From 6b89c14247e59683f2bec191e88079aaec893451 Mon Sep 17 00:00:00 2001 From: Delan Azabani Date: Thu, 2 Oct 2025 11:52:14 +0800 Subject: [PATCH 01/38] blog: This month in Servo (September 2025) --- _posts/2025-10-18-this-month-in-servo.md | 49 + commits.txt | 4523 ++++++++++++++++++++++ 2 files changed, 4572 insertions(+) create mode 100644 _posts/2025-10-18-this-month-in-servo.md create mode 100644 commits.txt diff --git a/_posts/2025-10-18-this-month-in-servo.md b/_posts/2025-10-18-this-month-in-servo.md new file mode 100644 index 000000000..634357a6f --- /dev/null +++ b/_posts/2025-10-18-this-month-in-servo.md @@ -0,0 +1,49 @@ +--- +layout: post +tags: blog +title: "This month in Servo: and more!" +date: 2025-10-18 +summary: ao!! wrrrrao!! +categories: +--- + +## Donations + +Thanks again for your generous support! +We are now receiving **???? USD/month** (+??.?% over August) in recurring donations. + +Historically this has helped cover the cost of our [speedy](https://ci0.servo.org) [CI](https://ci1.servo.org) [servers](https://ci2.servo.org) and [Outreachy interns](https://www.outreachy.org/alums/2025-06/#:~:text=Servo). +Thanks to your support, we’re now setting up **[two](https://ci3.servo.org) [new](https://ci4.servo.org) CI servers for benchmarking**, and **[funding the work of our long-time maintainer]({{ '/blog/2025/09/17/your-donations-at-work-funding-jdm/' | url }}) Josh Matthews** (@jdm), with a particular focus on helping more people contribute to Servo. + +Keep an eye out for [further CI improvements](https://github.com/servo/servo/issues/38141) in the coming months, including [**ten-minute WPT builds**](https://github.com/servo/ci-runners/issues/21), **macOS arm64 builds**, and **faster pull request checks**. + +Servo is also on [thanks.dev](https://thanks.dev), and already **?? GitHub users** (±? from August) that depend on Servo are sponsoring us there. +If you use Servo libraries like [url](https://crates.io/crates/url/reverse_dependencies), [html5ever](https://crates.io/crates/html5ever/reverse_dependencies), [selectors](https://crates.io/crates/selectors/reverse_dependencies), or [cssparser](https://crates.io/crates/cssparser/reverse_dependencies), signing up for [thanks.dev](https://thanks.dev) could be a good way for you (or your employer) to give back to the community. + +
+
+
5552 USD/month
+
+
+
10000
+
+ +
+ +As always, use of these funds will be decided transparently in the Technical Steering Committee. +For more details, head to our [Sponsorship page]({{ '/sponsorship/' | url }}). + + diff --git a/commits.txt b/commits.txt new file mode 100644 index 000000000..267eb3b54 --- /dev/null +++ b/commits.txt @@ -0,0 +1,4523 @@ +>>> 2025-09-01T06:03:13Z +https://github.com/servo/servo/pull/39055 (@Loirooriol, #39055) layout: Avoid setting baseline for phantom line boxes (#39055) + # Phantom line boxes should be treated as non-existing for most purposes, so don't let them affect the baseline of + # their block container. + # Testing: An existing test passes, and also adding a new one which doesn't rely on `` +https://github.com/servo/servo/pull/39064 (@dependabot[bot], @dependabot[bot], #39064) build(deps): bump getopts from 0.2.23 to 0.2.24 (#39064) + # Bumps [getopts](https://github.com/rust-lang/getopts) from 0.2.23 to 0.2.24. + # Release notes + # Sourced from getopts's releases. + # v0.2.24 + # Other + # Make unicode-width an optional default dependency (#133) + # Changelog + # Sourced from getopts's changelog. + # 0.2.24 - 2025-08-29 + # Other + # Make unicode-width an optional default dependency (#133) + # Commits + # 4084692 chore: release v0.2.24 (#134) + # 03ce599 Make unicode-width an optional default dependency (#133) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=getopts&package-manager=cargo& + # previous-version=0.2.23&new-version=0.2.24)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-d + # ependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39063 (@dependabot[bot], @dependabot[bot], #39063) build(deps): bump time from 0.3.41 to 0.3.42 (#39063) + # Bumps [time](https://github.com/time-rs/time) from 0.3.41 to 0.3.42. + # Release notes + # Sourced from time's releases. + # v0.3.42 + # See the changelog for details. + # Changelog + # Sourced from time's changelog. + # 0.3.42 [2025-08-31] + # Added + # Time::duration_until + # Time::duration_since + # per_t method for all types in time::convert. This is similar to the existing per method, but + # can return any of the primitive numeric types that can represent the result. This will cut down on + # as casts while ensuring correctness. Type inference isn't perfect, so you may need to provide a + # type annotation in some situations. + # impl PartialOrd for Month and impl Ord for Month; this assumes the months are in the same year + # SystemTimeExt trait, adding methods for checked arithmetic with time::Duration and obtaining + # the difference between two SystemTimes as a time::Duration + # Permit using UtcDateTime with rand (this was inadvertently omitted previously) + # impl core::error::Error for all error types (now available when the std feature is disabled) + # MacOS can now obtain the local UTC offset in multi-threaded programs as the system APIs are + # thread-safe. + # #[track_caller] has been added to all relevant methods. + # Changed + # The minimum supported Rust version is now 1.81.0. + # The dependency on itoa has been removed, as the standard library now has similar functionality + # by default. + # Formatting a component that involves a floating point number is now guaranteed to be + # deterministic, avoiding any subtle differences between platforms or compiler versions. + # Fixed + # Serializing timestamps with nanosecond precision should always emit the correct value. + # Previously, it could be off by one nanosecond due to floating point imprecision. + # A previously unknown bug in OffsetDateTime::to_offset and UtcDateTime::to_offset has been + # fixed. The bug could result in a value that was invalid. It was unlikely to ever occur in + # real-world code, as it involved passing a UTC offset that has never been used in any location. + # Miscellaneous + # The amount of code generated by macros has been massively reduced, on the order of 65-70% for + # typical use cases of format_description!. + # Significant performance gains for comparisons of Time, PrimitiveDateTime, UtcDateTime, and + # OffsetDateTime. The first three have gains of approximately 85% (i.e. 6× faster). + # Nearly all methods are #[inline]. + # Commits + # ed2852e v0.3.42 release + # 1067543 Fix copied comment + # f45bff5 Use const block for readability + # b38c118 Add #[inline] to most methods + # f410951 Add #[track_caller] to numerous methods + # d30f3d0 Optimize Time::sub + # e807ad3 Add tests, benchmarks + # 3fcb83d Optimize OffsetDateTime comparisons + # 95db5c3 Optimize UTC offset conversions + # 998b26f Optimize Time::duration_until + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=time&package-manager=cargo&pre + # vious-version=0.3.41&new-version=0.3.42)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depe + # ndabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39062 (@dependabot[bot], @dependabot[bot], #39062) build(deps): bump compression-codecs from 0.4.29 to 0.4.30 (#39062) + # Bumps [compression-codecs](https://github.com/Nullus157/async-compression) from 0.4.29 to 0.4.30. + # Release notes + # Sourced from compression-codecs's releases. + # compression-codecs-v0.4.30 + # Other + # rm unused dep from async-compression and compression-codecs (#381) + # Commits + # 74f5eb1 chore: release (#382) + # 5072f4a rm unused dep from async-compression and compression-codecs (#381) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=compression-codecs&package-man + # ager=cargo&previous-version=0.4.29&new-version=0.4.30)](https://docs.github.com/en/github/managing-security-vulnerabilit + # ies/about-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39061 (@dependabot[bot], @dependabot[bot], #39061) build(deps): bump async-compression from 0.4.29 to 0.4.30 (#39061) + # Bumps [async-compression](https://github.com/Nullus157/async-compression) from 0.4.29 to 0.4.30. + # Commits + # 74f5eb1 chore: release (#382) + # 5072f4a rm unused dep from async-compression and compression-codecs (#381) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=async-compression&package-mana + # ger=cargo&previous-version=0.4.29&new-version=0.4.30)](https://docs.github.com/en/github/managing-security-vulnerabiliti + # es/about-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +>>> 2025-09-02T06:03:16Z +https://github.com/servo/servo/pull/39041 (@Loirooriol, #39041) layout: Ensure IFC for abspos with inline-level original display (#39041) + # Absolutely positioned elements get blockified, but their static position still depends on the original + # display. Therefore, if we encounter an abspos with an inline-level original display, we will now ensure that it's + # handled in an inline formatting context. This way its static position will correctly take into account things like + # `text-align`. + # Testing: Several WPT tests are now passing. + # Fixes: #39017 +https://github.com/servo/servo/pull/39078 (@arihant2math@gmail.com, #39078) indexeddb: Return error instead of panicking on structured clone failure (#39078) + # Related to failures in #38847 + # Testing: WPT +https://github.com/servo/servo/pull/39076 (@jschwe, #39076) script: Migrate swmanager to GenericChannel (#39076) + # Migrate `ServiceWorkerMsg` and `SWManagerMsg` to GenericChannel + # Testing: Covered by service worker wpt tests + # Part of #38912 +https://github.com/servo/servo/pull/39073 (@jschwe, #39073) base: Migrate PipelineNameSpaceInstaller to GenericChannel (#39073) + # Testing: Covered by existing tests + # Part of #38912 +https://github.com/servo/servo/pull/39074 (@jschwe, #39074) script: Migrate JobResult to GenericCallback (#39074) + # Use the new GenericCallback abstraction for serviceworker job results. + # Testing: Covered by service worker wpt tests +https://github.com/servo/servo/pull/39027 (@mrobinson, #39027) layout: Lay out collapsed table rows and columns, but don't paint them (#39027) + # It's expected that script queries be able to interact with collapsed + # table rows and columns, so this change starts laying them out. They + # still do not affect table dimensions, nor are they painted. + # This does not fix all interaction with collapsed rows and columns. For + # instance, setting scroll offsets of contained scrolling nodes does not + # work properly. It does fix the panic though, which is the most important + # thing. + # Testing: this change includes a new WPT crash test. + # Fixes: #37421. +https://github.com/servo/servo/pull/39040 (@euclid.ye@huawei.com, #39040) webdriver: Wait for navigation to complete when creating session with all `WebView`s closed (#39040) + # In #37410 for webdriver mode, we introduced mechanism to keep program alive when all webview are closed to comply + # with spec. But the test fails with 90% probability, as the `browsing_context` is only registered in constellation's + # `browsing_contexts` map when documents are ready. This PR waits for navigation to complete without verifying + # browsing context existence (as it's guaranteed from context) in this special case by refactoring existing code. + # Testing: + # https://github.com/servo/servo/blob/4571cc1b3b17b3a759260bdfdb2e163576b313e7/tests/wpt/tests/webdriver/tests/classic/clo + # se_window/close.py#L87 + # is no longer flaky. Previously, it has 90% probability to fail. Now it always pass. +https://github.com/servo/servo/pull/38998 (@jerensl, #38998) script_bindings(python): Add type around js jit class in codegen.py (#38998) + # Add type around js jit class in codegen.py + # Needed this PR: #38845 +https://github.com/servo/servo/pull/39059 (@arihant2math@gmail.com, #39059) webcrypto: implement raw hmac export (#39059) + # Implement raw export of HMAC keys. JWT export of HMAC keys will come in a separate PR. + # Testing: WPT + # Fixes: Partially #39060 +>>> 2025-09-03T06:03:29Z +https://github.com/servo/servo/pull/39087 (@Kenzie.Raditya.Tirtarahardja@huawei.com, #39087) CI: Enable webdriver classic on wpt workflow (#39087) + # Since WebDriver is quite stable now, enable the `webdriver/classic` tests on wpt CI. +https://github.com/servo/servo/pull/39094 (@mrobinson, @Loirooriol, #39094) script: Make `scrollIntoView` more similar to the specification (#39094) + # Rework the flow of code in `Element:scroll_into_view_with_options` to + # more closely follow the specification. This also simplifies the code a + # bit and adds some TODOs about future improvements. + # Testing: This should not change behavior and is thus covered by existing tests. +https://github.com/servo/servo/pull/39051 (@arihant2math@gmail.com, @sagudev, #39051) Throw `SyntaxError` from `Location::SetHref` (#39051) + # It was originally throwing a TypeError, which was making WPT fail. + # Testing: Many happy WPT subtests + # Fixes: #39050 +https://github.com/servo/servo/pull/39008 (@arihant2math@gmail.com, #39008) indexeddb: Finish implementation of key_type_to_jsval (#39008) + # Uses clipped time to convert dates that are stored as `f64`s into JS values. + # Testing: WPT + # Fixes: #25327 +https://github.com/servo/servo/pull/39033 (@TimvdLippe, #39033) Move LinkProcessingOptions into separate file (#39033) + # This makes future implementations easier where we will reuse most of this code to parse Link headers. + # Part of #35035 +https://github.com/servo/servo/pull/39075 (@mrobinson, #39075) layout: Gracefully handle script queries on nodes with uninvertible transforms (#39075) + # Instead of panicking when doing a geometry script query on a node with + # an uninvertible transform, return a zero-sized rectangle at the + # untransformed position. This is similar to what Gecko and Blink do + # (though it seems there are some differences in positioning this + # zero-sized rectangle). Mostly importantly, do not panic. + # Testing: This change adds a new WPT crash test. + # Fixes: #38848. +https://github.com/servo/servo/pull/39070 (@jerensl, @mukilan, #39070) script_bindings(python): Fix all the rest of type annotation in script_bindings codegen (#39070) + # This will complete the type annotation on `codegen.py` so we can safely remove the ignore from `pyproject` + # configurataion +https://github.com/servo/servo/pull/39066 (@coding-joedow, @kongbai1996, #39066) layout: Move hit testing for scrollable areas to display list construction (#39066) + # Move the construction of hit test items for scroll nodes to the display list construction stage. This way they + # respect the `z-index` of their originating fragments and stacking context ordering in general. + # Testing: We currently do not have great testing for this as this tests the combination of hit testing of input + # events and scrolling at that point. The completion of WebDriver support should make this easier to test. + # Fixes: #38967 +https://github.com/servo/servo/pull/39086 (@euclid.ye@huawei.com, #39086) webdriver: Focus browsing context when switch frame (#39086) + # #38889 adds back the mechanism to focus the window when [switch to + # window](https://w3c.github.io/webdriver/#switch-to-window). After that, it causes many + # flaky TIMEOUT. Turns out the real reason is same as the phenomenon which I thought was + # unrelated: https://github.com/servo/servo/pull/38889#issuecomment-3217512339: we need to focus + # the browsing context as well according to spec. This is important for Servo because it relies on + # https://github.com/servo/servo/blob/f4dd2960b89bcc6bae3f9dae5be8964c64c1c2c7/components/constellation/constellation_webv + # iew.rs#L64 + # to determine which pipeline to send `InputEvent` to. + # Testing: Before, there are 9 ~ 13 flaky results. [Before + # 1](https://github.com/yezhizhen/servo/actions/runs/17379170889), [Before + # 2](https://github.com/yezhizhen/servo/actions/runs/17392219417), [Before + # 3](https://github.com/yezhizhen/servo/actions/runs/17379172612). + # Now there are 2 ~ 4 flaky results. [After 1](https://github.com/yezhizhen/servo/actions/runs/17394359570), + # [After 2](https://github.com/yezhizhen/servo/actions/runs/17394358218), [After + # 3](https://github.com/yezhizhen/servo/actions/runs/17394357400). + # Fixes: https://github.com/servo/servo/pull/38889#issuecomment-3218600566 + # Fixes: #38906, which is last blocking point to enable WebDriver CI. +https://github.com/servo/servo/pull/39071 (@sagudev, #39071) script: Move canvas stuff into dom/canvas folder (#39071) + # Move all canvas stuff to canvas folder and 2d canvas to canvas/2d folder. Webgl and webgpu context remain in + # respective folders as outlined in https://github.com/servo/servo/issues/38901#issuecomment-3243020235 + # Testing: Just refactor. + # Part of https://github.com/servo/servo/issues/38901 +https://github.com/servo/servo/pull/39039 (@jschwe, #39039) Add direct script to embedder channel (#39039) + # This PR **removes** `ScriptToConstellationMessage::ForwardToEmbedder`, and replaces it with an explicit + # `ScriptToEmbedderChannel`. This new channel is based on `GenericCallback` and in single-process mode will directly + # send the message the to the embedder and wake it. In multi-process mode, the message is routed via the ROUTER, + # since waking is only possible from the same process currently. This means in multi-process mode there are likely + # no direct perf benefits, since we still need to hop the message over the ROUTER (instead of over the constellation). + # In single-process mode we can directly send the message to the embedder, which should provide a noticable latency + # improvement in all cases where script is blocked waiting on the embedder to reply. + # This does not change the way the embedder receives messages - the receiving end is unchanged. + # ## How was sending messages to the embedder working before? + # 1. Script wraps it's message to the embedder in `ScriptToConstellationMessage::ForwardToEmbedder` and sends it + # to constellation. + # 2. The [constellation event loop] receives the message in [handle_request] + # 3. If deserialization fails, [an error is logged and the message is ignored] + # 4. Since our message came from script, it is handle in [handle_request_from_script] + # 5. The message is logged with trace log level + # 6. If the pipeline is closed, [a warning is logged and the message ignored] + # 7. The wrapped `EmbedderMsg` [is forwarded to the embedder]. Sending the message also invokes `wake()` on the + # embedder eventloop waker. + # [constellation event loop]: + # https://github.com/servo/servo/blob/2e1b2e72605e5cf944f5f2db1f8ad7546e911b3b/components/constellation/constellation.rs#L + # 755 + # [handle request]: + # https://github.com/servo/servo/blob/2e1b2e72605e5cf944f5f2db1f8ad7546e911b3b/components/constellation/constellation.rs#L + # 1182 + # [an error is logged and the message is ignored]: + # https://github.com/servo/servo/blob/2e1b2e72605e5cf944f5f2db1f8ad7546e911b3b/components/constellation/constellation.rs#L + # 1252 + # [handle_request_from_script]: https://github.com/servo/servo/blob/main/components/constellation/constellation.rs#L1590 + # [a warning is logged and the message ignored]: + # https://github.com/servo/servo/blob/2e1b2e72605e5cf944f5f2db1f8ad7546e911b3b/components/constellation/constellation.rs#L + # 1599 + # [is forwarded to the embedder]: + # https://github.com/servo/servo/blob/2e1b2e72605e5cf944f5f2db1f8ad7546e911b3b/components/constellation/constellation.rs#L + # 1701 + # Testing: Communication between Script and Embedder is extensive, so this should be covered by existing tests. +https://github.com/servo/servo/pull/39056 (@arihant2math@gmail.com, #39056) script: Add message to SyntaxError (#39056) + # Adding an optional message to be attached to a SyntaxError. Unblocks #39050. + # The enum definition of Syntax is now `Syntax(Option)`. Future PRs should probably add more appropriate messages + # to some of the `Syntax(None)`s. + # Testing: Just a refactor + # Fixes: Partially #39053 +https://github.com/servo/servo/pull/38494 (@jschwe, #38494) ci: bump uv version (#38494) + # Bumps uv in CI to 0.8.5 + # Testing: try run: https://github.com/servo/servo/actions/runs/16782161133 +>>> 2025-09-04T06:03:42Z +https://github.com/servo/servo/pull/39125 (@jdm, #39125) servoshell: Add button to toggle experimental web platform features. (#39125) + # This makes it easier to experiment with the impact of experimental features when browsing around in servoshell. The + # toggle is global and causes all webviews to reload with the new preference values. + # Testing: Manually tested; no UI testing for servoshell. + # Not enabled: + # Enabled: +https://github.com/servo/servo/pull/39116 (@dependabot[bot], @dependabot[bot], #39116) build(deps): bump uuid from 1.18.0 to 1.18.1 (#39116) + # Bumps [uuid](https://github.com/uuid-rs/uuid) from 1.18.0 to 1.18.1. + # Release notes + # Sourced from uuid's releases. + # v1.18.1 + # What's Changed + # Unsafe cleanup by @​KodrAus in uuid-rs/uuid#841 + # Prepare for 1.18.1 release by @​KodrAus in uuid-rs/uuid#842 + # Full Changelog: https://github.com/uuid-rs/uuid/compare/v1.18.0...v1.18.1 + # Commits + # 50d8e79 Merge pull request #842 from uuid-rs/cargo/v1.18.1 + # 7948592 prepare for 1.18.1 release + # 6d847c7 Merge pull request #841 from uuid-rs/chore/unsafe-cleanup + # 675cccc re-gate zerocopy behind unstable feature flag + # 4dd5828 Remove some unsafe; stabilize zerocopy + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=uuid&package-manager=cargo&pre + # vious-version=1.18.0&new-version=1.18.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depe + # ndabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39120 (@dependabot[bot], @dependabot[bot], #39120) build(deps): bump deranged from 0.5.2 to 0.5.3 (#39120) + # Bumps [deranged](https://github.com/jhpratt/deranged) from 0.5.2 to 0.5.3. + # Commits + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=deranged&package-manager=cargo + # &previous-version=0.5.2&new-version=0.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-de + # pendabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39119 (@dependabot[bot], @dependabot[bot], #39119) build(deps): bump bitflags from 2.9.3 to 2.9.4 (#39119) + # Bumps [bitflags](https://github.com/bitflags/bitflags) from 2.9.3 to 2.9.4. + # Release notes + # Sourced from bitflags's releases. + # 2.9.4 + # What's Changed + # Add Cargo features to readme by @​KodrAus in bitflags/bitflags#460 + # Prepare for 2.9.4 release by @​KodrAus in bitflags/bitflags#461 + # Full Changelog: https://github.com/bitflags/bitflags/compare/2.9.3...2.9.4 + # Changelog + # Sourced from bitflags's changelog. + # 2.9.4 + # What's Changed + # Add Cargo features to readme by @​KodrAus in bitflags/bitflags#460 + # Full Changelog: https://github.com/bitflags/bitflags/compare/2.9.3...2.9.4 + # Commits + # de0ec28 Merge pull request #461 from KodrAus/cargo/2.9.4 + # c31df3c prepare for 2.9.4 release + # 3a9cce2 Merge pull request #460 from bitflags/doc/cargo-features + # 8eb1c7c add Cargo features to readme + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=bitflags&package-manager=cargo + # &previous-version=2.9.3&new-version=2.9.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-de + # pendabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39112 (@simonwuelker, #39112) fonts: Reduce the public API surface (#39112) + # This change marks all items that are not used by other crates as `pub(crate)` instead of `pub`. + # Additionally, I've removed all code that turned out to be unused. I think most of it was used only by `layout-2013`. + # Testing: The correctness of these changes is verified by the compiler, so no tests are needed. +https://github.com/servo/servo/pull/39118 (@dependabot[bot], @dependabot[bot], #39118) build(deps): bump clap from 4.5.46 to 4.5.47 (#39118) + # Bumps [clap](https://github.com/clap-rs/clap) from 4.5.46 to 4.5.47. + # Release notes + # Sourced from clap's releases. + # v4.5.47 + # [4.5.47] - 2025-09-02 + # Features + # Added impl FromArgMatches for () + # Added impl Args for () + # Added impl Subcommand for () + # Added impl FromArgMatches for Infallible + # Added impl Subcommand for Infallible + # Fixes + # (derive) Update runtime error text to match clap + # Changelog + # Sourced from clap's changelog. + # [4.5.47] - 2025-09-02 + # Features + # Added impl FromArgMatches for () + # Added impl Args for () + # Added impl Subcommand for () + # Added impl FromArgMatches for Infallible + # Added impl Subcommand for Infallible + # Fixes + # (derive) Update runtime error text to match clap + # Commits + # f046ca6 chore: Release + # 436949d docs: Update changelog + # 1ddab84 Merge pull request #5954 from epage/tests + # 8a66dbf test(complete): Add more native cases + # 76465cf test(complete): Make things more consistent + # 232cedb test(complete): Remove redundant index + # 02244a6 Merge pull request #5949 from krobelus/option-name-completions-after-positionals + # 2e13847 fix(complete): Missing options in multi-val arg + # 74388d7 test(complete): Multi-valued, unbounded positional + # 5b3d45f refactor(complete): Extract function for options + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=clap&package-manager=cargo&pre + # vious-version=4.5.46&new-version=4.5.47)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depe + # ndabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39115 (@dependabot[bot], @dependabot[bot], #39115) build(deps): bump time from 0.3.42 to 0.3.43 (#39115) + # Bumps [time](https://github.com/time-rs/time) from 0.3.42 to 0.3.43. + # Release notes + # Sourced from time's releases. + # v0.3.43 + # See the changelog for details. + # Changelog + # Sourced from time's changelog. + # 0.3.43 [2025-09-02] + # Added + # Support for rand 0.9 + # Fixed + # In the convert module, any use of per with types that were not the same (such as + # Nanosecond::per(Second)) would not compile due to a bug. This has been fixed. + # Commits + # 45b9932 v0.3.43 release + # 8cbf0db Fix bug with convert + # 3343e85 Add support for rand 0.9 + # afb2574 Add note about MSRV + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=time&package-manager=cargo&pre + # vious-version=0.3.42&new-version=0.3.43)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depe + # ndabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/38970 (@tharkum, @volykhin.andrei@huawei.com, #38970) canvas: Use non rooted variant of HTMLCanvasElementOrOffscreenCanvas type (#38970) + # Any RenderingContext/OffscreenRenderingContext type has readonly "canvas" attribute + # and associated native-code DOM context objects have reference to target DOM canvas + # objects. https://html.spec.whatwg.org/multipage/canvas.html#renderingcontext + # https://html.spec.whatwg.org/multipage/canvas.html#offscreenrenderingcontext + # And currently the reference to DOM canvas object is the rooting pointer on the stack, + # which leads to the circular reference problem. + # The SpiderMonkey's (SM) garbage collector will not be able to free the DOM canvas and context + # objects (unreacheble from JS) because of the rooting pointer on stack (see STACK_ROOTS). + # And these objects will be stored until the associated script runtime/thread will be terminated. + # SM -> JS Roots -> DOM Canvas* (on heap) -> DOM Context (on heap) + # SM -> Rust Roots -> Dom Canvas* (on stack) <- as "canvas" member field + # Let's replace the rooting pointer to the traceble pointer (DomRoot -> Dom) + # in the "canvas" member field of DOM context object, which allows to broke circular referencing problem. + # Testing: No changes in existed tests +https://github.com/servo/servo/pull/39110 (@mrobinson, @Loirooriol, #39110) script/layout: Implement `HTMLElement.scrollParent` (#39110) + # This new API allows getting the element which establishes an element's + # scroll container. This will be used to properly implement + # `scrollIntoView`. There is still work to do for this API and + # `offsetParent` to properly handle ancestors which are + # closed-shadow-hidden from the original query element. + # In addition, fix an issue where inline boxes were establishing scrolling + # containers (they shouldn't do that). + # Testing: There are tests for this change. + # Fixes: #39096. +https://github.com/servo/servo/pull/39106 (@Narfinger, #39106) constellation: Use `FnvHashMap` for hashmaps that use ids as keys (#39106) + # FNV is faster for hashing less than 16 bytes of data and the + # cryptographic properties of the default HashMap are not needed for the + # various ids. + # Testing: This does not change