Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from
0.3.19 to 0.3.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/tracing/releases">tracing-subscriber's
releases</a>.</em></p>
<blockquote>
<h2>tracing-subscriber 0.3.20</h2>
<p><strong>Security Fix</strong>: ANSI Escape Sequence Injection
(CVE-TBD)</p>
<h2>Impact</h2>
<p>Previous versions of tracing-subscriber were vulnerable to ANSI
escape sequence injection attacks. Untrusted user input containing ANSI
escape sequences could be injected into terminal output when logged,
potentially allowing attackers to:</p>
<ul>
<li>Manipulate terminal title bars</li>
<li>Clear screens or modify terminal display</li>
<li>Potentially mislead users through terminal manipulation</li>
</ul>
<p>In isolation, impact is minimal, however security issues have been
found in terminal emulators that enabled an attacker to use ANSI escape
sequences via logs to exploit vulnerabilities in the terminal
emulator.</p>
<h2>Solution</h2>
<p>Version 0.3.20 fixes this vulnerability by escaping ANSI control
characters in when writing events to destinations that may be printed to
the terminal.</p>
<h2>Affected Versions</h2>
<p>All versions of tracing-subscriber prior to 0.3.20 are affected by
this vulnerability.</p>
<h2>Recommendations</h2>
<p>Immediate Action Required: We recommend upgrading to
tracing-subscriber 0.3.20 immediately, especially if your
application:</p>
<ul>
<li>Logs user-provided input (form data, HTTP headers, query parameters,
etc.)</li>
<li>Runs in environments where terminal output is displayed to
users</li>
</ul>
<h2>Migration</h2>
<p>This is a patch release with no breaking API changes. Simply update
your Cargo.toml:</p>
<pre lang="toml"><code>[dependencies]
tracing-subscriber = "0.3.20"
</code></pre>
<h2>Acknowledgments</h2>
<p>We would like to thank <a href="http://github.com/zefr0x">zefr0x</a>
who responsibly reported the issue at
<code>security@tokio.rs</code>.</p>
<p>If you believe you have found a security vulnerability in any
tokio-rs project, please email us at <code>security@tokio.rs</code>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4c52ca5266"><code>4c52ca5</code></a>
fmt: fix ANSI escape sequence injection vulnerability (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3368">#3368</a>)</li>
<li><a
href="f71cebe41e"><code>f71cebe</code></a>
subscriber: impl Clone for EnvFilter (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3360">#3360</a>)</li>
<li><a
href="3a1f571102"><code>3a1f571</code></a>
Fix CI (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3361">#3361</a>)</li>
<li><a
href="e63ef57f3d"><code>e63ef57</code></a>
chore: prepare tracing-attributes 0.1.30 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3316">#3316</a>)</li>
<li><a
href="6e59a13b1a"><code>6e59a13</code></a>
attributes: fix tracing::instrument regression around shadowing (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3311">#3311</a>)</li>
<li><a
href="e4df761275"><code>e4df761</code></a>
tracing: update core to 0.1.34 and attributes to 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3305">#3305</a>)</li>
<li><a
href="643f392ebb"><code>643f392</code></a>
chore: prepare tracing-attributes 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3304">#3304</a>)</li>
<li><a
href="d08e7a6eea"><code>d08e7a6</code></a>
chore: prepare tracing-core 0.1.34 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3302">#3302</a>)</li>
<li><a
href="6e70c571d3"><code>6e70c57</code></a>
tracing-subscriber: count numbers of enters in <code>Timings</code> (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/2944">#2944</a>)</li>
<li><a
href="c01d4fd9de"><code>c01d4fd</code></a>
fix docs and enable CI on <code>main</code> branch (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3295">#3295</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.19...tracing-subscriber-0.3.20">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/servo/servo/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Euclid Ye <euclid.ye@huawei.com>
According to the WebGPU specification there are the dedicated task
source
which is used to queue a global task for a GPUDevice on content
timeline.
https://gpuweb.github.io/gpuweb/#-webgpu-task-source
Tasks on content timeline:
- to fire "uncaptureevent" event
- to resolve GPUDevice.lost promise
Also fixed the "isTrusted" attribute status (false -> true) of the
"uncaptureevent" event by using non JS version of event dispatching.
