Update jni-rs to 0.22, the main changes involve the introduction of
`with_env` within native methods, and updating uses of
`attach_current_thread`, which now requires a closure passed to it.
Callback object is now stored inside a `OnceLock`, since it would crash
when it was deleted, probably once a `WakeupCallback` was dropped:
```
JNI DETECTED ERROR IN APPLICATION: JNI ERROR (app bug): jobject is an invalid global reference: 0x2fc6 (deleted reference at index 382)
```
Also update android-activity and rustls-platform-verifier.
Testing: We don't have android tests in CI, manual testing is required
Fixes: Part of #40979
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Companion PR to https://github.com/servo/mozjs/pull/735.
This bumps mozjs to the latest version 0.15.9. The changes were reviewed
in the linked PR.
Testing: This changes behavior when using `make` 4.4 and compiling mozjs
from source in CI. This path is not exercised in CI, since Ubuntu 24.04
still ships make 4.3.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This PR makes minor cleanup in the media crates:
- Switch dependencies to workspace dependencies if they are already
included in the main Cargo.toml
- Switch from crate serde_derive to serde with feature flag derive.
- Switch from the separate crate for OnceCell to the std provided
LazyLock.
- Update num_complex
Testing: The only functional changes are either slight version bumps,
the replacement to LazyLock which is conservative and the num_complex
update which also shouldn't have any behavior changes.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Bumps [atomic_refcell](https://github.com/mozilla/atomic_refcell) from
0.1.13 to 0.1.14.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/mozilla/atomic_refcell/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Helps with: https://github.com/servo/servo/issues/38776. Reduces total
Servo crate count by 7 (977 -> 970).
This PR simply:
- Disables the `server` feature in the `webdriver` crate
- Vendors the implementation of the server from the `webdriver` crate
- Updates dependencies + fixes code to work with new versions
Unfortunately `webdriver` depends on `http` even with the `server`
feature disabled, so we still end up with duplicate versions of `http`.
But at least the duplicate `hyper` is eliminated. Future work could
change the implementation to e.g. move away from `warp` or similar.
Testing: WPT tests use webdriver, so this should be exercised heavily by
those tests.
---------
Signed-off-by: Nico Burns <nico@nicoburns.com>
This brings up to date with the specification for declarative shadow
roots: https://github.com/whatwg/html/pull/12267.
The `shadowrootslotassignment` attribute on `<template>` elements
specifies the slot assignment mode used by the declarative shadow root
created by the template.
Testing: New tests start to pass
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This functionality already provided by `icu_properties` which is already
in our dependency graph, so this change allows us to remove one
dependency.
Testing: This should not change behavior, so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
`servo-layout` only depends on `html5ever` for it's atom types which are
now split out into the `web_atoms` crate. This switches the dependency
to `web_atoms` to remove the unncessary dependency
Testing: This just imports the same types from a different crate. So if
it builds, it should work.
Signed-off-by: Nico Burns <nico@nicoburns.com>
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.11.4 to
2.14.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md">indexmap's
changelog</a>.</em></p>
<blockquote>
<h2>2.14.0 (2026-04-09)</h2>
<ul>
<li><strong>MSRV</strong>: Rust 1.85.0 or later is now required.</li>
<li>Updated the <code>hashbrown</code> dependency to 0.17.</li>
<li>Made more <code>map::Slice</code> methods <code>const</code>:
<code>new_mut</code>, <code>first_mut</code>, <code>last_mut</code>,
<code>split_at_mut</code>, <code>split_at_mut_checked</code>,
<code>split_first_mut</code>, <code>split_last_mut</code></li>
</ul>
<h2>2.13.1 (2026-04-02)</h2>
<ul>
<li>Made some <code>Slice</code> methods <code>const</code>:
<ul>
<li><code>map::Slice::{first,last,split_at,split_at_checked,split_first,split_last}</code></li>
