[webkit-changes] [WebKit/WebKit] 6b69f5: Cherry-pick fdaaccf6d779. rdar://problem/98335573

MyahCobbs noreply at github.com
Thu Oct 26 12:09:19 PDT 2023


  Branch: refs/heads/safari-7613.4.1.0-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: 6b69f56e4cc972b5c66f05e6fe701cdbe7a7b39d
      https://github.com/WebKit/WebKit/commit/6b69f56e4cc972b5c66f05e6fe701cdbe7a7b39d
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2022-08-08 (Mon, 08 Aug 2022)

  Changed paths:
    A JSTests/stress/map-clear-get.js
    A JSTests/stress/set-clear-has.js
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp
    M Source/JavaScriptCore/runtime/HashMapImpl.h
    M Source/JavaScriptCore/runtime/HashMapImplInlines.h
    M Source/JavaScriptCore/runtime/JSMap.h
    M Source/JavaScriptCore/runtime/JSModuleLoader.cpp
    M Source/JavaScriptCore/runtime/JSSet.h
    M Source/JavaScriptCore/runtime/MapConstructor.cpp
    M Source/JavaScriptCore/runtime/MapPrototype.cpp
    M Source/JavaScriptCore/runtime/SetConstructor.cpp
    M Source/JavaScriptCore/runtime/SetPrototype.cpp
    M Source/JavaScriptCore/runtime/WeakMapImplInlines.h
    M Source/WebCore/bindings/js/JSDOMMapLike.cpp
    M Source/WebCore/bindings/js/JSDOMSetLike.cpp
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp

  Log Message:
  -----------
  Cherry-pick fdaaccf6d779. rdar://problem/98335573

    Cherry-pick 1ed1e4a336e1. rdar://problem/98068082

        [JSC] Make JSMap and JSSet construction more simple and efficient
        https://bugs.webkit.org/show_bug.cgi?id=243557
        rdar://98068082

        Reviewed by Mark Lam and Saam Barati.

        This patch makes the initial buffer of JSMap / JSSet nullptr so that we can make allocation of them
        simpler and efficient for non-using case. It cleans up many code in module loader etc. And it paves
        the way to allocating them from DFG and FTL efficiently. It also cleans up SerializedScriptValue
        implementation.

        * JSTests/stress/map-clear-get.js: Added.
        (shouldBe):
        (test):
        * JSTests/stress/set-clear-has.js: Added.
        (shouldBe):
        (set clear):
        (set shouldBe):
        (set new):
        * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
        (JSC::DFG::SpeculativeJIT::compile):
        * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
        (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
        * Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp:
        (JSC::AbstractModuleRecord::finishCreation):
        * Source/JavaScriptCore/runtime/HashMapImpl.h:
        (JSC::HashMapBuffer::tryCreate):
        (JSC::HashMapImpl::HashMapImpl):
        (JSC::HashMapBuffer::create): Deleted.
        (JSC::HashMapImpl::shouldRehashAfterAdd const): Deleted.
        * Source/JavaScriptCore/runtime/HashMapImplInlines.h:
        (JSC::shouldShrink):
        (JSC::shouldRehash):
        (JSC::nextCapacity):
        (JSC::HashMapImpl<HashMapBucketType>::finishCreation):
        (JSC::HashMapImpl<HashMapBucketType>::add):
        (JSC::HashMapImpl<HashMapBucketType>::addNormalized):
        (JSC::HashMapImpl<HashMapBucketType>::remove):
        (JSC::HashMapImpl<HashMapBucketType>::clear):
        (JSC::HashMapImpl<HashMapBucketType>::setUpHeadAndTail):
        (JSC::HashMapImpl<HashMapBucketType>::addNormalizedNonExistingForCloning):
        (JSC::HashMapImpl<HashMapBucketType>::addNormalizedNonExistingForCloningInternal):
        (JSC::HashMapImpl<HashMapBucketType>::addNormalizedInternal):
        (JSC::HashMapImpl<HashMapBucketType>::findBucketAlreadyHashedAndNormalized):
        (JSC::HashMapImpl<HashMapBucketType>::rehash):
        (JSC::HashMapImpl<HashMapBucketType>::makeAndSetNewBuffer):
        (JSC::HashMapImpl<HashMapBucketType>::assertBufferIsEmpty):
        (JSC::shouldRehashAfterAdd): Deleted.
        (JSC::HashMapImpl<HashMapBucketType>::assertBufferIsEmpty const): Deleted.
        * Source/JavaScriptCore/runtime/JSMap.h:
        * Source/JavaScriptCore/runtime/JSModuleLoader.cpp:
        (JSC::JSModuleLoader::finishCreation):
        * Source/JavaScriptCore/runtime/JSSet.h:
        * Source/JavaScriptCore/runtime/MapConstructor.cpp:
        (JSC::JSC_DEFINE_HOST_FUNCTION):
        * Source/JavaScriptCore/runtime/MapPrototype.cpp:
        (JSC::JSC_DEFINE_HOST_FUNCTION):
        * Source/JavaScriptCore/runtime/SetConstructor.cpp:
        (JSC::JSC_DEFINE_HOST_FUNCTION):
        * Source/JavaScriptCore/runtime/SetPrototype.cpp:
        (JSC::JSC_DEFINE_HOST_FUNCTION):
        * Source/JavaScriptCore/runtime/WeakMapImplInlines.h:
        (JSC::WeakMapImpl<WeakMapBucket>::shouldRehashAfterAdd const):
        * Source/WebCore/bindings/js/JSDOMMapLike.cpp:
        (WebCore::getBackingMap):
        * Source/WebCore/bindings/js/JSDOMSetLike.cpp:
        (WebCore::getBackingSet):
        * Source/WebCore/bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::deserialize):

        Canonical link: https://commits.webkit.org/253133@main

    Canonical link: https://commits.webkit.org/245886.832@safari-7613.3.9.0-branch

Canonical link: https://commits.webkit.org/245886.819@safari-7613.4.1.0-branch


  Commit: cc1264ff76335cd62a22a57ed1b4a5bf8939f43a
      https://github.com/WebKit/WebKit/commit/cc1264ff76335cd62a22a57ed1b4a5bf8939f43a
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-08-08 (Mon, 08 Aug 2022)

  Changed paths:
    M Source/WTF/Scripts/Preferences/WebPreferences.yaml
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
    M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
    M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
    M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm

  Log Message:
  -----------
  Cherry-pick 3e51b624e5ec. rdar://problem/97275837

Canonical link: https://commits.webkit.org/245886.821@safari-7613.4.1.0-branch


  Commit: 4c0398cd5328d5be4f44d06edd73d96b1a9cf687
      https://github.com/WebKit/WebKit/commit/4c0398cd5328d5be4f44d06edd73d96b1a9cf687
  Author: Eric Carlson <eric.carlson at apple.com>
  Date:   2022-08-08 (Mon, 08 Aug 2022)

