Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update actions/checkout requirement to v2.3.4 #2

Closed

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 15, 2021

Updates the requirements on actions/checkout to permit the latest version.

Release notes

Sourced from actions/checkout's releases.

v2.3.4

Changelog

Sourced from actions/checkout's changelog.

Changelog

v2.3.1

v2.3.0

v2.2.0

v2.1.1

  • Changes to support GHES (here and here)

v2.1.0

v2.0.0

v2 (beta)

  • Improved fetch performance
    • The default behavior now fetches only the SHA being checked-out
  • Script authenticated git commands
    • Persists with.token in the local git config
    • Enables your scripts to run authenticated git commands
    • Post-job cleanup removes the token
    • Coming soon: Opt out by setting with.persist-credentials to false
  • Creates a local branch
    • No longer detached HEAD when checking out a branch
    • A local branch is created with the corresponding upstream branch set
  • Improved layout

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 15, 2021
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Mar 16, 2021

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/github_actions/actions/checkout-v2.3.4 branch March 16, 2021 00:11
MattiasBuelens pushed a commit that referenced this pull request Jun 24, 2021
1. Use GetWithoutInvalidation() instead of Get() in DCHECKs.
We should never call Get() inside of a DCHECK(), because this can
lead to a different code path depending on whether DCHECKs are enabled.

2. Get() should not cause immediate side effects. At most, it should
queue up an invalidation for later processing.

Fixing #1 and #2 were required in order to get past a first set of
errors introduced by the new test.

3. The actual fix -- avoid infinite loop by calling a special
new SlotAssignmentWillChange(), rather than ChildrenChanged(),
where a minimal GetWithoutInvalidation() is called that does not
lead to IsShadowContentRelevantForAccessibility() => FirstChild() =>
RecalcAssignedNodes() => ChildrenChanged() ... (infinite loop).

A simpler potential fix is in CL:2965317 but requires more
research. It's also mentioned in a TODO comment.

Bug: 1219311
Change-Id: Iafaa289f241a851404ce352715d2970172a2e5f8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2961158
Reviewed-by: Joey Arhar <[email protected]>
Reviewed-by: Mason Freed <[email protected]>
Reviewed-by: Dominic Mazzoni <[email protected]>
Commit-Queue: Aaron Leventhal <[email protected]>
Cr-Commit-Position: refs/heads/master@{#892778}
MattiasBuelens pushed a commit that referenced this pull request Nov 24, 2021
This is a manual reland of
https://chromium-review.googlesource.com/c/chromium/src/+/3247449

The difference from the previous reland is that the browser tests now
include 2 separate timeouts and a double rAF, to ensure that the
presentation timestamp taken is far enough from both the time the first
frame is sent as well as from the time the second frame is sent.
More importantly, the test now actually is looking at the UKM metric,
rather than at the histogram.

Original change's description:
> [LCP] Add animated image support
>
> This CL adds support for better handling of animated images in LCP:
> * A new attribute is exposing the first animated frame's paint time
> (behind a flag).
> * `startTime` is not changed.
> * The PageLoadMetrics reported for LCP are set to that first frame paint
> time for animated images (behind another flag).
> * Entries are not emitted until the image is loaded.
>
> Relevant spec issue:
> w3c/largest-contentful-paint#83

Bug: 1260953
Change-Id: I34070bd90a74ed44281da63b547f13d9669f389b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3250690
Reviewed-by: Nicolás Peña Moreno <[email protected]>
Commit-Queue: Yoav Weiss <[email protected]>
Cr-Commit-Position: refs/heads/main@{#936516}
MattiasBuelens pushed a commit that referenced this pull request Jan 31, 2022
The previous patch:
https://chromium-review.googlesource.com/c/chromium/src/+/3371612/6
checked an AnonymousIframe and an Iframe wasn't sharing the same
partition.

This one test:
- Two sibling same-origin anonymous iframe share the same partition.
- Two same-origin nested anonymous iframe share the same partition.
- Two same-origin anonymous iframe from different popup do not share
  the same partition.

