Skip to content

chore(deps-dev): bump sinon from 18.0.0 to 22.0.0 in /build#41548

Merged
DeepDiver1975 merged 1 commit into
masterfrom
dependabot/npm_and_yarn/build/sinon-22.0.0
Jun 2, 2026
Merged

chore(deps-dev): bump sinon from 18.0.0 to 22.0.0 in /build#41548
DeepDiver1975 merged 1 commit into
masterfrom
dependabot/npm_and_yarn/build/sinon-22.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Copy link
Copy Markdown
Contributor

Bumps sinon from 18.0.0 to 22.0.0.

Changelog

Sourced from sinon's changelog.

22.0.0

  • ed911df5 Update Ruby gems (Carl-Erik Kopseng)
  • 75a1e5b8 Update to Node 26 (Carl-Erik Kopseng)
  • 197d6608 Update documentation on faking timers to reflect the current state of fake-timers (Carl-Erik Kopseng)
  • c5ddf80b Update fake-timers@15.4: includes new Temporal API (Carl-Erik Kopseng)
  • f4ab02f6 Update updatable packages (Carl-Erik Kopseng)
  • 0536afc8 Quality: Global mutable call id can grow unbounded across long-lived processes (#2691) (tuanaiseo)
    • refactor: global mutable call id can grow unbounded across l

    callId is module-scoped and incremented on every invocation. In long-running test runners or embedded usage, this can grow indefinitely and eventually lose integer precision semantics for strict ordering comparisons.

    Affected files: proxy-invoke.js

    Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com

    • Wrap around for all values that are too high

    Signed-off-by: tuanaiseo 221258316+tuanaiseo@users.noreply.github.com Co-authored-by: Carl-Erik Kopseng carlerik@gmail.com

  • f4f7d93b Perform additional cleanup when calling callThrough() (#2670) (Cyrille)
  • 6199e9e4 improve GitHubworkflows by introducing zizmor for monitoring (#2686) (Till!)
    • fix(workflows): fetch-depth is for actions/checkout
    • chore(workflows): update
    • pin all actions to precise commits
    • avoid credential leakage from actions/checkout
    • group action updates going forward
    • add zimor config to ignore "secrets outside env"
    • add job to keep validating workflows
  • f7476b59 Use path.normalize() for path normalization (Carl-Erik Kopseng)
  • 2c975393 fix: make build and node test scripts cross-platform (laplace young)
  • a7692917 fix: isolate walk state from Object prototype (laplace young)
  • 66df977a Fix sinon.restore() cascade-restoring sub-sandboxes (#2704) (Charlie Leitheiser)

    The ESM port of createApi (#2683, shipped in 21.1.0) replaced createSandbox: createSandbox with a wrapper that pushes every newly-created sandbox into the root sandbox's fake collection:

... (truncated)

Commits
  • 52555af 22.0.0
  • ed911df Update Ruby gems
  • 75a1e5b Update to Node 26
  • 197d660 Update documentation on faking timers to reflect the current state of fake-ti...
  • c5ddf80 Update fake-timers@15.4: includes new Temporal API
  • f4ab02f Update updatable packages
  • 0536afc Quality: Global mutable call id can grow unbounded across long-lived processe...
  • f4f7d93 Perform additional cleanup when calling callThrough() (#2670)
  • 6199e9e improve GitHubworkflows by introducing zizmor for monitoring (#2686)
  • 1519009 Merge #2703: isolate walk state from Object prototype
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [sinon](https://github.com/sinonjs/sinon) from 18.0.0 to 22.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](sinonjs/sinon@v18.0.0...v22.0.0)

---
updated-dependencies:
- dependency-name: sinon
  dependency-version: 22.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@update-docs

update-docs Bot commented May 12, 2026

Copy link
Copy Markdown

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@DeepDiver1975 DeepDiver1975 merged commit aaf5f0d into master Jun 2, 2026
10 checks passed
@DeepDiver1975 DeepDiver1975 deleted the dependabot/npm_and_yarn/build/sinon-22.0.0 branch June 2, 2026 20:38
DeepDiver1975 added a commit that referenced this pull request Jun 8, 2026
sinon v20.0.0 removed nise (the XHR simulation library) from its
browser UMD bundle (pkg/sinon.js), causing sinon.fakeServer to be
undefined. karma-jasmine-sinon injects pkg/sinon.js and relies on
window.sinon.fakeServer, so every test using fakeServer.create() in
specHelper.js fails.