<li><code>set::Slice::{first,last,split_at,split_at_checked,split_first,split_last}</code></li>
</ul>
</li>
</ul>
<h2>2.13.0 (2026-01-07)</h2>
<ul>
<li>Implemented <code>Clone</code> for <code>IntoKeys</code> and
<code>IntoValues</code>.</li>
<li>Added <code>map::Slice::split_at_checked</code> and
<code>split_at_mut_checked</code>.</li>
<li>Added <code>set::Slice::split_at_checked</code>.</li>
</ul>
<h2>2.12.1 (2025-11-20)</h2>
<ul>
<li>Simplified a lot of internals using <code>hashbrown</code>'s new
bucket API.</li>
</ul>
<h2>2.12.0 (2025-10-17)</h2>
<ul>
<li><strong>MSRV</strong>: Rust 1.82.0 or later is now required.</li>
<li>Updated the <code>hashbrown</code> dependency to 0.16 alone.</li>
<li>Error types now implement <code>core::error::Error</code>.</li>
<li>Added <code>pop_if</code> methods to <code>IndexMap</code> and
<code>IndexSet</code>, similar to the
method for <code>Vec</code> added in Rust 1.86.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bcd165baeb"><code>bcd165b</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/439">#439</a>
from cuviper/release-2.14.0</li>
<li><a
href="4ef06a729e"><code>4ef06a7</code></a>
Release 2.14.0</li>
<li><a
href="d21826ca93"><code>d21826c</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/438">#438</a>
from cuviper/hashbrown-0.17</li>
<li><a
href="2566bec20d"><code>2566bec</code></a>
Upgrade to <code>hashbrown v0.17</code></li>
<li><a
href="4b62776c3f"><code>4b62776</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/437">#437</a>
from cuviper/disjoint-panic</li>
<li><a
href="478fba2eb0"><code>478fba2</code></a>
Normalize the panic doc of <code>get_disjoint_mut</code></li>
<li><a
href="fb6dafda4e"><code>fb6dafd</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/436">#436</a>
from cuviper/const-slice-mut</li>
<li><a
href="5c237a2ab7"><code>5c237a2</code></a>
Make <code>Slice::{first,last,split_*}_mut</code> methods
<code>const</code></li>
<li><a
href="48ff9ce2e3"><code>48ff9ce</code></a>
Merge pull request <a
href="https://redirect.github.com/indexmap-rs/indexmap/issues/435">#435</a>
from cuviper/edition-2024</li>
<li><a
href="648be98a31"><code>648be98</code></a>
<code>cargo fmt</code> with edition 2024</li>
<li>Additional commits viewable in <a
href="https://github.com/indexmap-rs/indexmap/compare/2.11.4...2.14.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fixes CSS Grid auto-repeat track count resolution in CSS Grid. This
caused an integer underflow in some cases and in others simply computed
the incorrect number of tracks.
Hopefully fixes: #44201
---------
Signed-off-by: Nico Burns <nico@nicoburns.com>
Testing: We have no automated testing for the servoshell UI. Some quick
manual testing of servo.org seemed to work as expected.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This prevents issues for users that don't already have a lockfile, since
prerelease versions can have breaking changes.
This should also be backported to the release branch.
Testing: No changes, covered by existing tests.
Fixes: #44089
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Implement Player Trait in ohos backend using Harmony OS MediaKit's[
AVPlayer](https://developer.huawei.com/consumer/en/doc/harmonyos-references/capi-avplayer-h).
The modular design of `VideoSink`, `InnerPlayer`, and `MediaSource` is
taken from the GStreamer backend.
Only support HarmonyOS SDK API 21, because the
`OH_AVPlayer_SetDataSource` only started to be exposed on API 21.
Testing: N/A, as there are no platform specific task.
Fixes: N/A, now we can play video on HarmonyOS phone using `<video>`
---------
Signed-off-by: rayguo17 <rayguo17@gmail.com>
The `IONFLAGS` environment variable configure logging for the JIT, but
it must be enabled in spidermonkey at compile time. The prebuilt mozjs
binaries don't enable it, so we must build from source.
Companion PR for https://github.com/servo/mozjs/pull/728
Testing: We don't have tests for the build process
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This continues #43045
Changelog:
- Upstream:
74ddab4091...6de1071549
- Servo fixups:
9f2f4f3f1b...6cfce6f329
Stylo tracking issue: https://github.com/servo/stylo/issues/347
Summary of improvements:
- Adding support for the CSS-wide `revert-rule` keyword
- `::details-content` becomes element-backed, thus accepting nested
pseudo-elements like `::details-content::before`.
