Update to jQuery 3
Objective
Upgrade to jQuery 3 as there are moderate security vulnerabilities with jQuery versions less than 3.0.0 (https://gitlab.com/gitlab-org/gitlab-ce/issues/42291)
Tentative Plan
- Install jQuery Migrate
- Go through important changes in 3.0 section (below, ideally 1 commit per fix)
- Fix CE
- Go through changes for EE
- Check to make sure that jQuery plugins imported from yarn are still working correctly with jQuery 3.0
- Remove jQuery Migrate
Important Changes Definitions
- Breaking change: This change may affect existing code, since it changes the API surface in some way. Most of the time the impacts are only for specific edge cases as noted.
- Feature: The change is an API addition and should not affect existing code in most cases. However, there is the possibility that new features can interact negatively with existing code.
- Deprecated: This feature or API is still present in jQuery 3.0, but its use is discouraged. It may be removed in a future major-version update.
Important Changes in 3.0
https://gitlab.com/gitlab-org/gitlab-ce/issues/42397)
1. Ajax (Resolve this section through-
Breaking change: Breaking change: Special-case Deferred methods removed from jQuery.ajax -
Breaking change: Cross-domain script requests must be declared -
Breaking change: Hash in a URL is preserved in a jQuery.ajax() call -
Feature: New signature for jQuery.get() AND jQuery.post()
2. Attributes
-
Breaking change: .removeAttr() no longer sets properties to false @ClemMakesApps -
Breaking change: select-multiple with nothing selected returns an empty array -
Feature: SVG documents support class operations -
Deprecated: .toggleClass() with no arguments and .toggleClass( Boolean ) @ClemMakesApps
3. Callbacks
4. Core
-
Breaking change: jQuery 3.0 runs in Strict Mode -
Breaking change: document-ready handlers are now asynchronous -
Breaking change: jQuery.isNumeric() and custom .toString() @ClemMakesApps -
Breaking change: Deprecated .context and .selector properties removed -
Breaking change: Deprecated .size() removed @ClemMakesApps -
Breaking change: Undocumented internal methods no longer exposed -
Breaking change: Return values on empty sets are undefined -
Feature: for...of loops can be used on jQuery collections -
Feature: jQuery.ready promise is formally supported -
Deprecated: jQuery.unique(), renamed to jQuery.uniqueSort() @ClemMakesApps -
Deprecated: jQuery.parseJSON() @ClemMakesApps -
Deprecated: document-ready handlers other than jQuery(function)
5. Data
6. Deferred
-
Breaking change and Feature: jQuery.Deferred is now Promises/A+ compatible -
Breaking change and Feature: jQuery.when() arguments -
Breaking change: jQuery.when() progress notifications
7. Dimensions
-
Breaking change: .width(), .height(), .css("width"), and .css("height") can return non-integer values -
Breaking change: .outerWidth() or .outerHeight() on window includes scrollbar width/height
8. Effects
-
Breaking change: .show(), .hide(), and .toggle() methods now respect more stylesheet changes -
Feature: Animations now use requestAnimationFrame -
Deprecated: jQuery.fx.interval @ClemMakesApps -
Deprecated: Additional easing function parameters
9. Event
-
Breaking change: .load(), .unload(), and .error() removed @okoghenun -
Breaking change: .on("ready", fn) removed @okoghenun -
Breaking change: event.pageX and event.pageY normalization removed @okoghenun -
Breaking change: jQuery.event.props and jQuery.event.fixHooks removed @okoghenun -
Breaking change: Delegated events with bad selectors throw immediately -
Deprecated: .bind() and .delegate() @ClemMakesApps
10. Manipulation
11. Offset
12. Selector
-
Breaking change: Behavior of :hidden and :visible -
Breaking change: jQuery("#") and .find("#") are invalid syntax -
Feature: New method jQuery.escapeSelector() -
Deprecated: jQuery.expr[":"] and jQuery.expr.filters
13. Serialize
14. Traversing
What to do with jQuery plugins?
For now, let's try to do minimal fixes for the plugin to make it work. We should list out these affected plugins and re-evaluate at a later time. If the fixes are substantial, we may have to consider replacing the plugin with an alternative.
Affected plugins:
- jQuery.endless-scroll (removeAttr)
- jQuery.atwho (uses deprecated jQuery.expr.filters - https://github.com/ichord/At.js/issues/528)
- jQuery.waitforimages (uses deprecated jQuery.expr.filters)
Resources
Edited by Phil Hughes