functionality. +https://github.com/servo/servo/pull/39104 (@mrobinson, #39104) script: More consistently use `f32` and have scrolling methods follow the specification more closely (#39104) + # This clarifies the units for scrolling: + # - `f32` is used for internal Servo scrolling APIs as that is the unit + # used in WebRender. + # - `f64` is used for the web-exposed scrolling APIs as that is what the + # WebIDL code generator gives us. + # Conversions are done consistently at the boundaries of the two APIs. + # In addition, web-exposed scrolling methods are refactored a bit to more + # closely follow the specification text. In addition, specification text + # is added to those methods so that it is clearer that we are following + # it. + # Testing: This should not change behavior and is thus covered by existing tests. +https://github.com/servo/servo/pull/39095 (@Narfinger, #39095) Change BrowingContextId from WebViewId explicitly (#39095) + # There were still some accesses to the inner BrowsingContextId from the WebViewId. This changes it to completely + # rely on the From trait for these methods. This also means we can make the field private. + # For testing we add a way to create arbitrary WebViewIds. + # Testing: Does not change functionality. +https://github.com/servo/servo/pull/38988 (@arihant2math@gmail.com, @stevennovaryo, #38988) script: Calculate proper border box for resizeobserver (#38988) + # Implements more of calculate_box_size, ensuring that the proper rectangle is returned when the border box is requested. + # Testing: WPT + # Fixes: Partially #38811 +https://github.com/servo/servo/pull/39081 (@jdm, #39081) indexeddb: Serialize all cloned values when storing data. (#39081) + # We were performing a structured clone but throwing away any serializable DOM interfaces included in the result. We + # need to instead serialize the full structured clone result so we can deserialize the DOM interfaces when getting + # the data out of the object store. + # Testing: Existing WPT coverage is sufficient. + # Fixes: #38818 + # Fixed: #38842 +https://github.com/servo/servo/pull/39102 (@mrobinson, #39102) script: Always dirty nodes when changing node state (#39102) + # With incremental layout adding a restyle to a node isn't enough to force + # its layout to update. We also need to explicitly mark the node as dirty + # so that its contents are updated when layout is run. This change makes + # this consistent for all node state changes. This might be a bit too + # conservative as all node state may not affect layout, but should catch + # issues in the future. + # Testing: This is very hard to test as it requires moving the mouse over the + # WebView, and the moving it away, and then testing the rendered contents. This + # kind of coordination would be difficult to manage with unit tests. + # Fixes: #38989. +https://github.com/servo/servo/pull/39099 (@arihant2math@gmail.com, @jschwe, #39099) Fix step ordering for MicrotaskQueue checkpoint (#39099) + # The steps were incorrectly numbered, this PR fixes that and copies over the description of each step. + # Testing: None, just expanding on the comments/fixing the step numbering +>>> 2025-09-05T06:03:58Z +https://github.com/servo/servo/pull/39084 (@kkoyung, #39084) webcrypto: Reduce usage of standalone helper functions for JWK format (#39084) + # Reduce the reliance on standalone helper functions for handling JWK format. Instead, those functionalities are + # now integrated into the `JsonWebKey` type generated by script_binding, via the local trait `JsonWebKeyExt`, for + # internal use. + # The `parse_jwk` function remains for now. It will be removed when once we refactor `SubtleCrypto::ImportKey` + # to support a more generic approach across different cryptographic algorithms. + # Testing: Refactoring. Existing WPT tests should suffice. +https://github.com/servo/servo/pull/39155 (@dependabot[bot], @dependabot[bot], #39155) build(deps): bump the egui-related group with 7 updates (#39155) + # Bumps the egui-related group with 7 updates: + # | Package | From | To | + # | --- | --- | --- | + # | [egui](https://github.com/emilk/egui) | `0.32.1` | `0.32.2` | + # | [egui-winit](https://github.com/emilk/egui) | `0.32.1` | `0.32.2` | + # | [egui_glow](https://github.com/emilk/egui) | `0.32.1` | `0.32.2` | + # | [ecolor](https://github.com/emilk/egui) | `0.32.1` | `0.32.2` | + # | [emath](https://github.com/emilk/egui) | `0.32.1` | `0.32.2` | + # | [epaint](https://github.com/emilk/egui) | `0.32.1` | `0.32.2` | + # | [epaint_default_fonts](https://github.com/emilk/egui) | `0.32.1` | `0.32.2` | + # Updates `egui` from 0.32.1 to 0.32.2 + # Release notes + # Sourced from egui's releases. + # 0.32.2 - Ui::place, Harness::mask and more bug fixes + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # Add Ui::place + # Ui::place is similar to Ui::put, but it doesn't update the current Uis cursor. This is very useful when using the + # new Atoms or making badge-like widgets. + # The following breaks with Ui::put but works just fine with Ui::place: + # Add Harness::mask + # Harness::mask allows for simple masking of Rects you don't want to be visible in snapshot test images. The rect + # will be masked with a ugly color to make it obvious whats going on: + # egui + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # egui_extras + # Fix memory leak when forget_image is called while loading #7380 by @​Vanadiae + # Fix deadlock in ImageLoader, FileLoader, EhttpLoader #7494 by @​lucasmerlin + # egui_kittest + # Allow masking widgets in kittest snapshots #7467 by @​lucasmerlin + # epaint + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Skip zero-length layout job sections #7430 by @​HactarCE + # Unsorted commits + # ... (truncated) + # Changelog + # Sourced from egui's changelog. + # 0.32.2 - 2025-09-04 + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # Commits + # f49e44e Change version to 0.32.2 + # 0099ee7 Update changelogs + # b17d716 Add track_caller to Mutex and RwLock for deadlock_detection + # 94e92a0 Fix: prevent calendar popup from closing on dropdown change (#7409) + # d0bfc61 Skip zero-length layout job sections (#7430) + # 052959d Add Ui::place, to place widgets without changing the cursor (#7359) + # 299b43e Fix deadlock in ImageLoader, FileLoader, EhttpLoader (#7494) + # 0ddcc85 Panic mutexes that can't lock for 30 seconds, in debug builds (#7468) + # 18dc9dc Fix memory leak when forget_image is called while loading (#7380) + # ae94d81 Remove line breaks when pasting into single line TextEdit (#7441) + # Additional commits viewable in compare view + # Updates `egui-winit` from 0.32.1 to 0.32.2 + # Release notes + # Sourced from egui-winit's releases. + # 0.32.2 - Ui::place, Harness::mask and more bug fixes + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # Add Ui::place + # Ui::place is similar to Ui::put, but it doesn't update the current Uis cursor. This is very useful when using the + # new Atoms or making badge-like widgets. + # The following breaks with Ui::put but works just fine with Ui::place: + # Add Harness::mask + # Harness::mask allows for simple masking of Rects you don't want to be visible in snapshot test images. The rect + # will be masked with a ugly color to make it obvious whats going on: + # egui + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # egui_extras + # Fix memory leak when forget_image is called while loading #7380 by @​Vanadiae + # Fix deadlock in ImageLoader, FileLoader, EhttpLoader #7494 by @​lucasmerlin + # egui_kittest + # Allow masking widgets in kittest snapshots #7467 by @​lucasmerlin + # epaint + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Skip zero-length layout job sections #7430 by @​HactarCE + # Unsorted commits + # ... (truncated) + # Changelog + # Sourced from egui-winit's changelog. + # 0.32.2 - 2025-09-04 + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # Commits + # 0099ee7 Update changelogs + # b17d716 Add track_caller to Mutex and RwLock for deadlock_detection + # 94e92a0 Fix: prevent calendar popup from closing on dropdown change (#7409) + # d0bfc61 Skip zero-length layout job sections (#7430) + # 052959d Add Ui::place, to place widgets without changing the cursor (#7359) + # 299b43e Fix deadlock in ImageLoader, FileLoader, EhttpLoader (#7494) + # 0ddcc85 Panic mutexes that can't lock for 30 seconds, in debug builds (#7468) + # 18dc9dc Fix memory leak when forget_image is called while loading (#7380) + # ae94d81 Remove line breaks when pasting into single line TextEdit (#7441) + # c749f37 fix: SubMenu should not display when ui is disabled (#7428) + # Additional commits viewable in compare view + # Updates `egui_glow` from 0.32.1 to 0.32.2 + # Release notes + # Sourced from egui_glow's releases. + # 0.32.2 - Ui::place, Harness::mask and more bug fixes + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # Add Ui::place + # Ui::place is similar to Ui::put, but it doesn't update the current Uis cursor. This is very useful when using the + # new Atoms or making badge-like widgets. + # The following breaks with Ui::put but works just fine with Ui::place: + # Add Harness::mask + # Harness::mask allows for simple masking of Rects you don't want to be visible in snapshot test images. The rect + # will be masked with a ugly color to make it obvious whats going on: + # egui + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # egui_extras + # Fix memory leak when forget_image is called while loading #7380 by @​Vanadiae + # Fix deadlock in ImageLoader, FileLoader, EhttpLoader #7494 by @​lucasmerlin + # egui_kittest + # Allow masking widgets in kittest snapshots #7467 by @​lucasmerlin + # epaint + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Skip zero-length layout job sections #7430 by @​HactarCE + # Unsorted commits + # ... (truncated) + # Changelog + # Sourced from egui_glow's changelog. + # 0.32.2 - 2025-09-04 + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # Commits + # 0099ee7 Update changelogs + # b17d716 Add track_caller to Mutex and RwLock for deadlock_detection + # 94e92a0 Fix: prevent calendar popup from closing on dropdown change (#7409) + # d0bfc61 Skip zero-length layout job sections (#7430) + # 052959d Add Ui::place, to place widgets without changing the cursor (#7359) + # 299b43e Fix deadlock in ImageLoader, FileLoader, EhttpLoader (#7494) + # 0ddcc85 Panic mutexes that can't lock for 30 seconds, in debug builds (#7468) + # 18dc9dc Fix memory leak when forget_image is called while loading (#7380) + # ae94d81 Remove line breaks when pasting into single line TextEdit (#7441) + # c749f37 fix: SubMenu should not display when ui is disabled (#7428) + # Additional commits viewable in compare view + # Updates `ecolor` from 0.32.1 to 0.32.2 + # Release notes + # Sourced from ecolor's releases. + # 0.32.2 - Ui::place, Harness::mask and more bug fixes + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # Add Ui::place + # Ui::place is similar to Ui::put, but it doesn't update the current Uis cursor. This is very useful when using the + # new Atoms or making badge-like widgets. + # The following breaks with Ui::put but works just fine with Ui::place: + # Add Harness::mask + # Harness::mask allows for simple masking of Rects you don't want to be visible in snapshot test images. The rect + # will be masked with a ugly color to make it obvious whats going on: + # egui + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # egui_extras + # Fix memory leak when forget_image is called while loading #7380 by @​Vanadiae + # Fix deadlock in ImageLoader, FileLoader, EhttpLoader #7494 by @​lucasmerlin + # egui_kittest + # Allow masking widgets in kittest snapshots #7467 by @​lucasmerlin + # epaint + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Skip zero-length layout job sections #7430 by @​HactarCE + # Unsorted commits + # ... (truncated) + # Changelog + # Sourced from ecolor's changelog. + # 0.32.2 - 2025-09-04 + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # Commits + # f49e44e Change version to 0.32.2 + # 0099ee7 Update changelogs + # b17d716 Add track_caller to Mutex and RwLock for deadlock_detection + # 94e92a0 Fix: prevent calendar popup from closing on dropdown change (#7409) + # d0bfc61 Skip zero-length layout job sections (#7430) + # 052959d Add Ui::place, to place widgets without changing the cursor (#7359) + # 299b43e Fix deadlock in ImageLoader, FileLoader, EhttpLoader (#7494) + # 0ddcc85 Panic mutexes that can't lock for 30 seconds, in debug builds (#7468) + # 18dc9dc Fix memory leak when forget_image is called while loading (#7380) + # ae94d81 Remove line breaks when pasting into single line TextEdit (#7441) + # Additional commits viewable in compare view + # Updates `emath` from 0.32.1 to 0.32.2 + # Release notes + # Sourced from emath's releases. + # 0.32.2 - Ui::place, Harness::mask and more bug fixes + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # Add Ui::place + # Ui::place is similar to Ui::put, but it doesn't update the current Uis cursor. This is very useful when using the + # new Atoms or making badge-like widgets. + # The following breaks with Ui::put but works just fine with Ui::place: + # Add Harness::mask + # Harness::mask allows for simple masking of Rects you don't want to be visible in snapshot test images. The rect + # will be masked with a ugly color to make it obvious whats going on: + # egui + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # egui_extras + # Fix memory leak when forget_image is called while loading #7380 by @​Vanadiae + # Fix deadlock in ImageLoader, FileLoader, EhttpLoader #7494 by @​lucasmerlin + # egui_kittest + # Allow masking widgets in kittest snapshots #7467 by @​lucasmerlin + # epaint + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Skip zero-length layout job sections #7430 by @​HactarCE + # Unsorted commits + # ... (truncated) + # Changelog + # Sourced from emath's changelog. + # 0.32.2 - 2025-09-04 + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # Commits + # 0099ee7 Update changelogs + # b17d716 Add track_caller to Mutex and RwLock for deadlock_detection + # 94e92a0 Fix: prevent calendar popup from closing on dropdown change (#7409) + # d0bfc61 Skip zero-length layout job sections (#7430) + # 052959d Add Ui::place, to place widgets without changing the cursor (#7359) + # 299b43e Fix deadlock in ImageLoader, FileLoader, EhttpLoader (#7494) + # 0ddcc85 Panic mutexes that can't lock for 30 seconds, in debug builds (#7468) + # 18dc9dc Fix memory leak when forget_image is called while loading (#7380) + # ae94d81 Remove line breaks when pasting into single line TextEdit (#7441) + # c749f37 fix: SubMenu should not display when ui is disabled (#7428) + # Additional commits viewable in compare view + # Updates `epaint` from 0.32.1 to 0.32.2 + # Release notes + # Sourced from epaint's releases. + # 0.32.2 - Ui::place, Harness::mask and more bug fixes + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # Add Ui::place + # Ui::place is similar to Ui::put, but it doesn't update the current Uis cursor. This is very useful when using the + # new Atoms or making badge-like widgets. + # The following breaks with Ui::put but works just fine with Ui::place: + # Add Harness::mask + # Harness::mask allows for simple masking of Rects you don't want to be visible in snapshot test images. The rect + # will be masked with a ugly color to make it obvious whats going on: + # egui + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # egui_extras + # Fix memory leak when forget_image is called while loading #7380 by @​Vanadiae + # Fix deadlock in ImageLoader, FileLoader, EhttpLoader #7494 by @​lucasmerlin + # egui_kittest + # Allow masking widgets in kittest snapshots #7467 by @​lucasmerlin + # epaint + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Skip zero-length layout job sections #7430 by @​HactarCE + # Unsorted commits + # ... (truncated) + # Changelog + # Sourced from epaint's changelog. + # 0.32.2 - 2025-09-04 + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # Commits + # 0099ee7 Update changelogs + # b17d716 Add track_caller to Mutex and RwLock for deadlock_detection + # 94e92a0 Fix: prevent calendar popup from closing on dropdown change (#7409) + # d0bfc61 Skip zero-length layout job sections (#7430) + # 052959d Add Ui::place, to place widgets without changing the cursor (#7359) + # 299b43e Fix deadlock in ImageLoader, FileLoader, EhttpLoader (#7494) + # 0ddcc85 Panic mutexes that can't lock for 30 seconds, in debug builds (#7468) + # 18dc9dc Fix memory leak when forget_image is called while loading (#7380) + # ae94d81 Remove line breaks when pasting into single line TextEdit (#7441) + # c749f37 fix: SubMenu should not display when ui is disabled (#7428) + # Additional commits viewable in compare view + # Updates `epaint_default_fonts` from 0.32.1 to 0.32.2 + # Release notes + # Sourced from epaint_default_fonts's releases. + # 0.32.2 - Ui::place, Harness::mask and more bug fixes + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # Add Ui::place + # Ui::place is similar to Ui::put, but it doesn't update the current Uis cursor. This is very useful when using the + # new Atoms or making badge-like widgets. + # The following breaks with Ui::put but works just fine with Ui::place: + # Add Harness::mask + # Harness::mask allows for simple masking of Rects you don't want to be visible in snapshot test images. The rect + # will be masked with a ugly color to make it obvious whats going on: + # egui + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # egui_extras + # Fix memory leak when forget_image is called while loading #7380 by @​Vanadiae + # Fix deadlock in ImageLoader, FileLoader, EhttpLoader #7494 by @​lucasmerlin + # egui_kittest + # Allow masking widgets in kittest snapshots #7467 by @​lucasmerlin + # epaint + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Skip zero-length layout job sections #7430 by @​HactarCE + # Unsorted commits + # ... (truncated) + # Changelog + # Sourced from epaint_default_fonts's changelog. + # 0.32.2 - 2025-09-04 + # Fix: SubMenu should not display when ui is disabled #7428 by @​ozwaldorf + # Remove line breaks when pasting into single line TextEdit #7441 by @​YgorSouza + # Panic mutexes that can't lock for 30 seconds, in debug builds #7468 by @​emilk + # Add Ui::place, to place widgets without changing the cursor #7359 by @​lucasmerlin + # Fix: prevent calendar popup from closing on dropdown change #7409 by @​AStrizh + # Commits + # 0099ee7 Update changelogs + # b17d716 Add track_caller to Mutex and RwLock for deadlock_detection + # 94e92a0 Fix: prevent calendar popup from closing on dropdown change (#7409) + # d0bfc61 Skip zero-length layout job sections (#7430) + # 052959d Add Ui::place, to place widgets without changing the cursor (#7359) + # 299b43e Fix deadlock in ImageLoader, FileLoader, EhttpLoader (#7494) + # 0ddcc85 Panic mutexes that can't lock for 30 seconds, in debug builds (#7468) + # 18dc9dc Fix memory leak when forget_image is called while loading (#7380) + # ae94d81 Remove line breaks when pasting into single line TextEdit (#7441) + # c749f37 fix: SubMenu should not display when ui is disabled (#7428) + # Additional commits viewable in compare view + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39137 (@mrobinson, #39137) script: Make `get_property_jsval` a safe function (#39137) + # Accept the safe `JSContext` wraper to this function so that it can be + # safe. Some callers also become safe as well. + # Testing: This does not change behavior and is thus covered by existing tests. + # Fixes: #39129. +https://github.com/servo/servo/pull/39150 (@Loirooriol, #39150) Upgrade Stylo to 2025-09-02 (#39150) + # This continues #38429 + # Changelog: + # - Upstream: + # https://github.com/servo/stylo/compare/ec21cec41ca58bd8c994a18d53d88bab78229b0c...fd700321ccc0434b09bc641099e8761d67733 + # 913 + # - Servo fixups: + # https://github.com/servo/stylo/compare/30f8960428ee7bfc4d1443e136f77f79371ee500...64d8521f1b8509a0160a89e24d0ace2883fa3 + # 269 + # Stylo tracking issue: https://github.com/servo/stylo/issues/236 +https://github.com/servo/servo/pull/39133 (@shubhamg13, #39133) Enable viewport `` tag support for mobile platforms only (#39133) + # Enable viewport `` tag support for mobile platforms only. + # _Reference:_ + # [web_preferences.h](https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/public/common/web_prefere + # nces/web_preferences.h;l=158?) + # _Todo: Enable for when requested desktop site:_ + # [web_contents_impl.cc](https://source.chromium.org/chromium/chromium/src/+/main:content/browser/web_contents/web_content + # s_impl.cc;l=3752?) + # Testing: Tested Manually + # Fixes: #39002 +https://github.com/servo/servo/pull/39148 (@averyrudelphe@gmail.com, #39148) script: implement setMatrixValue for DOMMatrix (#39148) + # Even more progress on the geometry suite. Almost there! + # Testing: Covered by WPT (css/geometry). +https://github.com/servo/servo/pull/39136 (@dependabot[bot], @dependabot[bot], #39136) build(deps): bump cc from 1.2.34 to 1.2.35 (#39136) + # Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.2.34 to 1.2.35. + # Changelog + # Sourced from cc's changelog. + # 1.2.35 - 2025-09-01 + # Fixed + # fix building for aarch64-apple-visionos-sim on nightly (#1534) + # fix tests apple_sdkroot_wrong (#1530) + # Other + # Regenerate target info (#1536) + # Optimize Tool::to_command (#1535) + # Extract find-msvc-tools (#1531) + # Add prefer_clang_cl_over_msvc (#1516) + # Commits + # 9b4389c chore(cc): release v1.2.35 (#1533) + # 36948ab Fix semver-checks: Add back functino windows_registry::find (#1539) + # 0a1c2a3 ci: fix crates-io trusted publishing in publish.yml (#1538) + # 6a4c4f4 ci: use trusted publishing in publish.yml (#1537) + # 0c9e396 Regenerate target info (#1536) + # 2b26463 Optimize Tool::to_command (#1535) + # 1a9c4ca fix building for aarch64-apple-visionos-sim on nightly (#1534) + # 409b35c Refactor: Extract windows-find-tools (#1531) + # 5781d3e fix tests apple_sdkroot_wrong (#1530) + # d264a7c Add prefer_clang_cl_over_msvc (#1516) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cc&package-manager=cargo&previ + # ous-version=1.2.34&new-version=1.2.35)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depend + # abot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39108 (@kkoyung, #39108) script: Queue a microtask in `wait_for_all` of promise type (#39108) + # In the wait-for-all algorithm of the IDL promise type, we need to queue a microtask to perform successSteps given + # « » if total is 0. + # This step was previously implemented in a workaround, which perform successSteps immediately. + # This patch properly queue the microtask, and remove the workaround. + # Testing: Refactoring only. Existing tests are enough. + # Fixes: #37259 +https://github.com/servo/servo/pull/39135 (@dependabot[bot], @dependabot[bot], #39135) build(deps): bump log from 0.4.27 to 0.4.28 (#39135) + # Bumps [log](https://github.com/rust-lang/log) from 0.4.27 to 0.4.28. + # Release notes + # Sourced from log's releases. + # 0.4.28 + # What's Changed + # ci: drop really old trick and ensure MSRV for all feature combo by @​tisonkun in rust-lang/log#676 + # chore: fix some typos in comment by @​xixishidibei in rust-lang/log#677 + # Unhide #[derive(Debug)] in example by @​ZylosLumen in rust-lang/log#688 + # Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by @​HaoliangXu in + # rust-lang/log#690 + # Add increment_severity() and decrement_severity() methods for Level and LevelFilter by @​nebkor in rust-lang/log#692 + # Prepare for 0.4.28 release by @​KodrAus in rust-lang/log#695 + # New Contributors + # @​xixishidibei made their first contribution in rust-lang/log#677 + # @​ZylosLumen made their first contribution in rust-lang/log#688 + # @​HaoliangXu made their first contribution in rust-lang/log#690 + # @​nebkor made their first contribution in rust-lang/log#692 + # Full Changelog: https://github.com/rust-lang/log/compare/0.4.27...0.4.28 + # Changelog + # Sourced from log's changelog. + # [0.4.28] - 2025-09-02 + # What's Changed + # ci: drop really old trick and ensure MSRV for all feature combo by @​tisonkun in rust-lang/log#676 + # Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by @​HaoliangXu in + # rust-lang/log#690 + # Add increment_severity() and decrement_severity() methods for Level and LevelFilter by @​nebkor in rust-lang/log#692 + # New Contributors + # @​xixishidibei made their first contribution in rust-lang/log#677 + # @​ZylosLumen made their first contribution in rust-lang/log#688 + # @​HaoliangXu made their first contribution in rust-lang/log#690 + # @​nebkor made their first contribution in rust-lang/log#692 + # Full Changelog: https://github.com/rust-lang/log/compare/0.4.27...0.4.28 + # Notable Changes + # MSRV is bumped to 1.61.0 in rust-lang/log#676 + # Commits + # 6e17355 Merge pull request #695 from rust-lang/cargo/0.4.28 + # 57719db focus on user-facing source changes in the changelog + # e0630c6 prepare for 0.4.28 release + # 60829b1 Merge pull request #692 from nebkor/up-and-down + # 95d44f8 change names of log-level-changing methods to be more descriptive + # 2b63dfa Add up() and down() methods for Level and LevelFilter + # 3aa1359 Merge pull request #690 from HaoliangXu/master + # 1091f2c Chore:delete compare_exchange method for AtomicUsize on platforms + # 24c5f44 Merge pull request #688 from ZylosLumen/patch-1 + # 4498495 Unhide #[derive(Debug)] in example + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=log&package-manager=cargo&prev + # ious-version=0.4.27&new-version=0.4.28)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depen + # dabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39107 (@mrobinson, #39107) script: Modify `Element::determine_scroll_into_view_position` to take a `ScrollingBox` (#39107) + # There is no need to separate the two kinds of scrolling boxes into + # `Element` and `Viewport` more than once. This also eliminates a + # potentially panicking `unwrap()`. + # Testing: This doesn't change behavior and is thus covered by existing tests. +https://github.com/servo/servo/pull/39109 (@TimvdLippe, #39109) Hookup mime classifier to main document loader (#39109) + # While we don't perform any sniffing yet, it does now + # check all relevant mime types. Before, we would only + # check specific versions of specific mime types. However, + # the specification is more elaborate, which MimeClassifier + # already handles. + # There are two new test failures, but they actually fail + # in the same way in other browsers. These tests are still + # being discussed what the correct behavior should be [1] + # Part of #14024 + # [1]: https://github.com/whatwg/mimesniff/issues/189#issuecomment-2081559661 +https://github.com/servo/servo/pull/39113 (@averyrudelphe@gmail.com, #39113) script: preserve 2D on DOMMatrix invert (#39113) + # More small geometry fixes. + # Testing: Covered by WPT (css/geometry/DOMMatrix-invert-preserves-2d.html) +https://github.com/servo/servo/pull/39130 (@euclid.ye@huawei.com, #39130) font: Remove unused `FontTable` constructor for Windows (#39130) + # #39112 restricts accessibility for some font functions, exposing some functions that haven't been used for a long + # time. Now it is detected by Lint as dead code. +https://github.com/servo/servo/pull/39034 (@TimvdLippe, #39034) Move `Element::matches_environment` to `MediaList` (#39034) + # It more logically matches `MediaList`, and it allows us to + # call this method with a document. This is required when + # parsing Link headers, as they don't have an associated + # element, but they do have a document. + # Part of #35035 +>>> 2025-09-06T06:05:54Z +https://github.com/servo/servo/pull/39174 (@sagudev, #39174) cargo: Ignore advisory for deprecated crate 'fxhash' (#39174) + # Unblock CI, we will do migration slowly (because stylo). +https://github.com/servo/servo/pull/39171 (@sebsebmc, #39171) fix: Store channel reference in CookieStore to prevent panic on unload (#39171) + # CookieStore sets up a route with the resource threads to handle async communication and needs to later unregister + # itself when the page unloads. When attempting to do this in the `Drop` of CookieStore we panic attempting to + # retrieve the channel via `self.global().resource_threads()` because global is already null. This change stores a + # reference to the core resource thread in the object to send the unregister on `Drop`. + # Testing: manual testing for crash fix, behavior should be unchanged +https://github.com/servo/servo/pull/39170 (@sebsebmc, #39170) script: Remove CookieListItem fields that were removed in the spec (#39170) + # The spec removed all fields from CookieListItem except for name and value + # Testing: WPT tests cover this