Bug: 1285331,1226469
Change-Id: I7ebc3a5bbb5e1f12d0ceaac9d89c1deb30174a37
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3379159
Reviewed-by: Andrew Williams <[email protected]>
Commit-Queue: Arthur Sonzogni <[email protected]>
Cr-Commit-Position: refs/heads/main@{#960946}

Co-authored-by: Arthur Sonzogni <[email protected]>
MattiasBuelens pushed a commit that referenced this pull request Jan 31, 2022
By adding new exhaustive tests under ordering/, it was revealed that the ordering between navigatesuccess/navigateerror and the committed/finished promises was not always consistent:

1. Simply adding a currentchange event handler would cause microtasks to run during commit, which changed some ordering.

2. Calling transitionWhile() would take us from the zero-promise case to the 1+-promise case in ScriptPromise::All(). As the new comment explains, both the spec and implementation have an observably-different fast path for the 0-promise case which caused changes in ordering.

In the course of fixing this, I found out that the did_finish_before_commit_ code in app_history_api_navigation.{h,cc} was actually not a mitigation for the case it stated, where promises passed to transitionWhile() would settle faster than the browser-process roundtrip for same-document traversals. That is in fact impossible, since we only fire the navigate event after the browser-process roundtrip has completed. Instead, they were a mitigation for (1).

This commit then ensures consistent ordering, tested with new rather-exhaustive tests, in the following manner:

* We move the firing of currentchange to before resolving the committed promise. This eliminates (1) and allows us to delete the did_finish_before_commit_ tracking.

* We always ensure we pass 1+ promises to ScriptPromise::All(). This eliminates (2).

A consequence of this is that we are now more likely to get rejected finished promises, in cases like

    await appHistory.navigate("#1").committed;
    await appHistory.navigate("#2").committed;

Before, the finished promise for the #1 navigation would go through the fast path per (2), and fulfill before the navigation to #2 canceled it. Now that does not happen, so code like the above will give an unhandled promise rejection for #1's finished promise.

To avoid this, we unconditionally mark finished promises as handled. This follows some web platform precedent, e.g. stream closed promises, where the promise is one of several information channels (in this case the developer might also find out via the AbortSignal or the navigateerror event). We do *not* do this for the committed promise though, as if a commit fails, that's probably something more deeply wrong, and cannot be ignored.

All of these changes will require spec updates.

For the tests, we introduce a new ordering/ directory which contains cross-cutting ordering tests, and we consolidate a few tests into the newly-introduced variant-driven exhaustive ones. A couple of other tests were affected by these changes too or fixed as a drive-by.

Change-Id: I8a50ca28d009e0a8a2c94331cd17f29b0a8dc463
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3405377
Reviewed-by: Nate Chapin <[email protected]>
Commit-Queue: Domenic Denicola <[email protected]>
Cr-Commit-Position: refs/heads/main@{#963772}
MattiasBuelens pushed a commit that referenced this pull request Jun 4, 2022
This test fails with off-by-one values on the green background. This
is attempt #2 to fix that, by adding fuzziness.

Bug: 1323293
Change-Id: I9f51f257ef0064b6cd144a32ae01b148ed881112
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3638193
Reviewed-by: Philip Rogers <[email protected]>
Auto-Submit: Mason Freed <[email protected]>
Commit-Queue: Mason Freed <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1001695}
MattiasBuelens pushed a commit that referenced this pull request Apr 4, 2023
In the case that a popover contains an invoker that points back to that
invoker, the tab navigation code used to get confused. E.g.:

```
<div id="menu" popover>
  <button autofocus popoverhidetarget="menu">Button #1</button>
  <button popoverhidetarget="menu">Button #2</button>
</div>
```

In this case, trying to tab between the first and second button would
break because the second button appeared to be an invoker for a new
popover, when in reality it was an invoker for the same popover.