Testing: No changes in WebGPU CTS expectations
- webgpu:api,operation,uncapturederror:*
- webgpu:api,operation,device,lost:*
- webgpu:api,validation,state,device_lost,destroy:*
Signed-off-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Co-authored-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Creates schemas to hold index information. These tables are created when
the database is initialized. These tables are not updated however.
Testing: WPT and unit
Fixes: Partially #38100
---------
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
This is fixup for #37776. We forget to skip documents with
waiting_on_canvas_image_updates flag.
Testing: Existing WPT tests and manual testing
Fixes: #39021
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Move interfaces defined by the WebRTC specification to the
`script/dom/webrtc/` module from `script/dom/`.
`script/dom/rtc*.rs -> script/dom/webrtc/`
Testing: No changes, just a refactoring
Fixes (partially): #38901
Signed-off-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Co-authored-by: Andrei Volykhin <volykhin.andrei@huawei.com>
This change ports all `EmbedderMsg` reply channels that don't use the
`ROUTER` to GenericChannel.
The remaining reply channels that use the router are blocked until
#38973 is merged.
This is a breaking change in the API between libservo and embedders.
Future work: A lot of the reply channels in this PR look like they
conceptually should be oneshot ipc channels. It might make sense to
provide a `OneshotGenericChannel` abstraction that encodes this.
Testing: No functional changes - covered by existing tests. None of the
channels changed here uses the Router
Part of #38912
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Helvetica isn't quite right but it's a better default choice than a
monospaced font like Menlo (it should be some variant of Apple's San
Francisco font, but that isn't easily exposed)
Testing: Untested, but matches the font family used for `sans-serif` so
it should be safe
Signed-off-by: Darryl Pogue <darryl@dpogue.ca>
Adds epoch to each WR image op command that is sent to compositor. The
renderer now has a `FrameDelayer` data structure that is responsible for
tracking when a frame is ready to be displayed. When asking canvases to
update their rendering, they are given an optional `Epoch` which denotes
the `Document`'s canvas epoch. When all image updates for that `Epoch`
are seen in the renderer, the frame can be displayed.
Testing: Existing WPT tests
Fixes: #35733
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
In #38745, we changed the id of Frame and Window as the result of
`ToString` trait. This PR
- adapts the parsing of frame/window accordingly.
- for frame, return the
[WindowProxy](https://developer.mozilla.org/en-US/docs/Web/API/WindowProxy)
object of the iframe as it's supposed to do.
Testing: `execute_{async_}script/arguments.py`
---------
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Add type around CG class for code generatio Web IDL in codegen.py
Testing: *Describe how this pull request is tested or why it doesn't
require tests*
Fixes: *Link to an issue this pull requests fixes or remove this line if
there is no issue*
---------
Signed-off-by: Jerens Lensun <jerensslensun@gmail.com>
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This change was previously part of
fb1c0a4c48, which got reverted due to an
issue
with the compositor channel.
Split this change out into a separate PR, as it probably should have
been in the first place. Presumably it was one change before, since
serialization of crossbeam generic channels in single-process mode was
not implemented yet at the time.
Testing: Covered by existing tests. No custom callbacks involved.
Part of #38912
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Port the reply / back channels of StorageThreadMsg to GenericChannel.
Testing: No functional changes
Part of #38912
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Move interfaces defined by the WebGL spec to the `script/dom/webgl/
`module from `script/dom/`.
`script/dom/webgl*.rs` -> `script/dom/webgl/`
`script/dom/webgl_extensions` -> `script/dom/webgl/extensions`
`script/dom/webgl_validations` -> `script/dom/webgl/validations`
Testing: No changes, just a refactoring
Fixes (partially): #38901
Signed-off-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Co-authored-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Replaced usage of `typed_insert` since it ended converting `UTF-8` to
lowercase.
Removed one of the test cases since it wasn't following spec since
[xhr/205](https://github.com/whatwg/xhr/pull/205).
Testing: Changes covered by wpt
Fixes: #20436
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Instead of doing font selection and text shaping in `canvas`, move this
to `script`. This allows canvas to use the shared `Document`
`FontContext`, which has access to web fonts. In addition, ensure that
there is a font style accessible for `OffscreenCanvas` in workers.