already. +https://github.com/servo/servo/pull/39165 (@Loirooriol, #39165) layout: Add method to retrieve only the first LayoutBoxBase of a box (#39165) + # A LayoutBox typically has one LayoutBoxBase, or none in the case of `LayoutBox::DisplayContents`. However, + # `LayoutBox::InlineLevel` can contain multiple inline items, each one with its base. But since things like the + # style or the fragment flags should be the same for all of them, getting the first base is sometimes enough. + # Testing: not needed, no change in behavior. +https://github.com/servo/servo/pull/39153 (@Loirooriol, #39153) layout: Fix `scrollParent` to skip ancestors with `display: contents` (#39153) + # When encountering such an ancestor, we were returning null instead of skipping it. + # Testing: Adding new subtest for this. And while I'm at it, another one for the root element, unrelated to this fix. +https://github.com/servo/servo/pull/39164 (@shanehandley, #39164) script: remove wpt test added in #39079 (#39164) + # Removes a test related to autoplay and sandboxing which will always fail. + # In https://github.com/servo/servo/pull/39079 I introduced a wpt to test autoplay functionality, but the test was + # flawed in its approach - shortly after merge, myself and @TimvdLippe found that this test would simulataneously + # require scripts to be enabled, as well as disabled for the test to pass. + # This slipped past me becuase we hadn't correctly implemented whether scripting was enabled yet in Servo. + # Testing: Removes a single WPT - this test has not been merged upstream. +https://github.com/servo/servo/pull/39156 (@dependabot[bot], @dependabot[bot], @euclid.ye@huawei.com, #39156) build(deps): bump windows-sys from 0.59.0 to 0.61.0 (#39156) + # Bumps [windows-sys](https://github.com/microsoft/windows-rs) from 0.59.0 to 0.61.0. + # Release notes + # Sourced from windows-sys's releases. + # 61 + # Major crate updates: + # windows 0.59.0 + # windows-core 0.59.0 + # windows-implement 0.59.0 + # windows-interface 0.59.0 + # windows-targets 0.53.0 + # windows_i686_msvc 0.53.0 + # windows_x86_64_msvc 0.53.0 + # windows_aarch64_msvc 0.53.0 + # windows_i686_gnu 0.53.0 + # windows_x86_64_gnu 0.53.0 + # windows_i686_gnullvm 0.53.0 + # windows_x86_64_gnullvm 0.53.0 + # windows_aarch64_gnullvm 0.53.0 + # windows-bindgen 0.59.0 + # windows-registry 0.4.0 + # windows-result 0.3.0 + # windows-strings 0.3.0 + # cppwinrt 0.2.0 + # Minor crate updates: + # windows-version 0.1.2 + # Excluded: + # windows-sys 0.59.0 + # Things to keep in mind: + # The tag/release names no longer map directly to the crate versions, so to find samples for a particular release + # requires looking at the releases page and finding the release that most recently updated a particular crate. + # The windows-bindgen crate includes the major code generation overhaul that brings many improvements - be sure to + # check out the PR description for more information. The resulting code gen depends on the new version of windows-core + # and its dependencies, unless you include the --sys option. #3359 + # The cppwinrt crate constitutes a major update due to streamlining the error handling. #3415 + # The windows-registry, windows-strings, and windows-result crates are also major version updates since they include + # small breaking changes. + # The windows-targets crate finally receives a major version update, the first in over a year. This is due to #3359 and + # #3342 potentially introducing breaking changes. Although unlikely, these updates introduced sufficient changes that + # make it hard to ensure that the windows-targets libs don't break existing code. As we're updating windows-targets + # anyway, I took the liberty to bump the MSRV to 1.60 - to match the latest version of windows-sys - and remove the old + # but unused doc macro feature. Both remained for compatibility with very old dependents of the windows-targets crate. + # The windows-version crate receives a minor update to update its dependency on the windows-targets crate. + # Beyond these specifics, this update is the culmination of around 6 months worth of work on the windows-rs project. The + # biggest improvements comes from the new code generation engine, but many other improvements are now also available + # for production. This includes support for many new lints, warnings, and suggestions provided by the Rust toolchain; + # much smaller code gen thanks to deriving many more traits; more efficient code gen; major improvements to WinRT type + # system and implementation support; more robust and consistent error handling; stock collection and async support; + # improved support for class hierarchies; and much more! + # In addition to "what's changed" below, check out what's changed for notes for 0.60.0 and 0.59.0 for + # additional changes that roll up to the crates published as part of this release. + # What's Changed + # Remove improper_ctypes workaround by @​ChrisDenton in microsoft/windows-rs#3296 + # ... (truncated) + # Commits + # 5888c8c Release 0.61.0 (#3418) + # 9911fee Improve feature search UX, add dark mode, and update deps (#3422) + # eed7453 Update GitHub Actions runners (#3423) + # 284f189 Avoid transmute where possible (#3421) + # b35dfd1 Update web workflow to use external origin (#3420) + # 3566fca Fix provenance in direct32 sample (#3419) + # 382ea56 Use track_caller to make debugging cppwinrt build script errors easier (#... + # f09c132 Shorten sample crate names (#3416) + # 5e8ce09 cppwinrt should consistently panic on failure (#3415) + # d02c977 Detect unsupported array parameters (#3402) + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=windows-sys&package-manager=ca + # rgo&previous-version=0.59.0&new-version=0.61.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/abo + # ut-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/37194 (@Narfinger, #37194) servoshell: Replace `getopts` with `bpaf` for argument parsing (#37194) + # This includes some small refactoring and some small breaking changes as + # listed below. Other than these I tried to keep the functionality exactly + # the same but because in the old code the parsing and settings of + # preferences was intermingled it was difficult to figure out. + # Small Breaking: + # - Size and resources-path were unused but appeared in the help. + # - soft-fail and hard-fail: Soft-fail flag got removed because it is too + # difficult to keep both. The default is now soft-fail and hard-fail can + # be enabled. + # - The help strings are obviously formatted differently now. + # - -V does not work anymore but -v and --version. + # Ideally, we want to have the ServoShellPreferences and Preferences be directly the Argument structure but that + # needs a bit more discussion because it would break backwards compatibility with the commandline. + # This increases the binary size by ~280kb. + # Testing: The testcases are still working but they do not cover much. + # I added a unit test for the -p flag because it is the most difficult to parse in general. + # Fixes: This will fix a small number of various parsing misshaps. It will also show if we are removing an option + # via unused lint. +https://github.com/servo/servo/pull/38847 (@kkoyung, #38847) script: Re-implement evaluate_key_path_on_value in IndexedDB (#38847) + # The current implementation of evaluate_key_path_on_value was translated from gecko, and it is incomplete. The + # unimplemented part occurs many crashes in WPT tests. + # This PR re-implements it according to the spec. It should eliminate many crashed WPT tests, and increase the + # code readability. + # Testing: Update WPT test expectation + # Fixes: #38817 partially, and #25325 +https://github.com/servo/servo/pull/39159 (@euclid.ye@huawei.com, #39159) webdriver: Update `.ini` to mark unstable subtests in `accept_alert/accept.py`, `forward/forward.py`, `perform_actions/pointer_mouse.py`, `send_alert_text/send.py` (#39159) + # Few webdriver subtests are quite unstable. But it is an overkill to mark the entire test as intermittent, as the + # CI would permit buggy PRs that sabotage other stable subtests. This PR mark these subtests and closes the related + # intermittent issues. + # Fixes: #39158 + # Fixes: #39117 + # Fixes: #39121 + # Fixes: #39154 +https://github.com/servo/servo/pull/39146 (@TimvdLippe, #39146) Refactor loading methods to align with specification (#39146) + # This is in preparation of being able to do mime sniffing on the response data. For that, we first need to introduce + # separate methods so that we can decouple them from process_response. In doing so, we introduce a NavigationParams + # which mimics what the spec intents. The spec stores different data (policy container instead of csp list and + # response instead of content-type), but it is similar enough. + # Part of #14024 +https://github.com/servo/servo/pull/39079 (@shanehandley, #39079) script: Implement document's active sandboxing flag set (#39079) + # Implements document's active sandboxing flags. These are currently populated only from CSP-derived sandboxing + # flags for a new document, when defined in the CSP. + # Testing: 1 new pass, and some new wpt's are added to test points in the spec where these flags influence behaviour. +>>> 2025-09-07T06:03:25Z +https://github.com/servo/servo/pull/39188 (@servo-wpt-sync, #39188) Sync WPT with upstream (07-09-2025) (#39188) + # Automated downstream sync of changes from upstream as of 07-09-2025 + # [no-wpt-sync] +https://github.com/servo/servo/pull/38839 (@arihant2math@gmail.com, #38839) script: Initial stubs for Credential Management API (#38839) + # Stubs `Credential`, `CredentialContainer`, and `PasswordCredential` and adds the credentials attribute to navigator. + # Testing: WPT + # Fixes: Partially #38788 +https://github.com/servo/servo/pull/39183 (@sagudev, #39183) canvas: Implement `strokeText` (#39183) + # Mostly it's just reusing/copy&edit fillText stuff. + # Testing: Existing WPT tests + # Fixes: #29973 + # Try run: https://github.com/sagudev/servo/actions/runs/17511337550 +https://github.com/servo/servo/pull/39186 (@euclid.ye@huawei.com, #39186) webdriver: Serialize as i64 if the JS Number has no fractional part (#39186) + # JavaScript Number does not have Integer type, except for recently added `BigInt`. That's why we removed `Int` + # variant from `JSValue` earlier in #38748. However, the Serde deserialization is strict: when it expects `u64`, + # it cannot deserialize "3.0". But when it expects `f64`, it can still deserialize "3". + # Now, we serialize as i64 if the JS Number has no fractional part. This not only fixes regression, but also improves + # the case where we have an integer not representable by i32 and previously would be parsed as f64 again. + # Testing: `./mach test-wpt -r /infrastructure/testdriver/actions/eventOrder.html --headless --product servodriver` + # no longer fails when deserializing HTTP request. + # Fixes: #39181 +https://github.com/servo/servo/pull/39185 (@sagudev, #39185) cargo: Bump MSRV to 1.86.0 (#39185) + # Per discussions in [#general > RFC: Bump MSRV to 1.86 @ + # 💬](https://servo.zulipchat.com/#narrow/channel/263398-general/topic/RFC.3A.20Bump.20MSRV.20to.201.2E86/near/537822241 + # ) + # it's okay to do this. LLVM/clang used by this rust version is still 19, so there should be no problems on that front. + # This will be needed for future vello bumps: + # https://github.com/linebender/vello/blob/65eea2c43b7f90f0159615731348defb4eb602bd/Cargo.toml#L45 + # Testing: CI MSRV check +https://github.com/servo/servo/pull/39172 (@Loirooriol, #39172) layout: Simplify `effective_overflow()` a little (#39172) + # This implements the Default trait for `AxesOverflow`, to avoid having to manually set both axes to `Overflow::Visible`. + # Also implements the conversion from `&ComputedValues` to `AxesOverflow`, which is the also used for overflow + # viewport propagation. + # And moves the `is_inline_box()` checkinto the `ignores_overflow` logic. + # Testing: Not needed, no change in behavior +https://github.com/servo/servo/pull/39177 (@jdm, #39177) indexeddb: Support enabling IndexedDB after startup (#39177) + # The servodriver harness requires preference-gated web platform features to be toggleable at any point in the + # browsing session's lifetime, rather than at startup. To support toggling IndexedDB, we need to ensure the IDB + # manager thread is always started. + # Testing: Verified when running `./mach test-wpt /IndexedDB --headless --product servodriver`. We don't run + # servodriver in CI yet. + # Fixes: #39175 +https://github.com/servo/servo/pull/38885 (@arihant2math@gmail.com, #38885) indexeddb: Implement getAll and getAllKeys (#38885) + # Implement getAll and getAllKeys for IDBObjectStore. + # Testing: WPT & Unit testing + # Fixes: Part of #6963. +https://github.com/servo/servo/pull/39168 (@Narfinger, #39168) Switch the majority of fxhash uses to rustc_hash which is maintained (#39168) + # fxhash seems to be unmaintained (see https://github.com/rustsec/advisory-db/issues/2185) so we should move away + # from it. + # Additionally, the new crate might be slightly faster. + # There is still some cases depending on stylo that have the old fxhash + # crate. + # Signed-off-by: Narfinger + # Testing: Changes in Hash should really not show any bugs. And performance should be comparable. +>>> 2025-09-08T06:06:05Z +https://github.com/servo/servo/pull/39200 (@dependabot[bot], @dependabot[bot], #39200) build(deps): bump lebe from 0.5.2 to 0.5.3 (#39200) + # Bumps [lebe](https://github.com/johannesvollmer/lebe) from 0.5.2 to 0.5.3. + # Commits + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lebe&package-manager=cargo&pre + # vious-version=0.5.2&new-version=0.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depend + # abot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39198 (@dependabot[bot], @dependabot[bot], #39198) build(deps): bump wit-bindgen from 0.45.0 to 0.45.1 (#39198) + # Bumps [wit-bindgen](https://github.com/bytecodealliance/wit-bindgen) from 0.45.0 to 0.45.1. + # Commits + # 5d37dfb Release wit-bindgen 0.45.1 (#1378) + # 3db0056 Fill out missing StreamRead::cancel implementation (#1376) + # ca55f12 fix(core): results for async task generation (#1374) + # 93c9ee3 Disable unused-import warnings on __with_name* aliases. (#1372) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=wit-bindgen&package-manager=ca + # rgo&previous-version=0.45.0&new-version=0.45.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/abo + # ut-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39199 (@dependabot[bot], @dependabot[bot], #39199) build(deps): bump zune-jpeg from 0.4.20 to 0.4.21 (#39199) + # Bumps [zune-jpeg](https://github.com/etemesi254/zune-image) from 0.4.20 to 0.4.21. + # Release notes + # Sourced from zune-jpeg's releases. + # v0.1.0 + # No release notes provided. + # Commits + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zune-jpeg&package-manager=carg + # o&previous-version=0.4.20&new-version=0.4.21)](https://docs.github.com/en/github/managing-security-vulnerabilities/about + # -dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39197 (@dependabot[bot], @dependabot[bot], #39197) build(deps): bump winapi-util from 0.1.10 to 0.1.11 (#39197) + # Bumps [winapi-util](https://github.com/BurntSushi/winapi-util) from 0.1.10 to 0.1.11. + # Commits + # 803874c 0.1.11 + # c14bbd7 deps: support windows-sys 0.61 + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=winapi-util&package-manager=ca + # rgo&previous-version=0.1.10&new-version=0.1.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/abo + # ut-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39196 (@dependabot[bot], @dependabot[bot], #39196) build(deps): bump zerocopy from 0.8.26 to 0.8.27 (#39196) + # Bumps [zerocopy](https://github.com/google/zerocopy) from 0.8.26 to 0.8.27. + # Release notes + # Sourced from zerocopy's releases. + # v0.8.27 + # What's Changed + # Add KnownLayout::size_for_metadata by @​jswrenn in google/zerocopy#2674 + # Support repr(u128) and repr(i128) in derive(IntoBytes) by @​jswrenn in google/zerocopy#2676 + # [derive] IntoBytes padding error says number of bytes by @​joshlf in google/zerocopy#2699 + # [derive] Clarify FromBytes enum support by @​joshlf in google/zerocopy#2696 + # Implement traits for unsafe function values by @​joshlf in google/zerocopy#2697 + # derive(IntoBytes): support repr(C) structs with explicit trailing slices by @​jswrenn in google/zerocopy#2679 + # Full Changelog: https://github.com/google/zerocopy/compare/v0.8.26...v0.8.27 + # Commits + # 5301361 Release 0.8.27 (#2710) + # a55463e derive(IntoBytes): support repr(C) structs with explicit trailing slices ... + # e546da9 [ci] Roll pinned nightly toolchain (#2709) + # 5b52ab0 [ci] Roll pinned nightly toolchain (#2708) + # 2f931af [ci] Roll pinned nightly toolchain (#2707) + # cd0ea7f [ci] Roll pinned nightly toolchain (#2706) + # e95a779 [ci] Roll pinned nightly toolchain (#2705) + # 3d35f06 [ci] Roll pinned nightly toolchain (#2704) + # fb1cf4c [ci] Roll pinned nightly toolchain (#2702) + # c1a3796 [ci] Roll pinned nightly toolchain (#2700) + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zerocopy&package-manager=cargo + # &previous-version=0.8.26&new-version=0.8.27)](https://docs.github.com/en/github/managing-security-vulnerabilities/about- + # dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39134 (@Narfinger, @mrobinson, @yezhizhen, #39134) Elaborate documentation of notify_history_changed in WebViewDelegate (#39134) + # Elaborate documentation of on_history_changed in WebViewDelegate + # Testing: Just documentation. +https://github.com/servo/servo/pull/39144 (@mrobinson, @Loirooriol, #39144) script: Use `HTMLElement.scrollParent` to implement `Element.scrollIntoView` (#39144) + # To find scrolling ancestors, we need to walk up the flat tree and only + # consider the elements that are in the chain of containing block + # ancestors of an element. `scrollParent` now does this so we can use it + # to properly implement `scrollIntoView`. + # Testing: There are WPT tests for this change. +https://github.com/servo/servo/pull/39190 (@sagudev, #39190) CI: Change APT mirror priorities (#39190) + # We noticed many times that bootstrap sometimes takes a lot of + # time due to slow download speed: [#general > Bootstrap is slow in CI @ + # 💬](https://servo.zulipchat.com/#narrow/channel/263398-general/topic/Bootstrap.20is.20slow.20in.20CI/near/537610373). + # We [reported this to github](https://github.com/actions/runner-images/issues/12949) and they said we should just + # use different mirrors. Based on https://github.com/CrowdStrike/glide-core/pull/1113 we change Ubuntu's mirror + # priorities from: + # ``` + # http://azure.archive.ubuntu.com/ubuntu priority:0 + # https://archive.ubuntu.com/ubuntu priority:1 + # https://security.ubuntu.com/ubuntu priority:2 + # ``` + # to: + # ``` + # https://archive.ubuntu.com/ubuntu priority:0 + # http://azure.archive.ubuntu.com/ubuntu priority:1 + # https://security.ubuntu.com/ubuntu priority:2 + # ``` + # I also set more strict timeout (10 min; usually it takes 2-3 min but always less then 4 min) for bootstrap to + # alert us on problems. + # Testing: Manual CI run: https://github.com/sagudev/servo/actions/runs/17527791255 +https://github.com/servo/servo/pull/39167 (@TimvdLippe, #39167) Add resource header for mime sniffing (#39167) + # The concept of a "resource header" is not well specced, since it is unclear what a "resource" is. That said, + # it most closely matches a "response" as part of the navigation params. + # With this change, we now delay loading the document until either two things happen: + # 1. We reached the end of the file + # 2. We processed 1445 bytes (as defined by spec) + # We initially store bytes in the resource header and then after loading parse the stored bytes. Any subsequent + # loading will process as before. + # Part of #14024 +https://github.com/servo/servo/pull/39163 (@TimvdLippe, #39163) Disable scripting when sandbox flag is set (#39163) + # While I adding spec comments to the CSP crate, I discovered two issues: + # 1. We should only use the last sandbox value (WPT test added) + # 2. We weren't checking for the scripting sandbox flag in document + # Also, the autoplay test should have allowed scripts to run, otherwise the test doesn't run. Since we weren't + # checking the flag before, the test ran fine for Servo. However, it wouldn't run for other browsers. + # Also realized that an existing test was pointing to a non-existent file (since it doesn't have `.sub`). Updated + # that and confirmed that in other browsers it now properly works (it no longer shows a 404). However, Servo now + # fails that test as we don't fire an load event. + # Part of #913 +https://github.com/servo/servo/pull/39191 (@averyrudelphe@gmail.com, #39191) script: Make set_dictionary_property a safe function (#39191) + # Makes `set_dictionary_property` safe. + # Testing: Changes are internal, this shouldn't affect behavior. + # Fixes: #39128 +>>> 2025-09-09T06:04:01Z +https://github.com/servo/servo/pull/38717 (@sagudev, #38717) webgpu: Simplify presentation and handle cleared in script (#38717) + # There are many important changes here: + # - Generalize the presentation buffer into standalone staging buffers that hold their own state. This allow them + # to be used by getImage. + # - Move all clear handling to the ScriptThread and send the configuration on each request present/getimage, thus + # avoiding any recreate/clearing messages. This means that we prepare staging buffers lazily, on the first request. + # Try run for this change: https://github.com/sagudev/servo/actions/runs/17341982368 + # Testing: This is covered by existing WebGPU CTS tests. There are some bad expectations updates, but they are + # also on main (presumably from last update the rendering work) although I think CTS is actually wrong (see + # https://github.com/gpuweb/cts/issues/4440). + # Fixes: #36820 + # Fixes: #37705 + # Fixes: #33368 (we now keep reference alive in hashmap) +https://github.com/servo/servo/pull/39014 (@stevennovaryo, #39014) layout: Fix Textual `` Vertical Align Style (#39014) + # Reincorporate the styles to help with the vertical alignment of textual `` element that was removed by #38775. Followed + # by adding Servo specific WPTs to help with these kinds of problem. + # Testing: New WPT +https://github.com/servo/servo/pull/39220 (@dependabot[bot], @dependabot[bot], #39220) build(deps): bump indexmap from 2.11.0 to 2.11.1 (#39220) + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=indexmap&package-manager=cargo + # &previous-version=2.11.0&new-version=2.11.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about- + # dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39219 (@dependabot[bot], @dependabot[bot], #39219) build(deps): bump chrono from 0.4.41 to 0.4.42 (#39219) + # Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.41 to 0.4.42. + # Release notes + # Sourced from chrono's releases. + # 0.4.42 + # What's Changed + # Add fuzzer for DateTime::parse_from_str by @​tyler92 in chronotope/chrono#1700 + # Fix wrong amount of micro/milliseconds by @​nmlt in chronotope/chrono#1703 + # Add warning about MappedLocalTime and wasm by @​lutzky in chronotope/chrono#1702 + # Fix incorrect parsing of fixed-length second fractions by @​chris-leach in chronotope/chrono#1705 + # Fix cfgs for wasm32-linux support by @​arjunr2 in chronotope/chrono#1707 + # Fix OpenHarmony's tzdata parsing by @​ldm0 in chronotope/chrono#1679 + # Convert NaiveDate to/from days since unix epoch by @​findepi in chronotope/chrono#1715 + # Add ?Sized bound to related methods of DelayedFormat::write_to by @​Huliiiiii in chronotope/chrono#1721 + # Add from_timestamp_secs method to DateTime by @​jasonaowen in chronotope/chrono#1719 + # Migrate to core::error::Error by @​benbrittain in chronotope/chrono#1704 + # Upgrade to windows-bindgen 0.63 by @​djc in chronotope/chrono#1730 + # strftime: simplify error handling by @​djc in chronotope/chrono#1731 + # Commits + # f3fd15f Bump version to 0.4.42 + # 5cf5603 strftime: add regression test case + # a623170 strftime: simplify error handling + # 36fbfb1 strftime: move specifier handling out of match to reduce rightward drift + # 7f413c3 strftime: yield None early + # 9d5dfe1 strftime: outline constants + # e5f6be7 strftime: move error() method below caller + # d516c27 strftime: merge impl blocks + # 0ee2172 strftime: re-order items to keep impls together + # 757a8b0 Upgrade to windows-bindgen 0.63 + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=chrono&package-manager=cargo&p + # revious-version=0.4.41&new-version=0.4.42)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-de + # pendabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39217 (@dependabot[bot], @dependabot[bot], #39217) build(deps): bump cc from 1.2.35 to 1.2.36 (#39217) + # Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.2.35 to 1.2.36. + # Changelog + # Sourced from cc's changelog. + # 1.2.36 - 2025-09-05 + # Other + # Regenerate windows sys bindings (#1548) + # Update windows-bindgen requirement from 0.62 to 0.63 (#1547) + # Add fn get_ucrt_dir for find-msvc-tools (#1546) + # Regenerate target info (#1544) + # fix publish.yml (#1543) + # Replace periods with underscores as well when parsing env variables (#1541) + # Commits + # c8a378e chore: release (#1542) + # f43595b Regenerate windows sys bindings (#1548) + # 6e1e2c5 Update windows-bindgen requirement from 0.62 to 0.63 (#1547) + # 52bc4eb Add fn get_ucrt_dir for find-msvc-tools (#1546) + # 4d2d2f6 Regenerate target info (#1544) + # 52c54ac ci: fix publish.yml (#1543) + # ee81cbf Replace periods with underscores as well when parsing env variables (#1541) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cc&package-manager=cargo&previ + # ous-version=1.2.35&new-version=1.2.36)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depend + # abot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39218 (@dependabot[bot], @dependabot[bot], #39218) build(deps): bump find-msvc-tools from 0.1.0 to 0.1.1 (#39218) + # Bumps [find-msvc-tools](https://github.com/rust-lang/cc-rs) from 0.1.0 to 0.1.1. + # Release notes + # Sourced from find-msvc-tools's releases. + # find-msvc-tools-v0.1.1 + # Other + # Regenerate windows sys bindings (#1548) + # Add fn get_ucrt_dir for find-msvc-tools (#1546) + # Commits + # c8a378e chore: release (#1542) + # f43595b Regenerate windows sys bindings (#1548) + # 6e1e2c5 Update windows-bindgen requirement from 0.62 to 0.63 (#1547) + # 52bc4eb Add fn get_ucrt_dir for find-msvc-tools (#1546) + # 4d2d2f6 Regenerate target info (#1544) + # 52c54ac ci: fix publish.yml (#1543) + # ee81cbf Replace periods with underscores as well when parsing env variables (#1541) + # 9b4389c chore(cc): release v1.2.35 (#1533) + # 36948ab Fix semver-checks: Add back functino windows_registry::find (#1539) + # 0a1c2a3 ci: fix crates-io trusted publishing in publish.yml (#1538) + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=find-msvc-tools&package-manage + # r=cargo&previous-version=0.1.0&new-version=0.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/a + # bout-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39215 (@simonwuelker, #39215) net: Don't prompt for credentials when 401 response has no `WWW-Authenticate` header (#39215) + # Testing: Includes a new unit test + # Fixes: https://github.com/servo/servo/issues/39214 +https://github.com/servo/servo/pull/39211 (@Loirooriol, #39211) Add test for `resizeTo(-1, -1)` (#39211) + # This test crashes in Servo, and passes on Gecko, Blink and Webkit. + # The crash should be addressed by #39204. +https://github.com/servo/servo/pull/39213 (@simonwuelker, #39213) Seperate freetype face and named instance indices (#39213) + # In servo, each `LocalFontIdentifier` has an `fn index() -> u32`, which returns the index of the font within the font + # file in case it is a font collection (`.ttc` instead of `.ttf`). The way this index is obtained is platform-dependent. + # On systems using `fontconfig`, we get the index by querying `FC_INDEX`: + # https://github.com/servo/servo/blob/d2c78db981a508fab67f01ecb1a4eb90061c2e94/components/fonts/platform/freetype/font_lis + # t.rs#L109-L112 + # There is a sneaky bug here: In addition to the aforementioned face index, the value for `FC_INDEX` contains the + # index of the named instance of the face in the upper 16 bits. This behaviour is completely undocumented, but + # FreeType uses the same format: https://freetype.org/freetype2/docs/reference/ft2-face_creation.html#ft_open_face. + # This wasn't a problem for the longest time, because the only consumer of the `index` value coming from fontconfig was + # FreeType. However, sometime after https://github.com/servo/servo/commit/29e618dcf779c424301c70c15270e8a7cda7aaa0, + # we started also passing it to`read-fonts` . `read-fonts` expects only the face index, causing it to return errors + # as seen in https://github.com/servo/servo/issues/39209. + # The fix is to seperate the two indices when storing them in a `LocalFontDescriptor` and pass only the lower 16 + # bits to `read-fonts`. I'm unsure whether we should continue passing the named instance index to FreeType since we + # don't actually support variable fonts, but I've opted to keep the current behaviour for now. + # Fixes: https://github.com/servo/servo/issues/39209 +https://github.com/servo/servo/pull/39202 (@Narfinger, #39202) Moves to FxHashMap for Allocator, BHM, Canvas, Media, Servo, WebGL and WebGPU (#39202) + # This moves more of HashMap/FnvHashMap to FxHashmap. Again we only changed instances that do not look security + # related and have small keys. + # Additionally, allocator used the fnv feature which did not seem to be used. + # Testing: Unit Tests and WPT should cover this and functionality change is highly unlikely. +https://github.com/servo/servo/pull/39189 (@sagudev, #39189) layout: Convert animated image delays < 10ms into 100 ms delays (#39189) + # Some animated images in the wild have delays <10ms and browsers usually change them into 100ms as such small + # timings are unusual. + # Relevant code in FF: https://searchfox.org/firefox-main/source/image/FrameTimeout.h#35 + # Testing: Manually tested + # Fixes: #39187 +https://github.com/servo/servo/pull/39201 (@coding-joedow, #39201) layout: allow only repaint when css background and border image loaded (#39201) + # This change allows that only new display list is built when css background and border image loaded. + # Testing: This change should not change any behaviors so covered by existing WPT tests. +https://github.com/servo/servo/pull/39205 (@jdm, #39205) script: Replace webcrypto-specific macro with trait abstraction. (#39205) + # The value_from_js_object macro exists to paper over differences between dictionary types that require rooting + # (via `RootedTraceableBox`) and those that do not. However, I need to read the macro source every time I look at + # the code that uses it because I can never remember what it's doing. These changes replace the macro with a trait + # abstraction that is clearer, and should be a code size win as well. + # Testing: Existing WPT tests suffice. +https://github.com/servo/servo/pull/39195 (@averyrudelphe@gmail.com, #39195) script: Add can_gc to WebIDL dictionary constructors (#39195) + # More progress on can_gc! + # Testing: Internal change only, shouldn't change behavior. + # Fixes: #38708 +>>> 2025-09-10T06:03:47Z +https://github.com/servo/servo/pull/39238 (@dependabot[bot], @dependabot[bot], #39238) build(deps): bump aws-lc-rs from 1.13.3 to 1.14.0 (#39238) + # Bumps [aws-lc-rs](https://github.com/aws/aws-lc-rs) from 1.13.3 to 1.14.0. + # Release notes + # Sourced from aws-lc-rs's releases. + # aws-lc-rs v1.14.0 + # What's Changed + # MSRV bumped to 1.70.0 by @​justsmth in aws/aws-lc-rs#822 + # aws-lc-sys v0.31.0 aligned with AWS-LC v1.59.0 by @​justsmth in aws/aws-lc-rs#867 + # Performance improvements for ML-KEM: + # x86-64: aws/aws-lc#2631 + # arm64: aws/aws-lc#2498 + # Support for sign/verify on digests by @​justsmth in aws/aws-lc-rs#826 + # Support for decrypting ANSI X9.23 / ISO 10126-padded AES by @​tstenner in aws/aws-lc-rs#847 + # Support SIV in RandomizedNonceKey by @​justsmth in aws/aws-lc-rs#846 + # Support verification of P256/P384+SHA512 signatures by @​ctz in aws/aws-lc-rs#857 + # RsaSignatureEncoding type is public by @​soundofspace in aws/aws-lc-rs#864 + # ParsedPublicKey for signature operations by @​justsmth in aws/aws-lc-rs#863 + # ParsedPublicKey for agreement operations by @​justsmth in aws/aws-lc-rs#862 + # Build Improvements + # Allow prebuilt-NASM w/ Cmake toolchain by @​justsmth in aws/aws-lc-rs#852 + # Add support for Apple tvOS builds by @​matszczygiel in aws/aws-lc-rs#848 + # Issues Being Resolved + # Feature Request: RandomizedNonceKey for AES-GCM-SIV -- aws/aws-lc-rs#842 + # Add way to pre-parse signature keys (i.e. turn signature::UnparsedPublicKey to PublicKey) -- aws/aws-lc-rs#849 + # Build failed for x86_64-pc-windows-gnu target regardless of AWS_LC_SYS_PREBUILT_NASM=1 -- aws/aws-lc-rs#850 + # Other Merged PRs + # Exclude CI jobs for invalid param combinations by @​justsmth in aws/aws-lc-rs#866 + # Prepare aws-lc-rs v1.14.0 by @​justsmth in aws/aws-lc-rs#876 + # Fix + refactor "ios-simulator-runner.sh" by @​justsmth in aws/aws-lc-rs#868 + # Support CPU Jitter Entropy from upstream RAGDOLL by @​torben-hansen in aws/aws-lc-rs#865 + # Avoid doctests in cross-compile CI by @​justsmth in aws/aws-lc-rs#855 + # Consolidate agreement functions into LcPtr<EVP_PKEY> by @​justsmth in aws/aws-lc-rs#854 + # Fix unexpected +1.70.0 compiler error by @​justsmth in aws/aws-lc-rs#861 + # New Contributors + # @​tstenner made their first contribution in aws/aws-lc-rs#847 + # @​matszczygiel made their first contribution in aws/aws-lc-rs#848 + # Full Changelog: https://github.com/aws/aws-lc-rs/compare/v1.13.3...v1.14.0 + # Commits + # 18bd3cb Prepare aws-lc-rs v1.14.0 (#876) + # 9a2b0cc ParsedPublicKey for agreement (#862) + # f139e68 Allow prebuilt-NASM w/ Cmake toolchain (#852) + # 6aaec4a Fix unexpected +1.70.0 compiler error (#861) + # beef815 ParsedPublicKey for signature (#863) + # 124f674 Expose RsaSignatureEncoding (#864) + # 86de8df Add support for Apple tvOS builds (#848) + # 8e8b957 Fix + refactor "ios-simulator-runner.sh" (#868) + # f012503 Exclude jobs w/ invalid params (#866) + # 2630afa Prepare aws-lc-sys v0.31.0 (#867) + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-lc-rs&package-manager=carg + # o&previous-version=1.13.3&new-version=1.14.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about + # -dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39237 (@dependabot[bot], @dependabot[bot], #39237) build(deps): bump zbus_macros from 5.10.0 to 5.11.0 (#39237) + # Bumps [zbus_macros](https://github.com/dbus2/zbus) from 5.10.0 to 5.11.0. + # Release notes + # Sourced from zbus_macros's releases. + # 🔖 zbus_macros 3.14.0. + # ✨ Allow unicast signals through the dbus_interface. Fixes #374. + # ⬆️ Bump our MSRV. More and more dependencies are requiring Rust 1.64.0, so let's bump our MSRV + # to match. + # 🔥 Drop manual Default impl of PropertyEmitsChangedSignal. After Rust 1.64, we can use the + # derive for this. + # ⏪️ Revert locking of winnow version. We've bumped our MSRV so there is no need for this + # workaround anymore. + # 🎨 Code comments should also adhere to 100 character limit. + # Commits + # edd9a3c Merge pull request #1494 from zeenix/prep-zb-5.11 + # ee3fb1b 🔖 zb,zm: Release 5.11.0 + # 9f85ee4 ✅ zb: Much shorter timeout in method timeout test + # 000039a ♻️ zb: Micro simplification + # dbd853e ⬆️ micro: Update chrono to v0.4.42 (#1493) + # bd4d5c7 Merge pull request #1491 from dbus2/security-policy + # 29825e7 🔒️ Add comprehensive security policy + # e46151c Merge pull request #1477 from sergeyfd/main + # 979f5f9 ✨ zb: API to specify timeouts for method calls + # 442063d ⬆️ micro: Update time to v0.3.43 (#1490) + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zbus_macros&package-manager=ca + # rgo&previous-version=5.10.0&new-version=5.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/abo + # ut-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39193 (@JasonHonKL, @jason@198-61-252-113-on-nets.com, @jdm, #39193) script: Make `root_from_handle_value` a safe function by accepting `SafeJSContext` (#39193) + # Change from unsafe pointer of root_from_handle_value to SafeJSContext. + # #39131 +https://github.com/servo/servo/pull/39231 (@averyrudelphe@gmail.com, #39231) script: Fix building with `webgl_backtrace` feature (#39231) + # I think this is the correct solution? GlobalScope::get_cx() doesn't take a self parameter anymore. + # Testing: WebGL tests should suffice. + # Fixes: #39228 +https://github.com/servo/servo/pull/39204 (@mrobinson, #39204) libservo: Make Servo (and servoshell) more resilient against extreme sizes (#39204) + # Make several changes which should address panics and inconsistent + # behavior around attempts to set extreme sizes: + # 1. Limit the minimum size of the `RenderingContext` to 1 pixel by 1 + # pixel. This should address problems where users of the API try to + # directly set the size to a zero or negative dimension. In addition, + # improve the documentation around `WebView::resize` to mention this. + # 2. Clamp values sent in the `WebViewDelegate::request_resize_to` method + # to be at least 1x1. This prevents Servo from sending nonsense values + # to embedders. Improve documentation in this method. + # 3. In servoshell: + # - More consistently clamp inner and outer window size values. + # - Clamp all resize values to the available screen size, so that + # large screen sizes aren't processed directly. + # Testing: This change fixes an existing WPT and adds two new API tests. + # Fixes: #36763. + # Fixes: #36841. + # Fixes: #39141. +https://github.com/servo/servo/pull/39227 (@simonwuelker, #39227) script: Remove three duplicated log functions from webgl (#39227) + # We have the standard library at our disposal, let's use it. + # Testing: Covered by existing tests +https://github.com/servo/servo/pull/38846 (@abdelrahman1234567, @yezhizhen, #38846) ohos: Adding support for running WPT on OHOS devices using WebDriver (#38846) + # Architecture: + # ``` + # Desktop (Test Controller) OHOS Device (Test Target) + # ┌─────────────────────────┐ + # ┌─────────────────────────┐ + # │ WPT Server (port 8000) │ │ Servo Browser │ + # │ Test Runner Script │---->│ WebDriver Server (7000) │ + # │ HDC Port Forwarding │ │ Test Execution │ + # └─────────────────────────┘ + # └─────────────────────────┘ + # ``` + # After the test is finished, the script will parse the results and print them in a readable format. + # Tried to handle as many errors as possible and find workarounds for each error to ensure the testing can be + # completed, or at least provide comprehensive logs or information to identify exactly where the problem is. Note + # that the used ports are just for testing; you can change them to any other available ports, but make sure that + # the ports are consistent in the script and given commands. + # To run a WPT test on an OHOS device, you need to: + # 1. Connect OHOS device to the desktop via a cable (didn't try any other way of communication) + # 2. Build and deploy servo with the changes in this PR using [servoDemo](https://github.com/jschwe/ServoDemo). You + # can find there the instructions to build and deploy servo to OHOS device. + # 3. While deploying servo to OHOS you need to ensure WebDriver is enabled with the argument --webdriver=7000 + # 4. Ensure OHOS SDK with HDC in PATH + # 5. Start WPT server on the desktop on a different terminal in servo directory: ```bash python -m wpt serve --port + # 8000 ``` + # 6. Update desktop IP in test scripts: + # ```python + # desktop_ip = "192.168.1.100" # Your desktop's IP + # ``` + # You can find your desktop IP with: + # ```bash + # # Windows + # ipconfig | findstr "IPv4" + # # macOS/Linux + # ifconfig | grep "inet " + # ``` + # script can be modified to detect the desktop's IP automatically ... later. + # 7. Run tests using the new mach command: + # ```bash + # ./mach test-ohos-wpt \ + # --test \ + # --webdriver-port 7000 \ + # --wpt-server-port 8000 \ + # --verbose + # ``` + # The script will: + # 1. Set up HDC port forwarding and reverse port forwarding for WPT automatically + # 2. Connect to WebDriver server on the device + # 3. Navigate to the test URL + # 4. Wait for test completion + # 5. Show test results + # Troubleshooting common Issues and Solutions: + # 1. HDC command not found: + # - Install OHOS SDK and add HDC to PATH + # - Verify: `hdc --version` + # 2. Failed to connect to WebDriver: + # - Ensure Servo is running with `--webdriver=7000` argument + # - Check device connection: `hdc list targets` + # - Verify port forwarding: `hdc fport ls` + # - Test WebDriver directly: `curl http://localhost:7000/status` + # 3. Failed to navigate to test URL: + # - Update `desktop_ip` in the script + # - Ensure both devices are on same network or connected via cable + # - Test connectivity: ping from device to desktop + # 4. Test timeouts: + # - Increase timeout in script (default: 30 seconds) + # - Check if test requires specific dependencies + # - Verify WPT server is serving the test file +https://github.com/servo/servo/pull/39166 (@Narfinger, #39166) Replace Hash Algorithm in HashMap/Set with FxHashMap/Set for simple types (#39166) + # FxHash is faster than FnvHash and SipHash for simple types up to at least 64 bytes. The cryptographic guarantees + # are not needed for any types changed here because they are simple ids. + # This changes the types in script and net crates. + # In a future PR we will change the remaining Fnv to be also Fx unless there is a reason to keep them as Fnv. + # Testing: Should not change functionality but unit test and wpt will find it. +https://github.com/servo/servo/pull/39210 (@sagudev, @mrobinson, #39210) script: Document need for always sending an image update to compositor (#39210) + # I hit this many times while working on #38717 + # Testing: Not needed because we just update the docs +https://github.com/servo/servo/pull/39223 (@averyrudelphe@gmail.com, #39223) script: Propagate CanGc argument through DictionaryFromJSVal trait (#39223) + # Testing: Internal changes only, shouldn't change behaviour. + # Fixes: #39206 +>>> 2025-09-11T06:04:19Z +https://github.com/servo/servo/pull/39246 (@simonwuelker, #39246) net: Add spec comments to "cors_preflight_fetch" (#39246) + # I added these comments while debugging `cors/request-headers.htm`. Ultimately the bug turned out to be outside of + # servo, so we have to wait for https://github.com/hyperium/headers/pull/219. + # Since that PR might take a while to merge I'd like to add these on their own. +https://github.com/servo/servo/pull/39247 (@simonwuelker, #39247) script: Set validation anchor to target element in `ElementInternals::SetValidity` when anchor is not given (#39247) + # Testing: Covered by existing web platform tests +https://github.com/servo/servo/pull/39250 (@dependabot[bot], @dependabot[bot], #39250) build(deps): bump errno from 0.3.13 to 0.3.14 (#39250) + # Bumps [errno](https://github.com/lambda-fairy/rust-errno) from 0.3.13 to 0.3.14. + # Changelog + # Sourced from errno's changelog. + # [0.3.14] - 2025-09-08 + # Update windows-sys requirement from >=0.52, <=0.59 to >=0.52, <0.62 + # #117 + # Commits + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=errno&package-manager=cargo&pr + # evious-version=0.3.13&new-version=0.3.14)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dep + # endabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39249 (@dependabot[bot], @dependabot[bot], #39249) build(deps): bump unicode-ident from 1.0.18 to 1.0.19 (#39249) + # Bumps [unicode-ident](https://github.com/dtolnay/unicode-ident) from 1.0.18 to 1.0.19. + # Release notes + # Sourced from unicode-ident's releases. + # 1.0.19 + # Update to Unicode 17.0.0 (#37) + # Commits + # dc018bf Release 1.0.19 + # 9dce213 Merge pull request #37 from dtolnay/unicode17.0.0 + # 17da3fe Force latest=17.0.0 in CI + # acbaf6a Update to Unicode 17.0.0 + # e4cceed Merge pull request #36 from dtolnay/ucdgenerate + # f871463 Regenerate comparison tests with ucd-generate 0.3.1 + # ff8590b Merge pull request #35 from dtolnay/latest + # 6a07437 Update UCD.zip download URL + # 83d3bdf Update actions/checkout@v4 -> v5 + # be16148 Make .gitattributes match only paths from repo root + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=unicode-ident&package-manager= + # cargo&previous-version=1.0.18&new-version=1.0.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/a + # bout-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39248 (@dependabot[bot], @dependabot[bot], #39248) build(deps): bump color from 0.3.1 to 0.3.2 (#39248) + # Bumps [color](https://github.com/linebender/color) from 0.3.1 to 0.3.2. + # Release notes + # Sourced from color's releases. + # v0.3.2 + # Crates.io | Docs + # This release has an MSRV of 1.82. + # Added + # Add interpolate_unpremultiplied and gradient_unpremultiplied for interpolating in unpremultiplied (straight) + # alpha space. + # While such interpolation will often give perceptually undesired results, this allows using Color to implement + # rendering features where such interpolation is specified, like in the HTML Canvas element. (#185 by @​sagudev) + # Changed + # Specify XYZ-D65 color space conversion matrices as exact rationals. (#171 by @​tomcur) + # Improve documentation of AlphaColor vs PremulColor to clarify alpha premultiplication, and make both types more + # discoverable from each other. (#190 by @​tomcur) + # New Contributors + # @​ProgramCrafter made their first contribution in linebender/color#186 + # @​sagudev made their first contribution in linebender/color#191 + # Full Changelog: https://github.com/linebender/color/compare/v0.3.1...v0.3.2 + # Changelog + # Sourced from color's changelog. + # [0.3.2][] (2025-09-10) + # This release has an [MSRV][] of 1.82. + # Added + # Add interpolate_unpremultiplied and gradient_unpremultiplied for interpolating in unpremultiplied (straight) + # alpha space. + # While such interpolation will often give perceptually undesired results, this allows using Color to implement + # rendering features where such interpolation is specified, like in the HTML Canvas element. (#185[] by [@​sagudev][]) + # Changed + # Specify XYZ-D65 color space conversion matrices as exact rationals. (#171[] by [@​tomcur][]) + # Improve documentation of AlphaColor vs PremulColor to clarify alpha premultiplication, and make both types more + # discoverable from each other. (#190[] by [@​tomcur][]) + # Commits + # 82ffed8 Release 0.3.2 (#198) + # b92ec29 Bump dependencies for release (#194) + # d529b4f Use stronger wording in unpremultiplied interpolation changelog entry (#195) + # 36f7e0f (Temporarily) disable Miri's float randomization (#196) + # 6a61376 Bump dependencies for release (#193) + # 4c16a60 Better document AlphaColor vs PremulColor premultiplication (#190) + # c52903f Specify XYZ-D65<->sRGB conversion as exact rationals (#171) + # e630049 More to_degrees (#188) + # 1b9af98 Support interpolating in unpremultiplied (straight) alpha space (#191) + # aee3b0d Test interpolation of transparent colors (#187) + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=color&package-manager=cargo&pr + # evious-version=0.3.1&new-version=0.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depen + # dabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/36530 (@webbeef, #36530) Enable the zstd decoder (#36530) + # Uses the `zstd` support from `async-compression` to support zstd Content-Encoding. + # Testing: Covered by wpt tests. +https://github.com/servo/servo/pull/39233 (@Narfinger, #39233) Removed FnvHash and transformed the rest to FxHashmap (#39233) + # This should be the final PR for the Hash Function series that is trivial. + # Of note: I decided to transform `HashMapTracedValues` to use FxBuildHasher. This is likely not going to improve + # performance as Atom's already have a unique u32 that is used as the Hash but it safes a few bytes for the RandomState + # that is normally in the HashMap. + # Signed-off-by: Narfinger + # Testing: Hash function changes should not change functionality, we slightly decrease the size and unit tests + # still work. +https://github.com/servo/servo/pull/39241 (@yezhizhen, #39241) webdriver: Focus WebView asynchronously (#39241) + # #38160 added a webdriver-specific API to support waiting on focus operations to complete. Later, #38243 added a + # unique id to track each focus operation. + # Back then we wait on focusing webview in webdriver hoping to improve stability, but it does not matter as it turns + # out later. #39086 also focuses browsing context asynchronously. + # This PR would make webdriver's focusing-webview behaviour same as human interaction. + # Testing: + # [Before 1](https://github.com/yezhizhen/servo/actions/runs/17598288280), + # [Before 2](https://github.com/yezhizhen/servo/actions/runs/17598289360), [Before + # 3](https://github.com/yezhizhen/servo/actions/runs/17598290532) + # [After 1](https://github.com/yezhizhen/servo/actions/runs/17598282988), + # [After 2](https://github.com/yezhizhen/servo/actions/runs/17598280603), [After + # 3](https://github.com/yezhizhen/servo/actions/runs/17589228530) +https://github.com/servo/servo/pull/39235 (@Loirooriol, #39235) layout: Set baseline even if line box has no fragment (#39235) + # `InlineFormattingContextLayout::finish_current_line_and_reset()` has an early return in case the line has no + # fragment. However, if the line only has a forced line break, then we still need to set the baseline. + # Testing: Adding new test. +>>> 2025-09-12T06:13:30Z +https://github.com/servo/servo/pull/39229 (@Loirooriol, #39229) layout: Add style to `ConstraintSpace` and `IndefiniteContainingBlock` (#39229) + # They only had the writing mode, now they will have the entire computed style. + # This is needed for #39230. + # Testing: Not needed, no behavior change +https://github.com/servo/servo/pull/39207 (@shubhamg13, #39207) fixup: Enable viewport tag support for mobile platforms only (#39207) + # 1. Adds a pref viewport_meta_enabled. + # 2. Enable pref for mobile platforms. + # Testing: Tested Manually + # Fixes: #39157 + # Fixes: #39002 +https://github.com/servo/servo/pull/39262 (@atouchet, #39262) cargo: Update packages that depend on windows-sys 0.60 (#39262) + # Update some dependencies that were being held back due to windows dependency updates. + # Testing: No tests for dependency updates. +https://github.com/servo/servo/pull/39252 (@arihant2math@gmail.com, #39252) Invalid return type for key conversion (#39252) + # `convert_value_to_key` returns a `ConversionResult` now, so keys can be considered "Invalid" rather than throwing + # an exception. + # Testing: WPT + # Unblocks: #38288 +https://github.com/servo/servo/pull/38752 (@Narfinger, @jdm, #38752) Combine some access to the thread local variable for script thread. (#38752) + # This combines some access to the thread local variable for script + # thread. + # - We introduce a new UserInteractingScriptGuard which on drop handles + # the resetting of was_interacting to the previous value. Sometimes + # throughout the code `ScriptThread::is_user_interacting` was reset to the + # previous value while sometimes just set to false. This should + # remove this footgun. + # - This also reduces the amount of thread local access for MutationObservers and task queue. + # Testing: WPT tests should cover this. + # Fixes: This addresses part of https://github.com/servo/servo/issues/37969 but there is probably still stuff to be done. +https://github.com/servo/servo/pull/39234 (@kkoyung, @jdm, #39234) script: Unwrap imported key in JWK format after normalizing (#39234) + # In our current implementation, the `importKey` method and `unwrapKey` method of `SubtleCrypto` interface unwrap + # JsonWebKey before running the normalized algorithms. Therefore, all cryptography algorithms share the same unwrapping + # mechanism. Our current unwrapping mechanism is not compatible with some cryptography algorithms, which we have + # not yet implemented such as Ed25519. + # Following the WebCrypto API spec, this patch moves the JsonWebKey unwrapping mechanism to normalized algorithms + # so that each cryptography algorithm can unwrap JsonWebKey in its own way. + # This does not introduce behavioral changes, but makes implementing the unwrap operation for new cryptography + # algorithms easier in the future. + # Remark: Step 8 and 13 of `SubtleCrypto::ImportKey` require the crypto task source in the script task manager, + # but we don't have it yet. So, they're marked as TODO. + # Testing: Existing tests should suffice. +https://github.com/servo/servo/pull/38738 (@arihant2math@gmail.com, #38738) script: Ensure autoincrement and keypath are passed in correctly from IDBTransaction (#38738) + # Previously, the correct autoincremented and keypath parameters were only being passed if the object store is being + # created. This PR queries this info from the backend and passes it onto the constructor in IDBTransaction. Furthermore + # it exposes keypath and index_names from IDBObjectStore, mainly for WPT. + # Testing: WPT + # Fixes: None +https://github.com/servo/servo/pull/39239 (@dependabot[bot], @dependabot[bot], @yezhizhen, #39239) build(deps): bump zbus from 5.9.0 to 5.11.0 (#39239) + # Bumps [zbus](https://github.com/dbus2/zbus) from 5.9.0 to 5.11.0. + # Release notes + # Sourced from zbus's releases. + # 🔖 zbus 5.11.0 + # ✨ API to specify timeouts for method calls. Add a way to specify an timeout for method calls. If + # set, the method calls will timeout after the specified duration, returning an error. This can be + # used to handle the issues with non-answering D-Bus services. + # 🩹 Add connection::socket::Split::new method, allowing Socket trait impls outside zbus. + # 📝 Mention receive_X_changes in proxy docs. + # 🔖 zbus 5.10.0 + # ✨ Property stream will now first yield the current value. + # 🐛 Fall back to no groups rather than erroring out for peer creds. + # 📝 Fix wrong documentation in blocking Proxy methods. + # Commits + # edd9a3c Merge pull request #1494 from zeenix/prep-zb-5.11 + # ee3fb1b 🔖 zb,zm: Release 5.11.0 + # 9f85ee4 ✅ zb: Much shorter timeout in method timeout test + # 000039a ♻️ zb: Micro simplification + # dbd853e ⬆️ micro: Update chrono to v0.4.42 (#1493) + # bd4d5c7 Merge pull request #1491 from dbus2/security-policy + # 29825e7 🔒️ Add comprehensive security policy + # e46151c Merge pull request #1477 from sergeyfd/main + # 979f5f9 ✨ zb: API to specify timeouts for method calls + # 442063d ⬆️ micro: Update time to v0.3.43 (#1490) + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zbus&package-manager=cargo&pre + # vious-version=5.9.0&new-version=5.