main

.circleci/config.yml

@@ -5,15 +5,15 @@ defaults: &defaults
 
 unix_box: &unix_box
   docker:
-    - image: cimg/node:18.18-browsers
+    - image: cimg/node:22.16-browsers
 
 unix_nightly_box: &unix_nightly_box
   docker:
     - image: cimg/node:lts-browsers
 
 orbs:
   puppeteer: threetreeslight/[email protected]
-  browser-tools: circleci/browser-tools@1.4.8
+  browser-tools: circleci/browser-tools@1.5.1
 
 set_npm_auth: &set_npm_auth
   run: npm config set "//registry.npmjs.org/:_authToken" $NPM_AUTH
@@ -61,13 +61,14 @@ jobs:
           paths:
             - node_modules
 
-  # Build and cache axe.js
+  # Build and cache built files
   build_unix:
     <<: *defaults
     <<: *unix_box
     steps:
       - checkout
       - <<: *restore_dependency_cache_unix
+      - run: npm run prepare
       - run: npm run build
       - save_cache:
           key: v9-cache-build-<< pipeline.git.revision >>
@@ -183,8 +184,9 @@ jobs:
       - run:
           name: Install Firefox Nightly
           command: |
-            wget -O firefox-nightly.tar.bz2 "https://download.mozilla.org/?product=firefox-nightly-latest-ssl&os=linux64&lang=en-US"
-            tar xf firefox-nightly.tar.bz2
+            # Assumes Firefox >= 135; in earlier versions, this resolves to a .tar.bz2 instead
+            wget -O firefox-nightly.tar.xz "https://download.mozilla.org/?product=firefox-nightly-latest-ssl&os=linux64&lang=en-US"
+            tar xf firefox-nightly.tar.xz
       - run:
           name: Set Environment Variable
           command: echo "export FIREFOX_NIGHTLY_BIN=$(pwd)/firefox/firefox-bin" >> $BASH_ENV

.eslintignore

@@ -7,5 +7,6 @@ doc/api/*
 doc/examples/jest_react/*.js
 
 lib/core/imports/*.js
+lib/core/utils/uuid.js
 axe.js
-axe.min.js
+axe.min.js

.github/dependabot.yml

@@ -14,6 +14,8 @@ updates:
         update-types:
           - 'minor'
           - 'patch'
+    cooldown:
+      default-days: 7
 
   - package-ecosystem: 'npm'
     directory: '/'
@@ -32,13 +34,27 @@ updates:
         versions: ['>=9.0.0']
       - dependency-name: 'chai'
         versions: ['>=5.0.0']
+      - dependency-name: 'conventional-commits-parser'
+        versions: ['>=6.0.0']
       # Prevent Webpack error caused by v0.11+ of esbuild
       # @see https://github.com/dequelabs/axe-core/issues/3771
       - dependency-name: 'esbuild'
         versions: ['>=0.11.0']
+      # Prevent colorjs.io issue caused by >v0.4.3
+      # @see https://github.com/dequelabs/axe-core/issues/4428
+      - dependency-name: 'colorjs.io'
+        versions: ['>0.4.3']
+      # Still need to support node 18
+      - dependency-name: 'glob'
+        versions: ['>=11.0.0']
+      # Use node 4 types for backward compatibility
+      - dependency-name: '@types/node'
+        versions: ['>=5.0.0']
     groups:
       # Any updates not caught by the group config will get individual PRs
       npm-low-risk:
         update-types:
           - 'minor'
           - 'patch'
+    cooldown:
+      default-days: 7

.github/workflows/Semgrep.yml

@@ -8,7 +8,7 @@
   workflow_dispatch: {}
   # Scan mainline branches and report all findings:
   push:
-    branches: ["master", "main"]
+    branches: ['master', 'main']
   # Schedule the CI job (this method uses cron syntax):
   schedule:
     - cron: '20 17 * * *' # Sets Semgrep to scan every day at 17:20 UTC.
@@ -17,24 +17,24 @@
 jobs:
   semgrep:
     # User definable name of this GitHub Actions job.
-    name: semgrep/ci 
-    # If you are self-hosting, change the following `runs-on` value: 
+    name: semgrep/ci
+    # If you are self-hosting, change the following `runs-on` value:
     runs-on: ubuntu-latest
 
     container:
       # A Docker image with Semgrep installed. Do not change this.
       image: semgrep/semgrep
 
     # Skip any PR created by dependabot to avoid permission issues:
     if: (github.actor != 'dependabot[bot]')
 
     steps:
       # Fetch project source with GitHub Actions Checkout. Use either v3 or v4.
       - uses: actions/checkout@v4
       # Run the "semgrep ci" command on the command line of the docker image.
       - run: semgrep ci
         env:
           # Connect to Semgrep Cloud Platform through your SEMGREP_APP_TOKEN.
           # Generate a token from Semgrep Cloud Platform > Settings
           # and add it to your GitHub secrets.
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

.github/workflows/format.yml

@@ -1,26 +1,34 @@
 name: Formatter
 
-on: [pull_request]
+on:
+  pull_request:
+    branches:
+      - develop
 
 jobs:
   prettier:
+    # This conditional prevents running the job on PRs from forks; won't
+    # have permissions to commit changes, so the job would fail if it ran.
+    # PRs from forks will instead rely on failing the fmt_check job in test.yml
+    if: github.event.pull_request.head.repo.full_name == github.repository
     runs-on: ubuntu-latest
+    timeout-minutes: 5
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.ref }}
       - name: Install dependencies
         run: npm ci
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
-          node-version: 16
+          node-version-file: .nvmrc
           cache: 'npm'
       # Workflows are not allowed to edit workflows. As result, we need to prevent Prettier from formatting them.
       - name: Prevent workflows from being formatted
         run: echo ".github" >> .prettierignore && cat .prettierignore
       - run: npm run fmt
       # Prevent the prettierignore change from being committed.
       - run: git checkout .prettierignore
-      - uses: stefanzweifel/git-auto-commit-action@8756aa072ef5b4a080af5dc8fef36c5d586e521d # tag=v5
+      - uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # tag=v5
         with:
           commit_message: ':robot: Automated formatting fixes'

.github/workflows/release.yml

@@ -7,12 +7,12 @@ jobs:
     name: Create release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
-          node-version: 16
+          node-version-file: .nvmrc
           cache: 'npm'
       - name: Run release script and open PR
         run: |

.github/workflows/test.yml

@@ -12,32 +12,45 @@
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
         with:
-          node-version: 20
+          node-version-file: .nvmrc
           cache: 'npm'
       - run: npm ci
+      - run: npm run prepare
       - run: npm run build
       - uses: actions/upload-artifact@v4
         with:
           name: axe-core
           path: axe.js
           retention-days: 1
 
+  fmt_check:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
+        with:
+          node-version-file: .nvmrc
+          cache: 'npm'
+      - run: npm ci
+      - run: npm run fmt:check
+
   test_node:
     strategy:
       matrix:
-        node: [6, 18, 20]
+        node: [6, 18, 20, 22]
     runs-on: ubuntu-latest
     timeout-minutes: 5
     needs: build
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
         with:
           node-version: ${{ matrix.node}}
-      - uses: actions/download-artifact@v4.1.7
+      - uses: actions/download-artifact@v5
         with:
           name: axe-core
       - run: npm run test:node