Testing: This causes a number of WPT tests to start to pass as web fonts
are
supported on canvas again. In addition, some start to fail as they
expose other
issues:
- The lack of support for the `Context2D.fontStretch` property
- Issues with zerosize gradient interpolation.
- Differences between quoted and unquoted font family names. This seems
like
a timing issue with the way we are handling web fonts. The test seems to
be
expecting Local fonts to be available immediately (without waiting for
them
to load). This isn't how Servo works ATM. Seems like an issue with the
test.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Sets the indexeddb request error when the backend errors out. This also
matches statements to the spec.
Testing: Covered by WPT
Fixes: General indexeddb
---------
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Bumps [sea-query](https://github.com/SeaQL/sea-query) from 1.0.0-rc.11
to 1.0.0-rc.12.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/SeaQL/sea-query/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the servo-media-related group with 12 updates:
| Package | From | To |
| --- | --- | --- |
| [servo-media](https://github.com/servo/media) | ``a57b0e6`` |
``de1ebef`` |
| [servo-media-dummy](https://github.com/servo/media) | ``a57b0e6`` |
``de1ebef`` |
| [servo-media-gstreamer](https://github.com/servo/media) | ``a57b0e6``
| ``de1ebef`` |
| servo-media-audio | ``a57b0e6`` | ``de1ebef`` |
| servo-media-derive | ``a57b0e6`` | ``de1ebef`` |
| servo-media-gstreamer-render | ``a57b0e6`` | ``de1ebef`` |
| servo-media-gstreamer-render-android | ``a57b0e6`` | ``de1ebef`` |
| servo-media-gstreamer-render-unix | ``a57b0e6`` | ``de1ebef`` |
| servo-media-player | ``a57b0e6`` | ``de1ebef`` |
| servo-media-streams | ``a57b0e6`` | ``de1ebef`` |
| servo-media-traits | ``a57b0e6`` | ``de1ebef`` |
| servo-media-webrtc | ``a57b0e6`` | ``de1ebef`` |
Updates `servo-media` from `a57b0e6` to `de1ebef`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de1ebef583"><code>de1ebef</code></a>
Add clean-shutdown of backend (<a
href="https://redirect.github.com/servo/media/issues/448">#448</a>)</li>
<li>See full diff in <a
href="a57b0e67b3...de1ebef583">compare
view</a></li>
</ul>
</details>
<br />
Updates `servo-media-dummy` from `a57b0e6` to `de1ebef`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de1ebef583"><code>de1ebef</code></a>
Add clean-shutdown of backend (<a
href="https://redirect.github.com/servo/media/issues/448">#448</a>)</li>
<li>See full diff in <a
href="a57b0e67b3...de1ebef583">compare
view</a></li>
</ul>
</details>
<br />
Updates `servo-media-gstreamer` from `a57b0e6` to `de1ebef`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de1ebef583"><code>de1ebef</code></a>
Add clean-shutdown of backend (<a
href="https://redirect.github.com/servo/media/issues/448">#448</a>)</li>
<li>See full diff in <a
href="a57b0e67b3...de1ebef583">compare
view</a></li>
</ul>
</details>
<br />
Updates `servo-media-audio` from `a57b0e6` to `de1ebef`
Updates `servo-media-derive` from `a57b0e6` to `de1ebef`
Updates `servo-media-gstreamer-render` from `a57b0e6` to `de1ebef`
Updates `servo-media-gstreamer-render-android` from `a57b0e6` to
`de1ebef`
Updates `servo-media-gstreamer-render-unix` from `a57b0e6` to `de1ebef`
Updates `servo-media-player` from `a57b0e6` to `de1ebef`
Updates `servo-media-streams` from `a57b0e6` to `de1ebef`
Updates `servo-media-traits` from `a57b0e6` to `de1ebef`
Updates `servo-media-webrtc` from `a57b0e6` to `de1ebef`
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Add `ShadowRoot` to `JSValue` to avoid
`WebDriverJSError::UnknownType`, and
`JavaScriptEvaluationError::SerializationError` when execute JS from
embedder.
- Add unit test.
- Move [is_detached](https://w3c.github.io/webdriver/#dfn-is-detached)
to `fn is_detached` to be reused.