- Custom properties can now be registered using dashed idents in their
syntax
- Various `attr()` improvements
Testing: Various WPT improvements
---------
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
`hyper_serde` currently has no dependants on crates.io. We give up the
independant versioning and simplify our setup by using the same version
as our workspace. The new crate is servo-hyper-serde.
Testing: Not required, policy change.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
In preparation for the next release, bump the version number to 0.1. 0.1
will be an LTS release, which receives extended support in terms of
security updates (e.g. spidermonkey security updates). Please keep in
mind that as always no specific guarantees or response times are given,
and any updated are provided on a best effort basis.
Previously some projects had a demo integration of servo based on some
version of servo, and then never or rarely updated it. Providing an LTS
release offers an option to embedders to integrate servo, while reducing
API churn and having a somewhat fixed schedule to adhere to in terms of
upgrades. Currently, the plan is for a new LTS release every 6 months,
with additional documentation regarding API changes and recommended
migration patterns (best-effort and subject to change).
Testing: No functional changes. Additional testing will be performed
post-merge on the newly created release branch.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This PR considers the following constraints:
- Resources must be available when building servo via a published
crates.io package (i.e. no `../../../resources/<file>` file references).
- Minimal setup when writing tests (`nextest` spawns each test in its
own process, so we don't want to explicitly initialize the resource
handler for every `#[test]` fn)
- Use local resources when developing locally
- Support loading the resources from a proper resource directory if the
embedder wishes so, including via a custom mechanism, not necessarily as
files
(File) Resources that are only accessed from servoshell are out of scope
of this PR, since it mainly focusses on unblocking publishing `libservo`
to crates.io.
Baking the resources into the binary by default simplifies the setup a
lot. We already supported that before, but only for testing purposes and
explicitly not for production builds.
Using [`inventory`](https://crates.io/crates/inventory) adds a simple
way for the embedder to replace the default baked in resources, while
also keeping the test usage of baked in resources simple.
rippy.png is also referenced from image_cache - We simply duplicate it,
since the image is small, to avoid adding unnecessarily complex
solutions like adding a dedicated crate.
Testing: Covered by existing tests. [mach try
full](https://github.com/jschwe/servo/actions/runs/23811669469)
Fixes: Part of #43145
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.22.0 to 1.23.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/uuid-rs/uuid/releases">uuid's
releases</a>.</em></p>
<blockquote>
<h2>v1.23.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add support for 'hyphenated' format in the serde module by <a
href="https://github.com/FrenchDilettante"><code>@FrenchDilettante</code></a>
in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/865">uuid-rs/uuid#865</a></li>
<li>Fix a number of bugs in time-related code by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/872">uuid-rs/uuid#872</a></li>
<li>Reword invalid char error message by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/873">uuid-rs/uuid#873</a></li>
<li>Impl cleanups by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/874">uuid-rs/uuid#874</a></li>
<li>Use LazyLock to synchronize v1/v6 context initialization by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/875">uuid-rs/uuid#875</a></li>
<li>Prepare for 1.23.0 release by <a
href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/876">uuid-rs/uuid#876</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/FrenchDilettante"><code>@FrenchDilettante</code></a>
made their first contribution in <a
href="https://redirect.github.com/uuid-rs/uuid/pull/865">uuid-rs/uuid#865</a></li>
</ul>
<h2>Special thanks</h2>
<p><a href="https://github.com/meng-xu-cs"><code>@meng-xu-cs</code></a>
raised a series of bugs against the timestamp logic in <code>uuid</code>
using automated tooling. The issues themselves were reasonably and
responsibly presented and the end result is a better <code>uuid</code>
library for everyone. Thanks!</p>
<h1>Deprecations</h1>
<p>This release includes the following deprecations:</p>
<ul>
<li><code>Context</code>: Renamed to <code>ContextV1</code></li>
<li><code>Timestamp::from_gregorian</code>: Renamed to
<code>Timestamp::from_gregorian_time</code></li>
</ul>
<h1>Change to <code>Version::Max</code></h1>
<p><code>Version::Max</code>'s <code>u8</code> representation has
changed from <code>0xff</code> to <code>0x0f</code> to match the value
returned by <code>Uuid::get_version_num</code>.</p>
<h1>Change to <code>Uuid::get_version</code> for the max UUID</h1>
<p><code>Uuid::get_version</code> will only return
<code>Some(Version::Max)</code> if the UUID is actually the max UUID
(all bytes are <code>0xff</code>). Previously it would return
<code>Some</code> if only the version field was <code>0x0f</code>. This
change matches the behaviour of the nil UUID, which only returns
<code>Some(Version::Nil)</code> if the UUID is the nil UUID (all bytes
are <code>0x00</code>).</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/uuid-rs/uuid/compare/v1.22.0...v1.23.0">https://github.com/uuid-rs/uuid/compare/v1.22.0...v1.23.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="00ab922d53"><code>00ab922</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/876">#876</a> from
uuid-rs/cargo/v1.23.0</li>
<li><a
href="726ba45fe3"><code>726ba45</code></a>
prepare for 1.23.0 release</li>
<li><a
href="996dadea02"><code>996dade</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/875">#875</a> from
uuid-rs/fix/context-ordering</li>
<li><a
href="e14047993b"><code>e140479</code></a>
simplify a use stmt</li>
<li><a
href="8ed9142847"><code>8ed9142</code></a>
reorganize and document more v7 context internals</li>
<li><a
href="e09a3225a8"><code>e09a322</code></a>
use LazyLock to synchronize v1/v6 context initialization</li>
<li><a
href="0f260cc671"><code>0f260cc</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/874">#874</a> from
uuid-rs/chore/impl-cleanups</li>
<li><a
href="1419e91097"><code>1419e91</code></a>
clean up and refactor main lib tests</li>
<li><a
href="ceeaf4b7b5"><code>ceeaf4b</code></a>
ensure we don't overflow on counters less than 12</li>
<li><a
href="63bc8f52e5"><code>63bc8f5</code></a>
Merge pull request <a
href="https://redirect.github.com/uuid-rs/uuid/issues/873">#873</a> from
uuid-rs/fix/error-msg</li>
<li>Additional commits viewable in <a
href="https://github.com/uuid-rs/uuid/compare/v1.22.0...v1.23.0">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Implement the layout of `<input type="range">`. Support automatically
calculating the position of thumb based on the current input value, and
the size of range-track and range-thumb. Added a
document.has_script_or_layout_blocker function to detect whether it is
possible to run box_area_query during bind_to_tree, add delay_task if
there are blocker.
Here are some of the fixes made in this PR:
1. Fixed the structure for input type range's pseudo elements.
2. Fixed the positioning of input type range's thumb based on current
value, width, and direction.
3. Allow input type range to stretch vertically in a bigger container.
Original PR: #41024
Stylo PR: https://github.com/servo/stylo/pull/310
Testing: Some improvements in WPT tests, with a few regressions. This
change includes a Servo-specific appearance test to detect unexpected
changes to the look and feel of range widgets.
Fixes: #22728
---------
Signed-off-by: Budiman Arbenta <arbenta6@gmail.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: rayguo17 <tin.tun.aung1@huawei.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Bumps [rustc-hash](https://github.com/rust-lang/rustc-hash) from 2.1.1
to 2.1.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/rust-lang/rustc-hash/blob/master/CHANGELOG.md">rustc-hash's
changelog</a>.</em></p>
<blockquote>
<h1>2.1.2</h1>
<ul>
<li><a
href="https://redirect.github.com/rust-lang/rustc-hash/pull/65">Refactor
byte hashing to remove unreachable panic</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fdb275c8a0"><code>fdb275c</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/rustc-hash/issues/67">#67</a>
from Noratrieb/new-version</li>
<li><a
href="acafa431e9"><code>acafa43</code></a>
Prepare 2.1.2</li>
<li><a
href="140e525344"><code>140e525</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/rustc-hash/issues/65">#65</a>
from morrisonlevi/split_first_chunk</li>
<li><a
href="f061387ad7"><code>f061387</code></a>
style: use consistent range format</li>
<li><a
href="211455cb39"><code>211455c</code></a>
refactor!: use split_first_chunk to help optimizer</li>
<li><a
href="464a82f557"><code>464a82f</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/rustc-hash/issues/63">#63</a>
from estebank/const-Default</li>
<li><a
href="2170d5e2a0"><code>2170d5e</code></a>
On nightly, <code>impl const Default</code></li>
<li><a
href="1a998d5b89"><code>1a998d5</code></a>
Merge pull request <a
href="https://redirect.github.com/rust-lang/rustc-hash/issues/62">#62</a>
from CryZe/128-bit-on-more-platforms</li>
<li><a
href="6849c16d79"><code>6849c16</code></a>
Use 128-bit Widening Multiply on More Platforms</li>
<li>See full diff in <a
href="https://github.com/rust-lang/rustc-hash/compare/v2.1.1...v2.1.2">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This change adds support for `background-blend-mode` to Servo by
creating one stacking context per blend and a single stacking context to
serve as the blend container. This matches the approach that Gecko
takes.
Stylo PR: servo/stylo#344
Testing: This change causes some WPT tests to start passing. In general
this feature
is not well exercised by tests. I suspect that blending is hard to test
properly.
Fixes: #43621
Signed-off-by: Martin Robinson <mrobinson@fastmail.fm>
Co-authored-by: Martin Robinson <mrobinson@fastmail.fm>
Requires communication between the script thread and the constellation
to be able to retrieve the origin of a cross-origin document. However,
in the fast-path where the document resides in the same script-thread,
we use the `frame_element` instead.
If no CSP list is active, then we skip all this logic, to have a minimal
impact on document navigation.
Part of #4577Fixes#36468
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Lets the `width` and `height` attributes of `<svg>` set presentational
hints for the CSS properties of the same name.
Also bumps Stylo to servo/stylo#343, in order to also set the preshints
for percentage values. However, layout will ignore percentages for the
purpose of computing the natural sizes and aspect ratio.
Testing: Improves WPT
---------
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
btleplug depends on tokio so we use a bridge thread to interface with
Servo thread based messaging.
We keep feature parity except for BtleplugGATTService::get_includes()
that will require upstream implementation.
In terms of OS support, I verified on Linux and MacOS. Android is
untested, but btleplug claims support.
Testing: No test failures, green try run at
https://github.com/webbeef/servo/actions/runs/23390850825Fixes: #43254.
Signed-off-by: webbeef <me@webbeef.org>
Bumps the tungstenite-related group with 2 updates:
[async-tungstenite](https://github.com/sdroege/async-tungstenite) and
[tungstenite](https://github.com/snapview/tungstenite-rs).
Updates `async-tungstenite` from 0.33.0 to 0.34.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sdroege/async-tungstenite/blob/main/CHANGELOG.md">async-tungstenite's
changelog</a>.</em></p>
<blockquote>
<h2>[0.34.0] - 2026-03-20</h2>
<h3>Changed</h3>
<ul>
<li>Update to tungstenite 0.29.</li>
<li>Update to async-native-tls 0.6.</li>
</ul>
<h3>Added</h3>
<ul>
<li>smol runtime support including smol-native-tls.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f37ab0a072"><code>f37ab0a</code></a>
Update CHANGELOG.md for 0.34.0</li>
<li><a
href="b62b375515"><code>b62b375</code></a>
Update version to 0.34.0</li>
<li><a
href="e7612f41f5"><code>e7612f4</code></a>
Update to async-native-tls 0.6</li>
<li><a
href="2b81693011"><code>2b81693</code></a>
Update dev-dependencies.</li>
<li><a
href="c6bdd383f3"><code>c6bdd38</code></a>
Update tungstenite to 0.29.</li>
<li><a
href="f88c3ef099"><code>f88c3ef</code></a>
ci: Add smol-runtime tests</li>
<li><a
href="4e760cdd20"><code>4e760cd</code></a>
examples: Add smol echo example</li>
<li><a
href="da5e725dc9"><code>da5e725</code></a>
runtimes: Add smol runtime support</li>
<li>See full diff in <a
href="https://github.com/sdroege/async-tungstenite/compare/0.33.0...0.34.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `tungstenite` from 0.28.0 to 0.29.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/snapview/tungstenite-rs/blob/master/CHANGELOG.md">tungstenite's
changelog</a>.</em></p>
<blockquote>
<h1>0.29.0</h1>
<ul>
<li>Update MSRV to <code>1.71</code> due to <code>syn</code> (the
dependency of <code>thiserror</code>) requiring it.</li>
<li>Allow users to send headers with non-visible ASCII values (as long
as they constitute a correct <code>HeaderValue</code>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c2921718b7"><code>c292171</code></a>
Suppress clippy warnings in tests/</li>
