Merge branch 'prebid:master' into master

.github/codeql/codeql-config.yml

@@ -2,3 +2,6 @@ paths:
   - src
   - modules
   - libraries
+queries:
+  - name: Prebid queries
+    uses: ./.github/codeql/queries

.github/codeql/queries/deviceMemory.ql

@@ -0,0 +1,14 @@
+/**
+ * @id prebid/device-memory
+ * @name Access to navigator.deviceMemory
+ * @kind problem
+ * @problem.severity warning
+ * @description Finds uses of deviceMemory
+ */
+
+import prebid
+
+from SourceNode nav
+where
+ nav = windowPropertyRead("navigator")
+select nav.getAPropertyRead("deviceMemory"), "deviceMemory is an indicator of fingerprinting"

.github/codeql/queries/hardwareConcurrency.ql

@@ -0,0 +1,14 @@
+/**
+ * @id prebid/hardware-concurrency
+ * @name Access to navigator.hardwareConcurrency
+ * @kind problem
+ * @problem.severity warning
+ * @description Finds uses of hardwareConcurrency
+ */
+
+import prebid
+
+from SourceNode nav
+where
+ nav = windowPropertyRead("navigator")
+select nav.getAPropertyRead("hardwareConcurrency"), "hardwareConcurrency is an indicator of fingerprinting"

.github/codeql/queries/prebid.qll

@@ -0,0 +1,36 @@
+import javascript
+import DataFlow
+
+SourceNode otherWindow() {
+ result = globalVarRef("top") or
+ result = globalVarRef("self") or
+ result = globalVarRef("parent") or
+ result = globalVarRef("frames").getAPropertyRead() or
+ result = DOM::documentRef().getAPropertyRead("defaultView")
+}
+
+SourceNode connectedWindow(SourceNode win) {
+  result = win.getAPropertyRead("self") or
+  result = win.getAPropertyRead("top") or
+  result = win.getAPropertyRead("parent") or
+  result = win.getAPropertyRead("frames").getAPropertyRead() or
+  result = win.getAPropertyRead("document").getAPropertyRead("defaultView")
+}
+
+SourceNode relatedWindow(SourceNode win) {
+  result = connectedWindow(win) or
+  result = relatedWindow+(connectedWindow(win))
+}
+
+SourceNode anyWindow() {
+  result = otherWindow() or
+  result = relatedWindow(otherWindow())
+}
+
+/*
+ Matches uses of property `prop` done on any window object.
+*/
+SourceNode windowPropertyRead(string prop) {
+  result = globalVarRef(prop) or
+  result = anyWindow().getAPropertyRead(prop)
+}

.github/codeql/queries/qlpack.yml

@@ -0,0 +1,8 @@
+---
+library: false
+warnOnImplicitThis: false
+name: queries
+version: 0.0.1
+dependencies:
+  codeql/javascript-all: ^1.1.1
+  codeql/javascript-queries: ^1.1.0

.github/release-drafter.yml

@@ -1,6 +1,10 @@
 
 name-template: 'Prebid $RESOLVED_VERSION Release'
 tag-template: '$RESOLVED_VERSION'
+autolabeler:
+  - label: 'maintenance'
+    title:
+      - '/^(?!.*(bug|initial|release|fix)).*$/i'
 categories:
   - title: '🚀 New Features'
     label: 'feature'

.github/workflows/jscpd.yml

@@ -29,7 +29,7 @@ jobs:
       run: |
         echo '{
           "threshold": 20,
-          "minTokens": 50,
+          "minTokens": 100,
           "reporters": [
             "json"
           ],

README.md

@@ -1,14 +1,14 @@
 [![Build Status](https://circleci.com/gh/prebid/Prebid.js.svg?style=svg)](https://circleci.com/gh/prebid/Prebid.js)
-[![Percentage of issues still open](http://isitmaintained.com/badge/open/prebid/Prebid.js.svg)](http://isitmaintained.com/project/prebid/Prebid.js "Percentage of issues still open")
+[![Percentage of issues still open](http://isitmaintained.com/badge/open/prebid/Prebid.js.svg)](https://isitmaintained.com/project/prebid/Prebid.js "Percentage of issues still open")
 [![Coverage Status](https://coveralls.io/repos/github/prebid/Prebid.js/badge.svg)](https://coveralls.io/github/prebid/Prebid.js)
 
 # Prebid.js
 
 > A free and open source library for publishers to quickly implement header bidding.
 