  Changed paths:
    M Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h
    M Source/WebCore/page/ActivityState.cpp
    M Source/WebCore/page/ActivityState.h
    M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
    M Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
    M Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.h
    M Source/WebKit/UIProcess/WebProcessPool.h
    M Source/WebKit/UIProcess/WebProcessProxy.h
    M Source/WebKit/UIProcess/mac/WindowServerConnection.h
    M Source/WebKit/UIProcess/mac/WindowServerConnection.mm
    M Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm

  Log Message:
  -----------
  Cherry-pick 6e14685cafbd. rdar://problem/97275137

    Mute capture when disconnected from hardware console
    rdar://87794804

    Reviewed by Brent Fulgham

    * Source/WebCore/PAL/pal/spi/cg/CoreGraphicsSPI.h
    * Source/WebCore/page/ActivityState.cpp
    * Source/WebCore/page/ActivityState.h
    * Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
    * Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
    * Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
    * Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm
    * Source/WebKit/UIProcess/WebPageProxy.cpp
    * Source/WebKit/UIProcess/WebPageProxy.h
    * Source/WebKit/UIProcess/WebProcessPool.h
    * Source/WebKit/UIProcess/WebProcessProxy.h
    * Source/WebKit/UIProcess/mac/WindowServerConnection.h
    * Source/WebKit/UIProcess/mac/WindowServerConnection.mm
    * Tools/TestWebKitAPI/Tests/WebKit/GetUserMedia.mm

    Canonical link: https://commits.webkit.org/251762@main
    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@295757 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Canonical link: https://commits.webkit.org/245886.822@safari-7613.4.1.0-branch


  Commit: 5e1e9e342804bdd1d4df6aed4cef4b326681f658
      https://github.com/WebKit/WebKit/commit/5e1e9e342804bdd1d4df6aed4cef4b326681f658
  Author: Abigail Fox <abigail_fox at apple.com>
  Date:   2022-08-08 (Mon, 08 Aug 2022)

  Changed paths:
    M Source/WebCore/platform/cocoa/PlaybackSessionModel.h
    M Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm
    M Source/WebCore/platform/ios/PlaybackSessionInterfaceAVKit.mm
    M Source/WebCore/platform/ios/VideoFullscreenInterfaceAVKit.mm
    M Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm
    M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h
    M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.messages.in
    M Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm
    M Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm

  Log Message:
  -----------
  Cherry-pick f5f63453c9cd. rdar://problem/97273615

    Refactor PlaybackSessionModel::externalPlaybackTargetType to use enum class
    rdar://63360025
    https://bugs.webkit.org/show_bug.cgi?id=242476

    Reviewed by Eric Carlson.

    * Source/WebCore/platform/cocoa/PlaybackSessionModel.h:
    (): Deleted.
    * Source/WebCore/platform/cocoa/PlaybackSessionModelMediaElement.mm:
    (WebCore::PlaybackSessionModelMediaElement::externalPlaybackTargetType const):
    * Source/WebCore/platform/ios/PlaybackSessionInterfaceAVKit.mm:
    (WebCore::PlaybackSessionInterfaceAVKit::externalPlaybackChanged):
    * Source/WebCore/platform/ios/VideoFullscreenInterfaceAVKit.mm:
    (VideoFullscreenInterfaceAVKit::~VideoFullscreenInterfaceAVKit):
    * Source/WebCore/platform/ios/WebVideoFullscreenControllerAVKit.mm:
    (VideoFullscreenControllerContext::externalPlaybackTargetType const):
    * Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.h:
    * Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.messages.in:
    * Source/WebKit/UIProcess/Cocoa/PlaybackSessionManagerProxy.mm:
    (WebKit::PlaybackSessionManagerProxy::externalPlaybackPropertiesChanged):
    * Source/WebKit/WebProcess/cocoa/PlaybackSessionManager.mm:
    (WebKit::PlaybackSessionManager::externalPlaybackChanged):

    Canonical link: https://commits.webkit.org/252247@main

Canonical link: https://commits.webkit.org/245886.823@safari-7613.4.1.0-branch


  Commit: 726d1034d700c1b18455de3f56f038960761da83
      https://github.com/WebKit/WebKit/commit/726d1034d700c1b18455de3f56f038960761da83
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-08-10 (Wed, 10 Aug 2022)

  Changed paths:
    M Source/WTF/Scripts/Preferences/WebPreferences.yaml
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
    M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
    M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
    M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm

  Log Message:
  -----------
  Revert 3e51b624e5ec. rdar://problem/97275837

This reverts commit cc1264ff76335cd62a22a57ed1b4a5bf8939f43a.

Canonical link: https://commits.webkit.org/245886.824@safari-7613.4.1.0-branch


  Commit: 5d2cc6074b86f0df8892f9683361e9f51e8ab73f
      https://github.com/WebKit/WebKit/commit/5d2cc6074b86f0df8892f9683361e9f51e8ab73f
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-08-10 (Wed, 10 Aug 2022)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.4.1.0.2

Canonical link: https://commits.webkit.org/245886.825@safari-7613.4.1.0-branch


  Commit: 1394b06f39aab790eced1e754b58b1170262f65c
      https://github.com/WebKit/WebKit/commit/1394b06f39aab790eced1e754b58b1170262f65c
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-08-10 (Wed, 10 Aug 2022)

  Changed paths:
    M Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp

  Log Message:
  -----------
  Apply patch. rdar://problem/97276205

Canonical link: https://commits.webkit.org/245886.826@safari-7613.4.1.0-branch


  Commit: 899003b833b6365ee59af86ee6842efcd607c47a
      https://github.com/WebKit/WebKit/commit/899003b833b6365ee59af86ee6842efcd607c47a
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-08-10 (Wed, 10 Aug 2022)

  Changed paths:
    M Source/WTF/Scripts/Preferences/WebPreferences.yaml
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
    M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
    M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
    M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm

  Log Message:
  -----------
  Cherry-pick 3e51b624e5ec. rdar://problem/97275837

This reverts commit 726d1034d700c1b18455de3f56f038960761da83.

Canonical link: https://commits.webkit.org/245886.827@safari-7613.4.1.0-branch


  Commit: 08cc7f2e638ec5264e8832f2e1aeec225e0190cd
      https://github.com/WebKit/WebKit/commit/08cc7f2e638ec5264e8832f2e1aeec225e0190cd
  Author: Russell Epstein <repstein at apple.com>
  Date:   2022-08-11 (Thu, 11 Aug 2022)

  Changed paths:
    M Source/WTF/Scripts/Preferences/WebPreferences.yaml
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebKit/UIProcess/API/C/WKPreferences.cpp
    M Source/WebKit/UIProcess/API/C/WKPreferencesRefPrivate.h
    M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
    M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
    M Tools/TestWebKitAPI/Tests/mac/LoadWebArchive.mm

  Log Message:
  -----------
  Revert "Cherry-pick 3e51b624e5ec. rdar://problem/97275837"

This reverts commit 899003b833b6365ee59af86ee6842efcd607c47a.