sinon v19.0.5 is the last version whose browser bundle still exports
fakeServer. The broken bump to ^22.0.0 was introduced in commit
aaf5f0d (dependabot bump #41548) without test validation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>
DeepDiver1975 added a commit that referenced this pull request Jun 9, 2026
* ci: add JavaScript unit test job to GitHub Actions

Mirror the Drone CI javascript() pipeline in GitHub Actions by adding a
local reusable workflow (js-unit.yml) that runs `make test-js` via Karma,
and wiring it into ci.yml.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>

* ci(js-unit): install Firefox from Mozilla PPA instead of snap

On ubuntu-latest (24.04), apt-get install firefox installs a snap
wrapper. Snap-sandboxed Firefox cannot connect to Karma's loopback
socket (localhost:9876), causing all 3 launch attempts to time out.

Install the native deb from the Mozilla PPA with a pin rule that
ensures it wins over the snap wrapper on any future apt-get run.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>

* fix(js-tests): pin sinon to ^19.0.5 to restore fakeServer in browser

sinon v20.0.0 removed nise (the XHR simulation library) from its
browser UMD bundle (pkg/sinon.js), causing sinon.fakeServer to be
undefined. karma-jasmine-sinon injects pkg/sinon.js and relies on
window.sinon.fakeServer, so every test using fakeServer.create() in
specHelper.js fails.

sinon v19.0.5 is the last version whose browser bundle still exports
fakeServer. The broken bump to ^22.0.0 was introduced in commit
aaf5f0d (dependabot bump #41548) without test validation.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>

* fix(js-tests): fix jasmine 5.x incompatibilities in test helpers

Two pre-existing issues exposed by running tests in CI for the first time:

1. jasmine-sinon@0.4.0 calls jasmine.pp() which was removed as a global
   in jasmine 4+. jasmine-core was bumped to 5.1.1 in #40956 without
   this being caught. Add a jasmine.pp shim in specHelper.js that
   redirects to JSON.stringify.

2. setupchecksSpec.js checkDataProtected tests were changed from
   requests[0].respond() to respondWith+respond() in cf22336 to fix
   a jasmine 5.x issue, but this breaks with nise 6.1.x (sinon 19+) due
   to nise behavior changes. The checkWebDAV tests use requests[0].respond()
   successfully, so revert checkDataProtected to the same direct-respond
   pattern.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>

* fix(js-tests): restore test isolation broken by Jasmine 5 random ordering

Two tests relied on shared mutable state that leaked between specs when
Jasmine 5 randomized execution order:

- mimeTypeSpec: afterEach restored OC.currentTheme.name but not
  OC.currentTheme.directory, causing shareSpec's OC.imagePath() calls to
  return the themed '/themes/abc/...' path instead of the expected default.

- setupchecksSpec: oc_dataURL was set once at describe-body level and a
  test mutated it to false with no cleanup, so subsequent tests saw
  oc_dataURL===false and checkDataProtected() returned early without
  making any XHR, leaving suite.server.requests[0] undefined.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>

* fix(js-tests): fix three more test isolation issues from Jasmine 5 ordering

Three more leaks exposed by Jasmine 5's randomised test execution:

1. mimeTypeSpec: afterEach restored OC.currentTheme name/directory but
   did not flush OC.MimeType._mimeTypeIcons. Tests running after the theme
   describe got a cache hit with the themed path for 'dir' and failed.

2. l10nSpec: 'calls callback if locale is en' stubbed OC.getLocale but
   never called localeStub.restore(), leaving getLocale wrapped for any
   test that ran afterward and tried to stub it again.

3. appSpec (files_sharing): app.js registers a notification handler via
   $(document).ready at load time. The 'Action events' beforeEach called
   registerNotificationHandler() a second time without removing the first,
   so each body event fired two handlers and reload counts were 2 instead
   of 1. Fix: clear all OCA.Notification.Action handlers before adding the
   test-owned one.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>

* fix(js-tests): restore $.fn.slideUp stub in fileactionsSpec

The 'cleans up after hiding' test stubbed $.fn.slideUp globally but
never called slideUpStub.restore(). When Jasmine 5 ran this test before
any test that relies on slideUp (e.g. coreSpec's menu toggle test), the
stub remained active and prevented OC.hideMenus() from hiding elements
via slideUp, causing navigation visibility assertions to fail.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>

---------

Signed-off-by: Thomas Müller <1005065+DeepDiver1975@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant