This output doesn't matter to most developers and testers, and it breaks
`./mach test-speedometer`. Let's hide it by default and add a flag to
opt in.
Testing: No testing for debug output.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This doesn't appear to make a big difference in speedometer results, but
this removes some code from the hot path of creating DomRoot values.
Before: `Score: 30.381097406624708 ± 2.0393225244958018`
After: `Score: 30.344639420871395 ± 1.9359337921154696`
Testing: Existing WPT coverage
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Update x11rb and dedupe windows-targets 0.48.
Testing: No tests for dependency updates.
Signed-off-by: Alex Touchet <26315797+atouchet@users.noreply.github.com>
One commonly encountered mechanism in servo is using ipc channels
together with the router, to register a custom callback to run in the
current process, when receiving a reply.
The new `GenericCallback` abstracts over this, and allows executing an
arbitrary callback in the process of the `GenericCallback` creator. In
multiprocess mode, this internally uses ipc channels and follows the
existing pattern.
In single process mode, we execute the callback directly, which avoids
one call to the router.
Executing the callback still incurs synchronization, since we need to
support cloning the abstraction, and the callback closure may be
`FnMut`. Future work could provide more optimized abstractions for
callbacks that don't have these requirements.
This PR allows applying #38782 again, which was previously reverted in
#38940 due to the lack of custom callback support.
See also the module documentation in `generic_channel/callback.rs`.
Testing: This PR adds unit tests. Also passes the manual testcase from
#38939
Part of #38912
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Signed-off-by: Jonathan Schwender <55576758+jschwe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
These changes add a custom servo:preferences URL that allows modifying
selected preferences at runtime. The goal of this work is to make it
easy to test pages while toggling experimental web platform features,
and support quickly changing the User-Agent header.
Testing: Manually verified that spacex.com loads correctly after
changing the user agent, and that https://polygon.io/ displays grid
elements correctly and no console errors with the experimental prefs
enabled.
Fixes: #35862
<img width="1136" height="880" alt="Screenshot 2025-07-18 at 1 06 23 AM"
src="https://github.com/user-attachments/assets/2d27c321-6ca0-43c3-a347-7bc4b55272df"
/>
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
We store a pointer to the ScriptThread singleton for a thread in
thread-local storage. While we don't have yet have profiles pointing to
this TLS access as a hot spot, we can remove a potential performance
footgun without a lot of effort by passing around small pieces of data
that we otherwise need to fetch from the ScriptThread.
Testing: Existing WPT is sufficient
Fixes: part of #37969
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Fixes an issue where clicking to close a dialog didn't redraw the screen
until a key was pressed or the mouse was moved.
Testing: Manual testing.
Fixes: #38968
---------
Signed-off-by: lumiscosity <averyrudelphe@gmail.com>
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from
0.3.19 to 0.3.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tokio-rs/tracing/releases">tracing-subscriber's
releases</a>.</em></p>
<blockquote>
<h2>tracing-subscriber 0.3.20</h2>
<p><strong>Security Fix</strong>: ANSI Escape Sequence Injection
(CVE-TBD)</p>
<h2>Impact</h2>
<p>Previous versions of tracing-subscriber were vulnerable to ANSI
escape sequence injection attacks. Untrusted user input containing ANSI
escape sequences could be injected into terminal output when logged,
potentially allowing attackers to:</p>
<ul>
<li>Manipulate terminal title bars</li>
<li>Clear screens or modify terminal display</li>
<li>Potentially mislead users through terminal manipulation</li>
</ul>
<p>In isolation, impact is minimal, however security issues have been
found in terminal emulators that enabled an attacker to use ANSI escape
sequences via logs to exploit vulnerabilities in the terminal
emulator.</p>
<h2>Solution</h2>
<p>Version 0.3.20 fixes this vulnerability by escaping ANSI control
characters in when writing events to destinations that may be printed to
the terminal.</p>
<h2>Affected Versions</h2>
<p>All versions of tracing-subscriber prior to 0.3.20 are affected by
