {
 	var fs = require( "fs" ),
 		requirejs = require( "requirejs" ),
 -		Insight = require( "insight" ),
 		pkg = require( "../../package.json" ),
 		srcFolder = __dirname + "/../../src/",
 		rdefineEnd = /\}\s*?\);[^}\w]*$/,
@@ -337,46 +336,16 @@ module.exports = function( grunt ) {
 	grunt.registerTask( "custom", function() {
 		var args = this.args,
 			modules = args.length ? args[ 0 ].replace( /,/g, ":" ) : "",
 -			done = this.async(),
 -			insight = new Insight( {
 -				trackingCode: "UA-1076265-4",
 -				pkg: pkg
 -			} );
 +			done = this.async();
 		function exec( trackingAllowed ) {
 -			var tracks = args.length ? args[ 0 ].split( "," ) : [];
 			var defaultPath = [ "build", "custom" ];
 -			tracks = tracks.map( function( track ) {
 -				return track.replace( /\//g, "+" );
 -			} );
 -
 -			if ( trackingAllowed ) {
 -
 -				// Track individuals
 -				tracks.forEach( function( module ) {
 -					var path = defaultPath.concat( [ "individual" ], module );
 -
 -					insight.track.apply( insight, path );
 -				} );
 -
 -				// Track full command
 -				insight.track.apply( insight, defaultPath.concat( [ "full" ], tracks ) );
 -			}
 -
 			grunt.task.run( [ "build:*:*" + ( modules ? ":" + modules : "" ), "uglify", "dist" ] );
 			done();
 		}
 		grunt.log.writeln( "Creating custom build...\n" );
 -		// Ask for permission the first time
 -		if ( insight.optOut === undefined ) {
 -			insight.askPermission( null, function( error, result ) {
 -				exec( result );
 -			} );
 -		} else {
 -			exec( !insight.optOut );
 -		}
 	} );
 };
--- a/js-jquery-disable-gzip-js.patch
+++ b/js-jquery-disable-gzip-js.patch
@ -1,11 +1,14 @@
 diff --git a/Gruntfile.js b/Gruntfile.js
 index 12ae008..5d541f2 100644
 --- a/Gruntfile.js
 +++ b/Gruntfile.js
-@@ -13,7 +13,6 @@ module.exports = function( grunt ) {
+@@ -12,8 +12,7 @@ module.exports = function( grunt ) {
 		return data;
 	}
- 	var fs = require( "fs" ),
+-	var fs = require( "fs" ),
- 		stripJSONComments = require( "strip-json-comments" ),
+-		gzip = require( "gzip-js" );
-		gzip = require( "gzip-js" ),
+	var fs = require( "fs" );
 		srcHintOptions = readOptionalJSON( "src/.jshintrc" ),
 		newNode = !/^v0/.test( process.version ),
 	if ( !grunt.option( "filename" ) ) {
 		grunt.option( "filename", "jquery.js" );
--- a/js-jquery.spec
+++ b/js-jquery.spec
@ -1,6 +1,6 @@
 Name:           js-jquery
-Version:        2.2.4
+Version:        3.2.1
-Release:        3%{?dist}
+Release:        1%{?dist}
 Summary:        JavaScript DOM manipulation, event handling, and AJAX library
 BuildArch:      noarch
@ -14,8 +14,9 @@ Source0:        https://github.com/jquery/jquery/archive/%{version}/jquery-%{ver
 # disable gzip-js during build
 Patch1:         %{name}-disable-gzip-js.patch
-# backport of XSS bug fix from upstream; upstream fixed in 3.0.0 and newer
+
-Patch2:         xss-fix-b078a62.patch
+# disable missing insight module
 Patch2:         disable-insight-tracking.patch
 BuildRequires:  web-assets-devel
 BuildRequires:  nodejs-packaging
@ -23,8 +24,8 @@ BuildRequires:  js-sizzle-static
 Provides:       jquery = %{version}-%{release}
 Provides:       %{name}-static = %{version}-%{release}
-Provides:       %{name}2 = %{version}-%{release}
+Provides:       %{name}%{ver_x} = %{version}-%{release}
-Provides:       %{name}2-static = %{version}-%{release}
+Provides:       %{name}%{ver_x}-static = %{version}-%{release}
 BuildRequires:  nodejs-grunt >= 0.4.4-3
 BuildRequires:  npm(shelljs)
@ -45,10 +46,7 @@ browsers. With a combination of versatility and extensibility, jQuery has
 changed the way that millions of people write JavaScript.