- Other random simplification.
Testing: WebDriver conformance tests.
---------
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Bumps [async-executor](https://github.com/smol-rs/async-executor) from
1.13.2 to 1.13.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/smol-rs/async-executor/releases">async-executor's
releases</a>.</em></p>
<blockquote>
<h2>v1.13.3</h2>
<ul>
<li>Avoid places where the code had a possibility to block or panic. (<a
href="https://redirect.github.com/smol-rs/async-executor/issues/147">#147</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/smol-rs/async-executor/blob/master/CHANGELOG.md">async-executor's
changelog</a>.</em></p>
<blockquote>
<h1>Version 1.13.3</h1>
<ul>
<li>Avoid places where the code had a possibility to block or panic. (<a
href="https://redirect.github.com/smol-rs/async-executor/issues/147">#147</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1e8d245f64"><code>1e8d245</code></a>
v1.13.3</li>
<li><a
href="08c3fc4d5d"><code>08c3fc4</code></a>
Don't explicitly panic or block when avoidable (<a
href="https://redirect.github.com/smol-rs/async-executor/issues/147">#147</a>)</li>
<li><a
href="58411d6876"><code>58411d6</code></a>
Update criterion requirement from 0.6 to 0.7</li>
<li><a
href="95ec34dd70"><code>95ec34d</code></a>
Update criterion requirement from 0.5 to 0.6 (<a
href="https://redirect.github.com/smol-rs/async-executor/issues/142">#142</a>)</li>
<li><a
href="b3269e1363"><code>b3269e1</code></a>
Ignore clippy::unused_unit lint</li>
<li><a
href="87a287a73a"><code>87a287a</code></a>
Fix clippy::uninlined_format_args warning</li>
<li>See full diff in <a
href="https://github.com/smol-rs/async-executor/compare/v1.13.2...v1.13.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fixes a check for empty options in `getAll(options)` and makes url
comparison with exclude fragments set to true.
Testing: New passing WPT tests
Part of #37674
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
We pass in the new trait implementation to process the value,
which the CSP crate calls in its implementation. Additionally,
since the request url can change, we need to propagate that
to load_data as well.
This also avoids a crash when a discarded browsing context is
accessed while navigating the iframes in the WPT tests. This
is a known issue, but hampers investigation into actual
Trusted Types support.
All tests using iframes don't work, as they don't have the
correct browsing context. The other tests do work, but some
fail on header ascii parsing (#36801) or error while handling
errors. That last one I don't understand based on the current
code and I would need to do a deep-dive in the existing code
to understand better what's going on.
Part of #36258
Part of #37920
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Bumps [image-webp](https://github.com/image-rs/image-webp) from 0.2.3 to
0.2.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/image-rs/image-webp/blob/main/CHANGES.md">image-webp's
changelog</a>.</em></p>
<blockquote>
<h3>Version 0.2.4</h3>
<p>Changes:</p>
<ul>
<li>Changed default upscaling to bilinear interpolation to match libwebp
(<a
href="https://redirect.github.com/image-rs/image-webp/issues/147">#147</a>)</li>
</ul>
<p>Bug fixes:</p>
<ul>
<li>Fixed all remaining divergences against libwebp in loop filtering
(<a
href="https://redirect.github.com/image-rs/image-webp/issues/148">#148</a>,
<a
href="https://redirect.github.com/image-rs/image-webp/issues/149">#149</a>)</li>
</ul>
<p>Optimizations:</p>
<ul>
<li>Optimized predictors in lossless_transform (<a
href="https://redirect.github.com/image-rs/image-webp/issues/152">#152</a>)</li>
<li>Improved performance of horizontal loop filtering (<a
href="https://redirect.github.com/image-rs/image-webp/issues/151">#151</a>,
<a
href="https://redirect.github.com/image-rs/image-webp/issues/156">#156</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/image-rs/image-webp/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Moves interfaces defined by the gamepad spec to the
`script/dom/gamepad/` module from `script/dom/`.