this vulnerability.</p>
<h2>Recommendations</h2>
<p>Immediate Action Required: We recommend upgrading to
tracing-subscriber 0.3.20 immediately, especially if your
application:</p>
<ul>
<li>Logs user-provided input (form data, HTTP headers, query parameters,
etc.)</li>
<li>Runs in environments where terminal output is displayed to
users</li>
</ul>
<h2>Migration</h2>
<p>This is a patch release with no breaking API changes. Simply update
your Cargo.toml:</p>
<pre lang="toml"><code>[dependencies]
tracing-subscriber = "0.3.20"
</code></pre>
<h2>Acknowledgments</h2>
<p>We would like to thank <a href="http://github.com/zefr0x">zefr0x</a>
who responsibly reported the issue at
<code>security@tokio.rs</code>.</p>
<p>If you believe you have found a security vulnerability in any
tokio-rs project, please email us at <code>security@tokio.rs</code>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4c52ca5266"><code>4c52ca5</code></a>
fmt: fix ANSI escape sequence injection vulnerability (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3368">#3368</a>)</li>
<li><a
href="f71cebe41e"><code>f71cebe</code></a>
subscriber: impl Clone for EnvFilter (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3360">#3360</a>)</li>
<li><a
href="3a1f571102"><code>3a1f571</code></a>
Fix CI (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3361">#3361</a>)</li>
<li><a
href="e63ef57f3d"><code>e63ef57</code></a>
chore: prepare tracing-attributes 0.1.30 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3316">#3316</a>)</li>
<li><a
href="6e59a13b1a"><code>6e59a13</code></a>
attributes: fix tracing::instrument regression around shadowing (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3311">#3311</a>)</li>
<li><a
href="e4df761275"><code>e4df761</code></a>
tracing: update core to 0.1.34 and attributes to 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3305">#3305</a>)</li>
<li><a
href="643f392ebb"><code>643f392</code></a>
chore: prepare tracing-attributes 0.1.29 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3304">#3304</a>)</li>
<li><a
href="d08e7a6eea"><code>d08e7a6</code></a>
chore: prepare tracing-core 0.1.34 (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3302">#3302</a>)</li>
<li><a
href="6e70c571d3"><code>6e70c57</code></a>
tracing-subscriber: count numbers of enters in <code>Timings</code> (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/2944">#2944</a>)</li>
<li><a
href="c01d4fd9de"><code>c01d4fd</code></a>
fix docs and enable CI on <code>main</code> branch (<a
href="https://redirect.github.com/tokio-rs/tracing/issues/3295">#3295</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.19...tracing-subscriber-0.3.20">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/servo/servo/network/alerts).
</details>
---------
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Euclid Ye <euclid.ye@huawei.com>
According to the WebGPU specification there are the dedicated task
source
which is used to queue a global task for a GPUDevice on content
timeline.
https://gpuweb.github.io/gpuweb/#-webgpu-task-source
Tasks on content timeline:
- to fire "uncaptureevent" event
- to resolve GPUDevice.lost promise
Also fixed the "isTrusted" attribute status (false -> true) of the
"uncaptureevent" event by using non JS version of event dispatching.
Testing: No changes in WebGPU CTS expectations
- webgpu:api,operation,uncapturederror:*
- webgpu:api,operation,device,lost:*
- webgpu:api,validation,state,device_lost,destroy:*
Signed-off-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Co-authored-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Creates schemas to hold index information. These tables are created when
the database is initialized. These tables are not updated however.
Testing: WPT and unit
Fixes: Partially #38100
---------
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
This is fixup for #37776. We forget to skip documents with
waiting_on_canvas_image_updates flag.
Testing: Existing WPT tests and manual testing
Fixes: #39021
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Move interfaces defined by the WebRTC specification to the
`script/dom/webrtc/` module from `script/dom/`.
`script/dom/rtc*.rs -> script/dom/webrtc/`
Testing: No changes, just a refactoring
Fixes (partially): #38901
Signed-off-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Co-authored-by: Andrei Volykhin <volykhin.andrei@huawei.com>
This change ports all `EmbedderMsg` reply channels that don't use the
`ROUTER` to GenericChannel.
The remaining reply channels that use the router are blocked until
#38973 is merged.
This is a breaking change in the API between libservo and embedders.
Future work: A lot of the reply channels in this PR look like they
conceptually should be oneshot ipc channels. It might make sense to
provide a `OneshotGenericChannel` abstraction that encodes this.
Testing: No functional changes - covered by existing tests. None of the
channels changed here uses the Router
Part of #38912
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Helvetica isn't quite right but it's a better default choice than a
monospaced font like Menlo (it should be some variant of Apple's San
Francisco font, but that isn't easily exposed)
Testing: Untested, but matches the font family used for `sans-serif` so
it should be safe
Signed-off-by: Darryl Pogue <darryl@dpogue.ca>
Adds epoch to each WR image op command that is sent to compositor. The
renderer now has a `FrameDelayer` data structure that is responsible for
tracking when a frame is ready to be displayed. When asking canvases to
update their rendering, they are given an optional `Epoch` which denotes
the `Document`'s canvas epoch. When all image updates for that `Epoch`
are seen in the renderer, the frame can be displayed.
Testing: Existing WPT tests
Fixes: #35733
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
In #38745, we changed the id of Frame and Window as the result of
`ToString` trait. This PR
- adapts the parsing of frame/window accordingly.
- for frame, return the
[WindowProxy](https://developer.mozilla.org/en-US/docs/Web/API/WindowProxy)
object of the iframe as it's supposed to do.
Testing: `execute_{async_}script/arguments.py`
---------
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Add type around CG class for code generatio Web IDL in codegen.py
Testing: *Describe how this pull request is tested or why it doesn't
require tests*
Fixes: *Link to an issue this pull requests fixes or remove this line if
there is no issue*
---------
Signed-off-by: Jerens Lensun <jerensslensun@gmail.com>
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This change was previously part of
fb1c0a4c48, which got reverted due to an
issue
with the compositor channel.
Split this change out into a separate PR, as it probably should have
been in the first place. Presumably it was one change before, since
serialization of crossbeam generic channels in single-process mode was
not implemented yet at the time.
Testing: Covered by existing tests. No custom callbacks involved.
Part of #38912
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Port the reply / back channels of StorageThreadMsg to GenericChannel.
Testing: No functional changes
Part of #38912
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Move interfaces defined by the WebGL spec to the `script/dom/webgl/
`module from `script/dom/`.
`script/dom/webgl*.rs` -> `script/dom/webgl/`
`script/dom/webgl_extensions` -> `script/dom/webgl/extensions`
`script/dom/webgl_validations` -> `script/dom/webgl/validations`
Testing: No changes, just a refactoring
Fixes (partially): #38901
Signed-off-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Co-authored-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Replaced usage of `typed_insert` since it ended converting `UTF-8` to
lowercase.
Removed one of the test cases since it wasn't following spec since
[xhr/205](https://github.com/whatwg/xhr/pull/205).
Testing: Changes covered by wpt
Fixes: #20436
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Instead of doing font selection and text shaping in `canvas`, move this
to `script`. This allows canvas to use the shared `Document`
`FontContext`, which has access to web fonts. In addition, ensure that
there is a font style accessible for `OffscreenCanvas` in workers.
Testing: This causes a number of WPT tests to start to pass as web fonts
are
supported on canvas again. In addition, some start to fail as they
expose other
issues:
- The lack of support for the `Context2D.fontStretch` property
- Issues with zerosize gradient interpolation.
- Differences between quoted and unquoted font family names. This seems
like
a timing issue with the way we are handling web fonts. The test seems to
be
expecting Local fonts to be available immediately (without waiting for
them
to load). This isn't how Servo works ATM. Seems like an issue with the
test.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Sets the indexeddb request error when the backend errors out. This also
matches statements to the spec.
Testing: Covered by WPT
Fixes: General indexeddb
---------
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Bumps [sea-query](https://github.com/SeaQL/sea-query) from 1.0.0-rc.11
to 1.0.0-rc.12.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/SeaQL/sea-query/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the servo-media-related group with 12 updates:
| Package | From | To |
| --- | --- | --- |
| [servo-media](https://github.com/servo/media) | ``a57b0e6`` |
``de1ebef`` |
| [servo-media-dummy](https://github.com/servo/media) | ``a57b0e6`` |
``de1ebef`` |
| [servo-media-gstreamer](https://github.com/servo/media) | ``a57b0e6``
| ``de1ebef`` |
| servo-media-audio | ``a57b0e6`` | ``de1ebef`` |
| servo-media-derive | ``a57b0e6`` | ``de1ebef`` |
| servo-media-gstreamer-render | ``a57b0e6`` | ``de1ebef`` |
| servo-media-gstreamer-render-android | ``a57b0e6`` | ``de1ebef`` |
| servo-media-gstreamer-render-unix | ``a57b0e6`` | ``de1ebef`` |
| servo-media-player | ``a57b0e6`` | ``de1ebef`` |
| servo-media-streams | ``a57b0e6`` | ``de1ebef`` |
| servo-media-traits | ``a57b0e6`` | ``de1ebef`` |
| servo-media-webrtc | ``a57b0e6`` | ``de1ebef`` |
Updates `servo-media` from `a57b0e6` to `de1ebef`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de1ebef583"><code>de1ebef</code></a>
Add clean-shutdown of backend (<a
href="https://redirect.github.com/servo/media/issues/448">#448</a>)</li>
<li>See full diff in <a
href="a57b0e67b3...de1ebef583">compare
view</a></li>
</ul>
</details>
<br />
Updates `servo-media-dummy` from `a57b0e6` to `de1ebef`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de1ebef583"><code>de1ebef</code></a>
Add clean-shutdown of backend (<a
href="https://redirect.github.com/servo/media/issues/448">#448</a>)</li>
<li>See full diff in <a
href="a57b0e67b3...de1ebef583">compare
view</a></li>
</ul>
</details>
<br />
Updates `servo-media-gstreamer` from `a57b0e6` to `de1ebef`
<details>
<summary>Commits</summary>
<ul>
<li><a
href="de1ebef583"><code>de1ebef</code></a>
Add clean-shutdown of backend (<a
href="https://redirect.github.com/servo/media/issues/448">#448</a>)</li>
<li>See full diff in <a
href="a57b0e67b3...de1ebef583">compare
view</a></li>
</ul>
</details>
<br />
Updates `servo-media-audio` from `a57b0e6` to `de1ebef`
Updates `servo-media-derive` from `a57b0e6` to `de1ebef`
Updates `servo-media-gstreamer-render` from `a57b0e6` to `de1ebef`
Updates `servo-media-gstreamer-render-android` from `a57b0e6` to
`de1ebef`
Updates `servo-media-gstreamer-render-unix` from `a57b0e6` to `de1ebef`
Updates `servo-media-player` from `a57b0e6` to `de1ebef`
Updates `servo-media-streams` from `a57b0e6` to `de1ebef`
Updates `servo-media-traits` from `a57b0e6` to `de1ebef`
Updates `servo-media-webrtc` from `a57b0e6` to `de1ebef`
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Add `ShadowRoot` to `JSValue` to avoid
`WebDriverJSError::UnknownType`, and
`JavaScriptEvaluationError::SerializationError` when execute JS from
embedder.
- Add unit test.
- Move [is_detached](https://w3c.github.io/webdriver/#dfn-is-detached)
to `fn is_detached` to be reused.
- Other random simplification.
Testing: WebDriver conformance tests.
---------
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
Bumps [async-executor](https://github.com/smol-rs/async-executor) from
1.13.2 to 1.13.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/smol-rs/async-executor/releases">async-executor's
releases</a>.</em></p>
<blockquote>
<h2>v1.13.3</h2>
<ul>
<li>Avoid places where the code had a possibility to block or panic. (<a
href="https://redirect.github.com/smol-rs/async-executor/issues/147">#147</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/smol-rs/async-executor/blob/master/CHANGELOG.md">async-executor's
changelog</a>.</em></p>
<blockquote>
<h1>Version 1.13.3</h1>
<ul>
<li>Avoid places where the code had a possibility to block or panic. (<a
href="https://redirect.github.com/smol-rs/async-executor/issues/147">#147</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1e8d245f64"><code>1e8d245</code></a>
v1.13.3</li>
<li><a
href="08c3fc4d5d"><code>08c3fc4</code></a>
Don't explicitly panic or block when avoidable (<a
href="https://redirect.github.com/smol-rs/async-executor/issues/147">#147</a>)</li>
<li><a
href="58411d6876"><code>58411d6</code></a>
Update criterion requirement from 0.6 to 0.7</li>
<li><a
href="95ec34dd70"><code>95ec34d</code></a>
Update criterion requirement from 0.5 to 0.6 (<a
href="https://redirect.github.com/smol-rs/async-executor/issues/142">#142</a>)</li>
<li><a
href="b3269e1363"><code>b3269e1</code></a>
Ignore clippy::unused_unit lint</li>
<li><a
href="87a287a73a"><code>87a287a</code></a>
Fix clippy::uninlined_format_args warning</li>
<li>See full diff in <a
href="https://github.com/smol-rs/async-executor/compare/v1.13.2...v1.13.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fixes a check for empty options in `getAll(options)` and makes url
comparison with exclude fragments set to true.
Testing: New passing WPT tests
Part of #37674
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
We pass in the new trait implementation to process the value,
which the CSP crate calls in its implementation. Additionally,
since the request url can change, we need to propagate that
to load_data as well.
This also avoids a crash when a discarded browsing context is
accessed while navigating the iframes in the WPT tests. This
is a known issue, but hampers investigation into actual
Trusted Types support.
All tests using iframes don't work, as they don't have the
correct browsing context. The other tests do work, but some
fail on header ascii parsing (#36801) or error while handling
errors. That last one I don't understand based on the current
code and I would need to do a deep-dive in the existing code
to understand better what's going on.
Part of #36258
Part of #37920
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Bumps [image-webp](https://github.com/image-rs/image-webp) from 0.2.3 to
0.2.4.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/image-rs/image-webp/blob/main/CHANGES.md">image-webp's
changelog</a>.</em></p>
<blockquote>
<h3>Version 0.2.4</h3>
<p>Changes:</p>
<ul>
<li>Changed default upscaling to bilinear interpolation to match libwebp
(<a
href="https://redirect.github.com/image-rs/image-webp/issues/147">#147</a>)</li>
</ul>
<p>Bug fixes:</p>
<ul>
<li>Fixed all remaining divergences against libwebp in loop filtering
(<a
href="https://redirect.github.com/image-rs/image-webp/issues/148">#148</a>,
<a
href="https://redirect.github.com/image-rs/image-webp/issues/149">#149</a>)</li>
</ul>
<p>Optimizations:</p>
<ul>
<li>Optimized predictors in lossless_transform (<a
href="https://redirect.github.com/image-rs/image-webp/issues/152">#152</a>)</li>
<li>Improved performance of horizontal loop filtering (<a
href="https://redirect.github.com/image-rs/image-webp/issues/151">#151</a>,
<a
href="https://redirect.github.com/image-rs/image-webp/issues/156">#156</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/image-rs/image-webp/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Moves interfaces defined by the gamepad spec to the
`script/dom/gamepad/` module from `script/dom/`.
Testing: Just a refactor shouldn't need any testing
Fixes: N/A
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Bumps [camino](https://github.com/camino-rs/camino) from 1.1.11 to
1.1.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/camino-rs/camino/releases">camino's
releases</a>.</em></p>
<blockquote>
<h2>camino 1.1.12</h2>
<h3>Added</h3>
<ul>
<li><code>Utf8PathBuf::from_os_string</code> and
<code>Utf8Path::from_os_str</code> conversions.</li>
<li><code>TryFrom<OsString> for Utf8PathBuf</code> and
<code>TryFrom<&OsStr> for &Utf8Path</code>
conversions.</li>
</ul>
<p>Thanks to <a
href="https://github.com/BenjaminBrienen">BenjaminBrienen</a> for your
first contribution!</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/camino-rs/camino/blob/main/CHANGELOG.md">camino's
changelog</a>.</em></p>
<blockquote>
<h2>[1.1.12] - 2025-08-26</h2>
<h3>Added</h3>
<ul>
<li><code>Utf8PathBuf::from_os_string</code> and
<code>Utf8Path::from_os_str</code> conversions.</li>
<li><code>TryFrom<OsString> for Utf8PathBuf</code> and
<code>TryFrom<&OsStr> for &Utf8Path</code>
conversions.</li>
</ul>
<p>Thanks to <a
href="https://github.com/BenjaminBrienen">BenjaminBrienen</a> for your
first contribution!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e5edcb948d"><code>e5edcb9</code></a>
[camino] version 1.1.12</li>
<li><a
href="9c1eff07ef"><code>9c1eff0</code></a>
prepare release</li>
<li><a
href="bb1c1c9736"><code>bb1c1c9</code></a>
feature: Add support for converting from OsStr and OsString (<a
href="https://redirect.github.com/camino-rs/camino/issues/107">#107</a>)</li>
<li><a
href="281007b471"><code>281007b</code></a>
chore: Documentation fixes</li>
<li>See full diff in <a
href="https://github.com/camino-rs/camino/compare/camino-1.1.11...camino-1.1.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Currently the embedding API only provides the embedder with the URL for
a favicon. This is not great, for multiple reasons:
* Loading the icon should happen according to the fetch spec which is
not easy for the embedder to recreate (consider CSP, timing information
etc)
* Rasterizing a svg favicon is not trivial
With this change, servo fetches and rasterizes the icon to a bitmap
which is then passed to the embedder.
Testing: I'm not sure how I can write tests for the embedding api. I've
tested the correctness manually using
https://github.com/servo/servo/pull/36680.
Prepares for https://github.com/servo/servo/pull/36680
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Forward any deserialization errors to the receiver, instead of panicking
on the router thread. This change was previously part of #38782, which
got reverted, since generic channels don't support custom router
callbacks yet. Propagating the error is still something we want, and
landing this separately will reduce the diff of the PR that introduces
generic callbacks.
Testing: Should be covered by existing tests. Also manually tested
https://github.com/servo/servo/issues/38939
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Signed-off-by: Jonathan Schwender <55576758+jschwe@users.noreply.github.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
In the sources list tests, we assert that the sources for each target
are given to us in the same order as we specified in the test case, but
this is only true for classic <script> and <script src>. ES module
scripts and async/defer scripts are loaded asynchronously, so we can’t
rely on the order being the same every time.
this patch changes the test assertions to use a frozen multiset for each
target’s sources, rather than a frozen list (tuple), so the sources can
appear in any order but must still appear the expected number of times.
we also change the test assertions to use a multiset
([Counter](https://docs.python.org/3/library/collections.html#counter-objects))
of frozen multisets, rather than a set of multisets, so now two targets
can have the same set of sources without breaking tests.
Testing: this patch improves existing tests, but does not change
coverage
Fixes: part of #38658
---------
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
Co-authored-by: delan azabani <dazabani@igalia.com>
In general, `raqote` is essentially umaintained and has issues with
quality (for instance text rendering has lots of issues) and removing it
finally lets us remove our dependency on `font-kit`. Although,
`vello_cpu` performance is not yet equal to raqote, rendering quality is
a lot better. It's expected that `vello` and `vello_cpu` performance
will keep improving.
Testing: This is covered by existing WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Sanitization of object store names brought some problems because of
replacing special characters and making it impossible to have certain
object store names that are allowed by the spec. These changes make sure
deterministic UUIDs are used for file paths plus object store names are
inserted into SQLite without sanitization.
Testing: Covered by existing tests and new unit tests were added.
Fixes: #37569
---------
Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>
