Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(release): version 4.2.0 #2886

Merged
merged 110 commits into from
Apr 26, 2021
Merged

chore(release): version 4.2.0 #2886

merged 110 commits into from
Apr 26, 2021

Conversation

WilcoFiers
Copy link
Contributor

Features

  • add axe.frameMessenger with configurable allowedOrigins (#2880) (b27bab3)
  • aria-allowed-attr: add ARIA 1.2 prohibited attrs check (#2764) (4a77e88)
  • empty-table-header: new rule to flag empty table headers (#2811) (813ee7e)
  • frame-focusable-content: new rule to test iframes with tabindex=-1 do not have focusable content (#2785) (aeb044c)
  • locale: missing translations for DE (#2704) (f312994)
  • locale: Polish translation (#2677) (c46979f)
  • nested-interactive: new rule to flag nested interactive elements (#2691) (13a7cf1)
  • role-text: add role-text rule (#2702) (7c05162)
  • setup/teardown: add functions to setup and teardown axe-core internal data, deprecate axe._tree (#2738) (9d19f24)
  • standards: add graphics roles (#2761) (22032cc)
  • standards/aria-roles: add presentational children property (#2689) (78c239c)
  • utils.getRule: add function to get rule by id (#2724) (9d0af53)
  • utils/matches: support selectors level 4 :not and :is (#2742) (21d9b0e)
  • virtual-node: add attrNames property which returns list of attribute names (#2741) (1d864b4)

Bug Fixes

  • aria-allowed-attr: error when generic elements use aria-label and aria-labelledy (#2766) (64379e1)
  • aria-required-children: allow group and rowgroup roles (#2661) (5a264e4)
  • aria-required-children: only match for roles that require children (#2703) (95de169)
  • aria-valid-attr-value: pass for aria-errormessage when aria-invalid is not set or false (#2721) (93a765c)
  • aria-valid-attr-value: report when aria-labelledby ref is not in DOM (#2723) (116eb06)
  • aria-valid-attr-value: return false when int type attribute uses invalid values (#2710) (ce9917e)
  • bypass: mark as needs review rather than failure (#2818) (bb41b3e)
  • focus-order-semantics: allow role=tooltip to pass (#2871) (dc526d8)
  • heading-order: handle iframe as first result (#2876) (33428d8)
  • respondable: Avoid message duplication with messageId (#2816) (4bd0acf)
  • respondable: work on iframes in shadow DOM (#2857) (38cad94)
  • avoid 'undefined' showing in check messages (#2779) (3beb0b1)
  • properly translate checks when building axe.js using --lang (#2848) (76545b0)
  • aria-required-parent: only match for roles that require parents (#2707) (ce8281e)
  • color-contrast: account for text client rects that start outside the parent container (#2682) (a4e4a34)
  • color-contrast-matches: do not pass empty string to getElementById (#2739) (0b0fec2)
  • frame-title: update rule description to be more descriptive (#2735) (159e25b)
  • heading-order: allow partial context to pass (#2622) (f8baee6)
  • landmark-complementary-is-top-level: allow aside inside main (#2740) (9388c96)
  • metadata: consistenct use of 'must' and 'should' (#2770) (603b612)
  • region: allow role=alertdialog as region (#2660) (b928df7)
  • select-name: fix typo in accessible name help (#2676) (6b916b9)
  • to-grid/get-headers: work with rowspan=0 (#2722) (508190b)
  • types: Add noHtml option (#2810) (c03c826)
  • utils: fix warning thrown by Webpack (#2843) (0826177), closes #2840
  • utils: remove attributes from source string (#2803) (8e8c4fa)
  • add noHtml to axe.configure (#2789) (5c8dec8)
  • do not allow postMessage with axe version of x.y.z (#2790) (5acda82)

WilcoFiers and others added 30 commits November 23, 2020 11:42
chore: merge master into develop
* tests: switch to karma

* add ie launcher

* increase timeout for ie11

* change basePath for ie11

* reset and use grunt file code

* packages

* finalize

* update package-lock

* lint

* put husky back

* forgot to install

* changes
* fix(heading-order): allow partial context to pass

* fix for nested headings

* fix

* fix findindex

* ie11

* tests...

* validate level
* chore: run prettier

* fix test
* chore: move to single eslintrc file

* mocha
* fix(aria-required-children): allow group and rowgroup roles

* fix
* tests: start server when integration test

* fix?

* try this

* one more time

* windows doesnt do start without run command

* hurray windows...

* one last attempt
* chore: replace phrasing elements in subtree-text

* revert playground
* tests: fix?

* asdf

* works?

* nope

* headless?

* remove options

* remove is-ci
* chore: add PR review app yml file

* Update PULL_REQUEST_TEMPLATE.md

* Apply suggestions from code review

Co-authored-by: Steven Lambert <2433219+straker@users.noreply.github.com>

Co-authored-by: Steven Lambert <2433219+straker@users.noreply.github.com>
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7. **This update includes a security fix.**
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](npm/ini@v1.3.5...v1.3.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* feat(lang): Polish translation

Polish translation added

* feat(lang): Polish translation

missing bracket added

* feat(lang): Polish translation

fix the lang line

* feat(locale): Polish translation

minor language corrections

* feat(locale): Polish translation

minor corrections
* chore: split test:unit into different parts

* circle
* docs: update contributing guide

* fixes
#2691)

* feat(nested-interactive): new rule to flag nested interactive elements

* Update lib/rules/nested-interactive.json

Co-authored-by: Wilco Fiers <WilcoFiers@users.noreply.github.com>

* Update lib/rules/nested-interactive.json

Co-authored-by: Wilco Fiers <WilcoFiers@users.noreply.github.com>

* fixes

* remove only

* remove log

Co-authored-by: Wilco Fiers <WilcoFiers@users.noreply.github.com>
… the parent container (#2682)

* fix(color-contrast): account for text client rects that start otuside the parent container

* fix?

* Update lib/commons/dom/get-text-element-stack.js

Co-authored-by: Wilco Fiers <WilcoFiers@users.noreply.github.com>

Co-authored-by: Wilco Fiers <WilcoFiers@users.noreply.github.com>
…en (#2703)

* fix(aria-required-children): only match for roles that require children

* fix

* fix tests
* docs: added information on building for locale with npm

* Update README.md

Co-authored-by: Steven Lambert <2433219+straker@users.noreply.github.com>

Co-authored-by: Steven Lambert <2433219+straker@users.noreply.github.com>
…2707)

* fix(aria-required-parent): only match for roles that require parents

* fix
dylanb and others added 17 commits March 22, 2021 10:54
I'd totally be OK with an action to update the doc for us
chore:update to add product field for easier triage
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.8. **This update includes security fixes.**
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](npm/ini@v1.3.5...v1.3.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.3. **This update includes a security fix.**
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/y18n-v4.0.3/CHANGELOG.md)
- [Commits](yargs/y18n@v4.0.0...y18n-v4.0.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
* feat(axe.frameMessenger): api to allow custom iframe communication

* reset doc

* fixes

* fix

* tests

* chore(wip): refactor messageHandler

* add allowed origins

* rename directory

* fix ie11 window.origin

* fix build

* fix origin

* Update test/core/base/audit.js

Co-authored-by: Wilco Fiers <WilcoFiers@users.noreply.github.com>

* resolve comments

* WIP: chanages

* chore: fix up couple more minor points

* docs(api): add frameMessenger & allowedOrigins

* chore(types): add frameMessenger & allowedOrigins

* fix(allowedOrigins): consistently use http

* chore: resolve comments

* docs(API): document use with file://

* chore: minor improvements

* docs(API): recommendation not to test on file://

Co-authored-by: Steven Lambert <steven.lambert@deque.com>
Co-authored-by: Steven Lambert <2433219+straker@users.noreply.github.com>
@WilcoFiers WilcoFiers requested a review from a team as a code owner April 23, 2021 13:46
@stephenmathieson
Copy link
Member

CI failure:

1) latest axe version (4.2) rule help docs should be active:

      Uncaught AssertionError [ERR_ASSERTION]: The expression evaluated to a falsy value:

  assert(res.statusCode >= 200 && res.statusCode <= 299)

      + expected - actual

      -false
      +true
      
      at ClientRequest.<anonymous> (test/test-rule-help-version.js:15:7)
      at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:565:21)
      at HTTPParser.parserOnHeadersComplete (_http_common.js:111:17)
      at TLSSocket.socketOnData (_http_client.js:451:20)
      at addChunk (_stream_readable.js:288:12)
      at readableAddChunk (_stream_readable.js:269:11)
      at TLSSocket.Readable.push (_stream_readable.js:224:10)
      at TLSWrap.onStreamRead [as onread] (internal/stream_base_commons.js:94:17)

Looks like the tests get mad when we bump the version number? 🤔

@dylanb
Copy link
Contributor

dylanb commented Apr 26, 2021

#2843 is not reviewed for security
#2761 is not reviewed for security

@WilcoFiers how did we miss so many security reviews?

@straker
Copy link
Contributor

straker commented Apr 26, 2021

@dylanb #2843 and #2761 were both reviewed for security. 2843 had the security app checked and 2761 wasn't working so Wilco left a comment.

@stephenmathieson
Copy link
Member

stephenmathieson commented Apr 26, 2021

FWIW I believe there's a bug (also a GitHub "feature") in the security review app which prevents it from working unless contributors allow edits from maintainers on their PRs. The app doesn't have write access to commits authored by non-Deque'ers, so it cannot change their statuses.

When this happens, it'd be nice if the robot would let us know (by placing a comment on the PR or something) rather than forcing me to dig thru logs 🤷 Unfortunately I doubt I'll have any time to work on this in the near future, so it may be up to @dequelabs/axe-api-team.

Adding a try/catch here which created a comment in the catch is probably all we need.

@dylanb
Copy link
Contributor

dylanb commented Apr 26, 2021

@dylanb #2843 and #2761 were both reviewed for security. 2843 had the security app checked and 2761 wasn't working so Wilco left a comment.

#2843 does not have the security review checked

Screen Shot 2021-04-26 at 11 18 01 AM

@dylanb
Copy link
Contributor

dylanb commented Apr 26, 2021

FWIW I believe there's a bug (also a GitHub "feature") in the security review app which prevents it from working unless contributors allow edits from maintainers on their PRs. The app doesn't have write access to commits authored by non-Deque'ers, so it cannot change their statuses.

When this happens, it'd be nice if the robot would let us know (by placing a comment on the PR or something) rather than forcing me to dig thru logs 🤷 Unfortunately I doubt I'll have any time to work on this in the near future, so it may be up to @dequelabs/axe-api-team.

Can someone take this on? @WilcoFiers we need to make this a priority

@straker
Copy link
Contributor

straker commented Apr 26, 2021

That's odd. The one and only commit was approved for security

image

@WilcoFiers WilcoFiers merged commit 199eed2 into master Apr 26, 2021
@WilcoFiers WilcoFiers deleted the release-4.2 branch April 26, 2021 15:50
@dylanb
Copy link
Contributor

dylanb commented Apr 26, 2021

reviewed, status not good as noted above

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.