Testing: Just a refactor shouldn't need any testing
Fixes: N/A
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Bumps [camino](https://github.com/camino-rs/camino) from 1.1.11 to
1.1.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/camino-rs/camino/releases">camino's
releases</a>.</em></p>
<blockquote>
<h2>camino 1.1.12</h2>
<h3>Added</h3>
<ul>
<li><code>Utf8PathBuf::from_os_string</code> and
<code>Utf8Path::from_os_str</code> conversions.</li>
<li><code>TryFrom<OsString> for Utf8PathBuf</code> and
<code>TryFrom<&OsStr> for &Utf8Path</code>
conversions.</li>
</ul>
<p>Thanks to <a
href="https://github.com/BenjaminBrienen">BenjaminBrienen</a> for your
first contribution!</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/camino-rs/camino/blob/main/CHANGELOG.md">camino's
changelog</a>.</em></p>
<blockquote>
<h2>[1.1.12] - 2025-08-26</h2>
<h3>Added</h3>
<ul>
<li><code>Utf8PathBuf::from_os_string</code> and
<code>Utf8Path::from_os_str</code> conversions.</li>
<li><code>TryFrom<OsString> for Utf8PathBuf</code> and
<code>TryFrom<&OsStr> for &Utf8Path</code>
conversions.</li>
</ul>
<p>Thanks to <a
href="https://github.com/BenjaminBrienen">BenjaminBrienen</a> for your
first contribution!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e5edcb948d"><code>e5edcb9</code></a>
[camino] version 1.1.12</li>
<li><a
href="9c1eff07ef"><code>9c1eff0</code></a>
prepare release</li>
<li><a
href="bb1c1c9736"><code>bb1c1c9</code></a>
feature: Add support for converting from OsStr and OsString (<a
href="https://redirect.github.com/camino-rs/camino/issues/107">#107</a>)</li>
<li><a
href="281007b471"><code>281007b</code></a>
chore: Documentation fixes</li>
<li>See full diff in <a
href="https://github.com/camino-rs/camino/compare/camino-1.1.11...camino-1.1.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Currently the embedding API only provides the embedder with the URL for
a favicon. This is not great, for multiple reasons:
* Loading the icon should happen according to the fetch spec which is
not easy for the embedder to recreate (consider CSP, timing information
etc)
* Rasterizing a svg favicon is not trivial
With this change, servo fetches and rasterizes the icon to a bitmap
which is then passed to the embedder.
Testing: I'm not sure how I can write tests for the embedding api. I've
tested the correctness manually using
https://github.com/servo/servo/pull/36680.
Prepares for https://github.com/servo/servo/pull/36680
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Forward any deserialization errors to the receiver, instead of panicking
on the router thread. This change was previously part of #38782, which
got reverted, since generic channels don't support custom router
callbacks yet. Propagating the error is still something we want, and
landing this separately will reduce the diff of the PR that introduces
generic callbacks.
Testing: Should be covered by existing tests. Also manually tested
https://github.com/servo/servo/issues/38939
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Signed-off-by: Jonathan Schwender <55576758+jschwe@users.noreply.github.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
In the sources list tests, we assert that the sources for each target
are given to us in the same order as we specified in the test case, but
this is only true for classic <script> and <script src>. ES module
scripts and async/defer scripts are loaded asynchronously, so we can’t
rely on the order being the same every time.
this patch changes the test assertions to use a frozen multiset for each
target’s sources, rather than a frozen list (tuple), so the sources can
appear in any order but must still appear the expected number of times.
we also change the test assertions to use a multiset
([Counter](https://docs.python.org/3/library/collections.html#counter-objects))
of frozen multisets, rather than a set of multisets, so now two targets
can have the same set of sources without breaking tests.
Testing: this patch improves existing tests, but does not change
coverage
Fixes: part of #38658
---------
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
Co-authored-by: delan azabani <dazabani@igalia.com>
In general, `raqote` is essentially umaintained and has issues with
quality (for instance text rendering has lots of issues) and removing it
finally lets us remove our dependency on `font-kit`. Although,
`vello_cpu` performance is not yet equal to raqote, rendering quality is
a lot better. It's expected that `vello` and `vello_cpu` performance
will keep improving.
Testing: This is covered by existing WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Sanitization of object store names brought some problems because of
replacing special characters and making it impossible to have certain
object store names that are allowed by the spec. These changes make sure
deterministic UUIDs are used for file paths plus object store names are
inserted into SQLite without sanitization.