Canonical link: https://commits.webkit.org/245886.828@safari-7613.4.1.0-branch


  Commit: 78772cac166ad953efdfb42fd34fb6a3e4de96de
      https://github.com/WebKit/WebKit/commit/78772cac166ad953efdfb42fd34fb6a3e4de96de
  Author: Russell Epstein <repstein at apple.com>
  Date:   2022-08-11 (Thu, 11 Aug 2022)

  Changed paths:
    M Source/JavaScriptCore/bytecode/BytecodeDumper.cpp
    M Source/JavaScriptCore/bytecode/BytecodeDumper.h
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator.h
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.h
    M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp
    M Source/JavaScriptCore/wasm/WasmBBQPlan.h
    M Source/JavaScriptCore/wasm/WasmHandlerInfo.h
    M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h
    M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp
    M Source/JavaScriptCore/wasm/WasmOMGPlan.h
    M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp
    M Source/JavaScriptCore/wasm/WasmOSREntryPlan.h
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp

  Log Message:
  -----------
  Apply patch. rdar://problem/97021541

Canonical link: https://commits.webkit.org/245886.829@safari-7613.4.1.0-branch


  Commit: 4434a3007d520b5f199ac307c5029f429a85c956
      https://github.com/WebKit/WebKit/commit/4434a3007d520b5f199ac307c5029f429a85c956
  Author: Russell Epstein <repstein at apple.com>
  Date:   2022-08-11 (Thu, 11 Aug 2022)

  Changed paths:
    M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp

  Log Message:
  -----------
  Apply patch. rdar://problem/97263817

Canonical link: https://commits.webkit.org/245886.830@safari-7613.4.1.0-branch


  Commit: 9eabbe4e332bc5d980370ae957e3a6fa6ac403d3
      https://github.com/WebKit/WebKit/commit/9eabbe4e332bc5d980370ae957e3a6fa6ac403d3
  Author: Russell Epstein <repstein at apple.com>
  Date:   2022-08-11 (Thu, 11 Aug 2022)

  Changed paths:
    M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
    M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.cpp
    M Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabaseTransaction.h
    M Source/WebCore/Modules/indexeddb/shared/IDBResultData.cpp
    M Source/WebCore/Modules/indexeddb/shared/IDBResultData.h

  Log Message:
  -----------
  Apply patch. rdar://problem/97276161

Canonical link: https://commits.webkit.org/245886.831@safari-7613.4.1.0-branch


  Commit: a539633a1b424371cc1a23d9547240b3fa57fc86
      https://github.com/WebKit/WebKit/commit/a539633a1b424371cc1a23d9547240b3fa57fc86
  Author: Richard Robinson <richard_robinson2 at apple.com>
  Date:   2022-08-15 (Mon, 15 Aug 2022)

  Changed paths:
    M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm

  Log Message:
  -----------
  Cherry-pick 02857c1a71fe. rdar://problem/97324281

    Make PDF annotation creation more robust
    https://bugs.webkit.org/show_bug.cgi?id=242781
    rdar://96688395

    Reviewed by Aditya Keerthi.

    * Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm:
    (WebKit::PDFPlugin::createPasswordEntryForm):
    (WebKit::PDFPlugin::setActiveAnnotation):

    Canonical link: https://commits.webkit.org/252513@main

Canonical link: https://commits.webkit.org/245886.832@safari-7613.4.1.0-branch


  Commit: b0bd0f115d5e66aa3ccb375816eb5741a9146b56
      https://github.com/WebKit/WebKit/commit/b0bd0f115d5e66aa3ccb375816eb5741a9146b56
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2022-08-15 (Mon, 15 Aug 2022)

  Changed paths:
    M Source/WebCore/Modules/speech/SpeechRecognitionCaptureSourceImpl.cpp
    M Source/WebCore/Modules/webaudio/MediaStreamAudioSourceCocoa.cpp
    M Source/WebCore/platform/audio/cocoa/WebAudioBufferList.cpp
    M Source/WebCore/platform/audio/cocoa/WebAudioBufferList.h
    M Source/WebCore/platform/mock/MockAudioDestinationCocoa.h

  Log Message:
  -----------
  Cherry-pick 659f5b107515. rdar://problem/97689284

    Account for larger sample spaces in WebAudioBufferList
    https://bugs.webkit.org/show_bug.cgi?id=243181
    <rdar://97391151>

    Reviewed by Chris Dumez.

    Use size_t for sample count to account for larger sample spaces in WebAudioBufferList.

    * Source/WebCore/Modules/speech/SpeechRecognitionCaptureSourceImpl.cpp:
    (WebCore::SpeechRecognitionCaptureSourceImpl::pullSamplesAndCallDataCallback):
    * Source/WebCore/Modules/webaudio/MediaStreamAudioSourceCocoa.cpp:
    (WebCore::MediaStreamAudioSource::consumeAudio):
    * Source/WebCore/platform/audio/cocoa/WebAudioBufferList.cpp:
    (WebCore::WebAudioBufferList::WebAudioBufferList):
    (WebCore::computeBufferSizes):
    (WebCore::WebAudioBufferList::isSupportedDescription):
    (WebCore::WebAudioBufferList::setSampleCount):
    * Source/WebCore/platform/audio/cocoa/WebAudioBufferList.h:
    * Source/WebCore/platform/mediastream/mac/MockAudioSharedUnit.mm:
    * Source/WebCore/platform/mock/MockAudioDestinationCocoa.h:

    Canonical link: https://commits.webkit.org/252808@main

Canonical link: https://commits.webkit.org/245886.833@safari-7613.4.1.0-branch


  Commit: 0504ebf2768d6d4d28dc8b385103b51317c05191
      https://github.com/WebKit/WebKit/commit/0504ebf2768d6d4d28dc8b385103b51317c05191
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-08-15 (Mon, 15 Aug 2022)

  Changed paths:
    M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm

  Log Message:
  -----------
  Revert 02857c1a71fe. rdar://problem/97324281

This reverts commit a539633a1b424371cc1a23d9547240b3fa57fc86.

Canonical link: https://commits.webkit.org/245886.834@safari-7613.4.1.0-branch


  Commit: fd49f1b001dd08d8357087c072054706d95ad208
      https://github.com/WebKit/WebKit/commit/fd49f1b001dd08d8357087c072054706d95ad208
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.5.1.0.1

Canonical link: https://commits.webkit.org/245886.835@safari-7613.4.1.0-branch


  Commit: 353f9e53dea8066c2b45d771aa198beb0d573c85
      https://github.com/WebKit/WebKit/commit/353f9e53dea8066c2b45d771aa198beb0d573c85
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-09-23 (Fri, 23 Sep 2022)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.5.1.0.2

Canonical link: https://commits.webkit.org/245886.836@safari-7613.4.1.0-branch


  Commit: fb27035017e464208f3b2ae98b3d4a551d8d035b
      https://github.com/WebKit/WebKit/commit/fb27035017e464208f3b2ae98b3d4a551d8d035b
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2022-09-23 (Fri, 23 Sep 2022)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGGraph.h
    M Source/JavaScriptCore/dfg/DFGNode.h
    M Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
    M Source/JavaScriptCore/dfg/DFGNodeFlags.h
    M Source/JavaScriptCore/dfg/DFGNodeType.h

  Log Message:
  -----------
  Cherry-pick ef76e31a2a06. rdar://problem/99203199

    [JSC] BakcwardPropagationPhase should carry NaN / Infinity handling
    https://bugs.webkit.org/show_bug.cgi?id=242964
    rdar://96791603

    Reviewed by Mark Lam.