 This README is for developers who want to contribute to Prebid.js.
-Additional documentation can be found at [the Prebid homepage](http://prebid.org).
-Working examples can be found in [the developer docs](http://prebid.org/dev-docs/getting-started.html).
+Additional documentation can be found at [the Prebid.js documentation homepage](https://docs.prebid.org/prebid/prebidjs.html).
+Working examples can be found in [the developer docs](https://prebid.org/dev-docs/getting-started.html).
 
 Prebid.js is open source software that is offered for free as a convenience. While it is designed to help companies address legal requirements associated with header bidding, we cannot and do not warrant that your use of Prebid.js will satisfy legal requirements. You are solely responsible for ensuring that your use of Prebid.js complies with all applicable laws.  We strongly encourage you to obtain legal advice when using Prebid.js to ensure your implementation complies with all laws where you operate.
 
@@ -374,7 +374,7 @@ The results will be in
 
 *Note*: Starting in June 2016, all pull requests to Prebid.js need to include tests with greater than 80% code coverage before they can be merged.  For more information, see [#421](https://github.com/prebid/Prebid.js/issues/421).
 
-For instructions on writing tests for Prebid.js, see [Testing Prebid.js](http://prebid.org/dev-docs/testing-prebid.html).
+For instructions on writing tests for Prebid.js, see [Testing Prebid.js](https://prebid.org/dev-docs/testing-prebid.html).
 
 ### Supported Browsers
 

integrationExamples/gpt/wurflRtdProvider_example.html

@@ -0,0 +1,106 @@
+<html>
+
+<head>
+    <meta http-equiv="delegate-ch" content="sec-ch-ua https://prebid.wurflcloud.com; sec-ch-ua-bitness https://prebid.wurflcloud.com; sec-ch-ua-arch https://prebid.wurflcloud.com; sec-ch-ua-model https://prebid.wurflcloud.com; sec-ch-ua-platform https://prebid.wurflcloud.com; sec-ch-ua-platform-version https://prebid.wurflcloud.com; sec-ch-ua-full-version https://prebid.wurflcloud.com; sec-ch-ua-full-version-list https://prebid.wurflcloud.com; sec-ch-ua-mobile https://prebid.wurflcloud.com">
+    <script async src="../../build/dev/prebid.js"></script>
+    <script async src="https://www.googletagservices.com/tag/js/gpt.js"></script>
+    <script>
+        var FAILSAFE_TIMEOUT = 3300;
+        var PREBID_TIMEOUT = 2000;
+
+        var adUnits = [
+        {
+            code: 'div-gpt-ad-1460505748561-0',
+            mediaTypes: {
+                banner: {
+                    sizes: [[300, 250]],
+                }
+            },
+            sizes: [
+                [300, 250],
+                [728, 90]
+            ],  
+            bids: [
+                {
+                    bidder: 'appnexus',
+                    params: {
+                      placementId: 13144370
+                    }
+                },
+            ]
+
+        }];
+
+        var pbjs = pbjs || {};
+        pbjs.que = pbjs.que || [];
+    </script>
+
+    <script>
+        var googletag = googletag || {};
+        googletag.cmd = googletag.cmd || [];
+        googletag.cmd.push(function () {
+            googletag.pubads().disableInitialLoad();
+        });
+
+        pbjs.que.push(function () {
+            // configure the WURFL RTD module
+            pbjs.setConfig({
+                debug: true, // enabled for testing purposes
+                realTimeData: {
+                    auctionDelay: 2000, 
+                    dataProviders: [
+                        // WURFL RTD module configuration
+                        {
+                            name: 'wurfl',
+                            waitForIt: true
+                        },
+                    ]
+                }
+            });
+
+            pbjs.addAdUnits(adUnits);
+
+            pbjs.requestBids({
+                bidsBackHandler: sendAdserverRequest,
+                timeout: PREBID_TIMEOUT
+            });
+        });
+
+        function sendAdserverRequest() {
+            if (pbjs.adserverRequestSent) return;
+            pbjs.adserverRequestSent = true;
+            googletag.cmd.push(function () {
+                pbjs.que.push(function () {
+                    pbjs.setTargetingForGPTAsync();
+                    googletag.pubads().refresh();
+                });
+            });
+        }
+
+        setTimeout(function () {
+            sendAdserverRequest();
+        }, FAILSAFE_TIMEOUT);
+
+    </script>
+
+    <script>
+        googletag.cmd.push(function () {
+            googletag.defineSlot('/19968336/header-bid-tag-0', [[300, 250], [300, 600]], 'div-gpt-ad-1460505748561-0').addService(googletag.pubads());
+
+            googletag.pubads().enableSingleRequest();
+            googletag.enableServices();
+        });
+    </script>
+</head>
+
+<body>
+    <h2>Prebid.js Test</h2>
+    <h5>Div-1</h5>
+    <div id='div-gpt-ad-1460505748561-0'>
+        <script type='text/javascript'>
+            googletag.cmd.push(function () { googletag.display('div-gpt-ad-1460505748561-0'); });
+        </script>
+    </div>
+</body>
+
+</html>

