With the rise of modern JavaScript frameworks, fewer developers may be choosing to use jQuery for new projects, but worldwide usage is still extremely high. After analyzing the results of a survey conducted by IDC, the OpenJS Foundation estimated that 90% of all websites use jQuery. And about a third of those use an outdated version.
The jQuery Team and OpenJS Foundation are working to fix that as part of the Healthy Web checkup campaign. This guide will explain why it is important to keep your jQuery version up to date and walk you through the process of upgrading jQuery.
Security Vulnerabilities: Like any software, jQuery may contain security vulnerabilities in its codebase. These vulnerabilities can range from Cross-Site Scripting (XSS) vulnerabilities to more severe issues like Remote Code Execution (RCE). As vulnerabilities are discovered, the jQuery team releases patches and updates to address them. By upgrading to the latest version of jQuery, you ensure that your application benefits from these security fixes, reducing the risk of exploitation by attackers.
Security Best Practices: Newer versions of jQuery often incorporate security best practices and enhancements to mitigate common security threats. These improvements may include stricter input validation, improved handling of user-generated content, and better protection against XSS attacks. By upgrading, you adopt these best practices and strengthen the security posture of your application.
Compliance Requirements: Many industries and regulatory frameworks require organizations to maintain up-to-date software and address known security vulnerabilities promptly. Failure to upgrade jQuery and address security issues could lead to non-compliance with these requirements.
jQuery 1.x, 2.x, and 3.x each have a different list of supported browsers. However, given current browser market usage, the browsers that jQuery 3.x supports, which includes IE 9+, should be sufficient in almost all cases. jQuery 4.x will still support IE11, even though Microsoft announced it is officially out of support.
The jQuery Team provides the jQuery Migrate plugin to make upgrading jQuery as easy as possible. It is mainly meant as a development tool that generates warning messages in the browser console that can be used to identify and fix compatibility issues. It temporarily restores deprecated features and behaviors so that older code will still run on newer versions of jQuery while the compatibility issues are addressed.
There are two versions of jQuery Migrate: 1.x and 3.x (there is no Migrate 2.x). Only one version should be used at a time, but you may need to use both in succession if upgrading from a jQuery version that predates jQuery 1.9.
For example, if your current jQuery version is 1.4.4, first use jQuery Migrate 1.x to upgrade to jQuery 1.12.4 and then use jQuery Migrate 3.x to upgrade to the latest jQuery (3.7.1, as of this writing). If your current version is 2.2.4, you only need to use jQuery Migrate 3.x to upgrade to the latest jQuery.
First, add jQuery Migrate to your page *after* loading jQuery.
<script src="https://code.jquery.com/jquery-3.7.1.js"></script> <script src="https://code.jquery.com/jquery-migrate-3.4.1.js"></script>
Then, test your website or application. As different jQuery APIs are used, jQuery Migrate will log messages to the console warning about any deprecations or breaking changes. Address each warning one at a time.
Finally, when no more warnings are logged to the console and all breaking changes have been addressed, the jQuery Migrate can be removed and migration is complete!
See the jQuery Migrate README for more details.
The jQuery Upgrade Guides can be helpful when you’re looking for more details on a breaking change, or you just want to see the full list of breaking changes for each version. There are upgrade guides for jQuery 1.9, 3.0 and 3.5 that list all of the breaking changes that happened in those releases. Most of the breaking changes listed will probably not apply to your code, but these guides add some context and explanation for each change.
With jQuery 4.0 on the horizon, you may wonder what the process will be for upgrading to jQuery 4.x. The answer is that it will be the same as upgrading to jQuery 3.x and it can still be done in one step. In other words, there will be no need to upgrade to jQuery 3.x before upgrading to jQuery 4.x. You will be able to upgrade straight from 1.9+ to jQuery 4.x. We will also have an upgrade guide ready for jQuery 4.0.
Upgrading jQuery is essential for maintaining the security, performance, and compatibility of your web applications. By following the steps outlined in this guide, you can safely upgrade to the latest version of jQuery and take advantage of its new features and improvements while ensuring that your web application remains protected against any discovered vulnerabilities. Remember to regularly check for updates and stay informed about new releases to keep your codebase up to date.
]]>jQuery 4.0.0 has been in the works for a long time, but it is now ready for a beta release! There’s a lot to cover, and the team is excited to see it released. We’ve got bug fixes, performance improvements, and some breaking changes. We removed support for IE<11 after all! Still, we expect disruption to be minimal.
Many of the breaking changes are ones the team has wanted to make for years, but couldn’t in a patch or minor release. We’ve trimmed legacy code, removed some previously-deprecated APIs, removed some internal-only parameters to public functions that were never documented, and dropped support for some “magic” behaviors that were overly complicated.
We will publish a comprehensive upgrade guide before final release, to outline the removed code and how to migrate. The jQuery Migrate plugin will also be ready to assist. For now, please try out the beta release and let us know if you encounter any issues.
As usual, the release is available on our CDN and the npm package manager. Third party CDNs will not be hosting this beta release, but will host the 4.0.0 final release later. Here are some highlights for jQuery 4.0.0 beta.
jQuery 4.0 drops support for IE 10 and older. Some may be asking why we didn’t remove support for IE 11. We plan to remove support in stages, and the next step will be released in jQuery 5.0. For now, we’ll start by removing code specifically supporting IE versions older than 11, giving us a size reduction of -867 gzipped bytes in one PR!
We also dropped support for other very old browsers, including Edge Legacy, iOS <11, Firefox <65, and Android Browser. No changes should be required on your end. If you need to support any of these browsers, simply stick with jQuery 3.x.
These functions have been deprecated for several versions. It’s time to remove them now that we’ve reached a major release. These functions were either always meant to be internal or ones that now have native equivalents in all supported browsers. The removed functions are:
jQuery.cssNumber
jQuery.cssProps
jQuery.isArray
jQuery.parseJSON
jQuery.nodeName
jQuery.isFunction
jQuery.isWindow
jQuery.camelCase
jQuery.type
jQuery.now
jQuery.isNumeric
jQuery.trim
jQuery.fx.interval
push
, sort
, and splice
removedThe jQuery prototype has long had Array methods that did not behave like any other jQuery methods and were always meant for internal-use only. These methods are push
, sort
, and splice
. We switched our uses of these methods to Array functions instead of the jQuery prototype. For example, $elems.push( elem )
became [].push.call( $elems, elem )
. We’re mentioning it here in case there are any plugins out there that may have relied on these methods.
focusin
and focosout
event orderFor a long time, browsers did not agree on the order of focus and blur events, which includes focusin
, focusout
, focus
, and blur
. Finally, the latest versions of all browsers that jQuery 4.0 supports have converged on a common event order. Unfortunately, it differs from the consistent order that jQuery had chosen years ago, which makes this a breaking change. At least everyone is the on the same page now!
jQuery’s order for all four events in previous versions was:
1. focusout 2. blur 3. focusin 4. focus
Starting with jQuery 4.0, we no longer override native behavior. This means that all browsers except IE will follow the current W3C specification, which is:
1. blur 2. focusout 3. focus 4. focusin
For those that are curious, the W3C specification previously defined a different order:
1. focusout 2. focusin 3. blur 4. focus
But, few thought that intuitive and the spec was changed in 2023 to match what browsers have already implemented. Ironically, the only browser to ever follow the old spec was Internet Explorer.
FormData
supportjQuery.ajax
has added support for binary data, including FormData
. Previously, binary data was not a known data type and was converted to a string. That behavior could be disabled by disabling data conversion and handling the data manually, but we decided to make this work automatically. This is technically a breaking change, but should be closer to expected behavior.
Previously, jQuery.ajax
with dataType: "json"
with a provided callback would be converted to a JSONP request. Today, the preferred way to interact with a cross-domain backend is with CORS, which works in all browsers that jQuery 4.0 supports. This should help avoid unexpected behavior in case a developer is unaware that code can be executed from a remote domain with JSONP.
It was a special day when the jQuery source on the main
branch was migrated from AMD to ES modules. The jQuery source has always been published with jQuery releases on npm and GitHub, but could not be imported directly as modules without RequireJS, which was jQuery’s build tool of choice. We have since switched to Rollup for packaging jQuery and we do run all tests on the ES modules separately.
jQuery 4.0 adds support for Trusted Types, ensuring that HTML wrapped in TrustedHTML can be used as input to jQuery manipulation methods in a way that doesn’t violate the require-trusted-types-for
Content Security Policy directive.