    For correctness, we should carry NaN / Infinity handling to make it more clear in the code generation site.

    * Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
    (JSC::DFG::BackwardsPropagationPhase::propagate):
    * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupArithDivInt32):
    (JSC::DFG::FixupPhase::fixupArithDiv):
    * Source/JavaScriptCore/dfg/DFGGraph.h:
    * Source/JavaScriptCore/dfg/DFGNode.h:
    * Source/JavaScriptCore/dfg/DFGNodeFlags.cpp:
    (JSC::DFG::dumpNodeFlags):
    * Source/JavaScriptCore/dfg/DFGNodeFlags.h:
    (JSC::DFG::bytecodeCanIgnoreNaNAndInfinity):
    (JSC::DFG::nodeCanSpeculateInt32ForDiv):
    * Source/JavaScriptCore/dfg/DFGNodeType.h:

    Canonical link: https://commits.webkit.org/252675@main

Canonical link: https://commits.webkit.org/245886.837@safari-7613.4.1.0-branch


  Commit: ef3bf06da387c8c91a940ab97d0780fe9ed24153
      https://github.com/WebKit/WebKit/commit/ef3bf06da387c8c91a940ab97d0780fe9ed24153
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2022-09-23 (Fri, 23 Sep 2022)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGGraph.h
    M Source/JavaScriptCore/dfg/DFGNode.h
    M Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
    M Source/JavaScriptCore/dfg/DFGNodeFlags.h
    M Source/JavaScriptCore/dfg/DFGNodeType.h

  Log Message:
  -----------
  Cherry-pick 0f4e2b68c124. rdar://problem/99203199

    [JSC] Revert 252675 at main and do simple fix for now
    https://bugs.webkit.org/show_bug.cgi?id=243697

    Reviewed by Mark Lam.

    This patch revert 252675 at main, and instead, just always emitting check for div / mod,
    because 252675 at main caused JetStream2 regression.

    * Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
    (JSC::DFG::BackwardsPropagationPhase::propagate):
    * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupArithDivInt32):
    (JSC::DFG::FixupPhase::fixupArithDiv):
    * Source/JavaScriptCore/dfg/DFGGraph.h:
    * Source/JavaScriptCore/dfg/DFGNode.h:
    * Source/JavaScriptCore/dfg/DFGNodeFlags.cpp:
    (JSC::DFG::dumpNodeFlags):
    * Source/JavaScriptCore/dfg/DFGNodeFlags.h:
    (JSC::DFG::bytecodeCanIgnoreNaNAndInfinity): Deleted.
    (JSC::DFG::nodeCanSpeculateInt32ForDiv): Deleted.
    * Source/JavaScriptCore/dfg/DFGNodeType.h:

    Canonical link: https://commits.webkit.org/253246@main

Canonical link: https://commits.webkit.org/245886.838@safari-7613.4.1.0-branch


  Commit: cbf91c03915558ed09255cc753d3f6443ee7f783
      https://github.com/WebKit/WebKit/commit/cbf91c03915558ed09255cc753d3f6443ee7f783
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-11-09 (Wed, 09 Nov 2022)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.6.1.0.1

Canonical link: https://commits.webkit.org/245886.839@safari-7613.4.1.0-branch


  Commit: 199ebb752dd8e5699ef7b1776cd9db0afe3d7e67
      https://github.com/WebKit/WebKit/commit/199ebb752dd8e5699ef7b1776cd9db0afe3d7e67
  Author: Alex Christensen <achristensen at webkit.org>
  Date:   2022-11-09 (Wed, 09 Nov 2022)

  Changed paths:
    M Source/WTF/wtf/URLHelpers.cpp
    M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm

  Log Message:
  -----------
  Cherry-pick 16904a9a85c8. rdar://problem/101518562

    Punycode all IPA extensions code points in URLs
    https://bugs.webkit.org/show_bug.cgi?id=247289
    rdar://101429376

    Reviewed by Tim Horton.

    * Source/WTF/wtf/URLHelpers.cpp:
    (WTF::URLHelpers::isLookalikeCharacter):
    * Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
    (TestWebKitAPI::TEST):

    Canonical link: https://commits.webkit.org/256267@main

Canonical link: https://commits.webkit.org/245886.839@safari-7613.4.1.0-branch


  Commit: 44e845aba9eb42d8118dce5c01c59539d9512ad3
      https://github.com/WebKit/WebKit/commit/44e845aba9eb42d8118dce5c01c59539d9512ad3
  Author: Alex Christensen <achristensen at webkit.org>
  Date:   2022-11-09 (Wed, 09 Nov 2022)

  Changed paths:
    M Source/WTF/wtf/URLHelpers.cpp
    M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm

  Log Message:
  -----------
  Cherry-pick 85e478aae63c. rdar://problem/100623939

    Punycode Arabic diacritics when not preceded by an Arabic code point in a URL host
    https://bugs.webkit.org/show_bug.cgi?id=247461
    rdar://100426863

    Reviewed by Said Abou-Hallawa.

    * Source/WTF/wtf/URLHelpers.cpp:
    (WTF::URLHelpers::isArabicDiacritic):
    (WTF::URLHelpers::isArabicCodePoint):
    (WTF::URLHelpers::isLookalikeCharacter):
    * Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
    (TestWebKitAPI::TEST):

    Canonical link: https://commits.webkit.org/256332@main

Canonical link: https://commits.webkit.org/245886.840@safari-7613.4.1.0-branch


  Commit: 04050e1cb8356bc3902874006bd8c43ffad73d0d
      https://github.com/WebKit/WebKit/commit/04050e1cb8356bc3902874006bd8c43ffad73d0d
  Author: Alex Christensen <achristensen at webkit.org>
  Date:   2022-11-09 (Wed, 09 Nov 2022)

  Changed paths:
    M LayoutTests/fast/encoding/idn-security-expected.txt
    M LayoutTests/fast/encoding/idn-security.html
    M Source/WTF/wtf/URLHelpers.cpp
    M Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm

  Log Message:
  -----------
  Cherry-pick a6c922ea6f05. rdar://problem/101518569

    Punycode U+0E01 when in the context of non-Thai characters
    https://bugs.webkit.org/show_bug.cgi?id=247287
    rdar://101434628

    Reviewed by Tim Horton.

    * Source/WTF/wtf/URLHelpers.cpp:
    (WTF::URLHelpers::isLookalikeCharacterOfScriptType<USCRIPT_THAI>):
    (WTF::URLHelpers::isLookalikeCharacter):
    * Tools/TestWebKitAPI/Tests/WTF/cocoa/URLExtras.mm:
    (TestWebKitAPI::TEST):

    Canonical link: https://commits.webkit.org/256276@main

Canonical link: https://commits.webkit.org/245886.841@safari-7613.4.1.0-branch


  Commit: 34444ef889fb9b8778d7fe2b40c2a16880c36230
      https://github.com/WebKit/WebKit/commit/34444ef889fb9b8778d7fe2b40c2a16880c36230
  Author: Matt Woodrow <mattwoodrow at apple.com>
  Date:   2022-11-09 (Wed, 09 Nov 2022)

  Changed paths:
    M LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt
    A LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt
    A LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp

  Log Message:
  -----------
  Cherry-pick ad6383440b73. rdar://problem/101291011

    Throw a DataCloneError when attempting to serialize an ImageBitmap without the origin-clean flag.
    https://bugs.webkit.org/show_bug.cgi?id=246783
    <rdar://100901435>

    Reviewed by Youenn Fablet.