Fixed: 1399601
Bug: 1307772
Change-Id: I276370d7c8eee0dd32f0c89da202a0d3777bf911
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4133482
Commit-Queue: Mason Freed <[email protected]>
Auto-Submit: Mason Freed <[email protected]>
Commit-Queue: Joey Arhar <[email protected]>
Reviewed-by: Joey Arhar <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1089080}
MattiasBuelens pushed a commit that referenced this pull request Apr 4, 2023
…on discrete properties."

Original patch: https://crrev.com/c/4219315
Revert 1: https://crrev.com/c/4305045
Reland 1: https://crrev.com/c/4304846
Revert 2: https://crrev.com/c/4307944

Despite the most relaxed value in TestExpectations for
discrete-no-interpolation.tentative.html, some bots are still breaking
for reasons I don't understand. I am going to remove the test completely
until it stops crashing or failing. This patch will still be useful
despite the lack of tests because other people are doing prototyping
work that builds on this change.

Bug: 1399631, 1413556
Change-Id: Ic08f16d6436e37acc8947a94ca699c1735fe221f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4308075
Commit-Queue: Joey Arhar <[email protected]>
Reviewed-by: Mason Freed <[email protected]>
Auto-Submit: Joey Arhar <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1114026}
MattiasBuelens pushed a commit that referenced this pull request Apr 4, 2023
…sitions on discrete properties.""

This reverts commit 268250b.
MattiasBuelens pushed a commit that referenced this pull request Apr 4, 2023
…les transitions on discrete properties.""" (web-platform-tests#38936)

This reverts commit 78f70fd.
MattiasBuelens pushed a commit that referenced this pull request Apr 4, 2023
Most of the logic now lives on NaviagateEvent itself (in React()
and ReactDone()), which the new NavigateEvent::Reaction is a minimal
callback function wrapper.

Change-Id: Id31152b048fc7166a8ac45bda7e136a2143fd56f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4369772
Reviewed-by: Domenic Denicola <[email protected]>
Commit-Queue: Nate Chapin <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1123074}
MattiasBuelens pushed a commit that referenced this pull request Sep 30, 2023
This CL fixes a :has() invalidation bug when the following conditions
are met:

1. A style rule uses a :has() pseudo class. The :has() test result is
   affected by the anchor element's relationship to its sibling
   element at fixed distance. (e.g. '.a:has(+ .b) {}')
2. The :has() pseudo class was tested on an anchor element and it
   didn't matched.
3. If a sibling of the anchor element is removed, the :has() will
   match the anchor element.
   (e.g. '<div class=a></div><div id=target></div><div class=b></div>')
4. Remove a sibling of the anchor element so that the :has() matches
   the anchor element. (e.g. 'target.remove();')

For the removal, StyleEngine have to schedule :has() invalidation
even if the removed element doesn't have any identifier stored in
RuleFeatureSet. But it is not efficient to schedule :has()
invalidation for every element removal.

To avoid unnecessary :has() invalidation, StyleEngine checks whether
its parent has the 'ChildrenAffectedByDirectAdjacentRules' flag set
or not.

Currently, the SelectorChecker sets the flag only when it consumes
a direct adjacent combinator(+). This works most cases but it doesn't
work in this case (condition #2) because the SelectorChecker stops
the :has() argument selector matching before consuming the direct
adjacent combinator. Due to this, the parent of the anchor element
doesn't have the 'ChildrenAffectedByDirectAdjacentRules' flag set
and the StyleEngine doesn't schedule the :has() invalidation for the
removal.

To fix the error, when the SelectorChecker tests a :has() pseudo
class on an anchor element and the :has() is affected by the anchor
element's relationship to a sibling at fixed distance, the
SelectorChecker sets the flag of the parent to indicate that
StyleEngine need to schedule :has() invalidation whenever any child
of the element is removed.

Bug: 1480643
Change-Id: I5ec2e3c1db2773020368415f68bca1503367e669
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4864627
Commit-Queue: Byungwoo Lee <[email protected]>
Reviewed-by: Rune Lillesveen <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1198137}
MattiasBuelens pushed a commit that referenced this pull request Nov 29, 2024
See https://drafts.csswg.org/css-pseudo-4/#first-text-line

1. For a block container that establishes an inline formatting context,
the "first formatted line" is its first line box, if it has one.
Otherwise, there is no first formatted line.

2. Otherwise, for a block container that has block children, look inside
the first in-flow block child (if any) and do #1 if it establishes an
inline formatting context. Otherwise, do #2.

In short, we don't need to search for line boxes in blocks after the
first block child. If there is no line in the first child, there's no
"first formatted line".

There's no spec for "last formatted line", but apply the same logic.
I.e. if the last block child has no line, there's no "last formatted
line".

This allows us to simplify things a bit, especially when it comes to
re-laying out (kTextBoxTrimEndDidNotApply). The only case where we need
this now is for blocks inside inlines: If the last formatted line is
inside a block-in-inline, we need to go back and re-lay it out if it
turns out to be the last line (which isn't something we can check inside
block-in-inline layout). Note: When adding support for block
fragmentation, trimming at a fragmentainer's block end will be another
case where we need to re-lay out.

The motivation for this change was text box trimming inside block
fragmentation (upcoming CL), and be able to add support for that and
still be reasonably confident that it won't become too complicated.

This fixes one existing test. Some other existing tests had to be
updated because of this change (they were making incorrect assumptions
about first/last formatted line). As a result of that, some new refs had
to be added, since other tests were piggy-backing on the same ref.

Bug: 40254880, 367766472
Change-Id: I3fcc53af86353725b1f5705a5528493a72bf2e69
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5952979
Commit-Queue: Morten Stenshorne <[email protected]>
Reviewed-by: Koji Ishii <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1373765}
MattiasBuelens pushed a commit that referenced this pull request Nov 29, 2024
This implements the core Sanitizer logic. This is still missing
spec-mandated handling of "javascript:" URLs, and will have to be
updated as the spec develops. But other than that, the basics are now
there.

------------------

This a re-land of crrev.com/c/5922125. Patch set #1 is the original version,
as reviewed and submitted there. Patch set #2 contains the fix. Analysis of
the bug is in https://issues.chromium.org/issues/356601280#comment16

Bug: 356601280, 379235386, 379246316
Change-Id: I06d4a9a378330cc76015e3922b9e288d9503881a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6021482
Reviewed-by: Yifan Luo <[email protected]>
Reviewed-by: Joey Arhar <[email protected]>
Commit-Queue: Daniel Vogelheim <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1385522}
MattiasBuelens pushed a commit that referenced this pull request Nov 29, 2024
This patch teaches the network service's `URLLoader` how to evaluate the
SRI-valid subset of HTTP Message Signatures, blocking mismatched
responses once headers are received and processed.

This check is implemented behind a new feature flag, which is disabled
by default. End-to-end tests live in web platform tests under
//web_tests/virtual/sri-message-signatures that enables the flag.

This is part of a chain of CLs implementing this feature (#2 from
https://wicg.github.io/signature-based-sri/#overview):

1.  [Parsing] https://crrev.com/c/6020612
2.  [Validation 1] https://crrev.com/c/6030571
3.  [Validation 2] https://crrev.com/c/6032589
4.  [Enforcement] https://crrev.com/c/6038714 [You are here]

    `url_loader.cc` are the only meaningful changes in behavior
    reported as undercovered. These are tested through the WPT
    included in this CL.

Bug: 379534943
Low-Coverage-Reason: COVERAGE_UNDERREPORTED The changes to
Change-Id: I6ece80da25ed4329a6f976c2c74c639c2799b856
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6038714
Reviewed-by: Kenichi Ishibashi <[email protected]>
Reviewed-by: Camille Lamy <[email protected]>
Reviewed-by: Kent Tamura <[email protected]>
Commit-Queue: Mike West <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1389294}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant