Adds support for more pointer events: pointerenter, pointerout,
pointerleave, pointerover
Also add global event handlers that were missing.
Testing: WPT expectations are updated.
cc @yezhizhen
Signed-off-by: webbeef <me@webbeef.org>
Bumps [ipnet](https://github.com/krisprice/ipnet) from 2.11.0 to 2.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/krisprice/ipnet/releases">ipnet's
releases</a>.</em></p>
<blockquote>
<p>Backwards compatible schemars 1.* support using version specific
features#67</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/krisprice/ipnet/blob/master/RELEASES.md">ipnet's
changelog</a>.</em></p>
<blockquote>
<h2>Version 2.12.0</h2>
<ul>
<li>Backwards compatible schemars 1.* support using version specific
features#67</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="65c04c3556"><code>65c04c3</code></a>
Update version number.</li>
<li><a
href="397bf726e7"><code>397bf72</code></a>
Merge pull request <a
href="https://redirect.github.com/krisprice/ipnet/issues/67">#67</a>
from StefanTerdell/schemars-1</li>
<li><a
href="687f2703d9"><code>687f270</code></a>
Add support for schemars 1, deprecate old features</li>
<li>See full diff in <a
href="https://github.com/krisprice/ipnet/compare/2.11.0...2.12.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [jiff](https://github.com/BurntSushi/jiff) from 0.2.21 to 0.2.22.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/BurntSushi/jiff/blob/master/CHANGELOG.md">jiff's
changelog</a>.</em></p>
<blockquote>
<h1>0.2.22 (2026-02-28)</h1>
<p>This release includes a bug fix where fallible conversions from
signed
durations to unsigned durations could panic in some cases.</p>
<p>Bug fixes:</p>
<ul>
<li><a
href="https://redirect.github.com/BurntSushi/jiff/issues/526">#526</a>:
Fix a panicking bug that occurs for
<code>std::time::Duration::try_from(SignedDuration::new(0,
-1))</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4fb63be9c2"><code>4fb63be</code></a>
0.2.22</li>
<li><a
href="47f5abf9ee"><code>47f5abf</code></a>
signed_duration: fix a panicking bug in `TryFrom<SignedDuration>
for std::tim...</li>
<li><a
href="c3d960e192"><code>c3d960e</code></a>
fuzz: update dependencies</li>
<li>See full diff in <a
href="https://github.com/BurntSushi/jiff/compare/jiff-static-0.2.21...jiff-static-0.2.22">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [winit](https://github.com/rust-windowing/winit) from 0.30.12 to
0.30.13.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/rust-windowing/winit/releases">winit's
releases</a>.</em></p>
<blockquote>
<h2>Winit version 0.30.13</h2>
<h3>Added</h3>
<ul>
<li>On Wayland, add <code>Window::set_resize_increments</code>.</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>On macOS, fixed crash when dragging non-file content onto
window.</li>
<li>On X11, fix <code>set_hittest</code> not working on some window
managers.</li>
<li>On X11, fix debug mode overflow panic in
<code>set_timestamp</code>.</li>
<li>On macOS, fix crash in <code>set_marked_text</code> when native
Pinyin IME sends out-of-bounds <code>selected_range</code>.</li>
<li>On Windows, fix <code>WM_IME_SETCONTEXT</code> IME UI flag masking
on <code>lParam</code>.</li>
<li>On Android, populate <code>KeyEvent::text</code> and
<code>KeyEvent::text_with_all_modifiers</code> via
<code>Key::to_text()</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e9809ef54b"><code>e9809ef</code></a>
Winit version 0.30.13</li>
<li><a
href="efb5b37fff"><code>efb5b37</code></a>
chore: fix ci</li>
<li><a
href="a9baf5ecda"><code>a9baf5e</code></a>
fix(android): Populate <code>KeyEvent.text</code> via
<code>Key::to_text()</code></li>
<li><a
href="6bb43fd130"><code>6bb43fd</code></a>
wayland: implement resize increments</li>
<li><a
href="17a73f4dd4"><code>17a73f4</code></a>
win32: fix ime setcontext lparam</li>
<li><a
href="bccc568345"><code>bccc568</code></a>
fix(macOS): clamp IME selected_range to prevent substringToIndex
crash</li>
<li><a
href="69b8a07ae0"><code>69b8a07</code></a>
winit-x11: fix debug mode overflow panic in
<code>set_timestamp</code></li>
<li><a
href="3eb731f8b5"><code>3eb731f</code></a>
winit-x11: replace xfixes with x11rb in set_hittest</li>
<li><a
href="7035dd554f"><code>7035dd5</code></a>
winit-win32: Fix ABI mismatch in INIT_MAIN_THREAD_ID</li>
<li><a
href="ab4c6bfc82"><code>ab4c6bf</code></a>
macOS: fix a crash when dragging non-file content onto window</li>
<li>See full diff in <a
href="https://github.com/rust-windowing/winit/compare/v0.30.12...v0.30.13">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This change adds very basic support for tab navigation, but without
support for focus scopes. Followup changes will refine the behavior of
this implementation to follow the specification around focus scopes,
shadow DOM, and slots. In particular `delegatesFocus` is not supported
here yet.