    The HTML spec expects us to reject serialization/transfer of ImageBitmaps that don't have the origin-clean flag, rather
    than tansferring them and tainting any <canvas> elements they get drawn to.

    * LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt:
    * LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt:
    * LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt:
    * LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-serializable-expected.txt:
    * LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/canvas/element/manual/imagebitmap/createImageBitmap-transfer-expected.txt:
    * Source/WebCore/bindings/js/SerializedScriptValue.cpp:
    (WebCore::CloneSerializer::dumpImageBitmap):
    (WebCore::SerializedScriptValue::create):

    Canonical link: https://commits.webkit.org/255882@main

Canonical link: https://commits.webkit.org/245886.842@safari-7613.4.1.0-branch


  Commit: 5ab53f3b7c90100bd9d1eacbc4df091fc67eed95
      https://github.com/WebKit/WebKit/commit/5ab53f3b7c90100bd9d1eacbc4df091fc67eed95
  Author: Michael Saboff <msaboff at apple.com>
  Date:   2022-11-09 (Wed, 09 Nov 2022)

  Changed paths:
    A JSTests/stress/regexp-strengthreduce-results-noholes.js
    M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp

  Log Message:
  -----------
  Cherry-pick b0b694fd099f. rdar://problem/100902686

    Strength reduction analyzes RegEx.exec incorrectly and generate a hole for the result array
    https://bugs.webkit.org/show_bug.cgi?id=245464
    rdar://100494428

    Reviewed by Mark Lam.

    When employing RegExp.exec strength reductions, we need to create "undefined" entries in the result array
    instead of null entries per the EcmaScript spec for RegExp.match.

    * JSTests/stress/regexp-strengthreduce-results-noholes.js: Added.
    (runRegExp):
    (assertSameAsFirstResult):
    * Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
    (JSC::DFG::StrengthReductionPhase::handleNode):

    Canonical link: https://commits.webkit.org/256241@main

Canonical link: https://commits.webkit.org/245886.843@safari-7613.4.1.0-branch


  Commit: 203a082fdd7b87e8a2e83f89e7f1b2fdc9eee58e
      https://github.com/WebKit/WebKit/commit/203a082fdd7b87e8a2e83f89e7f1b2fdc9eee58e
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2022-11-09 (Wed, 09 Nov 2022)

  Changed paths:
    M LayoutTests/fast/canvas/webgl/largeBuffer-expected.txt
    M LayoutTests/fast/canvas/webgl/largeBuffer.html
    A LayoutTests/platform/gtk/fast/canvas/webgl/largeBuffer-expected.txt
    A LayoutTests/webgl/buffer-copysubdata-overlap-no-crash-expected.txt
    A LayoutTests/webgl/buffer-copysubdata-overlap-no-crash.html
    M LayoutTests/webgl/webgl-allow-shared-expected.txt
    M Source/WebCore/html/canvas/WebGL2RenderingContext.cpp
    M Source/WebCore/html/canvas/WebGL2RenderingContext.h
    M Source/WebCore/html/canvas/WebGLBuffer.cpp
    M Source/WebCore/html/canvas/WebGLBuffer.h
    M Source/WebCore/html/canvas/WebGLRenderingContext.cpp
    M Source/WebCore/html/canvas/WebGLRenderingContext.h
    M Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp
    M Source/WebCore/html/canvas/WebGLRenderingContextBase.h

  Log Message:
  -----------
  Cherry-pick be0a403feb9d. rdar://problem/101591366

    WebGL buffers maintain shadow copy
    https://bugs.webkit.org/show_bug.cgi?id=245137
    rdar://97453557

    Reviewed by Kenneth Russell.

    Remove the code caching the WebGL buffer data and size.
    The data was used to assert that indices drawn with DrawElements are
    in range for other buffers.
    Remove the data, it is verified by ANGLE.

    The size was used to assert that updates to the buffer are in range.
    Since we do not check the success of the updates, we cannot cache the
    size. The size is checked by ANGLE.

    * LayoutTests/webgl/buffer-copysubdata-overlap-no-crash.html: Added.
    * Source/WebCore/html/canvas/WebGL2RenderingContext.cpp:
    (WebCore::WebGL2RenderingContext::copyBufferSubData):
    (WebCore::WebGL2RenderingContext::getBufferSubData):
    (WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Deleted.
    * Source/WebCore/html/canvas/WebGL2RenderingContext.h:
    * Source/WebCore/html/canvas/WebGLBuffer.cpp:
    (WebCore::WebGLBuffer::WebGLBuffer):
    (WebCore::WebGLBuffer::associateBufferDataImpl):
    (WebCore::WebGLBuffer::associateBufferSubDataImpl):
    (WebCore::WebGLBuffer::associateCopyBufferSubData):
    * Source/WebCore/html/canvas/WebGLBuffer.h:
    * Source/WebCore/html/canvas/WebGLRenderingContext.cpp:
    * Source/WebCore/html/canvas/WebGLRenderingContext.h:
    * Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:
    (WebCore::WebGLRenderingContextBase::bufferData):
    (WebCore::WebGLRenderingContextBase::bufferSubData):
    (WebCore::WebGLRenderingContextBase::validateVertexAttributes):
    (WebCore::WebGLRenderingContextBase::validateDrawArrays):
    (WebCore::WebGLRenderingContextBase::validateDrawElements):
    * Source/WebCore/html/canvas/WebGLRenderingContextBase.h:
    (WebCore::WebGLRenderingContextBase::getMaxIndex):

    Canonical link: https://commits.webkit.org/254544@main

Canonical link: https://commits.webkit.org/245886.844@safari-7613.4.1.0-branch


  Commit: 98c314b3d7f961c48123cae443675bdf26454bb1
      https://github.com/WebKit/WebKit/commit/98c314b3d7f961c48123cae443675bdf26454bb1
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2022-11-09 (Wed, 09 Nov 2022)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGFailedFinalizer.h
    M Source/JavaScriptCore/dfg/DFGFinalizer.h
    M Source/JavaScriptCore/dfg/DFGJITFinalizer.h
    M Source/JavaScriptCore/dfg/DFGPlan.cpp
    M Source/JavaScriptCore/ftl/FTLJITFinalizer.h

  Log Message:
  -----------
  Cherry-pick c4c58496ef4a. rdar://problem/101290752

    [JSC] Simplify Finalization in DFG / FTL
    https://bugs.webkit.org/show_bug.cgi?id=246724
    rdar://101165751

    Reviewed by Justin Michaud.

    This patch simplifies DFG / FTL finalization by early returning failure case.

    * Source/JavaScriptCore/dfg/DFGFailedFinalizer.h:
    * Source/JavaScriptCore/dfg/DFGFinalizer.h:
    * Source/JavaScriptCore/dfg/DFGJITFinalizer.h:
    * Source/JavaScriptCore/dfg/DFGPlan.cpp:
    (JSC::DFG::Plan::finalize):
    * Source/JavaScriptCore/ftl/FTLJITFinalizer.h:

    Canonical link: https://commits.webkit.org/255714@main

Canonical link: https://commits.webkit.org/245886.845@safari-7613.4.1.0-branch


  Commit: e7eaf1f8634dc7f55ef19ef808ba658bff7e6060
      https://github.com/WebKit/WebKit/commit/e7eaf1f8634dc7f55ef19ef808ba658bff7e6060
  Author: Yijia Huang <hyjorc1 at gmail.com>
  Date:   2022-11-09 (Wed, 09 Nov 2022)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGClobberize.h

  Log Message:
  -----------
  Cherry-pick fd57a49d07c9. rdar://problem/100903734

    [JSC] Should model BigInt with side effects
    https://bugs.webkit.org/show_bug.cgi?id=246291
    rdar://100494823

    Reviewed by Yusuke Suzuki.

    Operations with two BigInt operands have side effects,
    which should not be hoisted from loops.

    * Source/JavaScriptCore/dfg/DFGClobberize.cpp:
    (JSC::DFG::doesWrites):
    * Source/JavaScriptCore/dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):

    Canonical link: https://commits.webkit.org/255368@main

Canonical link: https://commits.webkit.org/245886.846@safari-7613.4.1.0-branch


  Commit: 3117d671e8053960f9912b564b94cb4bc0e3a537
      https://github.com/WebKit/WebKit/commit/3117d671e8053960f9912b564b94cb4bc0e3a537
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-11-15 (Tue, 15 Nov 2022)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.6.1.0.2

Canonical link: https://commits.webkit.org/245886.847@safari-7613.4.1.0-branch


  Commit: 60823f4925076fa93d2b2e2758e5317cdf80c46c
      https://github.com/WebKit/WebKit/commit/60823f4925076fa93d2b2e2758e5317cdf80c46c
  Author: David Degazio <d_degazio at apple.com>
  Date:   2022-11-15 (Tue, 15 Nov 2022)

  Changed paths:
    A JSTests/stress/intl-locale-invalid-hourCycles.js
    M Source/JavaScriptCore/runtime/IntlLocale.cpp

  Log Message:
  -----------
  Cherry-pick 86fbeb6fcd63. rdar://problem/102251589

    Intl.Locale.prototype.hourCycles leaks empty JSValue to script
    https://bugs.webkit.org/show_bug.cgi?id=247562
    rdar://102031379

    Reviewed by Mark Lam.

    We currently don't check if IntlLocale::hourCycles returns a null JSArray, which allows it
    to be encoded as an empty JSValue and exposed to user code. This patch throws a TypeError
    when udatpg_open returns a failed status.

    * JSTests/stress/intl-locale-invalid-hourCycles.js: Added.
    (main):
    * Source/JavaScriptCore/runtime/IntlLocale.cpp:
    (JSC::IntlLocale::hourCycles):

    Canonical link: https://commits.webkit.org/256473@main

Canonical link: https://commits.webkit.org/245886.848@safari-7613.4.1.0-branch


  Commit: a333f4e99c1e872b6a4cc3527f06b2a985e13c47
      https://github.com/WebKit/WebKit/commit/a333f4e99c1e872b6a4cc3527f06b2a985e13c47
  Author: Russell Epstein <repstein at apple.com>
  Date:   2022-11-28 (Mon, 28 Nov 2022)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.6.1.0.3

Canonical link: https://commits.webkit.org/245886.849@safari-7613.4.1.0-branch


  Commit: 9a529fd127ee65b2bf755781b2bb3ea6d13bf0b3
      https://github.com/WebKit/WebKit/commit/9a529fd127ee65b2bf755781b2bb3ea6d13bf0b3
  Author: Mark Lam <mark.lam at apple.com>
  Date:   2022-11-28 (Mon, 28 Nov 2022)

  Changed paths:
    A JSTests/stress/speculate-real-number-in-object-is.js
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

  Log Message:
  -----------
  Cherry-pick 71cdc1c09ef1. rdar://problem/102718559

    The provenType filtering in FTL's speculateRealNumber is incorrect.
    https://bugs.webkit.org/show_bug.cgi?id=248266
    <rdar://problem/102531234>

    Reviewed by Justin Michaud.

    speculateRealNumber does a doubleEqual compare, which filters out double values which
    are not NaN.  NaN values will fall through to the `intCase` block.  In the `intCase` block,
    the isNotInt32() check there was given a proven type that wrongly filters out ~SpecFullDouble.

    Consider a scenario where the edge was proven to be { SpecInt32Only, SpecDoubleReal,
    SpecDoublePureNaN }.  SpecFullDouble is defined as SpecDoubleReal | SpecDoubleNaN, and
    SpecDoubleNaN is defined as SpecDoublePureNaN | SpecDoubleImpureNaN.  Hence, the filtering
    of the proven type with ~SpecFullDouble means that isNotInt32() will effectively be given
    a proven type of

        { SpecInt32Only, SpecDoubleReal, SpecDoublePureNaN } - { SpecDoubleReal, SpecDoublePureNaN }

    which yields

        { SpecInt32Only }.

    As a result, the compiler will think that that isNotIn32() check will always fail.  This
    is not correct if the actual incoming value for that edge is actually a PureNaN.  In this
    case, speculateRealNumber should have OSR exited, but it doesn't because it thinks that
    the isNotInt32() check will always fail and elide the check altogether.

    In this patch, we fix this by replacing the ~SpecFullDouble with ~SpecDoubleReal.  We also
    rename the `intCase` block to `intOrNaNCase` to document what it actually handles.

    * JSTests/stress/speculate-real-number-in-object-is.js: Added.
    (test.object_is_opt):
    (test):
    * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
    (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):

    Canonical link: https://commits.webkit.org/252432.839@safari-7614-branch

Canonical link: https://commits.webkit.org/245886.850@safari-7613.4.1.0-branch


  Commit: 35d68a95bfa561eb979d36a3f35de4baa1f37f95
      https://github.com/WebKit/WebKit/commit/35d68a95bfa561eb979d36a3f35de4baa1f37f95
  Author: Alan Coon <alancoon at apple.com>
  Date:   2022-12-05 (Mon, 05 Dec 2022)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.1

Canonical link: https://commits.webkit.org/245886.851@safari-7613.4.1.0-branch


  Commit: fbdc7aab38a999c3ecba6c447e44c84121b43646
      https://github.com/WebKit/WebKit/commit/fbdc7aab38a999c3ecba6c447e44c84121b43646
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2022-12-16 (Fri, 16 Dec 2022)

  Changed paths:
    A LayoutTests/svg/use-element-updateUserAgentShadowTree-crash-expected.txt
    A LayoutTests/svg/use-element-updateUserAgentShadowTree-crash.html
    M Source/WebCore/dom/EventTarget.cpp

  Log Message:
  -----------
  Cherry-pick 0c1b973a7433. rdar://problem/103268389

    Assertion hit under EventTarget::fireEventListeners()
    https://bugs.webkit.org/show_bug.cgi?id=247580
    rdar://98238259

    Reviewed by Ryosuke Niwa.

    We were hitting the `ScriptDisallowedScope::isScriptAllowedInMainThread()`
    assertion under EventTarget::fireEventListeners(). However, the caller is
    SVGUseElement::updateUserAgentShadowTree() which has a EventAllowedScope to
    allow event dispatch in the shadow root subtree.

    I updated the assertion in fireEventListeners() to rely on
    isEventDispatchAllowedInSubtree() instead when the EventTarget is a Node,
    so that the ScriptDisallowedScope is taken into account.

    * LayoutTests/svg/use-element-updateUserAgentShadowTree-crash-expected.txt: Added.
    * LayoutTests/svg/use-element-updateUserAgentShadowTree-crash.html: Added.
    * Source/WebCore/dom/EventTarget.cpp:
    (WebCore::EventTarget::fireEventListeners):

    Canonical link: https://commits.webkit.org/256451@main

Canonical link: https://commits.webkit.org/245886.852@safari-7613.4.1.0-branch


  Commit: b0b230bfb1d4f20a8bc6897d38a5d3a1055b24ef
      https://github.com/WebKit/WebKit/commit/b0b230bfb1d4f20a8bc6897d38a5d3a1055b24ef
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2022-12-16 (Fri, 16 Dec 2022)

  Changed paths:
    A LayoutTests/editing/selection/modify-extend-iframe-orphan-expected.txt
    A LayoutTests/editing/selection/modify-extend-iframe-orphan.html
    M Source/WebCore/editing/FrameSelection.cpp

  Log Message:
  -----------
  Cherry-pick fa17c4664715. rdar://problem/103268539

    ASSERTION FAILED: !document().selection().selection().isOrphan() in ContainerNode::removeNodeWithScriptAssertion
    https://bugs.webkit.org/show_bug.cgi?id=247781
    rdar://101497964

    Reviewed by Wenson Hsieh, Darin Adler and Geoffrey Garen.

    The bug was caused by VisibleSelection::setBase setting selection ends to point to nodes
    in a wrong document as a side effect of calling VisibleSelection::validate when m_anchor
    isn't cleared due to a node removal when live range selection is disabled.

    * LayoutTests/editing/selection/modify-extend-iframe-orphan-expected.txt: Added.
    * LayoutTests/editing/selection/modify-extend-iframe-orphan.html: Added.
    * Source/WebCore/editing/FrameSelection.cpp:
    (WebCore::selectionIsOrphanedOrBelongsToWrongDocument):
    (WebCore::FrameSelection::willBeModified):

    Canonical link: https://commits.webkit.org/252432.816@safari-7614-branch

Canonical link: https://commits.webkit.org/245886.853@safari-7613.4.1.0-branch


  Commit: 439f45e8cc712e2f294635b7820581e248e4a336
      https://github.com/WebKit/WebKit/commit/439f45e8cc712e2f294635b7820581e248e4a336
  Author: Arunsundar Kannan <arunsundar_kannan at apple.com>
  Date:   2022-12-16 (Fri, 16 Dec 2022)

  Changed paths:
    A LayoutTests/fast/forms/textfield-input-type-crash-onblur-expected.txt
    A LayoutTests/fast/forms/textfield-input-type-crash-onblur.html
    M Source/WebCore/html/HTMLInputElement.cpp
    M Source/WebCore/html/HTMLOptionElement.cpp
    M Source/WebCore/html/TextFieldInputType.cpp

  Log Message:
  -----------
  Cherry-pick 665170902bfa. rdar://problem/103268522

    UAF crash occurs during a style update when an older freed HTMLElement is accessed
    https://bugs.webkit.org/show_bug.cgi?id=247389
    rdar://101420898

    Reviewed by Ryosuke Niwa and Ryan Haddad.

    * LayoutTests/fast/forms/textfield-input-type-crash-onblur-expected.txt: Added.
    * LayoutTests/fast/forms/textfield-input-type-crash-onblur.html: Added.
    * Source/WebCore/html/HTMLInputElement.cpp:
    (WebCore::HTMLInputElement::dataListMayHaveChanged):
    * Source/WebCore/html/HTMLOptionElement.cpp:
    (WebCore::HTMLOptionElement::childrenChanged):
    * Source/WebCore/html/TextFieldInputType.cpp:
    (WebCore::TextFieldInputType::createDataListDropdownIndicator):
    (WebCore::TextFieldInputType::dataListMayHaveChanged):

    Canonical link: https://commits.webkit.org/252432.838@safari-7614-branch

Canonical link: https://commits.webkit.org/245886.854@safari-7613.4.1.0-branch


  Commit: e73e6e8c930f6b832eedd512afb0a3b80275f3b4
      https://github.com/WebKit/WebKit/commit/e73e6e8c930f6b832eedd512afb0a3b80275f3b4
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2022-12-16 (Fri, 16 Dec 2022)

  Changed paths:
    A LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash-expected.txt
    A LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash.html
    M Source/WebCore/dom/Document.cpp

  Log Message:
  -----------
  Cherry-pick a47510d4bcf4. rdar://problem/103268511

    Fix potential crash under IntersectionObserver::disconnect()
    https://bugs.webkit.org/show_bug.cgi?id=248111
    rdar://100355921

    Reviewed by Jonathan Bedard and Ryosuke Niwa.

    Make sure we protect the intersection observers and resize observers before
    calling disconnect() on them in Document::commonTeardown().

    This is a speculative fix to address the crash in the radar, which I was
    unable to reproduce.

    * LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash-expected.txt: Added.
    * LayoutTests/fast/dom/lazy-loading-iframe-destruction-crash.html: Added.
    Include test from the radar, even though it didn't reproduce the issue for me.

    * Source/WebCore/dom/Document.cpp:
    (WebCore::Document::commonTeardown):

    Canonical link: https://commits.webkit.org/252432.841@safari-7614-branch

Canonical link: https://commits.webkit.org/245886.855@safari-7613.4.1.0-branch


  Commit: 6c5bd4c6add5dee12eadeaeccdda7bde1635f7a2
      https://github.com/WebKit/WebKit/commit/6c5bd4c6add5dee12eadeaeccdda7bde1635f7a2
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-03-09 (Thu, 09 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.2

Canonical link: https://commits.webkit.org/245886.856@safari-7613.4.1.0-branch


  Commit: 8ff7845b649f934040f25cf736b0cd67246e7b1b
      https://github.com/WebKit/WebKit/commit/8ff7845b649f934040f25cf736b0cd67246e7b1b
  Author: David Degazio <d_degazio at apple.com>
  Date:   2023-03-09 (Thu, 09 Mar 2023)

  Changed paths:
    A JSTests/stress/cell-speculated-array-indexof.js
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

  Log Message:
  -----------
  Cherry-pick 1f4d2fc64a6d. rdar://problem/105801362

    Cherry-pick 252432.1031 at safari-7614-branch (9f7e401c42a8). rdar://103852510

        Fix use-after-free in DFGFixupPhase for array indexOf
        https://bugs.webkit.org/show_bug.cgi?id=250429
        rdar://103852510

        Reviewed by Jonathan Bedard and Michael Saboff.

