From Fedora Project Wiki

jQuery

Summary

jQuery is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility, jQuery has changed the way that millions of people write JavaScript.

Traditionally, a copy of jQuery has been included with every web application that requires it. This change will migrate many of those applications to a shared system copy of jQuery. Both the 1.x branch of jQuery that supports Internet Explorer 6 and the 2.x branch of jQuery that only works with modern web browsers will be provided.

Owner

Current status

Detailed Description

Traditionally, a copy of jQuery has been included with every web application that requires it. This change will migrate many of those applications to a shared system copy of jQuery.

The following packages will be provided:

  • js-jquery - The latest version of the jQuery 2.x branch, suitable for web applications that are only compatible with modern web browsers that fully support modern web standards.
  • js-jquery1 - The latest version of the jQuery 1.x branch, suitable for web applications that endeavor to be compatible with older web browsers such as Internet Explorer 6.
  • js-jquery-migrate - The jQuery migrate plugin, which is a compatibility shim that enables web applications that depend on older versions of jQuery to work with the latest version, so that they can be ported away from old, unsupported jQuery versions that may potentially have security issues.

Benefit to Fedora

Fedora's "first" foundation will finally be extended to a core library of the web. Numerous potential security vulnerabilities, including known cross-site scripting attacks, will be prevented by requiring all web applications to use upstream-maintained versions of jQuery.

Scope

New Packages

In addition to the new packages described above, several support packages must be introduced to enable proper building and minification of jQuery packages in Fedora. For more information, see the dependencies section.

Migrating Web Applications

Web applications that depend on modern versions of jQuery will simply be ported to use the systemwide version instead,

Web applications that use older versions of jQuery (> 1.6.4 but <1.9) will be ported to use jquery-migrate and the systemwide version of jQuery. Packagers will be encouraged to work with upstream to migrate to the latest version of jQuery without jquery-migrate, since using this plugin re-enables misfeatures rightly removed from jQuery core that are XSS holes waiting to happen.

Maintainers of web applications that use extremely old versions of jQuery (< 1.6.4) will be strongly encouraged to work with upstream to migrate to the latest versions of jQuery and update their packages. However, current Fedora policy regarding bundled libraries permits these packages to be grandfathered in, so I am unable to force any action here.

Preliminary repoqueries have been performed to identify potentially affected packages, see the dependencies section for more details.

Migrating documentation frameworks

Certain documentation frameworks, such as python-sphinx, ship copies of jQuery as well. These frameworks will be modified to use a symlink or other means so that they too can use the new systemwide versions.

Policies and guidelines

None other than those needed for JavaScript packaging in general.

Release Engineering

No special attention required.

Upgrade/compatibility impact

Modifications to packages in accordance with this Change should be performed such that they are transparent to consumers of these packages.

How To Test

Try a converted web application and make sure it still works.  :-)

User Experience

End users should notice no difference. System administrators may be pleased to see that they no longer have dozens of copies of the same file on their systems.

Dependencies

This section will be used to track affected packages and individuals working on them.

If you'd like to take on a task, let us know you're working on it by adding {{status|inprogress|your_FAS_username}} to the status column. If you've got something done, but either need a patch reviewed by the maintainer or a review request for a new package to completed, add {{status|needreview|your_FAS_username}} and link to the relevant bug.

Once it's all done, change it to {{status|done|your_FAS_username}} and give yourself a pat on the back! You'll also be awarded a shiny Web Warrior badge for your effort.

js-jquery* BuildRequires

Package Status
nodejs-archiver
Inprogress inprogress patches
→ nodejs-lazystream
Inprogress inprogress patches
→ nodejs-readablestream
Inprogress inprogress patches
→   → nodejs-string_decoder
Inprogress inprogress patches
→ nodejs-zip-stream
Inprogress inprogress patches
→   → nodejs-lodash-dot-defaults
Inprogress inprogress patches
→ nodejs-file-utils
Inprogress inprogress patches
→   → nodejs-isbinaryfile
Inprogress inprogress patches
nodejs-gzip-js
nodejs-testswarm
nodejs-load-grunt-tasks
nodejs-requirejs
Pass done jamielinux
nodejs-shelljs
Inprogress inprogress jamielinux
nodejs-grunt
Pass done jamielinux
nodejs-grunt-cli
Pass done jamielinux
nodejs-grunt-contrib-uglify
Needs Review needreview jamielinux
[1]
→ nodejs-grunt-contrib-clean
Pass done jamielinux
→ nodejs-grunt-contrib-internal
Pass done jamielinux
→ nodejs-chalk
Pass done jamielinux
    → nodejs-ansi-styles
Pass done jamielinux
    → nodejs-has-color
Pass done jamielinux
    → nodejs-strip-ansi
Pass done jamielinux
→ nodejs-maxmin
Inprogress inprogress jamielinux
    → nodejs-pretty-bytes
Pass done jamielinux
    → nodejs-gzip-size
Pass done jamielinux
        → nodejs-concat-stream
Pass done jamielinux
        → nodejs-zlib-browserify
Pass done jamielinux
            → js-zlib
Pass done jamielinux
nodejs-grunt-contrib-watch
Needs Review needreview jamielinux
[2]
→ nodejs-tiny-lr-fork
Needs Review needreview jamielinux
[3]
    → nodejs-noptify
Needs Review needreview jamielinux
[4]
    → nodejs-faye-websocket
Needs Review needreview jamielinux
[5]
        → nodejs-websocket-driver
Needs Review needreview jamielinux
[6]
nodejs-grunt-bowercopy really needed?
nodejs-grunt-compare-size
Inprogress inprogress jamielinux
nodejs-grunt-git-authors
Inprogress inprogress jamielinux
nodejs-grunt-jscs-checker really needed?
nodejs-grunt-jsonlint really needed?

Web Application packages that need to be migrated

This section will be updated once jQuery packages are available with a complete list and status table as above. Some low-hanging fruit is listed here.

Documentation frameworks that need attention

This section will be updated once jQuery packages are available with a complete list and status table as above. Some low-hanging fruit is listed here.

Contingency Plan

None needed. Packages that aren't converted will continue to just bundle jQuery as they always have.

  • Blocks release? No

Documentation

Release Notes

jQuery is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility, jQuery has changed the way that millions of people write JavaScript.

Traditionally, a copy of jQuery has been included with every web application that requires it. Starting with Fedora 21, many of those applications have migrated to a shared system copy of jQuery.

If you're developing an application that uses jQuery on Fedora and don't want to download your own copy or rely on a third-party CDN, you can now install one of our jquery packages and use it instead. You can find the 1.x branch of jQuery that supports Internet Explorer 6 in the js-jquery1 package, and the 2.x branch of jQuery that only works with modern web browsers in the js-jquery package. For more information on using these packages in your applications, see [7].