Along with this, while some AJAX requests were already using <script>
tags to maintain attributes such as crossdomain
, we have since switched most asynchronous script requests to use <script> tags to avoid any CSP errors caused by using inline scripts. There are still a few cases where XHR is used for asynchronous script requests, such as when the "headers"
option is passed (use scriptAttrs
instead!), but we now use a <script>
tag whenever possible.
The slim build has gotten even smaller in jQuery 4.0.0 with the removal of Deferreds and Callbacks (now below 20k bytes gzipped!). Deferreds have long-supported the Promises A+ standard, so native Promises can be used instead in most cases and they are available in all of jQuery’s supported browsers except IE11. Deferreds do have some extra features that native Promises do not support, but most usage can be migrated to Promise methods. If you need to support IE11, it’s best to use the main build or add a polyfill for native Promises.
You can get the files from the jQuery CDN, or link to them directly:
https://code.jquery.com/jquery-4.0.0-beta.js
https://code.jquery.com/jquery-4.0.0-beta.min.js
You can also get this release from npm:
npm install jquery@4.0.0-beta
Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Finally, all of jQuery’s supported browsers (except for IE11) now have support for native Promises across the board, so Deferreds and Callbacks are no longer needed in most cases. Along with the regular version of jQuery that includes everything, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 8k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:
https://code.jquery.com/jquery-4.0.0-beta.slim.js
https://code.jquery.com/jquery-4.0.0-beta.slim.min.js
These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.
Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including Alex, Ahmed S. El-Afifi, fecore1, Dallas Fraser, Richard Gibson, Michał Gołębiowski-Owczarek, Pierre Grimaud, Gabriela Gutierrez, Jonathan, Necmettin Karakaya, Anders Kaseorg, Wonseop Kim, Simon Legner, Shashanka Nataraj, Pat O’Callaghan, Christian Oliff, Dimitri Papadopoulos Orfanos, Wonhyoung Park, Bruno PIERRE, Baoshuo Ren, Beatriz Rezener, Sean Robinson, Ed Sanders, Timo Tijhof, Tom, Christian Wenz, ygj6 and the whole jQuery team.
jQuery now has its very own Mastodon account. We will be cross posting to both Twitter and Mastodon from now on. Also, you may be interested in following some of our team members that have Mastodon accounts.
jQuery: https://social.lfx.dev/@jquery
mgol: https://hachyderm.io/@mgol
timmywil: https://hachyderm.io/@timmywil
Full changelog: 4.0.0-beta
jQuery 3.7.1 has been released! This release fixes a regression from jQuery 3.6.0 that resulted in rounded dimensions for <tr />
elements in Chrome and Safari. Also, a (mostly) internal Sizzle method, jQuery.find.tokenize
that was on the jQuery object was accidentally removed when we removed Sizzle in jQuery 3.7.0. That method has been restored.
As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.7.1.
jQuery 3.6.0 introduced a change to a support test to account for a sudden failure from Firefox, which started including table borders in computed dimensions for <tr />
elements. That may be actually be correct, but Firefox is the only browser doing it. However, that new support test didn’t account for pages with * { box-sizing: border-box; }
in CSS. And so, the support test failed on those pages in all browsers. The result was a fallback to use outerWidth
and outerHeight
, which unfortunately doesn’t return fractional values. The support test has now been fixed and previous behavior has been restored for Chrome and Safari, but Firefox and IE will continue to return integers.
jQuery has inlined most of the code from Sizzle in jQuery 3.7.0 in preparation for larger changes coming to the jQuery selector engine in the future. For the most part, there were no functional changes, but we did accidentally privatize a method that used to be public. While jQuery.find.tokenize
was not documented, some code relied on it being available. That method has now been restored.
We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.
The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.
If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.
You can get the files from the jQuery CDN, or link to them directly:
https://code.jquery.com/jquery-3.7.1.js
https://code.jquery.com/jquery-3.7.1.min.js
You can also get this release from npm:
npm install jquery@3.7.1
Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:
https://code.jquery.com/jquery-3.7.1.slim.js
https://code.jquery.com/jquery-3.7.1.slim.min.js
These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.
Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including Gabriela Gutierrez, Michal Golebiowski-Owczarek, Timo Tijhof, Dimitri Papadopoulos Orfanos and the whole jQuery team.
jQuery now has its very own Mastodon account. We will be cross posting to both Twitter and Mastodon from now on. Also, you may be interested in following some of our team members that have Mastodon accounts.
jQuery: https://social.lfx.dev/@jquery
mgol: https://hachyderm.io/@mgol
timmywil: https://hachyderm.io/@timmywil
Full changelog: 3.7.1
jQuery 3.7.0 is now available! This release has it all: bug fixes, a new method, and a performance improvement! We even dropped our longtime selector engine: Sizzle. Or, I should say, we moved it into jQuery. jQuery no longer depends on Sizzle as a separate project, but has instead dropped its code directly into jQuery core. This helps us prepare for the major changes coming to selection in future jQuery versions. That doesn’t mean much right now, but jQuery did drop a few bytes because Sizzle supports even older browsers than jQuery. As an aside, we do plan on archiving Sizzle, but we’ll have more details on that in a future blog post.
As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.7.0.
.uniqueSort()
Some APIs, like .prevAll()
, return elements in reverse order, which can result in some confusing behavior when used with wrapping methods. For example,
$elem.prevAll().wrapAll("<p/>")
The above would wrap all of the elements as expected, but it would write those elements to the DOM in reverse order. To solve this in a way that prevented breaking existing code, we’ve documented that .prevAll()
and similar methods return reverse-order collections, which is still desirable in many cases. But we’ve also added a new method to make things easier: a chainable .uniqueSort()
, which does the equivalent of the existing but static jQuery.uniqueSort()
.
So, our previous example would become:
$elem.prevAll().uniqueSort().wrapAll("<p/>")
and the element order in the DOM would remain the same.
jQuery 3.7.0 adds support for more CSS properties that should not automatically have “px” added to them when they are set without units. For instance, .css('aspect-ratio', 5)
would result in the CSS aspect-ratio: 5px;
. All in all, we added seven more properties, and we got a little help with our list from React. Thanks, React!
It’s worth noting that jQuery 4.0 will change the way we handle unitless CSS properties. Rather than relying on a list of CSS properties to avoid adding "px"
, we’ll instead have an list of properties to which we definitely want to add "px"
when there are no units passed. That should be more future-proof.
jQuery 3.7.0 comes with a measurable performance improvement for some use cases when using manipulation methods like .append()
. When we removed a support test for a browser we no longer support, it meant that checks against document changes no longer needed to run at all. Essentially, that resulted in a speedup anywhere between 0% and 100%. The most significant speedup will be for some rare cases where users frequently switch contexts between different documents, perhaps by running manipulations across multiple iframes.
outerHeight(true)
Back in jQuery 3.3.0, we fixed an issue to include scroll gutters in the calculations for .innerWidth()
and .innerHeight()
. However, that fix didn’t take negative margins into account, which meant that .outerWidth(true)
and .outerHeight(true)
no longer respected negative margins. We’ve fixed that in 3.7.0 by separating the margin calculations from the scroll gutter adjustments.
Focus and blur events are probably the most complicated events jQuery has to deal with across browsers. jQuery 3.4.0 introduced some minor regressions when it fixed an issue with the data passed through focus events. We were finally able to close all of those tickets in jQuery 3.7.0!
But, we need to point out a possible breaking change in IE. In all versions of IE, focus
& blur
events are fired asynchronously. In all other browsers, those events are fired synchronously. The asynchronous behavior in IE caused issues. The fix was to change which events we used natively. Fortunately, focusin
& focusout
are run synchronously in IE, and so we now simulate focus
via focusin
and blur
via focusout
in IE. That one change allowed us to rely on synchronous focus events in IE, which solved a lot of issues (see the changelog for the full list).
If you’re curious, support for IE will be dropped in jQuery 5.0 and many of those changes are already in a PR.
We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.
The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.
If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.
You can get the files from the jQuery CDN, or link to them directly:
https://code.jquery.com/jquery-3.7.0.js
https://code.jquery.com/jquery-3.7.0.min.js
You can also get this release from npm:
npm install jquery@3.7.0
Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:
https://code.jquery.com/jquery-3.7.0.slim.js
https://code.jquery.com/jquery-3.7.0.slim.min.js
These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.
Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including fecore1, Michal Golebiowski-Owczarek and the whole jQuery team.
jQuery now has its very own Mastodon account. We will be cross posting to both Twitter and Mastodon from now on. Also, you may be interested in following some of our team members that have Mastodon accounts.
jQuery: https://social.lfx.dev/@jquery
mgol: https://hachyderm.io/@mgol
timmywil: https://hachyderm.io/@timmywil
Full changelog: 3.7.0
If you’ve been following along with recent jQuery releases, we have been working on how to address the recent addition of some new selectors in browsers, especially :has
. jQuery 3.6.3 settled on the strategy of using native CSS.supports
to determined whether a selector should be passed directly to querySelectorAll
or instead go through jQuery’s selector engine, as might be the case when using jQuery selector extensions, complex :not()
, or other selectors that are valid in jQuery but not in the browser. That all technically worked fine, but came with a downside. Fortunately for us, the fix is no longer necessary and we can go back to the old way. More on that below.
As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.6.4.
Whenever you use a selector in CSS, or JS, there is more than one spec involved. There’s a spec to determine whether a selector is valid (i.e. Selectors) and there’s a spec to guide implementers in how a selector should be parsed (i.e. the parser algorithm for consuming a simple block). The parser implementation is more forgiving than the selector spec itself, to allow for things like attribute selectors missing the last ]
character.
When we addressed an issue with some selectors that were being added to modern browsers—specifically :has
—we started making use of another API available in most of our supported browsers—CSS.supports
—to determine whether a selector could safely be passed to native querySelectorAll
or whether it needed to go through jQuery’s selector engine. Selectors may need to bypass qSA
for multiple reasons. It may be a jQuery-only selector extension (:contains
), a standard selector that jQuery supports in a more robust way (:not(complex)
), or a selector we know to be buggy sometimes (:enabled
or :disabled
). Whatever the reason, the introduction of “forgiving parsing” in selectors like :has
made our previous way of determining that an issue because the browser would no longer throw errors for some truly invalid selectors. For instance, :has(:contains)
no longer threw an error when passed to querySelectorAll
. Neither did :has(:monkey)
for that matter. CSS.supports
seemed to be the answer.
And yet, every solution can have a trade-off. The problem now was that selectors that were technically invalid according to the Selectors spec were throwing errors. But these same selectors used to work fine because the parsers were more, for lack of a better term, forgiving. Essentially, CSS.supports
is not as forgiving as the parser.
Meanwhile, in our discussions with spec writers and vendors, it was agreed that we needed to prevent issues similar to the one with :has
from happening again in the future. What does that mean? It means we can go back to the old way . . . mostly. While the spec has been updated, browsers will need some time to update their implementations. And because of that, we still recommend upgrading jQuery to the latest version.
We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.
The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.
If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.
You can get the files from the jQuery CDN, or link to them directly:
https://code.jquery.com/jquery-3.6.4.js
https://code.jquery.com/jquery-3.6.4.min.js
You can also get this release from npm:
npm install jquery@3.6.4
Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:
https://code.jquery.com/jquery-3.6.4.slim.js
https://code.jquery.com/jquery-3.6.4.slim.min.js
These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.
Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including Michal Golebiowski-Owczarek and the whole jQuery team.
jQuery now has its very own Mastodon account. We will be cross posting to both Twitter and Mastodon from now on. Also, you may be interested in following some of our team members that have Mastodon accounts.
jQuery: https://social.lfx.dev/@jquery
mgol: https://hachyderm.io/@mgol
timmywil: https://hachyderm.io/@timmywil
Full changelog: 3.6.4
Last week, we released jQuery 3.6.2. There were several changes in that release, but the most important one addressed an issue with some new selectors introduced in most browsers, like :has()
. We wanted to release jQuery 3.6.3 quickly because an issue was reported that revealed a problem with our original fix. More details on that below.
As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.6.3.
CSS.supports
the right wayAfter the issue with :has
that was fixed in jQuery 3.6.2, we started using CSS.supports( "selector(SELECTOR)")
to determine whether a selector would be valid if passed directly to querySelectorAll
. When CSS.supports
returned false
, jQuery would then fall back to its own selector engine (Sizzle). Apparently, our implementation had a bug. In CSS.supports( "selector(SELECTOR)")
, SELECTOR needed to be a <complex-selector>
and not a <complex-selector-list>
. For example:
CSS.supports("selector(div)"); // true
CSS.supports("selector(div, span)"); // false
This meant that all complex selector lists were passed through Sizzle instead of querySelectorAll
. That’s not necessarily a problem in most cases, but it does mean that some level 4 selectors that were supported in browsers but not in Sizzle, like :valid
, no longer worked if it was part of a selector list (e.g. "input:valid, div"
). It should be noted this currently only affects Firefox, but it will be true in all browsers as they roll out changes to CSS.supports
.
This has now been fixed in jQuery 3.6.3 and it is the only functional change in this release.
We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.
The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.
If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.
You can get the files from the jQuery CDN, or link to them directly:
https://code.jquery.com/jquery-3.6.3.js
https://code.jquery.com/jquery-3.6.3.min.js
You can also get this release from npm:
npm install jquery@3.6.3
Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:
https://code.jquery.com/jquery-3.6.3.slim.js
https://code.jquery.com/jquery-3.6.3.slim.min.js
These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.
Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including Michal Golebiowski-Owczarek and the whole jQuery team.
Full changelog: 3.6.3
You probably weren’t expecting another release so soon, but jQuery 3.6.2 has arrived! The main impetus for this release was the introduction of some new selectors in Chrome. More on that below.
As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.6.2.
jQuery 3.6.1 introduced a minor regression where attempting to retrieve a value for a custom CSS property that didn’t exist (i.e. $elem.css("--custom")
) threw an error instead of returning undefined. This has been fixed in 3.6.2. Related to that, we also made sure that whitespace-only values return the same thing across all browsers. The spec requires that CSS variable values be trimmed, but browsers are inconsistent in their trimming. We now return undefined for whitespace-only values to make it consistent with older jQuery and across the different browsers.
An issue was recently reported that showed that a <template>
‘s document had its documentElement
property set to null
, in compliance with the spec. While it made sense semantically for a template to not yet be tied to a document, it made for an unusual case, specifically in jQuery.contains()
and any methods relying on it. That included manipulation and selector methods. Fortunately, the fix was simple.
The internet experienced a bit of a rumble when Chrome recently introduced some new selectors, the most pertinent of which being :has()
. It was a welcome addition, and one celebrated by the jQuery team, but a change to the spec meant that :has()
used what’s called “forgiving parsing”. Essentially, even if the arguments for :has()
were invalid, the browser returned no results instead of throwing an error. That was problematic in cases where :has()
contained another jQuery selector extension (e.g. :has(:contains("Item"))
) or contained itself (:has(div:has(a))
). Sizzle relied on errors like that to know when to trust native querySelectorAll
and when to run the selector through Sizzle. Selectors that used to work were broken in all jQuery versions dating back to the earliest jQuery versions.
And yet, this little drama didn’t last long. The Chrome team quickly implemented a workaround to fix previous jQuery versions in the vast majority of cases. Safari handled their implementation of :has()
a little differently and didn’t have the same problem. But, there’s still an important issue open to determine how to address this in the CSS spec itself. The CSSWG has since resolved the issue.
jQuery has taken steps to ensure that any forgiving parsing doesn’t break future jQuery versions, even if previous jQuery versions would still be affected.
We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.
The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.
If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.
You can get the files from the jQuery CDN, or link to them directly:
https://code.jquery.com/jquery-3.6.2.js
https://code.jquery.com/jquery-3.6.2.min.js
You can also get this release from npm:
npm install jquery@3.6.2
Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:
https://code.jquery.com/jquery-3.6.2.slim.js
https://code.jquery.com/jquery-3.6.2.slim.min.js
These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.
Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including sashashura, Anders Kaseorg, Michal Golebiowski-Owczarek, and the whole jQuery team.
Full changelog: 3.6.2
undefined
for whitespace-only CSS variable values (#5120) (8bea1dec)jQuery 3.6.1 has been released! It’s been a while since our previous release. We were looking at fixing some elusive edge cases related to focus and blur, but we never quite got the fix right. If there’s any area of jQuery that’s hard to change, it’s likely related to focus somehow. We’re leaving those as-is for now and will address them in the future, especially since the changes may end up warranting a major version release. See gh-4856 and gh-4950 for more details.
That said, this release still comes with some important fixes, detailed below.
As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.6.1:
We’ve done a lot of work in this release to update some of our testing and build infrastructure, including migrating CI from Travis CI to GitHub Actions, testing on Node 16 instead of Node 15, loading our testing listener over https, and adding more accurate testing for custom builds. We also removed some old links from comments in some files in the repo. These links were to URLs that have since been compromised. While these files were never distributed in a release, they still existed in the GitHub source and have been removed.
There’s still one fix related to focus in this release. Our special event handling for focus remained attached even after jQuery focus handlers were removed, which broke any subsequent manual focus triggers. For example,
$elem
.on("focus", function() {})
.off("focus")
.trigger("focus");
would not trigger focus.
Without any size increase, we added support for skipping over any falsey values in an array passed to addClass
or removeClass
.
This makes code like:
elem.addClass( [ "a", "", "b" ] );
add both the a
& b
classes.
A change to the CSS spec requires that custom properties be trimmed. Whitespace is now trimmed for custom CSS property values. Before, something like --prop: value ;
would retain the leading and trailing spaces in the value, returning ” value “.
An issue was discovered with our regex that strips HTML comments from scripts when they are appended, which ended up removing parts of the executable script in certain edge cases. Fortunately, our fix was to rely more on the browsers, but we still need to strip CDATA sections for IE in the 3.x branch. That will be removed in 4.0.
While jQuery.trim
has already been removed on the main branch in favor of native String#trim
in preparation for the next major release, it’s still needed on the 3.x branch for some browsers that branch supports, such as Android 4.0. There were certain edge cases that were incredibly slow due to the structure of our regex. That has since been changed and the speed-up is significant.
We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.
The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.
If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.
You can get the files from the jQuery CDN, or link to them directly:
https://code.jquery.com/jquery-3.6.1.js
https://code.jquery.com/jquery-3.6.1.min.js
You can also get this release from npm:
npm install jquery@3.6.1
Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:
https://code.jquery.com/jquery-3.6.1.slim.js
https://code.jquery.com/jquery-3.6.1.slim.min.js
These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.
Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including fecore1, Richard Gibson, Simon Legner, Michal Golebiowski-Owczarek, Vladimir Sitnikov, Timo Tijhof, Christian Oliff, ygj6, and the whole jQuery team.
Full changelog: 3.6.1
More details about the security issue fixed:
Please remember jQuery UI is in a maintenance state: we’ll make sure the library is compatible with new jQuery releases and that security issues are fixed but no new significant feature work is planned. We’ll also try to fix important regressions from jQuery UI 1.12.1; older long-standing bugs may not get fixed. Note that this does not affect jQuery Core which is still actively maintained.
jQuery CDN, powered by StackPath
See the 1.13 Upgrade Guide for a list of changes that may affect you when upgrading from 1.12.x. For full details on what’s included in this release see the 1.13.2 Changelog.
Thanks to all who helped with this release, specifically: Adam Lidén Hällgren, Christian Oliff, Denny Septian Panggabean, Felix Nagel, James Hinderks, Michał Gołębiowski-Owczarek.
Note: please report bugs to the jQuery UI Bug Tracker; support questions should be posted on Stack Overflow with the jquery-ui tag. Please don’t use comments to report bugs.
If you have feedback on us doing our release for jQuery UI 1.13.2, feel free to leave a comment below. Thank you.
]]>Please remember jQuery UI is in a maintenance state: we’ll make sure the library is compatible with new jQuery releases and that security issues are fixed but no new significant feature work is planned. We’ll also try to fix important regressions from jQuery UI 1.12.1; older long-standing bugs may not get fixed. Note that this does not affect jQuery Core which is still actively maintained.
jQuery CDN, powered by StackPath
See the 1.13 Upgrade Guide for a list of changes that may affect you when upgrading from 1.12.x. For full details on what’s included in this release see the 1.13.1 Changelog.
Thanks to all who helped with this release, specifically: Ben Mullins, Felix Nagel, GitHub, Josep Sanz, Michał Gołębiowski-Owczarek.
Note: please report bugs to the jQuery UI Bug Tracker; support questions should be posted on Stack Overflow with the jquery-ui tag. Please don’t use comments to report bugs.
If you have feedback on us doing our release for jQuery UI 1.13.1, feel free to leave a comment below. Thank you.
]]>