<li><a
href="0938f1c79b"><code>0938f1c</code></a>
Bump version</li>
<li><a
href="4a457f65d9"><code>4a457f6</code></a>
Add missing word to the comment (<a
href="https://redirect.github.com/snapview/tungstenite-rs/issues/521">#521</a>)</li>
<li><a
href="aef32231f5"><code>aef3223</code></a>
Fix grammar in <code>WebSocketContext::from_partially_read</code> docs
(<a
href="https://redirect.github.com/snapview/tungstenite-rs/issues/534">#534</a>)</li>
<li><a
href="ad6539bcb9"><code>ad6539b</code></a>
Inline the utf-8 crate (<a
href="https://redirect.github.com/snapview/tungstenite-rs/issues/536">#536</a>)</li>
<li><a
href="df722bd668"><code>df722bd</code></a>
Update the CI to accomodate for the new MSRV</li>
<li><a
href="9833bdec33"><code>9833bde</code></a>
Bump MSRV</li>
<li><a
href="59bee6404f"><code>59bee64</code></a>
Fix formatting in CHANGELOG.md</li>
<li><a
href="3f2f222cd8"><code>3f2f222</code></a>
Update CHANGELOG.md</li>
<li><a
href="84eaba964d"><code>84eaba9</code></a>
Fixing issue with non-ASCII header values</li>
<li>Additional commits viewable in <a
href="https://github.com/snapview/tungstenite-rs/compare/v0.28.0...v0.29.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The CSP crate was incorrectly using the request URL for both checking if
policies were matching, as well as reporting that URL. However, the CSP
specification uses the current URL to check for policies and the url for
reporting a violation.
Therefore, set the new current_url field for these requests, leaving the
ws scheme URLs as a special case. We also should take redirects into
account for navigations (which is only relevant for forms), but LoadData
currently has no notion of keeping track of that.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This fixes a warning of `cargo publish`:
```
warning: manifest has no description, documentation, homepage or repository
```
Testing: Compiling. Manual testing of `cargo publish --dry-run` (with
some additional patches, and until the next error, shows this warning
has been fixed)
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Propagate the had_duplicate_attributes flag from html5ever's
ElementFlags through to the Element struct, enabling step 3 of the
CSP "is element nonceable" algorithm. Elements with duplicate
attributes are now correctly marked as "Not Nonceable", preventing
scripts with duplicate attributes from bypassing CSP nonce checks.
Testing: We still need https://github.com/servo/html5ever/issues/118 to
fully pass the
`content-security-policy/script-src/nonce-enforce-blocked.html` wpt
test. But I was able to uncomment some of the remaining tests on
`mozilla/csp/nonce-external-script-malformed-blocked.html`
---------
Signed-off-by: Dyego Aurélio <dyegoaurelio@gmail.com>
In preparation for a release to crates.io, bump the workspace version to
match the current servoshell version, and let the servoshell version use
the workspace version again. This makes versioning for us easier, and
makes more sense since servoshell is considered to be just a demo for
servo.
The `./mach release` command is updated to support bumping the workspace
version, and patch the version requirement of all workspace-versioned
workspace dependencies.
Testing: Can be manually verified by running `./mach release
<new_version>`. Note that this just bumps the version numbers, and
doesn't release anything, so it's perfectly safe to run.
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This remove `sm-player` and `sm-gst-render` that point to the same
crates as `servo-media-player` and `servo-media-gstreamer-render`
Testing: a successful build is enough
---------
Signed-off-by: webbeef <me@webbeef.org>