Testing: Covered by existing tests and new unit tests were added.
Fixes: #37569
---------
Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>
This is preparation for #38740, which wants to use DOMExceptions without
immediately throwing them and aborting execution.
Testing: Existing WPT coverage will suffice for this refactor.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
The `CrossProcessCompositorApi` already provides methods for most
messages.
Remove the `sender()` method, and hide the IpcSender as an
implementation detail. This is a preparation for abstracting over the
internal IpcSender.
Testing: No functional changes
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Ports the channel returning the result of `GenerateFontKeys` to generic
channel
Testing: No functional changes - Covered by existing tests
Part of https://github.com/servo/servo/issues/38912
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
In #38933 we removed `start_web_server` but
`test_source_breakable_lines_and_positions_with_functions` was not
updated because it was added later. In this patch we remove
`start_web_server` in that test as well.
Testing: fixes an existing test
Fixes: Part of #36325
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
Co-authored-by: delan azabani <dazabani@igalia.com>
We really want to remove font-kit from dep tree, so this is the first
step into removing raqote from servo. While vello_cpu is not perfect
replacement, I am confident that we will resolve all issues eventually:
https://github.com/servo/servo/issues/38345 (most important ones already
have PRs).
Reviewable per commit.
Testing: Existing WPT tests.
Try run: https://github.com/sagudev/servo/actions/runs/17138369290
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Bumps [zbus_macros](https://github.com/dbus2/zbus) from 5.9.0 to 5.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dbus2/zbus/releases">zbus_macros's
releases</a>.</em></p>
<blockquote>
<h2>🔖 zbus_macros 3.14.0.</h2>
<p>✨ Allow unicast signals through the <code>dbus_interface</code>.
Fixes <a
href="https://redirect.github.com/dbus2/zbus/issues/374">#374</a>.
⬆️ Bump our MSRV. More and more dependencies are requiring Rust 1.64.0,
so let's bump our MSRV
to match.
🔥 Drop manual <code>Default</code> impl of
<code>PropertyEmitsChangedSignal</code>. After Rust 1.64, we can use the
derive for this.
⏪️ Revert locking of <code>winnow</code> version. We've bumped our MSRV
so there is no need for this
workaround anymore.
🎨 Code comments should also adhere to 100 character limit.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0e33c8e4d1"><code>0e33c8e</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1476">#1476</a> from
zeenix/releases</li>
<li><a
href="f1aa56ac7e"><code>f1aa56a</code></a>
🔖 zb: Release 5.10.0</li>
<li><a
href="b6f6d81d7e"><code>b6f6d81</code></a>
🔖 zv: Release 5.7.0</li>
<li><a
href="70edef0415"><code>70edef0</code></a>
🔖 zu: Release 3.2.1</li>
<li><a
href="62122f5561"><code>62122f5</code></a>
⬆️ micro: Update quick-xml to v0.38.3 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1475">#1475</a>)</li>
<li><a
href="568375fe5d"><code>568375f</code></a>
⬆️ micro: Update url to v2.5.7 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1474">#1474</a>)</li>
<li><a
href="6550f22a90"><code>6550f22</code></a>
Merge pull request <a
href="https://redirect.github.com/dbus2/zbus/issues/1472">#1472</a> from
swick/wip/fix-creds-group-lookup</li>
<li><a
href="c5cd9ccfbb"><code>c5cd9cc</code></a>
🐛 zb: Fall back to no groups rather than erroring out for peer
creds</li>
<li><a
href="a24251f7ba"><code>a24251f</code></a>
⬆️ micro: Update winnow to v0.7.13 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1473">#1473</a>)</li>
<li><a
href="54ec4ba569"><code>54ec4ba</code></a>
⬆️ micro: Update url to v2.5.6 (<a
href="https://redirect.github.com/dbus2/zbus/issues/1471">#1471</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/dbus2/zbus/compare/zbus-5.9.0...zbus-5.10.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The merge queue today was greatly affected by many dependabot PRs in the
European morning, which caused a long merge queue for the rest of the
day.
Let's attempt to schedule dependabot updates during less busy times, and
also reduce the limit of open PRs.
[Dependabot
documentation](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#schedule-)
Testing: No testing.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