libraries/connectionInfo/connectionUtils.js

@@ -0,0 +1,33 @@
+/**
+ * Returns the type of connection.
+ *
+ * @returns {number} - Type of connection.
+ */
+export function getConnectionType() {
+  const connection = navigator.connection || navigator.webkitConnection;
+  if (!connection) {
+    return 0;
+  }
+  switch (connection.type) {
+    case 'ethernet':
+      return 1;
+    case 'wifi':
+      return 2;
+    case 'wimax':
+      return 6;
+    default:
+      switch (connection.effectiveType) {
+        case 'slow-2g':
+        case '2g':
+          return 4;
+        case '3g':
+          return 5;
+        case '4g':
+          return 6;
+        case '5g':
+          return 7;
+        default:
+          return connection.type == 'cellular' ? 3 : 0;
+      }
+  }
+}

libraries/mgidUtils/mgidUtils.js

@@ -0,0 +1,73 @@
+import {
+  isPlainObject,
+  isArray,
+  isStr,
+  isNumber,
+} from '../../src/utils.js';
+import { config } from '../../src/config.js';
+import { USERSYNC_DEFAULT_CONFIG } from '../../src/userSync.js';
+
+const PIXEL_SYNC_URL = 'https://cm.mgid.com/i.gif';
+const IFRAME_SYNC_URL = 'https://cm.mgid.com/i.html';
+
+export function getUserSyncs(syncOptions, serverResponses, gdprConsent, uspConsent, gppConsent) {
+  const spb = isPlainObject(config.getConfig('userSync')) &&
+        isNumber(config.getConfig('userSync').syncsPerBidder)
+    ? config.getConfig('userSync').syncsPerBidder : USERSYNC_DEFAULT_CONFIG.syncsPerBidder;
+
+  if (spb > 0 && isPlainObject(syncOptions) && (syncOptions.iframeEnabled || syncOptions.pixelEnabled)) {
+    let pixels = [];
+    if (serverResponses &&
+            isArray(serverResponses) &&
+            serverResponses.length > 0 &&
+            isPlainObject(serverResponses[0].body) &&
+            isPlainObject(serverResponses[0].body.ext) &&
+            isArray(serverResponses[0].body.ext.cm) &&
+            serverResponses[0].body.ext.cm.length > 0) {
+      pixels = serverResponses[0].body.ext.cm;
+    }
+
+    const syncs = [];
+    const query = [];
+    query.push('cbuster={cbuster}');
+    query.push('gdpr_consent=' + encodeURIComponent(isPlainObject(gdprConsent) && isStr(gdprConsent?.consentString) ? gdprConsent.consentString : ''));
+    if (isPlainObject(gdprConsent) && typeof gdprConsent?.gdprApplies === 'boolean' && gdprConsent.gdprApplies) {
+      query.push('gdpr=1');
+    } else {
+      query.push('gdpr=0');
+    }
+    if (isPlainObject(uspConsent) && uspConsent?.consentString) {
+      query.push(`us_privacy=${encodeURIComponent(uspConsent?.consentString)}`);
+    }
+    if (isPlainObject(gppConsent) && gppConsent?.gppString) {
+      query.push(`gppString=${encodeURIComponent(gppConsent?.gppString)}`);
+    }
+    if (config.getConfig('coppa')) {
+      query.push('coppa=1')
+    }
+    const q = query.join('&')
+    if (syncOptions.iframeEnabled) {
+      syncs.push({
+        type: 'iframe',
+        url: IFRAME_SYNC_URL + '?' + q.replace('{cbuster}', Math.round(new Date().getTime()))
+      });
+    } else if (syncOptions.pixelEnabled) {
+      if (pixels.length === 0) {
+        for (let i = 0; i < spb; i++) {
+          syncs.push({
+            type: 'image',
+            url: PIXEL_SYNC_URL + '?' + q.replace('{cbuster}', Math.round(new Date().getTime())) // randomly selects partner if sync required
+          });
+        }
+      } else {
+        for (let i = 0; i < spb && i < pixels.length; i++) {
+          syncs.push({
+            type: 'image',
+            url: pixels[i] + (pixels[i].indexOf('?') > 0 ? '&' : '?') + q.replace('{cbuster}', Math.round(new Date().getTime()))
+          });
+        }
+      }
+    }
+    return syncs;
+  }
+}

src/fpd/navigator.js → libraries/navigatorData/navigatorData.js

@@ -26,4 +26,4 @@ export function getDM(win = window) {
     dm = undefined;
   }
   return dm;
-};
+}

libraries/ortbConverter/processors/video.js

@@ -1,37 +1,15 @@
 import {deepAccess, isEmpty, logWarn, mergeDeep, sizesToSizeTuples, sizeTupleToRtbSize} from '../../../src/utils.js';
 import {VIDEO} from '../../../src/mediaTypes.js';
 
-// parameters that share the same name & semantics between pbjs adUnits and imp.video
-const ORTB_VIDEO_PARAMS = new Set([
-  'pos',
-  'placement',
-  'plcmt',
-  'api',
-  'mimes',
-  'protocols',
-  'playbackmethod',
-  'minduration',
-  'maxduration',
-  'w',
-  'h',
-  'startdelay',
-  'placement',
-  'linearity',
-  'skip',
-  'skipmin',
-  'skipafter',
-  'minbitrate',
-  'maxbitrate',
-  'delivery',
-  'playbackend'
-]);
+import {ORTB_VIDEO_PARAMS} from '../../../src/video.js';
 
 export function fillVideoImp(imp, bidRequest, context) {
   if (context.mediaType && context.mediaType !== VIDEO) return;
 
   const videoParams = deepAccess(bidRequest, 'mediaTypes.video');
   if (!isEmpty(videoParams)) {
     const video = Object.fromEntries(
+      // Parameters that share the same name & semantics between pbjs adUnits and imp.video
       Object.entries(videoParams)
         .filter(([name]) => ORTB_VIDEO_PARAMS.has(name))
     );