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depen + # dabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +>>> 2025-09-13T06:02:13Z +https://github.com/servo/servo/pull/39263 (@TimvdLippe, #39263) Add trusted type checks for eval arguments (#39263) + # Also bumps mozjs to the latest version that has support for `GStackVector` which is what this callback uses. + # Part of #36258 + # Fixes #38877 +https://github.com/servo/servo/pull/39275 (@Narfinger, #39275) Move signals_slots to ScriptMutationObservers (#39275) + # Both places where we access signals_slots already have a reference to ScriptMutationObserver. This saves us another + # access to with_script_thread. + # Testing: This does not change functionality. + # Fixes: Part of addressing: https://github.com/servo/servo/issues/37969 +https://github.com/servo/servo/pull/39080 (@kkoyung, #39080) indexeddb: Implement `openCursor` and `openKeyCursor` for object store (#39080) + # Continue on implementing indexeddb's cursor. + # This patch focuses on implementing the `openCursor` [1] and `openKeyCursor` [2] methods of the `IDBObjectStore` + # interface, which create and initialize cursors by running the iterate-a-cursor algorithm [3]. + # It also adds struct `IndexedDBRecord` to `components/shared/net/indexeddb_thread.rs`. This struct can later be + # used to implement the new `IDBRecord` interface [4]. + # [1] https://www.w3.org/TR/IndexedDB-2/#dom-idbobjectstore-opencursor + # [2] https://www.w3.org/TR/IndexedDB-2/#dom-idbobjectstore-openkeycursor + # [3] https://www.w3.org/TR/IndexedDB-2/#iterate-a-cursor + # [4] https://w3c.github.io/IndexedDB/#record-interface + # Testing: Pass WPT tests that were expected to fail. + # Fixes: Part of #38111 +https://github.com/servo/servo/pull/39265 (@yezhizhen, #39265) webdriver: Add `ScrollBehavior::Instant` for `scroll_into_view` (#39265) + # There is a recent spec change which adds instant as default scroll behaviour: + # https://github.com/w3c/webdriver/pull/1924. This PR reflects the change. + # Testing: No behaviour change as `ScrollBehavior` is ignored right now. +https://github.com/servo/servo/pull/39255 (@kkoyung, #39255) script: Check if IndexedDB key path is ECMAScript identifier name (#39255) + # From IndexedDB spec, when we check whether a key path is valid, we have to check whether it is an ECMAScript + # identifier name. We have not yet implemented this logic, and always return true. + # This patch uses the function `js::rust::wrappers::JS_IsIdentifier` to achieve this checking. + # Testing: Pass WPT tests that were expected to fail. + # Fixes: #25324 +https://github.com/servo/servo/pull/39271 (@delan, #39271) ci: Stop using `python3 ./mach` (#39271) + # this way of invoking mach is incorrect now that we use uv, and it will prevent us from running bencher builds on + # self-hosted runners (#39269), where the system Python is too old (3.10 vs 3.11). + # Testing: + # - mach try bencher + # Fixes: part of #39269 +https://github.com/servo/servo/pull/39268 (@delan, #39268) ci: Make runner timeout jobs conditional, not the steps (#39268) + # #38503 converted the self-hosted runner timeout from a [reusable + # workflow](https://docs.github.com/en/actions/concepts/workflows-and-actions/reusable-workflows) to a + # [composite action](https://docs.github.com/en/actions/tutorials/create-actions/create-a-composite-action), + # but in doing so, it changed from having a conditional job to having a conditional step. [This Update Broke My + # Workflow](https://xkcd.com/1172/), because i enjoyed being able to tell if a job ended up being GitHub-hosted + # or not by seeing if its timeout job was skipped, rather than having to click on the workload job then wait then + # scroll up then click “Set up job”. + # this patch fixes that by making the job conditional. + # Testing: + # - self-hosted + # - GitHub-hosted + # Fixes: #39192 +https://github.com/servo/servo/pull/38783 (@rodion.borovyk@gmail.com, #38783) constellation: Use one image cache thread pool in the single-process mode (#38783) + # Previously, each ScriptThread was creating a new image cache with a separate thread pool. These changes add an + # image cache to the constellation and create new image caches by calling the `create_new_image_cache` method. It + # reuses the original image cache's thread pool and reduces the number of spawned threads in the single-process mode. + # Testing: Tested manually, using `ps -M` to see the number of spawned threads with multiple tabs open in servoshell + # before and after these changes. + # Fixes: #37770 +https://github.com/servo/servo/pull/39266 (@yezhizhen, #39266) CODEOWNERS: Add yezhizhen for WebDriver components (#39266) + # So that I can get notified and GitHub won't wildcard other reviewers. + # Testing: No. +https://github.com/servo/servo/pull/39267 (@atbrakhi, @delan, #39267) ci: Reland run devtools tests whenever we run unit tests from #38614 (#39267) + # This patch updates `linux.yml`, `mac.yml`, and `windows.yml` to run the devtools test suite + # (https://github.com/servo/servo/issues/36325). + # Testing: this patch effectively adds all devtools tests to CI + # Fixes: https://github.com/servo/servo/issues/36325 +https://github.com/servo/servo/pull/39260 (@tharkum, #39260) html: Ignore a parse error on 'srcset' attribute parsing (#39260) + # Parsing the 'srcset' attribute of an image element may result in a parse error + # indicating a non-fatal mismatch between the input and the requirements. + # https://html.spec.whatwg.org/multipage/#concept-microsyntax-parse-error + # https://html.spec.whatwg.org/multipage/#parse-a-srcset-attribute + # This error should not be a reason to stop parsing and may be used by the user agent to signal a syntax error. + # Other browsers generally ignore this error, and we do the same. + # Testing: Improvements in the following tests + # - html/semantics/embedded-content/the-img-element/srcset/parse-a-srcset-attribute.html +https://github.com/servo/servo/pull/38508 (@Kenzie.Raditya.Tirtarahardja@huawei.com, #38508) webdriver: Support "scroll into view" for commands (#38508) + # Implement scroll into view steps for all WebDriver command that requires it (element click, element send keys, + # element clear, and take element screenshot). + # Testing: `element_send_keys/scroll_into_view.py`, `element_click/scroll_into_view.py`, `element_clear/clear.py` +>>> 2025-09-14T06:06:16Z +https://github.com/servo/servo/pull/39016 (@wusyong, #39016) chore: update wgpu to v26 (#39016) + # Vello has updated to wgpu v26 recently. It might be a good time for servo to update as well. This PR should wait + # for #39015 and #38717 + # Testing: WebGPU CTS + # Fixes: None +https://github.com/servo/servo/pull/39289 (@integral@member.fsf.org, #39289) servoshell: Add `ParseResolutionError` to parse elegantly (#39289) + # When passing an invalid resolution string (such as `1x1x1`) to the `--screen-size` or `--window-size` argument, + # Servo starts without any error. Additionally, if the width or height is set to 0, Servo crashes with a SIGSEGV + # (Address boundary error). + # This patch addresses the following issue by several changes: + # 1. Introduce a custom error type ParseResolutionError. + # 2. Replace the `split()` method with `split_once()`. + # 3. Make the capital 'X' an acceptable separator. + # 4. Add a check to prevent crashes when width or height is set to 0. +https://github.com/servo/servo/pull/39293 (@servo-wpt-sync, #39293) Sync WPT with upstream (14-09-2025) (#39293) + # Automated downstream sync of changes from upstream as of 14-09-2025 + # [no-wpt-sync] +https://github.com/servo/servo/pull/39283 (@TimvdLippe, #39283) Add spec steps and comments for fetch abort steps (#39283) + # While trying to figure out what the status of this implementation was, I added steps and comments to + # see what we are missing. Also updated some links, + # since I couldn't find an implementation of + # `window.fetch`, since the spec URL was pointing + # to the chapter instead of the algorithm. + # Part of #34866 +https://github.com/servo/servo/pull/39281 (@TimvdLippe, #39281) Remove the `dom_trusted_types_enabled` preference (#39281) + # Everything related to Trusted Types has been implemented. Failing WPT tests are related to other features such as + # SVG scripts. + # Fixes #36258 +https://github.com/servo/servo/pull/39282 (@TimvdLippe, #39282) Enable abort controller preference for fetch/api/abort (#39282) + # This sets a baseline of tests for fetch-related implementation of AbortController. + # Part of #34866 +https://github.com/servo/servo/pull/39230 (@Loirooriol, #39230) layout: Take `text-indent` into account in min/max-content inline sizes (#39230) + # The min-content and max-content inline sizes of an inline formatting contentext need to take `text-indent` into + # account. Note it can be set to a negative amount, so the `ContentSizesComputation` logic needs some tweaks to + # handle it well. + # Testing: Fixes various WPT tests +>>> 2025-09-15T06:30:03Z +https://github.com/servo/servo/pull/39270 (@delan, #39270) ci: Convert runner select to composite action (#39270) + # to run bencher builds on self-hosted runners (#39269), we will need to do a self-hosted runner select, but that would + # exceed the workflow call depth limit (try → dispatch-workflow → linux → bencher → self-hosted-runner-select). + # this patch converts the self-hosted runner select from a [reusable + # workflow](https://docs.github.com/en/actions/concepts/workflows-and-actions/reusable-workflows) to a [composite + # action](https://docs.github.com/en/actions/tutorials/create-actions/create-a-composite-action), much like #38503 + # did for the runner timeout. + # Testing: + # - self-hosted + # - GitHub-hosted + # Fixes: part of #39269 +https://github.com/servo/servo/pull/39301 (@dependabot[bot], @dependabot[bot], #39301) build(deps): bump serde from 1.0.219 to 1.0.223 (#39301) + # Bumps [serde](https://github.com/serde-rs/serde) from 1.0.219 to 1.0.223. + # Release notes + # Sourced from serde's releases. + # v1.0.223 + # Fix serde_core documentation links (#2978) + # v1.0.222 + # Make serialize_with attribute produce code that works if respanned to 2024 edition (#2950, thanks @​aytey) + # v1.0.221 + # Documentation improvements (#2973) + # Deprecate serde_if_integer128! macro (#2975) + # v1.0.220 + # Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: + # https://docs.rs/serde_core (#2608, thanks @​osiewicz) + # Commits + # 6c316d7 Release 1.0.223 + # a4ac0c2 Merge pull request #2978 from dtolnay/htmlrooturl + # ed76364 Change serde_core's html_root_url to docs.rs/serde_core + # 57e21a1 Release 1.0.222 + # bb58726 Merge pull request #2950 from aytey/fix_lifetime_issue_2024 + # 3f69251 Delete unneeded field of MapDeserializer + # fd4decf Merge pull request #2976 from dtolnay/content + # 00b1b6b Move Content's Deserialize impl from serde_core to serde + # cf141aa Move Content's Clone impl from serde_core to serde + # ff3aee4 Release 1.0.221 + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde&package-manager=cargo&pr + # evious-version=1.0.219&new-version=1.0.223)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-d + # ependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39300 (@dependabot[bot], @dependabot[bot], #39300) build(deps): bump polling from 3.10.0 to 3.11.0 (#39300) + # Bumps [polling](https://github.com/smol-rs/polling) from 3.10.0 to 3.11.0. + # Release notes + # Sourced from polling's releases. + # v3.11.0 + # Bump MSRV to 1.71. (#251) + # Update to windows-sys v0.61. (#251) + # Changelog + # Sourced from polling's changelog. + # Version 3.11.0 + # Bump MSRV to 1.71. (#251) + # Update to windows-sys v0.61. (#251) + # Commits + # f404d08 Release 3.11.0 + # f081cc7 Update windows-sys requirement from 0.60 to 0.61 (#251) + # dbb8b19 m: Fix new 1.70 clippy warning + # d6191fd m: Don't re-implement OnceLock in AFD backend + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=polling&package-manager=cargo& + # previous-version=3.10.0&new-version=3.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-d + # ependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39304 (@dependabot[bot], @dependabot[bot], #39304) build(deps): bump async-io from 2.5.0 to 2.6.0 (#39304) + # Bumps [async-io](https://github.com/smol-rs/async-io) from 2.5.0 to 2.6.0. + # Release notes + # Sourced from async-io's releases. + # v2.6.0 + # Bump MSRV to 1.71. (#243) + # Expose Timer::clear. (#239) + # Implement IoSafe for std::io::PipeReader and std::io::PipeWriter (#237) + # Update to windows-sys v0.61. (#243) + # Remove dependency on async_lock. (#240) + # Changelog + # Sourced from async-io's changelog. + # Version 2.6.0 + # Bump MSRV to 1.71. (#243) + # Expose Timer::clear. (#239) + # Implement IoSafe for std::io::PipeReader and std::io::PipeWriter (#237) + # Update to windows-sys v0.61. (#243) + # Remove dependency on async_lock. (#240) + # Commits + # 576b470 Release 2.6.0 + # aabee96 Update windows-sys requirement from 0.60 to 0.61 (#243) + # db95d91 Add doc aliases sleep and timeout to Timer (#242) + # 25e8610 Use std::future::poll_fn instead of futures_lite::future::poll_fn + # 714aecc Use std::pin::pin instead of futures_lite::pin + # 5112ed7 Use std::task::ready instead of futures_lite::ready + # bac7eac Use std::sync::OnceLock instead of async_lock::OnceCell + # 12b4f2e Bump MSRV to 1.70 + # d1c6738 Make Timer::clear public + # be049a8 impl IoSafe for std::io::PipeReader & std::io::PipeWriter (#237) + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=async-io&package-manager=cargo + # &previous-version=2.5.0&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-de + # pendabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39303 (@dependabot[bot], @dependabot[bot], #39303) build(deps): bump rustls-webpki from 0.103.4 to 0.103.5 (#39303) + # Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.103.4 to 0.103.5. + # Release notes + # Sourced from rustls-webpki's releases. + # 0.103.5 + # New feature: support verification of P256+SHA512 and P384-SHA512 ECDSA signatures with aws-lc-rs. This is not a + # recommended combination, but such signatures exist in the wild. + # What's Changed + # Leverage extended API from rcgen 0.14.2 by @​djc in rustls/webpki#366 + # Update semver-compatible dependencies by @​djc in rustls/webpki#369 + # ci: take updated nightly for cargo-check-external-types by @​cpu in rustls/webpki#370 + # build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in rustls/webpki#371 + # build(deps): bump serde_json from 1.0.142 to 1.0.143 in the crates-io group by @​dependabot[bot] in rustls/webpki#374 + # Clarify docs on Cert methods by @​ctz in rustls/webpki#375 + # Extract trait for ExtendedKeyUsage validation by @​djc in rustls/webpki#376 + # build(deps): bump actions/setup-python from 5 to 6 by @​dependabot[bot] in rustls/webpki#378 + # 0.103.5: support P256+SHA512 and P384+SHA512 by @​ctz in rustls/webpki#379 + # Full Changelog: https://github.com/rustls/webpki/compare/v/0.103.4...v/0.103.5 + # Commits + # 064a68b Prepare 0.103.5 + # f6fbb2a Support P256+SHA512 and P384+SHA512 + # 41cc1fc Take aws-lc-rs 1.14.0 + # ac0500d build(deps): bump actions/setup-python from 5 to 6 + # 57fa975 Extract trait for ExtendedKeyUsage validation + # 6700208 Move ExtendedKeyUsage::check() to KeyUsage + # 260cb69 Extract KeyPurposeId iteration from ExtendedKeyUsage::check() + # 3ed145a Simplify KeyPurposeId comparison + # b20354a Clarify docs on Cert methods + # 0616ac9 build(deps): bump serde_json in the crates-io group + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rustls-webpki&package-manager= + # cargo&previous-version=0.103.4&new-version=0.103.5)](https://docs.github.com/en/github/managing-security-vulnerabilities + # /about-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39302 (@dependabot[bot], @dependabot[bot], #39302) build(deps): bump libredox from 0.1.9 to 0.1.10 (#39302) + # Bumps libredox from 0.1.9 to 0.1.10. + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=libredox&package-manager=cargo + # &previous-version=0.1.9&new-version=0.1.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-d + # ependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39299 (@dependabot[bot], @dependabot[bot], #39299) build(deps): bump iana-time-zone from 0.1.63 to 0.1.64 (#39299) + # Bumps [iana-time-zone](https://github.com/strawlab/iana-time-zone) from 0.1.63 to 0.1.64. + # Changelog + # Sourced from iana-time-zone's changelog. + # [0.1.64] - 2025-09-12 + # Changed + # Bump windows-core to 0.56-0.62 range (#177 + # Commits + # 2a3665e Bump version number to 0.1.64 + # d4ea1ec Merge pull request #177 from git-staus/main + # 7629338 Bump the windows-core version + # fc6ed13 Merge pull request #175 from strawlab/dependabot/github_actions/actions/setup... + # c4d1a1e Bump actions/setup-node from 4 to 5 + # 165d4f1 Bump actions/checkout from 4 to 5 + # 0e0a0d0 Merge pull request #169 from strawlab/dependabot/github_actions/astral-sh/set... + # 44f371e Bump astral-sh/setup-uv from 5 to 6 + # 6d3fe92 clippy fix (#168) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=iana-time-zone&package-manager + # =cargo&previous-version=0.1.63&new-version=0.1.64)](https://docs.github.com/en/github/managing-security-vulnerabilities/ + # about-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39298 (@dependabot[bot], @dependabot[bot], #39298) build(deps): bump the egui-related group with 7 updates (#39298) + # Bumps the egui-related group with 7 updates: + # | Package | From | To | + # | --- | --- | --- | + # | [egui](https://github.com/emilk/egui) | `0.32.2` | `0.32.3` | + # | [egui-winit](https://github.com/emilk/egui) | `0.32.2` | `0.32.3` | + # | [egui_glow](https://github.com/emilk/egui) | `0.32.2` | `0.32.3` | + # | [ecolor](https://github.com/emilk/egui) | `0.32.2` | `0.32.3` | + # | [emath](https://github.com/emilk/egui) | `0.32.2` | `0.32.3` | + # | [epaint](https://github.com/emilk/egui) | `0.32.2` | `0.32.3` | + # | [epaint_default_fonts](https://github.com/emilk/egui) | `0.32.2` | `0.32.3` | + # Updates `egui` from 0.32.2 to 0.32.3 + # Release notes + # Sourced from egui's releases. + # 0.32.3 - Fix tooltips for ellided text + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # egui + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Optimize Mesh::add_rect_with_uv #7511 by @​valadaptive + # egui_extras + # Fix deadlock in FileLoader and EhttpLoader #7515 by @​emilk + # Changelog + # Sourced from egui's changelog. + # 0.32.3 - 2025-09-12 + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Commits + # af96e03 Bumb version numbers to 0.23.3 + # b082881 Add snapshot test image that somehow got lost + # a31e4f5 Add changelog + # 53944fa cargo fmt + # 0ebdb48 Optimize Mesh::add_rect_with_uv (#7511) + # b9b860a Fix TextEdit's in RTL layouts (#5547) + # d3e4a04 Reset wrapping in label tooltip (#7535) + # 5628fe9 Preserve text format in truncated label tooltip (#7514) + # 995b6a6 Improve deadlock detection output (#7515) + # See full diff in compare view + # Updates `egui-winit` from 0.32.2 to 0.32.3 + # Release notes + # Sourced from egui-winit's releases. + # 0.32.3 - Fix tooltips for ellided text + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # egui + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Optimize Mesh::add_rect_with_uv #7511 by @​valadaptive + # egui_extras + # Fix deadlock in FileLoader and EhttpLoader #7515 by @​emilk + # Changelog + # Sourced from egui-winit's changelog. + # 0.32.3 - 2025-09-12 + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Commits + # a31e4f5 Add changelog + # 53944fa cargo fmt + # 0ebdb48 Optimize Mesh::add_rect_with_uv (#7511) + # b9b860a Fix TextEdit's in RTL layouts (#5547) + # d3e4a04 Reset wrapping in label tooltip (#7535) + # 5628fe9 Preserve text format in truncated label tooltip (#7514) + # 995b6a6 Improve deadlock detection output (#7515) + # See full diff in compare view + # Updates `egui_glow` from 0.32.2 to 0.32.3 + # Release notes + # Sourced from egui_glow's releases. + # 0.32.3 - Fix tooltips for ellided text + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # egui + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Optimize Mesh::add_rect_with_uv #7511 by @​valadaptive + # egui_extras + # Fix deadlock in FileLoader and EhttpLoader #7515 by @​emilk + # Changelog + # Sourced from egui_glow's changelog. + # 0.32.3 - 2025-09-12 + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Commits + # a31e4f5 Add changelog + # 53944fa cargo fmt + # 0ebdb48 Optimize Mesh::add_rect_with_uv (#7511) + # b9b860a Fix TextEdit's in RTL layouts (#5547) + # d3e4a04 Reset wrapping in label tooltip (#7535) + # 5628fe9 Preserve text format in truncated label tooltip (#7514) + # 995b6a6 Improve deadlock detection output (#7515) + # See full diff in compare view + # Updates `ecolor` from 0.32.2 to 0.32.3 + # Release notes + # Sourced from ecolor's releases. + # 0.32.3 - Fix tooltips for ellided text + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # egui + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Optimize Mesh::add_rect_with_uv #7511 by @​valadaptive + # egui_extras + # Fix deadlock in FileLoader and EhttpLoader #7515 by @​emilk + # Changelog + # Sourced from ecolor's changelog. + # 0.32.3 - 2025-09-12 + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Commits + # af96e03 Bumb version numbers to 0.23.3 + # b082881 Add snapshot test image that somehow got lost + # a31e4f5 Add changelog + # 53944fa cargo fmt + # 0ebdb48 Optimize Mesh::add_rect_with_uv (#7511) + # b9b860a Fix TextEdit's in RTL layouts (#5547) + # d3e4a04 Reset wrapping in label tooltip (#7535) + # 5628fe9 Preserve text format in truncated label tooltip (#7514) + # 995b6a6 Improve deadlock detection output (#7515) + # See full diff in compare view + # Updates `emath` from 0.32.2 to 0.32.3 + # Release notes + # Sourced from emath's releases. + # 0.32.3 - Fix tooltips for ellided text + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # egui + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Optimize Mesh::add_rect_with_uv #7511 by @​valadaptive + # egui_extras + # Fix deadlock in FileLoader and EhttpLoader #7515 by @​emilk + # Changelog + # Sourced from emath's changelog. + # 0.32.3 - 2025-09-12 + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Commits + # a31e4f5 Add changelog + # 53944fa cargo fmt + # 0ebdb48 Optimize Mesh::add_rect_with_uv (#7511) + # b9b860a Fix TextEdit's in RTL layouts (#5547) + # d3e4a04 Reset wrapping in label tooltip (#7535) + # 5628fe9 Preserve text format in truncated label tooltip (#7514) + # 995b6a6 Improve deadlock detection output (#7515) + # See full diff in compare view + # Updates `epaint` from 0.32.2 to 0.32.3 + # Release notes + # Sourced from epaint's releases. + # 0.32.3 - Fix tooltips for ellided text + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # egui + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Optimize Mesh::add_rect_with_uv #7511 by @​valadaptive + # egui_extras + # Fix deadlock in FileLoader and EhttpLoader #7515 by @​emilk + # Changelog + # Sourced from epaint's changelog. + # 0.32.3 - 2025-09-12 + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Commits + # a31e4f5 Add changelog + # 53944fa cargo fmt + # 0ebdb48 Optimize Mesh::add_rect_with_uv (#7511) + # b9b860a Fix TextEdit's in RTL layouts (#5547) + # d3e4a04 Reset wrapping in label tooltip (#7535) + # 5628fe9 Preserve text format in truncated label tooltip (#7514) + # 995b6a6 Improve deadlock detection output (#7515) + # See full diff in compare view + # Updates `epaint_default_fonts` from 0.32.2 to 0.32.3 + # Release notes + # Sourced from epaint_default_fonts's releases. + # 0.32.3 - Fix tooltips for ellided text + # egui is an easy-to-use immediate mode GUI for Rust that runs on both web and native. + # Try it now: https://www.egui.rs/ + # egui development is sponsored by Rerun, a startup building an SDK for visualizing streams of multimodal data. + # egui + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Optimize Mesh::add_rect_with_uv #7511 by @​valadaptive + # egui_extras + # Fix deadlock in FileLoader and EhttpLoader #7515 by @​emilk + # Changelog + # Sourced from epaint_default_fonts's changelog. + # 0.32.3 - 2025-09-12 + # Preserve text format in truncated label tooltip #7514 #7535 by @​lucasmerlin + # Fix TextEdit's in RTL layouts #5547 by @​zakarumych + # Commits + # a31e4f5 Add changelog + # 53944fa cargo fmt + # 0ebdb48 Optimize Mesh::add_rect_with_uv (#7511) + # b9b860a Fix TextEdit's in RTL layouts (#5547) + # d3e4a04 Reset wrapping in label tooltip (#7535) + # 5628fe9 Preserve text format in truncated label tooltip (#7514) + # 995b6a6 Improve deadlock detection output (#7515) + # See full diff in compare view + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39287 (@araya@araya.dev, #39287) Fix Response:bodyUsed behavior to return false if the body is null (#39287) + # This PR fixes some test-cases in + # https://wpt.fyi/results/fetch/api/response/response-consume-empty.any.html?product=servo + # Fetch standard indicates `Response:bodyUsed` should return `false` if the body content is null , even if the stream + # was disturbed. + # https://fetch.spec.whatwg.org/#dom-body-bodyused + # > The bodyUsed getter steps are to return true if [this](https://webidl.spec.whatwg.org/#this)’s + # [body](https://fetch.spec.whatwg.org/#concept-body-body) is non-null and + # [this](https://webidl.spec.whatwg.org/#this)’s [body](https://fetch.spec.whatwg.org/#concept-body-body)’s + # [stream](https://fetch.spec.whatwg.org/#concept-body-stream) is + # [disturbed](https://streams.spec.whatwg.org/#is-readable-stream-disturbed); otherwise false. +>>> 2025-09-16T06:16:46Z +https://github.com/servo/servo/pull/39320 (@integral@member.fsf.org, #39320) net: use `log::error!` to handle DevTools startup failures gracefully (#39320) + # Replace the `unwrap()` call with `log::error!()` in the `send_request_to_devtools()` function to enhance error + # handling. +https://github.com/servo/servo/pull/39310 (@Narfinger, #39310) Get the Rc to the custom_reaction_stack outside the loop instead of using the thread_local inside. (#39310) + # This uses the ScriptThread::custom_element_reaction_stack to call the enqueue_callback_reaction on the Rc instead + # of in the loop. + # Potentially saving access to thread_local variables. + # Testing: Should not change functionality and should be covered by wpt tests. +https://github.com/servo/servo/pull/39317 (@tharkum, #39317) html: Validate descriptors tokens on 'srcset' attribute parsing (#39317) + # Follow the specification and validate tokens of the "x/w/h" descriptors + # before applying the rules for parsing float-pointing numbers or non-negative integers. + # https://html.spec.whatwg.org/multipage/#parsing-a-srcset-attribute (step 13) + # Testing: Improvements in the following tests + # - html/semantics/embedded-content/the-img-element/srcset/parse-a-srcset-attribute.html +https://github.com/servo/servo/pull/39309 (@delan, #39309) devtools: Fix race in tests due to asynchronous termination (#39309) + # one of the flaky failure modes we found in #38658 was that on linux, geckordp occasionally fails to connect to + # servoshell’s devtools server. this happens despite our preliminary connect check passing, which should imply + # that the devtools server is listening and ready to use. we closed the issue without any fix for that failure mode, + # because we were ultimately unable to reproduce it, but it still happens in the wild (#39273). we’ve now found a way + # to reproduce it, and we think it’s caused by a race that occurs when moving from one test to the next. for example: + # - test 1 finishes + # - we send SIGTERM to test 1’s servoshell, but it does not stop its devtools server yet + # - test 2 begins + # - we spawn test 2’s servoshell, but it does not start its devtools server yet + # - we try to do our preliminary connects, and it succeeds against test 1’s servoshell immediately (the failure + # logs on GitHub never make this clear, due to some kind of buffering problem that delays the `.` and `+` outputs) + # - test 1’s servoshell stops its devtools server + # - we try to do our actual connect, and it fails because no devtools server is listening + # - test 2 fails + # very rarely, one test’s servoshell may even fail to start its devtools server, which we think happens because + # the previous test’s servoshell is still listening. this has only ever happened once, and we’ve been unable to + # reproduce it since, but we think it’s caused by the same kind of race. for example: + # - test 1 finishes + # - we send SIGTERM to test 1’s servoshell, but it does not stop its devtools server yet + # - test 2 begins + # - we spawn test 2’s servoshell, but it does not start its devtools server yet + # - test 2’s servoshell tries to start its devtools server, but fails because test 1’s servoshell is still listening + # - test 2 fails + # in both cases, the failure can be explained by the fact that we send SIGTERM to the previous test’s servoshell + # without actually waiting for the process to exit. this patch ensures that we wait, and also moves all of the output + # we do in the test suite from stdout to stderr to avoid it getting mangled in GitHub Actions. + # Testing: see [this comment](https://github.com/servo/servo/pull/39309#issuecomment-3291007931) (before) vs [this + # comment](https://github.com/servo/servo/pull/39309#issuecomment-3291188997) (after) + # Fixes: #39273 +https://github.com/servo/servo/pull/39138 (@stevennovaryo, #39138) Set composed flag for `TouchEvent` (#39138) + # Following the definition of `TouchEvent` in https://w3c.github.io/touch-events/#list-of-touchevent-types, all + # `TouchEvent` should have its `composed` flag set to be able to propagate past a shadow root layer. + # Part of #35997 + # Testing: Would require a testdriver. +https://github.com/servo/servo/pull/39308 (@yezhizhen, #39308) script: Make `EventTarget::fire` return `bool` according to spec (#39308) + # This is a continuation of #38566, newly discovered when fixing + # https://github.com/servo/servo/issues/38616#issuecomment-3261561671. + # We add more documentation and return `bool` for the function family of [event + # firing](https://dom.spec.whatwg.org/#concept-event-fire). + # Testing: No behaviour change. +>>> 2025-09-17T06:09:51Z +https://github.com/servo/servo/pull/39341 (@dependabot[bot], @dependabot[bot], #39341) build(deps): bump indexmap from 2.11.1 to 2.11.3 (#39341) + # Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.11.1 to 2.11.3. + # Changelog + # Sourced from indexmap's changelog. + # 2.11.3 (2025-09-15) + # Make the minimum serde version only apply when "serde" is enabled. + # 2.11.2 (2025-09-15) + # Switched the "serde" feature to depend on serde_core, improving build + # parallelism in cases where other dependents have enabled "serde/derive". + # Commits + # fd5c819 Merge pull request #417 from cuviper/release-2.11.3 + # 9321145 Release 2.11.3 + # 7b48568 Merge pull request #416 from cuviper/release-2.11.2 + # 49ce7fa Release 2.11.2 + # 58fd834 Merge pull request #414 from DaniPopes/serde_core + # 5dc1d6a Depend on serde_core instead of serde + # dc8f9b3 Merge pull request #415 from cuviper/vec-links + # f3431bf Fix Vec doc links + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=indexmap&package-manager=cargo + # &previous-version=2.11.1&new-version=2.11.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about- + # dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39338 (@dependabot[bot], @dependabot[bot], #39338) build(deps): bump async-signal from 0.2.12 to 0.2.13 (#39338) + # Bumps [async-signal](https://github.com/smol-rs/async-signal) from 0.2.12 to 0.2.13. + # Release notes + # Sourced from async-signal's releases. + # v0.2.13 + # Bump MSRV to 1.71. (#55) + # Update to windows-sys v0.61. (#55) + # Changelog + # Sourced from async-signal's changelog. + # Version 0.2.13 + # Bump MSRV to 1.71. (#55) + # Update to windows-sys v0.61. (#55) + # Commits + # 59b58c7 Release 0.2.13 + # 884088e Update windows-sys requirement from 0.60 to 0.61 (#55) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=async-signal&package-manager=c + # argo&previous-version=0.2.12&new-version=0.2.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/ab + # out-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39337 (@dependabot[bot], @dependabot[bot], #39337) build(deps): bump serde_bytes from 0.11.17 to 0.11.19 (#39337) + # Bumps [serde_bytes](https://github.com/serde-rs/bytes) from 0.11.17 to 0.11.19. + # Release notes + # Sourced from serde_bytes's releases. + # 0.11.19 + # Fix propagation of "std" and "alloc" features to serde (#58) + # 0.11.18 + # Switch serde dependency to serde_core (#57) + # Commits + # 34f3c7d Release 0.11.19 + # 181d7db Merge pull request #58 from serde-rs/serdecore + # f7e67ca Fix serde_core feature enablement + # 582ea79 Release 0.11.18 + # abdc6e5 Merge pull request #57 from serde-rs/serdecore + # 611073a Switch serde dependency to serde_core + # d930d3e Update actions/checkout@v4 -> v5 + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde_bytes&package-manager=ca + # rgo&previous-version=0.11.17&new-version=0.11.19)](https://docs.github.com/en/github/managing-security-vulnerabilities/a + # bout-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39335 (@dependabot[bot], @dependabot[bot], #39335) build(deps): bump sea-query from 1.0.0-rc.12 to 1.0.0-rc.14 (#39335) + # Bumps [sea-query](https://github.com/SeaQL/sea-query) from 1.0.0-rc.12 to 1.0.0-rc.14. + # Commits + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sea-query&package-manager=carg + # o&previous-version=1.0.0-rc.12&new-version=1.0.0-rc.14)](https://docs.github.com/en/github/managing-security-vulnerabili + # ties/about-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39336 (@dependabot[bot], @dependabot[bot], #39336) build(deps): bump cc from 1.2.36 to 1.2.37 (#39336) + # Bumps [cc](https://github.com/rust-lang/cc-rs) from 1.2.36 to 1.2.37. + # Changelog + # Sourced from cc's changelog. + # 1.2.36 - 2025-09-05 + # Other + # Regenerate windows sys bindings (#1548) + # Update windows-bindgen requirement from 0.62 to 0.63 (#1547) + # Add fn get_ucrt_dir for find-msvc-tools (#1546) + # Regenerate target info (#1544) + # fix publish.yml (#1543) + # Replace periods with underscores as well when parsing env variables (#1541) + # 1.2.35 - 2025-09-01 + # Fixed + # fix building for aarch64-apple-visionos-sim on nightly (#1534) + # fix tests apple_sdkroot_wrong (#1530) + # Other + # Regenerate target info (#1536) + # Optimize Tool::to_command (#1535) + # Extract find-msvc-tools (#1531) + # Add prefer_clang_cl_over_msvc (#1516) + # 1.2.34 - 2025-08-22 + # Fixed + # add -mcpu=mvp and -mmutable-globals for wasm32v1-none (#1524) + # Other + # Optimize parse_version in find_tools.rs (#1527) + # Fallback to manually searching for tool dir (#1526) + # 1.2.33 - 2025-08-15 + # Other + # Regenerate target info (#1521) + # [win][arm64ec] Add testing for Arm64EC Windows (#1512) + # Fix parsing of nigthly targets (#1517) + # [win][arm64ec] Fix finding assembler and setting is_arm for Arm64EC (#1511) + # 1.2.32 - 2025-08-08 + # Fixed + # fix new clippy lint introduced in rust 1.89.0 (#1509) + # ... (truncated) + # Commits + # 236b4f8 chore(cc): release v1.2.37 (#1555) + # 1f6ffb1 Fix errmsg in RustcCodegenFlags::set_rustc_flag (#1551) + # 79beddf propagate stack protector to Linux C compilers (#1550) + # fafa9fc Refactor: Extract new fn run_commands_in_parallel (#1549) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=cc&package-manager=cargo&previ + # ous-version=1.2.36&new-version=1.2.37)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depend + # abot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39058 (@Loirooriol, #39058) layout: Make lines non-phantom if they have inline padding/border/margin (#39058) + # According to https://drafts.csswg.org/css-inline/#invisible-line-boxes, if a line box contains non-zero inline-axis + # margins, padding or borders, then it can't be phantom. + # Therefore, this patch makes adds a `has_inline_pbm` flag to the line. Note that we can't use the `has_content` flag, + # because that would add a soft wrap opportunity between the padding/border/margin and the first content of the line. + # The patch also renames `InlineFormattingContext::had_inflow_content` to `has_line_boxes`, which is what we care + # about for collapsing margins through. + # Testing: Adding new tests + # Fixes: #39057 +https://github.com/servo/servo/pull/39173 (@Loirooriol, #39173) layout: Fix propagation of `overflow` to viewport (#39173) + # This patch refactors the logic for propagating overflow to the viewport, fixing various issues: + # - Now we won't propagate from the root element if it has no box. Note the fix isn't observable in Servo because + # we lack scrollbars. + # - If the first `` element has no box, we won't keep searching for other `` elements. This deviates from the spec, + # but aligns us with other browsers. + # - We won't propagate from the `` if it has no box. We were already handling `display: none` but not `display: + # contents`. This deviates from the spec, but aligns us with other browsers. + # Also, when we flag the root or `` as having propagated `overflow` to the viewport, we retrieve the + # `LayoutBoxBase`. Therefore, now we get the computed style from the `LayoutBoxBase` in a single operation, instead + # of first retrieving the style from the DOM element and then getting the `LayoutBoxBase` from the box. + # Testing: Adding more tests. We were only failing one of them, but it's hard to test the fixes given that we don't + # show scrollbars. The tests that were already passing are useful too, e.g. Firefox fails one of them. +https://github.com/servo/servo/pull/39290 (@TimvdLippe, #39290) Add signal to request (#39290) + # The signal taken from the requestinit is now passed into + # the request object with the relevant steps. I added all + # spec comments to this method, as I had trouble figuring + # out which steps I had to add. + # This required implementing the algorithm to create + # dependent signals, which is used in the `any()` method. + # So that's now implemented as well. + # All of that required the machinery to have dependent and + # source signals on an AbortSignal. It uses an IndexSet + # as the spec requires it to be an ordered set. + # Part of #34866 +https://github.com/servo/servo/pull/39321 (@simonwuelker, #39321) script: Use xpath ns resolver to resolve namespace prefixes (#39321) + # The xpath resolver is a function provided by the user to resolve namespace prefixes. Previously, we were ignoring + # the argument. + # Testing: New web platform tests start to pass + # Part of https://github.com/servo/servo/issues/34527 +https://github.com/servo/servo/pull/39328 (@kkoyung, #39328) script: Check whether the generated crypto key has empty usages (#39328) + # The WebCryptoAPI spec requires that when we generate crypto keys by the generateKey method of SubtleCrypto interface + # we have to check whether the usages is empty. If the usages is empty, throw a SyntaxError. + # FYI, Step 9 of https://w3c.github.io/webcrypto/#SubtleCrypto-method-generateKey + # We have not yet implemented this logic, and this patch implements it. + # Testing: Pass WPT tests that were expected to fail. +https://github.com/servo/servo/pull/39332 (@mrobinson, #39332) libservo: Remove the `Opts::trace_layout` (#39332) + # This is currently unused, so it can be removed. + # Testing: This just removes an unused field, so does not require tests. +https://github.com/servo/servo/pull/39323 (@kkoyung, #39323) script: Remove redundant step in UnwrapKey method of SubtleCrypto (#39323) + # In Step 15, we are given the unwrapped key as bytes. If the format is "jwk", we execute parse-a-JWK algorithm to + # parse it (and deserialize it to a JsonWebKey dictionary). + # In next step, we perform the import key operation on the unwrapped key. In our current implementation, we serialize + # the JsonWebKey dictionary (when format is "jwk") back to bytes, in order to perform the import key operation. + # In fact, this serialization step is redundant since we have already been given the unwrapped key as bytes in + # Step 15. We can directly use it for perform the import key operation. This patch remove this redundant step of + # re-serializing the JsonWebKey dictionary. + # Testing: Refactoring only. No change in tests. +https://github.com/servo/servo/pull/39325 (@mukilan, #39325) script: use `Element::create` instead of DOM struct constructors (#39325) + # Creating elements by directly calling their interface constructors leads to some state not being intialized correctly + # (see #39285). It is also not in line with the specifications as many of them refer to the [`create an element`][1] + # algorithm when an element needs to be created, which directly maps to `Element::create` in the script crate. + # So, switch all such places where elements are created by script to use `Element::create`. + # [1]: https://dom.spec.whatwg.org/#concept-create-element + # Testing: Existing WPT tests. + # Fixes: #39285 +>>> 2025-09-18T06:23:28Z +https://github.com/servo/servo/pull/39364 (@atouchet, #39364) Change package.metadata.winres to package.metadata.winresource (#39364) + # Use `package.metadata.winresource` per: + # https://docs.rs/winresource/0.1.23/winresource/struct.WindowsResource.html#impl-WindowsResource + # I think this was missed in #39344. + # Testing: No tests for Cargo.toml edit. +https://github.com/servo/servo/pull/39354 (@mrobinson, #39354) profile: Remove integration with Instruments.app "Points of Interest" (#39354) + # This changes removes the integration with Instruments.app "Points of + # Interest" track for a variety of reasons: + # - This functionality is made somewhat redundant by Servo's support for + # Perfetto traces. + # - This functionality depends on the `signpost` crate which hasn't seen + # activity for 9 years and only supports macOS. + # Testing: This removes some functionality that is only observable via + # Instruments.app, so testing it is difficult. +https://github.com/servo/servo/pull/39358 (@dependabot[bot], @dependabot[bot], #39358) build(deps): bump inherent from 1.0.12 to 1.0.13 (#39358) + # Bumps [inherent](https://github.com/dtolnay/inherent) from 1.0.12 to 1.0.13. + # Release notes + # Sourced from inherent's releases. + # 1.0.13 + # Support async function in trait (#22, thanks @​rumpuslabs) + # Commits + # 1eb3537 Release 1.0.13 + # 3ae614e Merge pull request 22 from rumpuslabs/async-fn + # 478ca23 Support async function in trait + # 09f034c Raise required compiler to Rust 1.61 + # 3f94c40 Enforce trybuild >= 1.0.108 + # 85353e6 Update actions/checkout@v4 -> v5 + # 495c8a8 Raise minimum tested compiler to rust 1.70 + # 641dc66 Raise minimum tested compiler to rust 1.63 + # b99bff2 Revert "Pin nightly toolchain used for miri job" + # ecb7dd4 Update ui test suite to nightly-2025-05-24 + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=inherent&package-manager=cargo + # &previous-version=1.0.12&new-version=1.0.13)](https://docs.github.com/en/github/managing-security-vulnerabilities/about- + # dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39360 (@dependabot[bot], @dependabot[bot], #39360) build(deps): bump rustls-webpki from 0.103.5 to 0.103.6 (#39360) + # Bumps [rustls-webpki](https://github.com/rustls/webpki) from 0.103.5 to 0.103.6. + # Release notes + # Sourced from rustls-webpki's releases. + # 0.103.6 + # The extensible EKU validation released as part of 0.103.5 was actually not usable due to missing type exports, + # and contained a regression where empty ExtendedKeyUsage extensions would not trigger an error. Both issues are + # fixed in this release. + # What's Changed + # Export more types to enable ExtendedKeyUsageValidator implementations by @​djc in rustls/webpki#381 + # Error on empty EKU extensions by @​djc in rustls/webpki#382 + # Commits + # b88328a Bump version to 0.103.6 + # 54f896f Error on empty EKU extensions + # 6157541 Export more types to enable ExtendedKeyUsageValidator implementations + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rustls-webpki&package-manager= + # cargo&previous-version=0.103.5&new-version=0.103.6)](https://docs.github.com/en/github/managing-security-vulnerabilities + # /about-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39361 (@dependabot[bot], @dependabot[bot], #39361) build(deps): bump camino from 1.1.12 to 1.2.0 (#39361) + # Bumps [camino](https://github.com/camino-rs/camino) from 1.1.12 to 1.2.0. + # Release notes + # Sourced from camino's releases. + # camino 1.2.0 + # Changed + # MSRV updated to Rust 1.61 to support the switch to serde_core. + # camino now depends on serde_core rather than serde. This allows camino's compilation to be parallelized with + # serde_derive. + # serde and proptest are no longer available as features. This is technically a breaking change, but these features + # were already no-ops. Instead, use serde1 and proptest1 respectively. + # Changelog + # Sourced from camino's changelog. + # [1.2.0] - 2025-09-14 + # Changed + # MSRV updated to Rust 1.61 to support the switch to serde_core. + # camino now depends on serde_core rather than serde. This allows camino's compilation to be parallelized with + # serde_derive. + # serde and proptest are no longer available as features. This is technically a breaking change, but these features + # were already no-ops. Instead, use serde1 and proptest1 respectively. + # Commits + # 62ddbaa [camino] version 1.2.0 + # b525ad9 changelog + minor doc updates + # 0150dc9 switch to serde_core + # a2a7da0 switch to dep: for optional dependencies + # f16b48f update edition to 2021 + # 8540bc3 update MSRV to Rust 1.61 + # 2d6994c add changelog link + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=camino&package-manager=cargo&p + # revious-version=1.1.12&new-version=1.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dep + # endabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39359 (@dependabot[bot], @dependabot[bot], #39359) build(deps): bump async-process from 2.4.0 to 2.5.0 (#39359) + # Bumps [async-process](https://github.com/smol-rs/async-process) from 2.4.0 to 2.5.0. + # Release notes + # Sourced from async-process's releases. + # v2.5.0 + # Bump MSRV to 1.71. (#106) + # Add Command::get_{args, envs, current_dir, program} (#102) + # Update to windows-sys v0.61. (#104) + # Remove dependency on async_lock on Windows. (#103) + # Changelog + # Sourced from async-process's changelog. + # Version 2.5.0 + # Bump MSRV to 1.71. (#106) + # Add Command::get_{args, envs, current_dir, program} (#102) + # Update to windows-sys v0.61. (#104) + # Remove dependency on async_lock on Windows. (#103) + # Commits + # 81112a9 Release 2.5.0 + # 459a055 Bump MSRV to 1.71 + # ae48c51 ci: Use cargo-hack's --rust-version flag for msrv check + # fc3b8bc Update windows-sys requirement from 0.60 to 0.61 (#104) + # 3a54193 m: Use OnceLock instead of async-lock when useful + # fead40f feat: getters of Command (#102) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=async-process&package-manager= + # cargo&previous-version=2.4.0&new-version=2.5.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/abo + # ut-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39357 (@dependabot[bot], @dependabot[bot], #39357) build(deps): bump serde-untagged from 0.1.8 to 0.1.9 (#39357) + # Bumps [serde-untagged](https://github.com/dtolnay/serde-untagged) from 0.1.8 to 0.1.9. + # Release notes + # Sourced from serde-untagged's releases. + # 0.1.9 + # Switch serde dependency to serde_core (#11) + # Commits + # 3097fd8 Release 0.1.9 + # ff4a208 Merge pull request #11 from dtolnay/serdecore + # 0495a06 Switch serde dependency to serde_core + # 80e2d81 Update actions/checkout@v4 -> v5 + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde-untagged&package-manager + # =cargo&previous-version=0.1.8&new-version=0.1.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/ab + # out-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39356 (@dependabot[bot], @dependabot[bot], #39356) build(deps): bump hyper-util from 0.1.16 to 0.1.17 (#39356) + # Bumps [hyper-util](https://github.com/hyperium/hyper-util) from 0.1.16 to 0.1.17. + # Release notes + # Sourced from hyper-util's releases. + # v0.1.17 + # Highlights + # Fix legacy::Client to allow absolute-form URIs when Connected::proxy(true) is passed and the scheme is https. + # What's Changed + # chore(test): remove some miri exception config by @​tottoto in hyperium/hyper-util#222 + # refactor(connect): safely convert socket2::Socket to Tokio TcpSocket by @​0x676e67 in hyperium/hyper-util#223 + # refactor: set correct cfg on common::{Exec, Lazy, SyncWrapper} by @​seanmonstar in hyperium/hyper-util#224 + # fix(client): allow absolute-form if is_proxied is set even on HTTPS by @​seanmonstar in hyperium/hyper-util#225 + # Full Changelog: https://github.com/hyperium/hyper-util/compare/v0.1.16...v0.1.17 + # Changelog + # Sourced from hyper-util's changelog. + # 0.1.17 (2025-09-15) + # Fix legacy::Client to allow absolute-form URIs when Connected::proxy(true) is passed and the scheme is https. + # Commits + # 3021828 v0.1.17 + # 9fb7cd5 fix(client): allow absolute-form if is_proxied is set even on HTTPS (#225) + # 00035ba refactor: set correct cfg on common::{rewind, Exec, Lazy, SyncWrapper} (#224) + # ad8c7c5 refactor(connect): safely convert Socket to Tokio TcpSocket (#223) + # 00911ec chore(test): remove some miri exception config (#222) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hyper-util&package-manager=car + # go&previous-version=0.1.16&new-version=0.1.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/abou + # t-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39355 (@dependabot[bot], @dependabot[bot], #39355) build(deps): bump peniko from 0.4.0 to 0.4.1 (#39355) + # Bumps [peniko](https://github.com/linebender/peniko) from 0.4.0 to 0.4.1. + # Release notes + # Sourced from peniko's releases. + # v0.4.1 + # Crates.io | Docs + # This release has an MSRV of 1.82. + # Changed + # Use Linebender Resource Handle for Font, Blob, and WeakBlob. (#129 by @​DJMcNab, @​nicoburns) + # Linebender Resource Handle + # Peniko's Font (and therefore also Blob) are used as vocabulary types for font resources between crates. + # However, this means that when Peniko made semver-incompatible releases, those crates could no longer (easily) + # interoperate. + # To resolve this, Font, Blob, and WeakBlob are now re-exports from a new crate called Linebender Resource Handle. + # These types have identical API as in previous releases, but will now be the same type across Peniko versions. + # Full Changelog: https://github.com/linebender/peniko/compare/v0.4.0...v0.4.1 + # Changelog + # Sourced from peniko's changelog. + # [0.4.1][] (2025-09-15) + # This release has an [MSRV] of 1.82. + # Changed + # Use Linebender Resource Handle for Font, Blob, and WeakBlob. (#129[] by [@​DJMcNab][], [@​nicoburns][]) + # Linebender Resource Handle + # Peniko's Font (and therefore also Blob) are used as vocabulary types for font resources between crates. + # However, this means that when Peniko made semver-incompatible releases, those crates could no longer (easily) + # interoperate. + # To resolve this, Font, Blob, and WeakBlob are now re-exports from a new crate called Linebender Resource Handle. + # These types have identical API as in previous releases, but will now be the same type across Peniko versions. + # Commits + # 0c0b6d0 Prepare to release v0.4.1 (#131) + # a369f05 Backport #126 (Linebender Resource Handle) to v0.4.x (#129) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peniko&package-manager=cargo&p + # revious-version=0.4.0&new-version=0.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depe + # ndabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39348 (@jschwe, #39348) canvas: Port CanvasMsg channel to generic channel (#39348) + # Additionally also improve the warning message if the routed receiver disconnects and exit the thread. + # If the routed receiver disconnects, we can't receive any canvas messages anymore, and any control messages can't + # remedy that, so we might as well exit. + # Testing: Channel changes are covered by existing tests. Exiting the canvas thread if the routed thread disconnects + # is not tested, and needs reviewer attention. + # Part of https://github.com/servo/servo/issues/38912 +https://github.com/servo/servo/pull/39316 (@Narfinger, #39316) servoshell: Update the debug options (`-Z`) help to reflect current set of options (#39316) + # The command-line help output for `-Z` and `DebugOptions were out of sync again. This change makes sure they + # match again. + # Testing: No tests necessary as this mainly just updates the help output. + # Fixes: #39311 +https://github.com/servo/servo/pull/39339 (@dependabot[bot], @dependabot[bot], @mrobinson, #39339) build(deps): bump proc-macro-crate from 3.3.0 to 3.4.0 (#39339) + # Bumps [proc-macro-crate](https://github.com/bkchr/proc-macro-crate) from 3.3.0 to 3.4.0. + # Release notes + # Sourced from proc-macro-crate's releases. + # v3.4.0 + # What's Changed + # Update documentation for crate_name by @​thesamet in bkchr/proc-macro-crate#60 + # chore: upgrade toml_edit version by @​tisonkun in bkchr/proc-macro-crate#61 + # Release 3.4.0 by @​bkchr in bkchr/proc-macro-crate#62 + # New Contributors + # @​thesamet made their first contribution in bkchr/proc-macro-crate#60 + # @​tisonkun made their first contribution in bkchr/proc-macro-crate#61 + # Full Changelog: https://github.com/bkchr/proc-macro-crate/compare/v3.3.0...v3.4.0 + # Commits + # 0f9a4ec Merge pull request #62 from bkchr/release-3.4.0 + # 84b5df7 Release 3.4.0 + # dfcec81 Merge pull request #61 from tisonkun/upgrade-toml + # e32fd5f chore: upgrade toml_edit version + # e49826c chore: run fmt + # 4f0990e Merge pull request #60 from thesamet/patch-1 + # fe80e54 Update src/lib.rs + # e4887bf Update documentation for crate_name + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=proc-macro-crate&package-manag + # er=cargo&previous-version=3.3.0&new-version=3.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/ + # about-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39331 (@mrobinson, #39331) libservo: Remove `Opts::webrender_stats` and `-Z wr-stats` (#39331) + # This option is supported via the WebView API now and you can enable it + # in servoshell by pressing `Ctrl` + `F12`. The command-line argument and + # `Opts` field are older and I believe are no longer necessary. + # Testing: This just removes a redundant command-line option, so no tests. +https://github.com/servo/servo/pull/39347 (@jschwe, #39347) migrate GenerateImageKey reply to generic channel (#39347) + # Testing: No functional changes. Covered by existing wpt tests. + # Part of https://github.com/servo/servo/issues/38912 +https://github.com/servo/servo/pull/39345 (@jschwe, #39345) generic channel: Migrate background hang monitor to GenericChannel (#39345) + # Refactor the background hang monitor channels to use GenericChannel. + # Deserialization errors of `BackgroundHangMonitorControlMsg` are now logged and ignored instead of causing a panic. + # Testing: No major functional changes. Covered by BHM tests. GenericChannel is also already widely used in servo. + # Part of #38912 +https://github.com/servo/servo/pull/39295 (@TimvdLippe, #39295) script: Do not start `Fetch` operations if they have been aborted by the `AbortController` (#39295) + # The first step for aborting fetch calls. It only + # has the case where the signal was already aborted + # prior to fetch starting. + # Part of #34866 +https://github.com/servo/servo/pull/39344 (@mrobinson, #39344) servoshell: Switch from `winres` to `winresources` (#39344) + # `winres` is unmaintained and it seems like `winresoures` is the + # successor. + # Testing: This should not have any behavior changes and just modifies + # a build step, so shouldn't need tests. +https://github.com/servo/servo/pull/39340 (@dependabot[bot], @dependabot[bot], #39340) build(deps): bump semver from 1.0.26 to 1.0.27 (#39340) + # Bumps [semver](https://github.com/dtolnay/semver) from 1.0.26 to 1.0.27. + # Release notes + # Sourced from semver's releases. + # 1.0.27 + # Switch serde dependency to serde_core (#333) + # Commits + # 6ed8561 Release 1.0.27 + # 6967bba Add serde version constraint + # 84d3057 Exclude build.rs from crates.io package + # b09aac9 Merge pull request #343 from dtolnay/up + # 49b8570 Delete backport module + # 9b04afe Merge pull request #342 from dtolnay/up + # 83a8e91 Delete no_nonzero_bitscan configuration + # e606a17 Merge pull request #341 from dtolnay/up + # ebe7cf1 Delete no_unsafe_op_in_unsafe_fn_lint configuration + # a381bff Merge pull request #340 from dtolnay/up + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=semver&package-manager=cargo&p + # revious-version=1.0.26&new-version=1.0.27)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-de + # pendabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39343 (@kkoyung, #39343) script_bindings(python): Handle WebIDL methods named with Rust keywords (#39343) + # Some WebIDL methods, attributes and dictionary members are named with Rust keywords such as `type`, `use` and + # `continue`. Using those identifiers directly in the generated Rust code would cause compilation errors. + # The code generator already addresses this issue for attributes and dictionary members by adding a `_` suffix to + # the conflicting identifiers, but does not yet apply the same treatment to methods. This patch extends the handling + # to methods as well. + # Fixes: #39286 +https://github.com/servo/servo/pull/39326 (@yezhizhen, #39326) script: Do not call "scroll into view" when handling element clicks (#39326) + # Previously, when we click any element, it would trigger "scroll into view". What's worse, for an anchor ``, + # clicking it would "scroll into view" instead of navigating to the url until you retry the click. The reason + # is that we built `scrollIntoView` into the focus transaction system with default option. However, the default + # `preventScroll` for `FocusOption` is false according to spec, which triggers "scroll into view" by default with + # focus triggered by interaction. + # This PR + # 1. Adds spec document for those which really expects "scroll into view", i.e. `` when validating data. + # 2. Make sure when we begin focus transaction, we prevent "scroll into view". + # 3. `Focus` method of element/document stays unchanged, which by default scroll into view if no parameter provided + # according to spec. + # Testing: Manually tested on `servo.org` and other websites, and examples with `` still correctly scroll into view + # when validation fails. + # Fixes: #38616 +>>> 2025-09-19T06:05:16Z +https://github.com/servo/servo/pull/39362 (@shubhamg13, #39362) OHOS: Fix empty log filter issue on OHOS (#39362) + # Due to empty log filter, no logs are logged. + # Testing: Tested locally + # Fixes: None +https://github.com/servo/servo/pull/39379 (@dependabot[bot], @dependabot[bot], #39379) build(deps): bump tokio-rustls from 0.26.2 to 0.26.3 (#39379) + # Bumps [tokio-rustls](https://github.com/rustls/tokio-rustls) from 0.26.2 to 0.26.3. + # Release notes + # Sourced from tokio-rustls's releases. + # 0.26.3 + # What's Changed + # Clarify how to run the example server by @​sundresh in rustls/tokio-rustls#111 + # fix: handshake does not fully flush writes by @​conradludgate in rustls/tokio-rustls#112 + # feat: add alpn_protocols for TlsConnector::connect_with by @​yukiiiteru in rustls/tokio-rustls#116 + # lib: derive Debug on StartHandshake by @​lucab in rustls/tokio-rustls#120 + # server: allow splitting and reassembling a StartHandshake by @​lucab in rustls/tokio-rustls#127 + # Make StartHandshake fields public by @​djc in rustls/tokio-rustls#128 + # Commits + # d5dfa08 Update semver-compatible dependencies + # d5bb23c Bump version to 0.26.3 + # e0ddd89 Fix warning about potentially incomplete writes + # ba767ae Warn on clippy::use_self + # 3b996aa server: align argument order with fields + # c9778d2 server: make StartHandshake fields public + # a58a6e9 server: allow splitting and reassembling a StartHandshake + # 97745c3 Move server types into server module + # 78a4ea8 Move Connect and FallibleConnect into client module + # 8c2af0c Move TlsConnector and TlsConnectorWithAlpn into client module + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tokio-rustls&package-manager=c + # argo&previous-version=0.26.2&new-version=0.26.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/ab + # out-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39380 (@dependabot[bot], @dependabot[bot], #39380) build(deps): bump toml_parser from 1.0.2 to 1.0.3 (#39380) + # Bumps [toml_parser](https://github.com/toml-rs/toml) from 1.0.2 to 1.0.3. + # Commits + # 669b4a6 chore: Release + # a3153be docs: Update changelog + # 8105f25 chore: Update dependencies (#1039) + # 53768e7 chore: Update from '_rust/main' template (#1040) + # 82d738b chore: Update from '_rust/main' template + # 3bfcdc2 chore: Add license for libfuzzer + # 68dec6e chore: Upgrade foldhash + # 0df630d chore: Bump dependencies + # eb51e86 chore: Bump MSRV to 1.76 + # 56774e7 chore: Update dependencies + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=toml_parser&package-manager=ca + # rgo&previous-version=1.0.2&new-version=1.0.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about + # -dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39381 (@dependabot[bot], @dependabot[bot], #39381) build(deps): bump serde from 1.0.223 to 1.0.225 (#39381) + # Bumps [serde](https://github.com/serde-rs/serde) from 1.0.223 to 1.0.225. + # Release notes + # Sourced from serde's releases. + # v1.0.225 + # Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains + # its own deprecations (#2879, thanks @​rcrisanti) + # v1.0.224 + # Remove private types being suggested in rustc diagnostics (#2979) + # Commits + # 1d7899d Release 1.0.225 + # 97168d3 Touch up PR 2879 + # 373b11d Merge pull request 2879 from rcrisanti/fix/silence-deprecation-warnings-derive + # 69072f2 Merge pull request 2931 from Mingun/unify-serde-access + # 5b37e8a Merge pull request #2980 from dtolnay/private + # b47f4df Unify access to the serde namespace + # cbe98a9 Use differently named __private module per patch release + # 957996f Make all use of __private go through interpolation + # 1699882 Release 1.0.224 + # 840f6ec Merge pull request #2979 from dtolnay/private + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde&package-manager=cargo&pr + # evious-version=1.0.223&new-version=1.0.225)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-d + # ependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39377 (@dependabot[bot], @dependabot[bot], #39377) build(deps): bump serde_json from 1.0.143 to 1.0.145 (#39377) + # Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.143 to 1.0.145. + # Release notes + # Sourced from serde_json's releases. + # v1.0.145 + # Raise serde version requirement to >=1.0.220 + # v1.0.144 + # Switch serde dependency to serde_core (#1285) + # Commits + # efa66e3 Release 1.0.145 + # 23679e2 Add serde version constraint + # fc27baf Release 1.0.144 + # caef3c6 Ignore uninlined_format_args pedantic clippy lint + # 81ba3aa Merge pull request #1285 from dtolnay/serdecore + # d21e8ce Switch serde dependency to serde_core + # 6beb6cd Merge pull request #1286 from dtolnay/up + # 1dbc803 Raise required compiler to Rust 1.61 + # 0bf5d87 Enforce trybuild >= 1.0.108 + # d12e943 Update actions/checkout@v4 -> v5 + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde_json&package-manager=car + # go&previous-version=1.0.143&new-version=1.0.145)](https://docs.github.com/en/github/managing-security-vulnerabilities/ab + # out-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39376 (@dependabot[bot], @dependabot[bot], #39376) build(deps): bump indexmap from 2.11.3 to 2.11.4 (#39376) + # Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.11.3 to 2.11.4. + # Changelog + # Sourced from indexmap's changelog. + # 2.11.4 (2025-09-18) + # Updated the hashbrown dependency to a range allowing 0.15 or 0.16. + # Commits + # 03f9e58 Merge pull request #418 from a1phyr/hashbrown_0.16 + # ee6080d Release 2.11.4 + # a7da8f1 Use a range for hashbrown + # 0cd5aef Update hashbrown to 0.16 + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=indexmap&package-manager=cargo + # &previous-version=2.11.3&new-version=2.11.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about- + # dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39372 (@Loirooriol, @mrobinson, #39372) layout: Avoid ClipId, ExternalScrollId and ScrollTreeNodeId references (#39372) + # Changes function signatures to accept `ClipId`, `ExternalScrollId` and `ScrollTreeNodeId` instead of `&ClipId`, + # `&ExternalScrollId` and `&ScrollTreeNodeId`. This avoids several `&` and `*`. + # Testing: not needed, no behavior change. +https://github.com/servo/servo/pull/39375 (@Loirooriol, #39375) layout: Avoid recomputing automatic inline size (#39375) + # Laying out a block-level box that establishes an independent formatting context may require multiple attempts + # because it needs to avoid floats. We were previously recomputing the automatic inline size every time, even if it + # was always the same. Now we will only compute it once. + # Testing: Not needed, no behavior change +https://github.com/servo/servo/pull/39373 (@nicoburns, #39373) Update to Stylo with icu range dependency (#39373) + # Updates Stylo to: + # - https://github.com/servo/stylo/pull/242 + # Testing: This is a no-op for Servo. So if it builds without non-stylo lockfile changes it should be good. +https://github.com/servo/servo/pull/39351 (@ritoban23, #39351) script: Replace DomRefCell with Cell for Response::redirected (#39351) + # Replace DomRefCell with Cell for Response::redirected field. + # Changed redirected field from DomRefCell to Cell and updated all related methods: + # - Struct field: redirected: DomRefCell → redirected: Cell + # - Constructor: DomRefCell::new(false) → Cell::new(false) + # - Getter method: *self.redirected.borrow() → self.redirected.get() + # - Setter method: *self.redirected.borrow_mut() = value → self.redirected.set(value) + # Testing: As noted in the issue, compilation is sufficient for this change. + # Fixes: #39288 +https://github.com/servo/servo/pull/39367 (@yezhizhen, #39367) script: Avoid panic when scrolling area of window is larger than viewport (#39367) + # Sometimes, the computed scrolling area of window is larger than viewport. This causes panics in `Window.scroll` + # with `f32::clamp(0.0, some negative number)`. + # Eventually, we should find out why "computed scrolling area of window is larger than viewport". But let's avoid + # the panics first. + # Testing: This avoids panic, so definitely not covered by existing tests. But it would be hard to write a automated + # test for this in headless mode. + # Fixes: #39346 +https://github.com/servo/servo/pull/39365 (@mrobinson, #39365) mach: Configure `uv` using `pyproject.toml` (#39365) + # We have been consolidating all of our Python configuration in + # `pyproject.toml`, so we can move our one `uv` specific setting there as + # well. + # Testing: There is no easy way to write an automated test for this but I + # confirmed it work by running `uv run --show-settings`. +https://github.com/servo/servo/pull/39366 (@yezhizhen, #39366) webdriver: Remove TODO comments of focusing steps (#39366) + # Our current implementation already gets the "TODO" done for focusing steps. + # https://searchfox.org/firefox-main/source/dom/html/nsGenericHTMLElement.cpp#3491-3497 + # Testing: No. Just updating comments +>>> 2025-09-20T06:10:52Z +https://github.com/servo/servo/pull/39403 (@atouchet, #39403) Cargo.toml cleanup (#39403) + # Cargo.toml cleanups. Mostly ordering fixes. + # Testing: No tests for Cargo.toml edits. +https://github.com/servo/servo/pull/39401 (@Loirooriol, #39401) layout: Ignore insets in Taffy for static and sticky positionings (#39401) + # Taffy treats static and sticky positionings as relative. So the inset properties shifted the element in the relpos + # way, which was no good. It's better to just treat them as `auto` instead. + # Testing: 3 existing tests pass, and adding a new one. + # Fixes: #39399 +https://github.com/servo/servo/pull/39397 (@Loirooriol, @mrobinson, #39397) script: Return `None` for `offsetParent` on root `` and all `` elements (#39397) + # We were returning null for all `` elements, but now we will check for the root element instead. + # We were also returning null for "the body element", now we will return null for all `` elements even + # if they aren't "the body element". This part diverges from the spec, but matches what all browsers + # do. https://github.com/w3c/csswg-drafts/issues/12834 + # Testing: Adding new test + # Fixes: #10521 +https://github.com/servo/servo/pull/39353 (@tharkum, #39353) html: Check the MIME type on the source set updating (#39353) + # Follow the HTML specification and check if the source element's MIME type + # ('type' attribute) is supported while updating the source set of the image element (step 5.8) + # https://html.spec.whatwg.org/multipage/#update-the-source-set + # Also add the missing descriptions for steps for the old and new methods: + # - selecting an image source + # - creating a source set from attributes + # - updating the source set + # - normalizing the source densities + # Testing: Improvements in the following tests + # - html/semantics/embedded-content/the-img-element/update-the-source-set.html + # - resource-timing/initiator-type/picture.html + # Fixes: #36675 +https://github.com/servo/servo/pull/39392 (@simonwuelker, #39392) script: Allow reusing results from xpath queries (#39392) + # This behaviour is optional, but observable. Other browsers implement it, so we should do it too. + # Testing: There are no WPT tests for this, which is fair since the spec explicitly states implementors may choose + # to not reuse the result. + # Fixes: Part of https://github.com/servo/servo/issues/34527 +https://github.com/servo/servo/pull/39385 (@Loirooriol, @mrobinson, #39385) layout: Take sticky offsets into account for offset queries (#39385) + # `offsetLeft` and `offsetTop` were ignoring that sticky positioned boxes can be shifted out of their normal position. + # Testing: Various test improvements. +https://github.com/servo/servo/pull/39388 (@Loirooriol, #39388) layout: Make bottom table captions obey relative positioning offsets (#39388) + # #33426 only added support for relative positioning on captions with `caption-side: top`, but forgot about + # `caption-side: bottom`. This unifies the logic for both kinds of captions to avoid divergences. + # Testing: Modifying an existing test to also cover this case. + # Fixes: #39386 +https://github.com/servo/servo/pull/39350 (@jschwe, #39350) Bump ipc_channel and remove unnecessary lock in SystemFontServiceProxy (#39350) + # Since IpcSender is now Sync (since `ipc_channel` 0.20.2), we can remove locks that were added just to make structs + # containing the sender `Sync` again. + # There is another occurrence of `Arc>>` in `RequestBody`, however that sender is exchanged / updated, so cloning + # the sender instead of the Arc would change behavior, hence this PR does not touch it. + # Testing: Covered by existing tests +https://github.com/servo/servo/pull/39382 (@dependabot[bot], @dependabot[bot], #39382) build(deps): bump erased-serde from 0.4.6 to 0.4.8 (#39382) + # Bumps [erased-serde](https://github.com/dtolnay/erased-serde) from 0.4.6 to 0.4.8. + # Release notes + # Sourced from erased-serde's releases. + # 0.4.8 + # Raise serde version requirement to >=1.0.220 + # 0.4.7 + # Switch serde dependency to serde_core (#116) + # Commits + # 9f56247 Release 0.4.8 + # 43207ea Add serde version constraint + # 5d0b443 Release 0.4.7 + # e056575 Merge pull request #116 from dtolnay/serdecore + # 66d7886 Work around erased_serde::__private appearing in suggestions + # 9c70d68 Switch serde dependency to serde_core + # 5852433 Merge pull request #115 from dtolnay/diag + # db073a5 Use diagnostic::on_unimplemented to suggest a serde::Serialize impl + # b19eb3c Update ui tests for serde 1.0.220 + # 1259da5 Enforce trybuild >= 1.0.108 + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=erased-serde&package-manager=c + # argo&previous-version=0.4.6&new-version=0.4.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/abou + # t-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +>>> 2025-09-21T06:19:54Z +https://github.com/servo/servo/pull/39412 (@simonwuelker, #39412) Remove `test-content` subcommand from mach (#39412) + # Content tests have been replaced by web platform tests 10 years ago (see + # https://github.com/servo/servo/commit/9be71b941fc43b15d4f5b50ebba772c8430c601c). I think it is fair to assume that + # no one is going to run the relevant subcommand anymore. Let's remove it. +https://github.com/servo/servo/pull/39410 (@simonwuelker, #39410) Allow whitespace around path expressions in xpath (#39410) + # Previously servo would allow whitespace in between components of an xpath expression, but not around it. + # Testing: New web platform tests start to pass + # Part of https://github.com/servo/servo/issues/34527 +https://github.com/servo/servo/pull/39407 (@mrobinson, #39407) script: Reduce code duplication in the implementation of `scrollIntoView` (#39407) + # - Expose a couple helpers on `ScrollingBox` that will also be used for + # keyboard scrolling. + # - Calculate `scrollIntoView` positions using points rather than doing + # things by axis components. This greatly reduces the amount of code in + # the implementation. + # Testing: This is just a refactor so shouldn't change any tests. +https://github.com/servo/servo/pull/39395 (@simonwuelker, #39395) script: Don't try to evaluate xpath variable references (#39395) + # Variables in xpath via the javascript bindings are a bit mysterious, as there is no way that a variable can be + # specified. We currently panic when encountering a variable, which is not good. Instead we now throw an error. + # We keep parsing the variables because the code is already there and it seems realistic that their behaviour will + # be specified in the future. I'm fine with removing them too if that is preferred. + # Testing: This behaviour is unspecified and different browser produce different results. There is no "correct" + # way to do this, but we should not crash + # Part of: https://github.com/servo/servo/issues/34527 +https://github.com/servo/servo/pull/39390 (@mukilan, #39390) script: switch to `Element::create` in `HTMLSelectElement` (#39390) + # This file was missed in 07b2ff5d6090fadcda121d599c12dbaccc1ee998 (#39325). See that commit for the motivation. + # Testing: Covered by existing web platform tests. +https://github.com/servo/servo/pull/39396 (@mrobinson, #39396) script: Have HyperlinkElementTraits::update_href take a &ServoUrl (#39396) + # This reduces code duplication in the callers. + # Testing: This is a just a refactor, so no tests are needed. + # Fixes: #11280. +https://github.com/servo/servo/pull/39327 (@arihant2math@gmail.com, #39327) Enable credential management wpt tests (#39327) + # Enabling them early to prevent intermittent failures. + # Fixes: Partially #38788 +https://github.com/servo/servo/pull/38288 (@arihant2math@gmail.com, @jdm, #38288) Implement indexeddb array conversion (#38288) + # Implement conversion from js arrays into rust. + # Testing: WPT + # Fixes: None +https://github.com/servo/servo/pull/39404 (@atouchet, #39404) Use more workspace dependencies (#39404) + # I noticed that there are various dependencies that are listed independently even though they are already in the + # Servo workspace. Is there any issue with converting these to workspace dependencies? + # Testing: No tests for Cargo.toml edits. +>>> 2025-09-22T06:50:41Z +https://github.com/servo/servo/pull/39424 (@dependabot[bot], @dependabot[bot], @yezhizhen, #39424) build(deps): bump gilrs-core from 0.6.4 to 0.6.5 (#39424) + # Bumps [gilrs-core](https://gitlab.com/gilrs-project/gilrs) from 0.6.4 to 0.6.5. + # Commits + # e07b360 Prepare for gilrs-core 0.6.5 + # 4b074c1 Update nix + # 583ad9b core: Expand windows version range to include 0.62 release + # f165d80 Fix new Jitter comment + # 9490be5 refactor: fixed some inconsistencies + # e27689d add fallback warning for no uuid found + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=gilrs-core&package-manager=car + # go&previous-version=0.6.4&new-version=0.6.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about- + # dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39428 (@dependabot[bot], @dependabot[bot], #39428) build(deps): bump anyhow from 1.0.99 to 1.0.100 (#39428) + # Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.99 to 1.0.100. + # Release notes + # Sourced from anyhow's releases. + # 1.0.100 + # Teach clippy to lint formatting arguments in bail!, ensure!, anyhow! (#426) + # Commits + # 18c2598 Release 1.0.100 + # f271988 Merge pull request #426 from dtolnay/clippyfmt + # 52f2115 Mark macros with clippy::format_args + # da5fd9d Raise minimum tested compiler to rust 1.76 + # 211e409 Opt in to generate-macro-expansion when building on docs.rs + # b48fc02 Enforce trybuild >= 1.0.108 + # d5f59fb Update ui test suite to nightly-2025-09-07 + # 238415d Update ui test suite to nightly-2025-08-24 + # 3bab070 Update actions/checkout@v4 -> v5 + # 4249254 Order cap-lints flag in the same order as thiserror build script + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=anyhow&package-manager=cargo&p + # revious-version=1.0.99&new-version=1.0.100)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-d + # ependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39427 (@dependabot[bot], @dependabot[bot], #39427) build(deps): bump find-msvc-tools from 0.1.1 to 0.1.2 (#39427) + # Bumps [find-msvc-tools](https://github.com/rust-lang/cc-rs) from 0.1.1 to 0.1.2. + # Release notes + # Sourced from find-msvc-tools's releases. + # find-msvc-tools-v0.1.2 + # Other + # [win] Search the Windows SDK for tools as well (#1553) + # Commits + # b4fe7fe chore: release (#1558) + # ac2192c [win] Search the Windows SDK for tools as well (#1553) + # 10f7638 use release-plz trusted publishing implementation (#1556) + # 236b4f8 chore(cc): release v1.2.37 (#1555) + # 1f6ffb1 Fix errmsg in RustcCodegenFlags::set_rustc_flag (#1551) + # 79beddf propagate stack protector to Linux C compilers (#1550) + # fafa9fc Refactor: Extract new fn run_commands_in_parallel (#1549) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=find-msvc-tools&package-manage + # r=cargo&previous-version=0.1.1&new-version=0.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/a + # bout-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39422 (@dependabot[bot], @dependabot[bot], #39422) build(deps): bump clap from 4.5.47 to 4.5.48 (#39422) + # Bumps [clap](https://github.com/clap-rs/clap) from 4.5.47 to 4.5.48. + # Release notes + # Sourced from clap's releases. + # v4.5.48 + # [4.5.48] - 2025-09-19 + # Documentation + # Add a new CLI Concepts document as another way of framing clap + # Expand the typed_derive cookbook entry + # Changelog + # Sourced from clap's changelog. + # [4.5.48] - 2025-09-19 + # Documentation + # Add a new CLI Concepts document as another way of framing clap + # Expand the typed_derive cookbook entry + # Commits + # c3a1ddc chore: Release + # 4460ff4 docs: Update changelog + # 54947a1 Merge pull request #5981 from mernen/fix-bash-clap-complete-space + # fd3f6d2 fix(complete): Restore nospace in bash + # 2f6a108 test(complete): Demonstrate current behavior + # f88be57 style: Ensure consistent newlines + # f209bce chore: Release + # f33ff7f docs: Update changelog + # bf06e6f Merge pull request #5974 from kryvashek/support-clearing-args-matches + # 5d357ad feat(parser): Added ArgMatches::try_clear_id() + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=clap&package-manager=cargo&pre + # vious-version=4.5.47&new-version=4.5.48)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depe + # ndabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39406 (@TimvdLippe, #39406) Add AbortSignal support for event listeners (#39406) + # Also fixes several issues with code generation when a dom type is part of a dictionary. + # Part of #34866 + # Fixes #39398 +https://github.com/servo/servo/pull/39374 (@TimvdLippe, #39374) Abort fetch controller when signal is aborted (#39374) + # Does not all tests pass because of a mismatch in microtask timing. The promises are resolved/rejected in the + # wrong order. + # Part of #34866 +https://github.com/servo/servo/pull/39414 (@servo-wpt-sync, @yezhizhen, #39414) Sync WPT with upstream (21-09-2025) (#39414) + # Automated downstream sync of changes from upstream as of 21-09-2025 + # [no-wpt-sync] +https://github.com/servo/servo/pull/39391 (@PotatoCP, @yezhizhen, #39391) webdriver: Improve documentations for `actions.rs` and update TODOs (#39391) + # Add specification quote for each steps, remove some irrelevant TODO, and move function position closer to related + # function. + # Testing: No behaviour change +https://github.com/servo/servo/pull/39409 (@simonwuelker, #39409) Parse qualified names with non-alpha characters in xpath (#39409) + # The existing parsing rules are too strict and only allow alpha and alphanumeric characters. Instead, we should + # follow the production defined in https://www.w3.org/TR/REC-xml-names/#NT-NCName. + # Testing: New tests start to pass + # Part of https://github.com/servo/servo/issues/34527 +>>> 2025-09-23T06:13:58Z +https://github.com/servo/servo/pull/39449 (@yezhizhen, #39449) deps: Update xattr from 1.5.1 to 1.6.1 & cc from 1.2.37 to 1.2.38 (#39449) + # Dependabot is broken somehow, and fail to recreate the PRs with command given. + # Fixes: #39446 + # Fixes: #39426 +https://github.com/servo/servo/pull/39444 (@dependabot[bot], @dependabot[bot], #39444) build(deps): bump libloading from 0.8.8 to 0.8.9 (#39444) + # Bumps [libloading](https://github.com/nagisa/rust_libloading) from 0.8.8 to 0.8.9. + # Commits + # f4ec9e7 test: try to fix msys (#182) + # 9b798eb Prepare for 0.8.9 release + # f5f8cb0 Migrate from windows-targets to windows-link + # 7c04beb Bump MSRV to 1.71 for windows-link + # 559e465 Format with cargo fmt + # db35813 Fix elided lifetimes warning + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=libloading&package-manager=car + # go&previous-version=0.8.8&new-version=0.8.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about- + # dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39445 (@dependabot[bot], @dependabot[bot], #39445) build(deps): bump serde from 1.0.225 to 1.0.226 (#39445) + # Bumps [serde](https://github.com/serde-rs/serde) from 1.0.225 to 1.0.226. + # Release notes + # Sourced from serde's releases. + # v1.0.226 + # Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (#2935, thanks + # @​Mingun) + # Commits + # 1799547 Release 1.0.226 + # 2dbeefb Merge pull request #2935 from Mingun/dedupe-adj-enums + # 8a3c29f Merge pull request #2986 from dtolnay/didnotwork + # defc24d Remove "did not work" comment from test suite + # 2316610 Merge pull request #2929 from Mingun/flatten-enum-tests + # c09e2bd Add tests for flatten unit variant in adjacently tagged (tag + content) enums + # fe7dcc4 Test all possible orders of map entries for enum-flatten-in-struct representa... + # a20e66e Check serialization in flatten::enum_::internally_tagged::unit_enum_with_unkn... + # 1c1a5d9 Reorder struct_ and newtype tests of adjacently_tagged enums to match order i... + # ee3c237 Opt in to generate-macro-expansion when building on docs.rs + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=serde&package-manager=cargo&pr + # evious-version=1.0.225&new-version=1.0.226)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-d + # ependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39437 (@averyrudelphe@gmail.com, #39437) Convert Android resources to lossless .webp (#39437) + # Another tiny binary size win for Android! .webp assets are supported since API level 17, and Servo is built against + # 33, so this shouldn't cause issues. + # Testing: Manual. +https://github.com/servo/servo/pull/39435 (@nicoburns, #39435) codeowners: remove /layout and add /layout/taffy and /fonts for nicoburns (#39435) + # This configuration more accurately reflects what I have time to commit to reviewing. +https://github.com/servo/servo/pull/39432 (@integral@member.fsf.org, #39432) mach: Format package hash files to ensure sha256sum command compatibility (#39432) + # Format the package hash files to include the package hash and filename separated by two spaces, ensuring compatibility + # with the `sha256sum -c` and `shasum -c` command. +https://github.com/servo/servo/pull/39419 (@arihant2math@gmail.com, #39419) storage: Move shared functionality to base (#39419) + # Part of #39418. See that PR for a full description. + # Moves: + # - `read_json_from_file` + # - `write_json_to_file` + # - `IpcSendResult` + # - `IpcSend` + # Renames: + # - `CoreResourceThreadPool` to `ThreadPool` (shorter and more descriptive, as we use it for more than the core + # resource thread now) +https://github.com/servo/servo/pull/39423 (@dependabot[bot], @dependabot[bot], #39423) build(deps): bump time from 0.3.43 to 0.3.44 (#39423) + # Bumps [time](https://github.com/time-rs/time) from 0.3.43 to 0.3.44. + # Release notes + # Sourced from time's releases. + # v0.3.44 + # See the changelog for details. + # Changelog + # Sourced from time's changelog. + # 0.3.44 [2025-09-19] + # Fixed + # Comparisons of PrimitiveDateTime, UtcDateTime, and OffsetDateTime with differing signs (i.e. + # one negative and one positive year) would return the inverse result of what was expected. This was + # introduced in v0.3.42 and has been fixed. + # Type inference would fail due to feature unification when wasm-bindgen enabled serde_json. + # This has been fixed by explicitly specifying the type in the relevant locations. + # Commits + # 04c0ef2 v0.3.44 release + # b942063 Compare datetimes with signed integers + # dcdfbf6 Add explicit type to avoid inference errors + # f203852 Revert "Remove dependency on itoa" + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=time&package-manager=cargo&pre + # vious-version=0.3.43&new-version=0.3.44)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depe + # ndabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39425 (@dependabot[bot], @dependabot[bot], #39425) build(deps): bump rustls from 0.23.31 to 0.23.32 (#39425) + # Bumps [rustls](https://github.com/rustls/rustls) from 0.23.31 to 0.23.32. + # Commits + # 6a188a7 Take semver-compatible updates + # 5abe33e Prepare 0.23.32 + # d3c502e Improve compatibility of TLS1.2 with ECDSA+SHA512 + # ef7063d take webpki 0.103.5 + # 77a0148 ci-bench: RUSTSEC-2025-0057 fxhash -> rustc-hash + # 1492c95 Fix clippy::needless_borrows_for_generic_args + # e029d31 cargo-check-external-types: take updated nightly + # 2d03fa7 Remove test of async-std example + # 20f548a Withdraw use of async-std in example code + # 0cb4244 Track 1.89 lint changes + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rustls&package-manager=cargo&p + # revious-version=0.23.31&new-version=0.23.32)](https://docs.github.com/en/github/managing-security-vulnerabilities/about- + # dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39402 (@Loirooriol, #39402) compositing_traits: Properly cache cumulative node transforms (#39402) + # `cumulative_node_transform()` returns the cached value if present, and otherwise calls + # `cumulative_node_transform_inner()` to compute it. However, `cumulative_node_transform_inner()` was just calling + # itself recursively to compute the ancestor transforms, ignoring the cache. + # Therefore, this patch makes `cumulative_node_transform_inner()` call `cumulative_node_transform()` for the parent. This + # requires merging `AncestorStickyInfo` into `ScrollTreeNodeTransformationCache` in order to cache that data too. + # Testing: Not needed, no behavior change +>>> 2025-09-24T06:04:19Z +https://github.com/servo/servo/pull/39463 (@wusyong, #39463) WebGPU: expose GPUObjectBase to worker (#39463) + # Label attribute in several WebGPU object should be available to worker as + # well. [Firefox](https://searchfox.org/firefox-main/source/dom/webidl/WebGPU.webidl#10) doesn't limit it to window + # either. + # Testing: CTS [try run](https://github.com/wusyong/servo/actions/runs/17942843000) from my fork +https://github.com/servo/servo/pull/39462 (@dependabot[bot], @dependabot[bot], #39462) build(deps): bump libc from 0.2.175 to 0.2.176 (#39462) + # Bumps [libc](https://github.com/rust-lang/libc) from 0.2.175 to 0.2.176. + # Release notes + # Sourced from libc's releases. + # 0.2.176 + # Support + # The default FreeBSD version has been raised from 11 to 12. This matches rustc since 1.78. (#2406) + # Debug is now always implemented, rather than being gated behind the extra_traits feature. (#4624) + # Added + # AIX: Restore some non-POSIX functions guarded by the _KERNEL macro. (#4607) + # FreeBSD 14: Add st_fileref to struct stat (#4642) + # Haiku: Add the accept4 POSIX call (#4586) + # Introduce a wrapper for representing padding (#4632) + # Linux: Add EM_RISCV (#4659) + # Linux: Add MS_NOSYMFOLLOW (#4389) + # Linux: Add backtrace_symbols(_fd) (#4668) + # Linux: Add missing SOL_PACKET optnames (#4669) + # Musl s390x: Add SYS_mseal (#4549) + # NuttX: Add __errno (#4687) + # Redox: Add dirfd, VDISABLE, and resource consts (#4660) + # Redox: Add more resource.h, fcntl.h constants (#4666) + # Redox: Enable strftime and mkostemp[s] (#4629) + # Unix, Windows: Add qsort_r (Unix), and qsort(_s) (Windows) (#4677) + # Unix: Add dlvsym for Linux-gnu, FreeBSD, and NetBSD (#4671) + # Unix: Add sigqueue (#4620) + # Changed + # FreeBSD 15: Mark kinfo_proc as non-exhaustive (#4553) + # FreeBSD: Set the ELF symbol version for readdir_r (#4694) + # Linux: Correct the config for whether or not epoll_event is packed (#4639) + # Tests: Replace the old ctest with the much more reliable new implementation (#4655 and many related PRs) + # Fixed + # AIX: Fix the type of the 4th arguement of getgrnam_r ([#4656](rust-lang/libc#4656 + # FreeBSD: Limit P_IDLEPROC to FreeBSD 15 (#4640) + # FreeBSD: Limit mcontext_t::mc_tlsbase to FreeBSD 15 (#4640) + # FreeBSD: Update gating of mcontext_t.mc_tlsbase (#4703) + # Musl s390x: Correct the definition of statfs[64] (#4549) + # Musl s390x: Make fpreg_t a union (#4549) + # Redox: Fix the types of gid_t and uid_t (#4689) + # Redox: Fix the value of MAP_FIXED (#4684) + # Deprecated + # Apple: Correct the deprecated attribute for iconv (a97a0b53) + # FreeBSD: Deprecate TIOCMGDTRWAIT and TIOCMSDTRWAIT (#4685) + # Removed + # ... (truncated) + # Changelog + # Sourced from libc's changelog. + # 0.2.176 - 2025-09-23 + # Support + # The default FreeBSD version has been raised from 11 to 12. This matches rustc since 1.78. (#2406) + # Debug is now always implemented, rather than being gated behind the extra_traits feature. (#4624) + # Added + # AIX: Restore some non-POSIX functions guarded by the _KERNEL macro. (#4607) + # FreeBSD 14: Add st_fileref to struct stat (#4642) + # Haiku: Add the accept4 POSIX call (#4586) + # Introduce a wrapper for representing padding (#4632) + # Linux: Add EM_RISCV (#4659) + # Linux: Add MS_NOSYMFOLLOW (#4389) + # Linux: Add backtrace_symbols(_fd) (#4668) + # Linux: Add missing SOL_PACKET optnames (#4669) + # Musl s390x: Add SYS_mseal (#4549) + # NuttX: Add __errno (#4687) + # Redox: Add dirfd, VDISABLE, and resource consts (#4660) + # Redox: Add more resource.h, fcntl.h constants (#4666) + # Redox: Enable strftime and mkostemp[s] (#4629) + # Unix, Windows: Add qsort_r (Unix), and qsort(_s) (Windows) (#4677) + # Unix: Add dlvsym for Linux-gnu, FreeBSD, and NetBSD (#4671) + # Unix: Add sigqueue (#4620) + # Changed + # FreeBSD 15: Mark kinfo_proc as non-exhaustive (#4553) + # FreeBSD: Set the ELF symbol version for readdir_r (#4694) + # Linux: Correct the config for whether or not epoll_event is packed (#4639) + # Tests: Replace the old ctest with the much more reliable new implementation (#4655 and many related PRs) + # Fixed + # AIX: Fix the type of the 4th arguement of getgrnam_r ([#4656](rust-lang/libc#4656 + # FreeBSD: Limit P_IDLEPROC to FreeBSD 15 (#4640) + # FreeBSD: Limit mcontext_t::mc_tlsbase to FreeBSD 15 (#4640) + # FreeBSD: Update gating of mcontext_t.mc_tlsbase (#4703) + # Musl s390x: Correct the definition of statfs[64] (#4549) + # Musl s390x: Make fpreg_t a union (#4549) + # Redox: Fix the types of gid_t and uid_t (#4689) + # Redox: Fix the value of MAP_FIXED (#4684) + # Deprecated + # Apple: Correct the deprecated attribute for iconv (a97a0b53) + # FreeBSD: Deprecate TIOCMGDTRWAIT and TIOCMSDTRWAIT (#4685) + # Removed + # ... (truncated) + # Commits + # 15e1389 chore: Release libc 0.2.176 + # 6ca5571 Warn on missing debug implementations + # e653c54 cleanup: Remove the const_fn! macro + # e447441 cleanup: Simplify the syntax of f! and similar macros + # 776a614 cleanup: Use target_vendor = "apple" + # d32f60d doc: Remove an unneeded link to the old ctest repo + # 8c8584b Resolve a ctest FIXME regarding use of size_of in array lengths + # 09c8436 Remove the libc_ctest feature + # fd3ffe4 Remove libc_const_extern_fn + # 9b77a49 Add a note about why Padding requires T: Copy + # Additional commits viewable in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=libc&package-manager=cargo&pre + # vious-version=0.2.175&new-version=0.2.176)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-de + # pendabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39461 (@dependabot[bot], @dependabot[bot], #39461) build(deps): bump imgref from 1.11.0 to 1.12.0 (#39461) + # Bumps [imgref](https://github.com/kornelski/imgref) from 1.11.0 to 1.12.0. + # Commits + # c987cc5 Bump + # 03fd698 Clippy + # 5dcca7b Dedicated error for row indexing + # 94726c8 Don't require Copy for pixels_mut + # dd315f4 Merge pull request #28 from kpreid/mut-sub + # dac9922 Add ImgRefMut::into_sub_image_mut(). + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=imgref&package-manager=cargo&p + # revious-version=1.11.0&new-version=1.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-de + # pendabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39460 (@dependabot[bot], @dependabot[bot], #39460) build(deps): bump the servo-media-related group with 12 updates (#39460) + # Bumps the servo-media-related group with 12 updates: + # | Package | From | To | + # | --- | --- | --- | + # | [servo-media](https://github.com/servo/media) | ``de1ebef`` | ``9186e6a`` | + # | [servo-media-dummy](https://github.com/servo/media) | ``de1ebef`` | ``9186e6a`` | + # | [servo-media-gstreamer](https://github.com/servo/media) | ``de1ebef`` | ``9186e6a`` | + # | servo-media-audio | ``de1ebef`` | ``9186e6a`` | + # | servo-media-derive | ``de1ebef`` | ``9186e6a`` | + # | servo-media-gstreamer-render | ``de1ebef`` | ``9186e6a`` | + # | servo-media-gstreamer-render-android | ``de1ebef`` | ``9186e6a`` | + # | servo-media-gstreamer-render-unix | ``de1ebef`` | ``9186e6a`` | + # | servo-media-player | ``de1ebef`` | ``9186e6a`` | + # | servo-media-streams | ``de1ebef`` | ``9186e6a`` | + # | servo-media-traits | ``de1ebef`` | ``9186e6a`` | + # | servo-media-webrtc | ``de1ebef`` | ``9186e6a`` | + # Updates `servo-media` from `de1ebef` to `9186e6a` + # Commits + # 9186e6a Fix a couple clippy warnings (#449) + # See full diff in compare view + # Updates `servo-media-dummy` from `de1ebef` to `9186e6a` + # Commits + # 9186e6a Fix a couple clippy warnings (#449) + # See full diff in compare view + # Updates `servo-media-gstreamer` from `de1ebef` to `9186e6a` + # Commits + # 9186e6a Fix a couple clippy warnings (#449) + # See full diff in compare view + # Updates `servo-media-audio` from `de1ebef` to `9186e6a` + # Updates `servo-media-derive` from `de1ebef` to `9186e6a` + # Updates `servo-media-gstreamer-render` from `de1ebef` to `9186e6a` + # Updates `servo-media-gstreamer-render-android` from `de1ebef` to `9186e6a` + # Updates `servo-media-gstreamer-render-unix` from `de1ebef` to `9186e6a` + # Updates `servo-media-player` from `de1ebef` to `9186e6a` + # Updates `servo-media-streams` from `de1ebef` to `9186e6a` + # Updates `servo-media-traits` from `de1ebef` to `9186e6a` + # Updates `servo-media-webrtc` from `de1ebef` to `9186e6a` + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39458 (@simonwuelker, #39458) Assert that style element has an owner in `parse_own_css` (#39458) + # The existing `assert!(node.is_connected())` is wrong. What it *wants* to assert is that the style element has an + # owner, which is either a Document or a ShadowRoot that the element is a descendant of. However, if the element is + # descendant of a ShadowRoot which is itself not connected to a document then the assertion would fail. + # Instead, we use `node.is_in_a_document_tree() || node.is_in_a_shadow_tree()`, which more accurately reflects + # the intent. + # Testing: This change adds the test case from https://github.com/servo/servo/issues/37781 as a crashtest + # Fixes https://github.com/servo/servo/issues/39457 + # Fixes https://github.com/servo/servo/issues/37781 +https://github.com/servo/servo/pull/39454 (@simonwuelker, #39454) script: Remove dead code in xpath implementation (#39454) + # Testing: Verified by the fact that the code still compiles, and existing web platform tests of course + # Part of https://github.com/servo/servo/issues/34527 +https://github.com/servo/servo/pull/39371 (@delan, @mrobinson, #39371) script: Move keyboard scrolling to script (#39371) + # Instead of having every single embedder implement keyboard scrolling, + # handle it in script in the default key event handler. This allows + # properly targeting the scroll events to their scroll containers as well + # as appropriately sizing "page up" and "page down" scroll deltas. + # This change means that when you use the keyboard to scroll, the focused + # or most recently clicked `` or overflow scroll container is + # scrolled, rather than the main frame. + # In addition, when a particular scroll frame is larger than its content + # in the axis of the scroll, the scrolling operation is chained to + # the parent (as in other browsers). One exception is for ``s, + # which will be implemented in a followup change. + # Testing: automated tests runnable locally with `mach test-wpt --product servodriver` +https://github.com/servo/servo/pull/39452 (@tharkum, #39452) html: Properly count / insertion/removal steps as the relevant mutations (#39452) + # Follow the HTML specification and take into account that the HTML `/` element inserting/removal steps should only + # be counted as relevant mutations for `` element if the parent of the inclusive ancestor that was inserted/removed + # is the parent `` element. + # See . + # Testing: Improvements in the following tests + # - html/semantics/embedded-content/the-img-element/relevant-mutations.html +https://github.com/servo/servo/pull/39441 (@mrobinson, @Loirooriol, #39441) script: Remove absolute positioning workaround from `scrollIntoView` implementation (#39441) + # This isn't needed as the border box query already takes into account the + # containing block chain. Instead, consistently calculate the new + # scroll position for a scroller relative to its current scroll offset. + # In addition, fix a small bug where the border of a scroll container was + # considered part of scrollport. + # Testing: A new WPT test is added. +https://github.com/servo/servo/pull/39443 (@Loirooriol, @mrobinson, #39443) layout: Clamp sticky positioning offset bounds by zero (#39443) + # Sticky positioning tries to keep an element visible within the nearest scrollport. However, the element can't be + # offset to go beyond its containing block. We implement this as offset bounds. + # The problem was that, if the element would already be overflowing its containing block before applying the sticky + # positioning, then we were forcing it to move inside the containing block. That was wrong, and is solved by flooring + # or ceiling the offset bounds by zero. + # Testing: Adding new tests +https://github.com/servo/servo/pull/39352 (@mrobinson, #39352) servoshell: Move touch event simulation to servoshell (#39352) + # This change removes the `DebugOption` (`-Z`) for touch event simulation + # and moves the implementation of the feature to servoshell. The resaoning + # for this is: + # - This is really a servoshell feature and can be implemented on top of + # the API. This moves more code out of the already too-complicated + # renderer. + # - I would like to consolidate `DebugOptions` into a `ServoLogOptions` + # to collect all options for configuring Servo logging. This requires + # moving away all of the non-logging options. + # - Eventually touch event simulation will be able to reuse the fling + # implementation from servoshell as we are actually simulating touch + # events sent to the `WebView`. + # Testing: This changes a conditional feature that's used for manual debugging. + # It is difficult to write tests for this as there are no servoshell tests that + # verify input handling. +>>> 2025-09-25T06:08:32Z +https://github.com/servo/servo/pull/39474 (@Loirooriol, #39474) layout: Avoid fixed table layout when `inline-size` is `max-content` (#39474) + # This undoes #35882 according to the last CSSWG resolution, since this is required by web compat. + # Testing: Modifying the relevant test +https://github.com/servo/servo/pull/39472 (@mrobinson, #39472) servoshell: Scale WebDriver mouse button coordinates by HiDPI scale factor (#39472) + # Mouse button events are sent in CSSPixel coordinates, but these need to + # so they need to converted into device coordinates when creating an input + # event for them. This isn't an issue for automated test because they + # always use a scale factor of 1. This is a problem when running + # interactively and not in headless mode. + # Testing: This isn't really testable in an automated way, but is very obviously + # causes tests to pass when run with WebDriver and without headless mode. + # Fixes: Part of #38087. +https://github.com/servo/servo/pull/39431 (@kkoyung, #39431) script: Refactoring of algorithm normalization in `SubtleCrypto` (#39431) + # In our current implementation, we have multiple functions such as `normalize_algoirthm_for_encrypt_or_decrypt` and + # `normalize_algorithm_for_sign_or_verify` to normalize an algorithm, and each of them works slightly + # differently. However, the spec defines a single normalization procedure to handle all normalization. + # This patch tries to consolidate our functions into a single spec-compliant normalization function named + # `normalize_algorithm`. + # The refactoring involves many existing code, so this patch only introduces the new infrastructure without touching + # the existing. When this patch gets approved and merged, we can then start migrating the existing to the new + # infrastructure. (Note that SHA's digestion and AES_CTR's encryption are also copied to the new infrastructure + # as demonstration.) + # More details about the refactoring can be found in the comment: + # https://github.com/servo/servo/issues/39368#issuecomment-3316943206 + # Testing: The new code is not in used right now. No test is needed. + # Fixes: Part of #39368 +https://github.com/servo/servo/pull/39411 (@simonwuelker, #39411) Invalidate iterator over elements of a XPathResult when the document changes (#39411) + # Also includes a fix to not throw a type error in `XPathResult.invalidIteratorState`. + # Testing: Includes a new web platform test + # Part of https://github.com/servo/servo/issues/34527 +https://github.com/servo/servo/pull/39453 (@kkoyung, #39453) script: Enable crypto task source at task manager (#39453) + # The Web Cryptography API has the "crypto task source" (https://w3c.github.io/webcrypto/#dfn-crypto-task-source-0) + # to queue tasks to resolve or reject promises created in response to calls to methods of `SubtleCrypto`. + # This patch enables this task source at the script task manager, and queue tasks on this task source from existing + # steps. + # A few WPT error expectations are also added to WPT meta. The related cryptographic algorithms have not yet implemented, + # so the errors are expected. I don't know why WPT test did not capture them before. + # Testing: Existing tests suffice. +https://github.com/servo/servo/pull/39447 (@webbeef, #39447) constellation: Store pending viewport changes (#39447) + # It is possible for viewport changes to be received before the constellation adds a browsing context to its managed set + # when navigating. When that happens, the viewport change is ignored, and eg. the hidpi will keep the default 1.0 value. + # On later page navigation, this value is not updated and leads to incorrect display zooming. The initial page load + # is fine in the current embedders because they update the compositor and webview renderer even if the constellation + # is not fully ready. + # Testing: Testing is difficult because it's device dependent, but I reproduce 100% of the time running winit_minimal + # on a Pinephone Pro. +https://github.com/servo/servo/pull/39466 (@tharkum, #39466) html: Add the reflected 'sizes' IDL attribute for (#39466) + # Add the reflected 'sizes' IDL attribute for element's DOM interface which defines image sizes for different + # page layouts. + # See https://html.spec.whatwg.org/multipage/#dom-img-sizes + # Testing: Improvements in the following tests + # - custom-elements/reactions/customized-builtins/HTMLImageElement.html + # - html/dom/idlharness.https.html + # - html/semantics/embedded-content/the-img-element/relevant-mutations.html +https://github.com/servo/servo/pull/39459 (@simonwuelker, #39459) Never disconnect shadow roots from their hosts (#39459) + # Regular shadow roots can never be detached once they are created. However we were specifically detaching shadow + # roots from media elements when they were disconnected. This is actually one of the very few aspects of shadow + # roots that predate the implementation work I did earlier this year. + # I'm not sure why we ever did this. Maybe its for efficiency reasons, because keeping the shadow tree around is not + # necessary when the media element is not connected. But I can't imagine this yields any benefits, especially since + # you would have to reconstruct the shadow tree when the media element is re-connected (as is the case in the crash + # we observe). + # For simplicities sake, I have completely removed this functionality. Doing so ends up simplifying the code quite a bit. + # Testing: This change adds a new crashtest + # Fixes https://github.com/servo/servo/issues/36722 +https://github.com/servo/servo/pull/39465 (@jdm, #39465) Ensure test_multiprocess_preference_observer waits for reload to complete. (#39465) + # The test could intermittently fail if the second evaluate_javascript() command was received in the script thread + # before the reloaded page actually existed. By serializing the steps so that the page is completely loaded after + # the reload command is issued, we avoid this race. + # Testing: Locally reproduced, could not reproduce after the changes. + # Fixes: #38920 +>>> 2025-09-26T06:04:04Z +https://github.com/servo/servo/pull/39493 (@dependabot[bot], @dependabot[bot], #39493) build(deps): bump the serde-related group with 2 updates (#39493) + # Bumps the serde-related group with 2 updates: [serde](https://github.com/serde-rs/serde) and + # [serde_core](https://github.com/serde-rs/serde). + # Updates `serde` from 1.0.226 to 1.0.227 + # Release notes + # Sourced from serde's releases. + # v1.0.227 + # Documentation improvements (#2991) + # Commits + # 415d9fc Release 1.0.227 + # 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc + # 9d3410e Merge pull request #2992 from dtolnay/inplaceseed + # 2fb6748 Remove InPlaceSeed public re-export + # f8137c7 Inline serde_core into serde in docsrs mode + # b7dbf7e Merge pull request #2990 from dtolnay/integer128 + # 7c83691 No longer macro_use integer128 module + # aa2d9b2 Merge pull request #2989 from dtolnay/pr2987 + # 3a7c11c Rename enum_untagged::generate_newtype_variant -> deserialize_newtype_variant + # 11ce440 Rename enum_untagged::generate_variant -> deserialize_variant + # Additional commits viewable in compare view + # Updates `serde_core` from 1.0.226 to 1.0.227 + # Release notes + # Sourced from serde_core's releases. + # v1.0.227 + # Documentation improvements (#2991) + # Commits + # 415d9fc Release 1.0.227 + # 7c58427 Merge pull request #2991 from dtolnay/inlinecoredoc + # 9d3410e Merge pull request #2992 from dtolnay/inplaceseed + # 2fb6748 Remove InPlaceSeed public re-export + # f8137c7 Inline serde_core into serde in docsrs mode + # b7dbf7e Merge pull request #2990 from dtolnay/integer128 + # 7c83691 No longer macro_use integer128 module + # aa2d9b2 Merge pull request #2989 from dtolnay/pr2987 + # 3a7c11c Rename enum_untagged::generate_newtype_variant -> deserialize_newtype_variant + # 11ce440 Rename enum_untagged::generate_variant -> deserialize_variant + # Additional commits viewable in compare view + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39490 (@TimvdLippe, #39490) Move Request constructor to impl (#39490) + # Doing so allows us to change the type of `init` to take a deref, so that we can also call it when + # implementing `FetchLater` which takes a + # `RootedTraceableBox` + # For more information, see this Zulip thread: + # https://servo.zulipchat.com/#narrow/channel/263398-general/topic/How.20to.20upcast.20.60RootedTraceableBox.3CDeferredReq + # uestInit.3E.60/with/540672042 + # Part of #39448 +https://github.com/servo/servo/pull/39489 (@dependabot[bot], @dependabot[bot], #39489) build(deps): bump async-compression from 0.4.30 to 0.4.31 (#39489) + # Bumps [async-compression](https://github.com/Nullus157/async-compression) from 0.4.30 to 0.4.31. + # Commits + # fcd9e87 chore(async-compression): release v0.4.31 (#386) + # 4ebce39 Flush compressed data out of encoders more often (#383) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=async-compression&package-mana + # ger=cargo&previous-version=0.4.30&new-version=0.4.31)](https://docs.github.com/en/github/managing-security-vulnerabiliti + # es/about-dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39488 (@dependabot[bot], @dependabot[bot], #39488) build(deps): bump aws-lc-rs from 1.14.0 to 1.14.1 (#39488) + # Bumps [aws-lc-rs](https://github.com/aws/aws-lc-rs) from 1.14.0 to 1.14.1. + # Release notes + # Sourced from aws-lc-rs's releases. + # aws-lc-rs v1.14.1 + # What's Changed + # Align aws-lc-sys v0.32.0 w/ AWS-LC v1.61.2 by @​justsmth in aws/aws-lc-rs#884 + # New aarch64 SHA3 now enabled w/ build fix by @​justsmth in aws/aws-lc-rs#878 + # Impl of common traits for ParsedPublicKey by @​justsmth in aws/aws-lc-rs#879 + # impl AsDer<PublicKeyX509Der<'static>> for ParsedPublicKey by @​justsmth in aws/aws-lc-rs#885 + # Issues Being Resolved + # "Cross" cross compiler fails in GitHub action building aws-lc-sys for aarch64-unknown-linux-gnu (ARMv8) + # -- #889 + # iOS Simulator build fails: 'arm64-apple-ios-sim' target invalid -- #761 + # Add way to pre-parse signature keys (i.e. turn signature::UnparsedPublicKey to PublicKey) -- #849 + # Other Merged PRs + # Update to aws-lc-fips-sys v0.13.8 by @​justsmth in aws/aws-lc-rs#883 + # Fix MSRV CI - libloading by @​justsmth in aws/aws-lc-rs#888 + # Bump version to v1.14.1 by @​justsmth in aws/aws-lc-rs#893 + # Fix CI - prebuilt NASM by @​justsmth in aws/aws-lc-rs#886 + # Fix publish script by @​justsmth in aws/aws-lc-rs#880 + # More arm64 targets in CI by @​justsmth in aws/aws-lc-rs#877 + # Full Changelog: https://github.com/aws/aws-lc-rs/compare/v1.14.0...v1.14.1 + # Commits + # ee368e0 Bump version to v1.14.1 (#893) + # 4f45d3d impl AsDer<PublicKeyX509Der<'static>> for ParsedPublicKey (#885) + # 4895a79 Fix MSRV CI - libloading (#888) + # d120394 Align aws-lc-sys v0.32.0 w/ AWS-LC v1.61.2 (#884) + # 5153ad3 Fix CI - prebuilt NASM (#886) + # 4464454 Update to aws-lc-fips-sys v0.13.8 (#883) + # ab1ab3d Common traits for ParsedPublicKey (#879) + # 520bb36 Fix publish script (#880) + # fcd2ba0 Guard NEON+SHA3 s2n-bignum assembly (#878) + # 88c7f50 More arm64 targets in CI (#877) + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws-lc-rs&package-manager=carg + # o&previous-version=1.14.0&new-version=1.14.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about + # -dependabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39487 (@dependabot[bot], @dependabot[bot], #39487) build(deps): bump deranged from 0.5.3 to 0.5.4 (#39487) + # Bumps [deranged](https://github.com/jhpratt/deranged) from 0.5.3 to 0.5.4. + # Commits + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=deranged&package-manager=cargo + # &previous-version=0.5.3&new-version=0.5.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-de + # pendabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39485 (@dependabot[bot], @dependabot[bot], #39485) build(deps): bump memchr from 2.7.5 to 2.7.6 (#39485) + # Bumps [memchr](https://github.com/BurntSushi/memchr) from 2.7.5 to 2.7.6. + # Commits + # 9ba486e 2.7.6 + # ec25b80 aarch64: fix NEON optimization on big-endian + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=memchr&package-manager=cargo&p + # revious-version=2.7.5&new-version=2.7.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-depe + # ndabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39486 (@dependabot[bot], @dependabot[bot], #39486) build(deps): bump regex from 1.11.2 to 1.11.3 (#39486) + # Bumps [regex](https://github.com/rust-lang/regex) from 1.11.2 to 1.11.3. + # Changelog + # Sourced from regex's changelog. + # 1.11.3 (2025-09-25) + # This is a small patch release with an improvement in memory usage in some + # cases. + # Improvements: + # [BUG #1297](rust-lang/regex#1297): + # Improve memory usage by trimming excess memory capacity in some spots. + # Commits + # ef1c2c3 1.11.3 + # ad5cd6c deps: bump regex-automata + # ee69d9e changelog: 1.11.3 + # 159fa3e regex-automata-0.4.11 + # 02a62ba automata: call Vec::shrink_to_fit in a few strategic places + # a76e0a0 cargo: exclude tests/fuzz from the package + # 19172cc style: inline formatting arguments + # 2695e29 ci: fix cross testing + # See full diff in compare view + # [![Dependabot compatibility + # score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=regex&package-manager=cargo&pr + # evious-version=1.11.2&new-version=1.11.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dep + # endabot-security-updates#about-compatibility-scores) + # Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger + # a rebase manually by commenting `@dependabot rebase`. + # [//]: # (dependabot-automerge-start) + # [//]: # (dependabot-automerge-end) +https://github.com/servo/servo/pull/39393 (@Loirooriol, #39393) layout: Correctly handle margins in sticky positioning (#39393) + # This fixes the logic that computes sticky offset bounds in order to correctly take margins into account. + # Testing: One test passes + # Fixes: #39389 +https://github.com/servo/servo/pull/39467 (@Narfinger, #39467) Allow hyper_serde to only depend on serde_core for potentially faster compile times. (#39467) + # Serde_core was released which has all the traits and allows some crates to have parallel compile times. + # More information can be found here: https://github.com/serde-rs/serde/tree/master/serde_core + # serde_bytes already depends on on serde_core. Additionally added serde and serde_core to dependabot group. + # Signed-off-by: Narfinger + # Testing: Compilation is the test. +https://github.com/servo/servo/pull/39480 (@Narfinger, #39480) Script: Change script/dom/{bluetooth,canvas,html} to not rely on Deref for DOMString (#39480) + # This is part of the future work of implementing LazyDOMString as outlined in + # https://github.com/servo/servo/issues/39479. + # We use str() method or direct implementations on DOMString for these methods. We also change some types. + # Signed-off-by: Narfinger + # Testing: This is essentially just renaming a method and a type and should not change functionality. +https://github.com/servo/servo/pull/39481 (@Narfinger, #39481) Script: Change the rest of script to not rely on Deref for DOMString (#39481) + # This is part of the future work of implementing LazyDOMString as outlined in issue #39479. + # We use str() method or direct implementations on DOMString for these methods. We also change some types. + # This is independent of https://github.com/servo/servo/pull/39480 + # Signed-off-by: Narfinger Narfinger@users.noreply.github.com + # Testing: This is essentially just renaming a method and a type and should not change functionality. +https://github.com/servo/servo/pull/39394 (@rodion.borovyk@gmail.com, #39394) script: Add message to NotFoundError (#39394) + # Adding an optional message to be attached to a NotFoundError. + # Testing: Just a refactor + # Part of #39053 +https://github.com/servo/servo/pull/39469 (@mrobinson, @delan, #39469) script: Chain up keyboard scrolling to parent `