Testing: This causes quite a few WPT tests to start passing.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
This change checks whether a character belongs to the `Cf` category of
unicode characters before applying `letter-spacing`. The `fonts` crate
now depends on `icu_properties`, but that crate is already in our
dependency tree (with the same features enabled).
Testing: New tests start to pass
Fixes https://github.com/servo/servo/issues/38781
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This just adds URL to pass to ImageFragment for LargestContentfulPaint
Entry
Rebased on: #42948
Testing: No expected change in behavior, Successful Compilation is
enough to verify.
Signed-off-by: Shubham Gupta <shubham.gupta@chromium.org>
Moves the `Drop` implementation for `GPUPipelineLayout` to a dedicated
private helper struct, `DroppableGPUPipelineLayout`. This ensures that
DOM types do not directly implement `Drop`, aligning with best practices
for resource management in the DOM. The associated `Bindings.conf` entry
is removed as direct `Drop` is no longer needed for this type.
Testing: WebGpu just coverages cases with proper tests
Fixes: Partially #26488
Signed-off-by: Domenico Rizzo <domenico.rizzo@gmail.com>
In ac24cd6139 we started asking for people
to use **private** github security reports, but kept the wording from
before, which was related to accepting such reports as **public**
issues.
The wording doesn't make sense in the context of asking people for
private reports, so update the wording to reflect that.
This is not a policy change, just making the wording more clear.
Testing: Not required, policy description.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
When the async parser thread finds a `<meta charset>` tag then it asks
the main thread whether parsing should restart. The main thread wasn't
responding, so the parser got stuck.
Part of https://github.com/servo/servo/issues/37418
Testing: This change adds a test
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Encapsulating Image related data in ImageInfo in NodeExt impl.
Testing: This is just a little refactor. No change in behavior expected.
Successful compilation is enough to verify.
Signed-off-by: Shubham Gupta <shubham.gupta@chromium.org>
Bumps [dlib](https://github.com/elinorbgr/dlib) from 0.5.2 to 0.5.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/elinorbgr/dlib/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the gstreamer-related group with 3 updates:
[glib](https://github.com/gtk-rs/gtk-rs-core), gstreamer and
[glib-macros](https://github.com/gtk-rs/gtk-rs-core).
Updates `glib` from 0.22.0 to 0.22.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gtk-rs/gtk-rs-core/releases">glib's
releases</a>.</em></p>
<blockquote>
<h2>0.22.2</h2>
<pre><code>Julian Sparber:
glib: Implement From<PtrSlice<GStringPtr> for StrV
glib: Implement From<StrV> for PtrSlice<GStringPtr>
<p>Sebastian Dröge:<br />
gio: Mark <code>Socket::from_raw_socket()</code> as unsafe</p>
<p>Wladimir Palant:<br />
glib-macros: Silence “redundant closure” clippy warning in
closure!/closure_local!<br />
</code></pre></p>
<h2>0.22.1</h2>
<pre><code>Sebastian Dröge:
gio: Re-add accidentally removed UNIX APIs that are still part of gio
itself
gio: Remove non-existing UNIX functions from Gir.toml
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="484fbe01e7"><code>484fbe0</code></a>
Update Cargo.lock</li>
<li><a
href="77ce5c64ea"><code>77ce5c6</code></a>
Update versions to 0.22.2</li>
<li><a
href="a5a6b9f659"><code>a5a6b9f</code></a>
glib: Implement From<StrV> for PtrSlice<GStringPtr></li>
<li><a
href="1870acb44c"><code>1870acb</code></a>
glib: Implement From<PtrSlice<!-- raw HTML omitted --> for StrV</li>
<li><a
href="dd77db24ee"><code>dd77db2</code></a>
Fixes <a
href="https://redirect.github.com/gtk-rs/gtk-rs-core/issues/1912">#1912</a>
- Silence “redundant closure” clippy warning in
closure!/closure_...</li>
<li><a
href="a764a0fe5b"><code>a764a0f</code></a>
gio: Mark <code>Socket::from_raw_socket()</code> as unsafe</li>
<li><a
href="aa0dee233f"><code>aa0dee2</code></a>
Update versions to 0.22.1</li>
<li><a
href="a65fe5c356"><code>a65fe5c</code></a>
gio: Remove non-existing UNIX functions from Gir.toml</li>
<li><a
href="aa8a69805a"><code>aa8a698</code></a>
gio: Re-add accidentally removed UNIX APIs that are still part of gio
itself</li>
<li>See full diff in <a
href="https://github.com/gtk-rs/gtk-rs-core/compare/0.22.0...0.22.2">compare
view</a></li>
</ul>
</details>
<br />
Updates `gstreamer` from 0.25.0 to 0.25.1
Updates `glib-macros` from 0.22.0 to 0.22.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/gtk-rs/gtk-rs-core/releases">glib-macros's
releases</a>.</em></p>
<blockquote>
<h2>0.22.2</h2>
<pre><code>Julian Sparber:
glib: Implement From<PtrSlice<GStringPtr> for StrV
glib: Implement From<StrV> for PtrSlice<GStringPtr>
<p>Sebastian Dröge:<br />
gio: Mark <code>Socket::from_raw_socket()</code> as unsafe</p>
<p>Wladimir Palant:<br />
glib-macros: Silence “redundant closure” clippy warning in
closure!/closure_local!<br />
</code></pre></p>
<h2>0.22.1</h2>
<pre><code>Sebastian Dröge:
gio: Re-add accidentally removed UNIX APIs that are still part of gio
itself
gio: Remove non-existing UNIX functions from Gir.toml
</code></pre>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="484fbe01e7"><code>484fbe0</code></a>
Update Cargo.lock</li>
<li><a
href="77ce5c64ea"><code>77ce5c6</code></a>
Update versions to 0.22.2</li>
<li><a
href="a5a6b9f659"><code>a5a6b9f</code></a>
glib: Implement From<StrV> for PtrSlice<GStringPtr></li>
<li><a
href="1870acb44c"><code>1870acb</code></a>
glib: Implement From<PtrSlice<!-- raw HTML omitted --> for StrV</li>
<li><a
href="dd77db24ee"><code>dd77db2</code></a>
Fixes <a
href="https://redirect.github.com/gtk-rs/gtk-rs-core/issues/1912">#1912</a>
- Silence “redundant closure” clippy warning in
closure!/closure_...</li>
<li><a
href="a764a0fe5b"><code>a764a0f</code></a>
gio: Mark <code>Socket::from_raw_socket()</code> as unsafe</li>
<li><a
href="aa0dee233f"><code>aa0dee2</code></a>
Update versions to 0.22.1</li>
<li><a
href="a65fe5c356"><code>a65fe5c</code></a>
gio: Remove non-existing UNIX functions from Gir.toml</li>
<li><a
href="aa8a69805a"><code>aa8a698</code></a>
gio: Re-add accidentally removed UNIX APIs that are still part of gio
itself</li>
<li>See full diff in <a
href="https://github.com/gtk-rs/gtk-rs-core/compare/0.22.0...0.22.2">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [piper](https://github.com/smol-rs/piper) from 0.2.4 to 0.2.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/smol-rs/piper/releases">piper's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.5</h2>
<ul>
<li>Add functions to allow for buffered reading and writing. (<a
href="https://redirect.github.com/smol-rs/piper/issues/27">#27</a>)</li>
<li>Fix a bug where closing the <code>Writer</code> after writing can
cause the <code>Reader</code> to
lose bytes. (<a
href="https://redirect.github.com/smol-rs/piper/issues/31">#31</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/smol-rs/piper/blob/main/CHANGELOG.md">piper's
changelog</a>.</em></p>
<blockquote>
<h1>Version 0.2.5</h1>
<ul>
<li>Add functions to allow for buffered reading and writing. (<a
href="https://redirect.github.com/smol-rs/piper/issues/27">#27</a>)</li>
<li>Fix a bug where closing the <code>Writer</code> after writing can
cause the <code>Reader</code> to
lose bytes. (<a
href="https://redirect.github.com/smol-rs/piper/issues/31">#31</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="85da45edce"><code>85da45e</code></a>
v0.2.5</li>
<li><a
href="6dd31ba3b5"><code>6dd31ba</code></a>
Add a test to verify that closing the write side doesn't break the
reader side.</li>
<li><a
href="f07220867f"><code>f072208</code></a>
Switch ordering of <code>closed</code> load to use <code>Acquire</code>
instead of <code>Relaxed</code>.</li>
<li><a
href="a7614f259a"><code>a7614f2</code></a>
Fix ordering of available data check.</li>
<li><a
href="aa05148ed9"><code>aa05148</code></a>
Update criterion requirement from 0.7 to 0.8 (<a
href="https://redirect.github.com/smol-rs/piper/issues/29">#29</a>)</li>
<li><a
href="3d62a59c24"><code>3d62a59</code></a>
feat: Implement AsyncBufRead and related methods on Reader and Writer
for dir...</li>
<li><a
href="6581c84a7b"><code>6581c84</code></a>
Update criterion requirement from 0.6 to 0.7 (<a
href="https://redirect.github.com/smol-rs/piper/issues/28">#28</a>)</li>
<li><a
href="e198ca3e47"><code>e198ca3</code></a>
Update criterion requirement from 0.4 to 0.6 (<a
href="https://redirect.github.com/smol-rs/piper/issues/25">#25</a>)</li>
<li><a
href="db2dcb8366"><code>db2dcb8</code></a>
Fix crates.io description for v0.2 reduced scope (<a
href="https://redirect.github.com/smol-rs/piper/issues/26">#26</a>)</li>
<li><a
href="30dd8ecd9c"><code>30dd8ec</code></a>
Fix typo (<a
href="https://redirect.github.com/smol-rs/piper/issues/21">#21</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/smol-rs/piper/compare/v0.2.4...v0.2.5">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps libredox from 0.1.12 to 0.1.14.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [pin-project-lite](https://github.com/taiki-e/pin-project-lite)
from 0.2.16 to 0.2.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/pin-project-lite/releases">pin-project-lite's
releases</a>.</em></p>
<blockquote>
<h2>0.2.17</h2>
<ul>
<li>Enable <a
href="https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases">release
immutability</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/taiki-e/pin-project-lite/blob/main/CHANGELOG.md">pin-project-lite's
changelog</a>.</em></p>
<blockquote>
<h2>[0.2.17] - 2026-02-27</h2>
<ul>
<li>Enable <a
href="https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/immutable-releases">release
immutability</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3bdf763446"><code>3bdf763</code></a>
Release 0.2.17</li>
<li><a
href="17437026e9"><code>1743702</code></a>
Update changelog</li>
<li><a
href="be3eb1a180"><code>be3eb1a</code></a>
Add comment about rust-version field to Cargo.toml</li>
<li><a
href="2b5f66d9bc"><code>2b5f66d</code></a>
Update allowed lint list</li>
<li><a
href="c7495a0d46"><code>c7495a0</code></a>
tools: Update tidy.sh</li>
<li><a
href="aa30a9fba2"><code>aa30a9f</code></a>
Apply clippy to doctest</li>
<li><a
href="0944bb974c"><code>0944bb9</code></a>
Update .deny.toml</li>
<li><a
href="401bd71ac2"><code>401bd71</code></a>
rustfmt: Set hex_literal_case = "Upper"</li>
<li><a
href="28c4feccd5"><code>28c4fec</code></a>
test: Update lint test</li>
<li><a
href="67a04498e4"><code>67a0449</code></a>
tests: Update ui test output to nightly-2025-12-04</li>
<li>Additional commits viewable in <a
href="https://github.com/taiki-e/pin-project-lite/compare/v0.2.16...v0.2.17">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Found this while analysing module preload test failures. In particular a
subtest of `modulepreload.html` was recently
[updated](https://github.com/web-platform-tests/wpt/pull/57243) to catch
this.