 %prep
-# autosetup doesn't work right on epel7 branch
+%autosetup -p1 -n jquery-%{version}
 %setup -qn jquery-%{version}
 %patch1 -p1
 %patch2 -p1
 #remove precompiled stuff
 rm -rf dist/* src/sizzle
@ -88,6 +86,9 @@ ln -s %{version} %{installdir}/%{ver_x}.%{ver_y}
 %changelog
 * Wed Apr 12 2017 Christopher Tubbs <ctubbsii@fedoraproject.org> - 3.2.1-1
 - Update to jQuery 3.2.1
 * Tue Apr 11 2017 Christopher Tubbs <ctubbsii@fedoraproject.org> - 2.2.4-3
 - Update provides in prep for js-jquery package rename to js-jquery2
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (jquery-2.2.4.tar.gz) = bd1176286451adeaa8c18eb98e01e8b91e45157f7263907772d637a2c15b8ac27b780be14983c4abcff5def668323beab9a6889d8da4beb6c2c06fae1f5bed1d
+SHA512 (jquery-3.2.1.tar.gz) = c237b4de4e7d31cde8f8de2493ae92f7db1d504b83f24808738066bdaa7c906f3b6f819eeff1bb90881cbbccd1d32fbc06f63e847c13548adc92671d796bf336
--- a/xss-fix-b078a62.patch
+++ b/xss-fix-b078a62.patch
@ -1,91 +0,0 @@
 From b078a62013782c7424a4a61a240c23c4c0b42614 Mon Sep 17 00:00:00 2001
 From: Oleg Gaidarenko <markelog@gmail.com>
 Date: Thu, 10 Sep 2015 13:40:00 +0300
 Subject: [PATCH] Ajax: Mitigate possible XSS vulnerability
 Proposed by @jaubourg
 Fixes gh-2432
 Closes gh-2588
 ---
 src/ajax/script.js |  7 +++++++
 test/unit/ajax.js  | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+), 0 deletion(-)
 diff --git a/src/ajax/script.js b/src/ajax/script.js
 index 60b1fb6..0ec27b4 100644
 --- a/src/ajax/script.js
 +++ b/src/ajax/script.js
@@ -4,6 +4,13 @@ define( [
 	"../ajax"
 ], function( jQuery, document ) {
 +// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
 +jQuery.ajaxPrefilter( function( s ) {
 +    if ( s.crossDomain ) {
 +        s.contents.script = false;
 +    }
 +} );
 +
 // Install script dataType
 jQuery.ajaxSetup( {
 	accepts: {
 diff --git a/test/unit/ajax.js b/test/unit/ajax.js
 index 14fe0be..6479587 100644
 --- a/test/unit/ajax.js
 +++ b/test/unit/ajax.js
@@ -71,6 +71,54 @@ QUnit.module( "ajax", {
 		};
 	} );
 +	ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
 +		return {
 +			create: function( options ) {
 +				options.crossDomain = true;
 +				return jQuery.ajax( url( "data/script.php?header=ecma" ), options );
 +			},
 +			success: function() {
 +				assert.ok( true, "success" );
 +			},
 +			complete: function() {
 +				assert.ok( true, "complete" );
 +			}
 +		};
 +	} );
 +
 +	ajaxTest( "jQuery.ajax() - execute js for crossOrigin when dataType option is provided", 3,
 +		function( assert ) {
 +			return {
 +				create: function( options ) {
 +					options.crossDomain = true;
 +					options.dataType = "script";
 +					return jQuery.ajax( url( "data/script.php?header=ecma" ), options );
 +				},
 +				success: function() {
 +					assert.ok( true, "success" );
 +				},
 +				complete: function() {
 +					assert.ok( true, "complete" );
 +				}
 +			};
 +		}
 +	);
 +
 +	ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
 +		return {
 +			create: function( options ) {
 +				options.crossDomain = true;
 +				return jQuery.ajax( url( "data/script.php" ), options );
 +			},
 +			success: function() {
 +				assert.ok( true, "success" );
 +			},
 +			complete: function() {
 +				assert.ok( true, "complete" );
 +			}
 +		};
 +	} );
 +
 	ajaxTest( "jQuery.ajax() - success callbacks (late binding)", 8, function( assert ) {
 		return {
 			setup: addGlobalEvents( "ajaxStart ajaxStop ajaxSend ajaxComplete ajaxSuccess", assert ),
`@ -1 +1 @@`
	`SHA512 (jquery-2.2.4.tar.gz) = bd1176286451adeaa8c18eb98e01e8b91e45157f7263907772d637a2c15b8ac27b780be14983c4abcff5def668323beab9a6889d8da4beb6c2c06fae1f5bed1d`	`SHA512 (jquery-3.2.1.tar.gz) = c237b4de4e7d31cde8f8de2493ae92f7db1d504b83f24808738066bdaa7c906f3b6f819eeff1bb90881cbbccd1d32fbc06f63e847c13548adc92671d796bf336`