We need to ensure that SRI hash follows the base64 grammar specified by
CSP.
Testing: Updated test expectations of a test
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
This is a preparation for publishing to crates.io. Changes include:
- Add `servo-` prefixes to avoid name collisions on crates.io
- Use `-` instead of `_` in package names.
- Rename the crates to their original names in Cargo.toml,
to keep the diff minimal
- Rename `media` to `servo-media-thread` to avoid name collision with
`servo-media` (originally from the media repository).
This is an outcome of the previous discussion at [#general > Switch
remaining git dependencies to
crates.io](https://servo.zulipchat.com/#narrow/channel/263398-general/topic/Switch.20remaining.20git.20dependencies.20to.20crates.2Eio/with/576336288)
Testing: This should be mostly covered by our CI, but some amount of
breakage is to be expected, since some package names could still be
referenced from scripts which are not tested or run in CI. [mach try
run](https://github.com/jschwe/servo/actions/runs/22502945949)
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
There's some hanged scenarios with mitmproxy:
https://github.com/servo/servo/actions/runs/22539387007/job/65292396178
1. We rename `build` to `build-openharmony`.
2. We add
- 60 minutes timeout for each Build profile
- 40 minutes for bencher (Normally finish under 10 mins)
- 20 mins for scenario tests. (Normally finish under 4 mins)
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
The specification of WebCrypto and Modern Algorithms in WebCrypto has
updated to reorder reading algorithm and data arguments in "encrypt",
"decrypt", "sign", "verify", "digest", "importKey", "unwrapKey",
"decapsulateKey" and "decapsulateBits" methods. This patch updates our
implementation accordingly.
The relevant commits in specification repositories:
- WebCrypto:
5b57233c0a
- Modern Algorithms in WebCrypto:
ae72ee6cf4
Testing: Pass new WPT tests added in
https://github.com/web-platform-tests/wpt/pull/57614 and
https://github.com/servo/servo/pull/42925
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
The change in 2d3a7c87c2 dropped the camelCase formatting of
is_main_process. As a result the about:memory page claims that all
processes are content processes.
Testing: run `./mach run -M` and open `about:memory` . The first process
listed will be "Main process" with this change.
Signed-off-by: webbeef <me@webbeef.org>
Add `./mach print-env` to export the environment variables mach sets to
stdout and `./mach exec` to execute an arbitrary command in the custom
environment. This allows users to easily run custom commands, or tools
in the same environment as mach would create without adding support
every tool. Note: `./mach print-env` is only targeting UNIX shells for
now, although probably one could detect the shell and e.g. also support
PowerShell (in theory).
In principle, simple commands like `./mach cargo-fix` could be removed
and instead used via `./mach exec cargo fix`.
The execution of commands via `./mach exec my_command` (e.g. running
custom tools like cargo-flamegraph) still has some limitations, since
arguments that the user might have meant to pass to the command, might
be eaten by `./mach` (if mach expects that parameter, e.g. `--target
<triple>`. It's recommended to delimit explicitly by adding `--`., e.g.
`./mach exec --ohos -- cargo build --target aarch64-unknown-linux-ohos`.
Without the `--` delimiter, `./mach would interpret `--target` instead
of passing it to `cargo build`.
Testing: Manual testing of `./mach print-env --ohos`.
Fixes: #25473#38223
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
WPT creates `epochs/daily` either at 2 or 3AM. This means that if a fix
land on day 1, then WPT is tagged earlier than the nightly release, so
it can take 24-48 hours before a change is reflected on wpt.fyi
If instead we create the nightly release in time before epoch, we can
see those results within 24 hours.
Testing: GitHub workflow change
---------
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
We don't use the CLOBBER file anywhere. The CLOBBER was introduced in
d03e52d240, but without any commit
message. Judging by the CLOBBER file in that commit, this was related to
the CI machines at the time. Should be safe to remove.
Testing: Well, this probably should be reviewed by someone who is
familiar with the background. Not covered by any tests.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
In the WebCrypto modern algorithm specification, the issue
(https://github.com/WICG/webcrypto-modern-algos/issues/47) on algorithm
name referencing in the export key operation of ML-KEM had been resolved
by the following commit in the specification repository:
705f8ec6ce
Our implementation actually matches the new specification. We simply
update the specification text, with some minor refactoring accordingly.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
As said in
https://github.com/servo/servo/issues/42803#issuecomment-3957052680,
there's been a weird discrepancy between running wdspec tests in:
1. local / Linux WPT workflow
2. WebDriver Try
For 2, it triggers FAIL/ERROR that never happen in 1. It is not
intermittent, but always happens.
This PR makes 2 have same behaviour as running locally: default number
of processes (CPU count. For self-hosted runner workflow, this is
double. Hyperthreading?), single chunk.
This improves the running time by 2 mins as well.
Testing: The test results now work same as Linux WPT and local.
https://github.com/servo/servo/actions/runs/22385441028/job/64795317878#step:11:552Fixes: #39097Fixes: #42803
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
The warning occurs when compiling the script bindings unit-tests `./mach
test-unit -p script_bindings --lib`.
Presumably in some contexts the inner macro is already imported, which
triggers the warning.
Directly using `crate::` avoids this.
The fixed warning:
```
warning: unused import: `$crate::match_domstring_ascii_inner`
--> components/script_bindings/domstring.rs:1050:17
|
1050 | use $crate::match_domstring_ascii_inner;
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...
1352 | let _res = match_domstring_ascii!(s,
| ____________________-
1353 | | "❤" => true,
1354 | | _ => false,);
| |________________________- in this macro invocation
|
= note: this warning originates in the macro `match_domstring_ascii` (in Nightly builds, run with -Z macro-backtrace for more info)
```
Testing: Manually tested the warning is fixed by running `./mach
test-unit -p script_bindings --lib`.
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This is exposes the `tabIndex` property for `HTMLOrSVGElement` according
to the HTML specification. This is the first step toward implementation
of tab navigation in Servo.
Testing: This causes many WPT subtests to start passing, but causes a
few to
start failing. This is likely because we do not have a full
implementation of
the `delegatesFocus` parameter of `attachShadow` yet.
Fixes: This is part of #25001 and #32169.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
`NormalizedAlgorithm::encrypt`, `NormalizedAlgorithm::decrypt` and other
similar functions have some catch-all `match` arms that are unreachable.
They are unreachable because we rely on the name attribute in `String`
of the subtle dictionaries and the `NormalizedAlgorithm` enum to
determine which cryptographic algorithm to use, while the algorithm
normalization mechanism guarantees that some combinations of name and
enum variants won't exist.
This patch tries to get rid of those unreachable `match` arms to make
our WebCrypto code more idiomatic so that the Rust compiler can help us
ensure the correctness in the future.
To achieve this, we break the enum `NormalizedAlgorithm` into multiple
enums: `EncryptAlgorithm`, `DecryptAlgorithm`, `SignAlgorithm`, etc.
Each one is associated to a cryptographic operation, and its variants
are the cryptographic algorithms that support the associated operation.
The inner type of each variant is the desired parameter dictionary.
Therefore, when the call `EncryptAlgorithm::encrypt`,
`DecryptAlgorithm::decrypt` and other similar functions, we can have
`match` statements that cover all patterns since those enums only
contains necessary variants.
To make this change, we also need to change the algorithm registration
mechanism. Instead of using the `SupportedAlgorithm` enum and its method
`SupportedAlgorithm::support` to register the operations of the
algorithms, the algorithm registration is now done in the function
`from_object_value` of a new trait named `NormalizedAlgorithm`, which
the new enums `EncryptAlgorithm`, `DecryptAlgorithm` and so implement.
(Note that the existing enum named `NormalizedAlgorithm` is removed.)
Some refactoring in also done in the `normalize_algorithm` function to
adapt the above changes.
This new design of algorithm registration is also closer to the
WebCrypto specification, as explained in the comment block below the
`normalize_algorithm` function.
The crate `strum` is also used to reduce some boilerplate code.
Testing: Refactoring. Existing tests suffice.
Fixes: Part of #42579
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Instead of unwrapping in `GStreamerMediaStream::encoded`, properly
propagate errors to callers. This prevents panics when we fail to
build GStreamer pipelines in this code path. This is probably the first
of many changes to avoid `unwrap()`ing in this code.
Testing: This change adds a WPT crash test.
Fixes: #36844.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Before we were creating a new frame actor each time we paused, even if
the frame object in debugger.js was the same. Now we avoid this by
reusing the same frame actor id.
This helps our upcoming work on onStep, onPop, and onEnterFrame hooks.
Testing: Ran `mach test-devtools` and manually check that it works
Part of: #36027
Signed-off-by: eri <eri@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
This fixes a crash on the attached testcase when running with the async
html parser enabled. The crash also triggers on wpt. When executing
parse ops received from the async parser, we were not considering the
case where one of these operations causes the parser to abort (in the
case above, said operation is the `<popup-info></popup-info>`).
```html
<body>
<script>
class PopupInfo extends HTMLElement {
connectedCallback() {
document.open();
}
}
customElements.define('popup-info', PopupInfo);
</script>
<popup-info></popup-info>
</body>
```
The bug is very obscure and only triggers if `document.open` is called
while there is no parser-blocking script **and** the document parser is
still active.
Testing: We don't run tests on the async parser yet
Fixes: Part of https://github.com/servo/servo/issues/37418
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This PR fixes two related issues with Content Security Policy (CSP)
nonce validation for external scripts:
1. Missing nonce validation for external scripts with malformed
attributes
2. Incorrect violation event reporting for blocked external resources
This makes servo closer to passing the `nonce-enforce-blocked` wpt test.
The remaining failures are blocked by required changes in the html
parser.
1. Svg script support (https://github.com/servo/html5ever/issues/118)
```html
<svg xmlns="http://www.w3.org/2000/svg">
<script attribute attribute nonce="abc">
t.unreached_func("Duplicate attribute in SVG, no execution.")();
</script>
</svg>
```
2. Duplicate attrs check
the html parser needs to provide this flag, as mentioned on the original
commit message
(4821bc0ab0)
```html
<script attribute attribute nonce="abc">
t.unreached_func("Duplicate attribute, no execution.")();
</script>
<script attribute attribute=<style nonce="abc">
t.unreached_func("2# Duplicate attribute, no execution.")();
</script>
[...]
<script src="../support/nonce-should-be-blocked.js?5" attribute attribute nonce="abc"></script>
```
I've also created a PR to implement the duplicate attrs flag on
html5ever https://github.com/servo/html5ever/pull/695
Testing: doesn't fixes the aforementioned wpt test yet.
Fixes: part of #36437
---------
Signed-off-by: Dyego Aurélio <dyegoaurelio@gmail.com>
Since `evaluate_js_on_global` called `enter_realm` and there were
already some callee that did it, I've actually passed `&mut
CurrentRealm`.
Also converted `Window::WebdriverException` to pass `&mut JSContext`
inside `javascript_error_info_from_error_info`.
Testing: A successful build is enough
Part of #40600
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
> This was overlooked earlier in #41169
Simulate a mouse click before loading the page so that it should trigger
input events before populating any LCP entries for this `webview`.
- When mouse click event is received before/while loading, it should not
report LCP for webview.
When Page is reloaded, LCp should be reinstated for webview.
- Verify the Successful reporting of LCP entry after the reload.
Testing: `tests/largest_contentful_paint.rs`
Fixes: #42759
Signed-off-by: Shubham Gupta <shubham.gupta@chromium.org>