        During DFG fixup, array indexOf nodes are folded to -1 when the search element is speculated
        to be a different type than the array element (for instance, JSCell instead of Int32). When
        this happens, a speculation check is inserted, which can cause the DFG graph's varArgChildren
        array to reallocate. This invalidates the searchElement Edge reference, which we use
        immediately after the check insertion in the fixup phase. This patch fixes this potential
        use-after-free by grabbing the searchElement's associated node before inserting any checks,
        giving us a persistent pointer to a DFG node rather than a reference into a vector.

        * JSTests/stress/cell-speculated-array-indexof.js: Added.
        * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
        (JSC::DFG::FixupPhase::fixupArrayIndexOf):

        Canonical link: https://commits.webkit.org/252432.1031@safari-7614-branch

    Canonical link: https://commits.webkit.org/259548.18@safari-7615-branch

Canonical link: https://commits.webkit.org/245886.857@safari-7613.4.1.0-branch


  Commit: e2295297cb5a7a9a7885a8e23bd24396885af926
      https://github.com/WebKit/WebKit/commit/e2295297cb5a7a9a7885a8e23bd24396885af926
  Author: Patrick Angle <pangle at apple.com>
  Date:   2023-03-09 (Thu, 09 Mar 2023)

  Changed paths:
    A LayoutTests/inspector/console/console-recursive-logging-expected.txt
    A LayoutTests/inspector/console/console-recursive-logging.html
    M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp
    M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.h

  Log Message:
  -----------
  Cherry-pick edbb5f895484. rdar://problem/105800838

    Cherry-pick 252432.1043 at safari-7614-branch (6633438abd8b). rdar://104083913

        Web Inspector: Console messages that log a value that recursively logs crashes
        https://bugs.webkit.org/show_bug.cgi?id=251018
        rdar://104083913

        Reviewed by Jonathan Bedard and Michael Saboff.

        Web Inspector normally generates a preview for objects logged in the console when Web Inspector is open. However, it is
        possible for authored pages to cause logging to occur when we attempt to generate the preview, as we must invoke getters
        to get the values to display. In order to not recursively log messages to the console this patch turns off generating
        previews for console messages that are logged while in middle of logging another console message. The user can still
        generate a preview later in Web Inspector by using the disclosure triangle next to the message, which will then cause
        the getter to be invoked, but the same protection will kick in to prevent recursive logging via generating previews
        for objects.

        * LayoutTests/inspector/console/console-recursive-logging-expected.txt: Added.
        * LayoutTests/inspector/console/console-recursive-logging.html: Added.
        * Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp:
        (Inspector::InspectorConsoleAgent::addConsoleMessage):
        * Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.h:

        Canonical link: https://commits.webkit.org/252432.1043@safari-7614-branch

    Canonical link: https://commits.webkit.org/259548.28@safari-7615-branch

Canonical link: https://commits.webkit.org/245886.858@safari-7613.4.1.0-branch


  Commit: bad5a3ee55c573b994d3edc891f6a6ae080bae41
      https://github.com/WebKit/WebKit/commit/bad5a3ee55c573b994d3edc891f6a6ae080bae41
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-09 (Thu, 09 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

  Log Message:
  -----------
  Cherry-pick 1b2eb138ef92. rdar://problem/105521390

    [JSC] ToThis object folding should check if AbstractValue is always an object
    https://bugs.webkit.org/show_bug.cgi?id=251944
    rdar://105175786

    Reviewed by Geoffrey Garen and Mark Lam.

    ToThis can become Identity for strict mode if it is just primitive values or its object does not have toThis function overriding.
    This is correct, but folding ToThis to Undefined etc. (not Identity) needs to check that an input only contains objects.
    This patch adds appropriate checks to prevent from converting ToThis(GlobalObject | Int32) to Undefined for example.

    * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::isToThisAnIdentity):

    Canonical link: https://commits.webkit.org/259548.63@safari-7615-branch

Canonical link: https://commits.webkit.org/245886.859@safari-7613.4.1.0-branch


  Commit: 78b5bc92d318f61e87d811ab05a5b676d678c67e
      https://github.com/WebKit/WebKit/commit/78b5bc92d318f61e87d811ab05a5b676d678c67e
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2023-03-09 (Thu, 09 Mar 2023)

  Changed paths:
    A LayoutTests/http/wpt/resource-timing/crossorigin-servertiming-expected.txt
    A LayoutTests/http/wpt/resource-timing/crossorigin-servertiming.html
    A LayoutTests/http/wpt/resource-timing/resources/server-timing.py
    M Source/WebCore/loader/ResourceTiming.cpp
    M Source/WebCore/loader/ResourceTiming.h
    M Source/WebCore/loader/ResourceTimingInformation.cpp

  Log Message:
  -----------
  Cherry-pick b67af69609f3. rdar://problem/105277660

    Cherry-pick 260006 at main (b67af69609f3). rdar://problem/104427347

        Server-Timing data can be read cross-origin
        https://bugs.webkit.org/show_bug.cgi?id=250837
        rdar://problem/104427347

        Reviewed by Alex Christensen.

        For document (iframe, object, embed) loads, the origin of the load is the origin of the URL.
        This is same origin by nature.
        But the origin we will expose the timing info is the origin of the initiator.
        Make sure to recompute the same origin request flag in that case.

        * LayoutTests/http/wpt/resource-timing/crossorigin-servertiming-expected.txt: Added.
        * LayoutTests/http/wpt/resource-timing/crossorigin-servertiming.html: Added.
        * LayoutTests/http/wpt/resource-timing/server-timing.py: Added.
        (main):
        * Source/WebCore/loader/ResourceTiming.cpp:
        (WebCore::ResourceTiming::updateExposure):
        * Source/WebCore/loader/ResourceTiming.h:
        * Source/WebCore/loader/ResourceTimingInformation.cpp:
        (WebCore::ResourceTimingInformation::addResourceTiming):

        Canonical link: https://commits.webkit.org/260006@main

Canonical link: https://commits.webkit.org/245886.860@safari-7613.4.1.0-branch


  Commit: be65c40f9b68c4ba05a8434d279817243287a693
      https://github.com/WebKit/WebKit/commit/be65c40f9b68c4ba05a8434d279817243287a693
  Author: Richard Robinson <richard_robinson2 at apple.com>
  Date:   2023-03-09 (Thu, 09 Mar 2023)

  Changed paths:
    M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.h
    M Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm
    M Source/WebKitLegacy/mac/WebView/WebJSPDFDoc.mm

  Log Message:
  -----------
  Cherry-pick d0b789c9fd71. rdar://problem/105800422

    Cherry-pick 252432.1017 at safari-7614-branch (94d37ad7d541). rdar://102740487

    	WebKit`WebKit::PDFPlugin::jsPDFDocPrint - type confusion
    	https://bugs.webkit.org/show_bug.cgi?id=249169
    	rdar://102740487

    	Reviewed by Tim Horton, Yusuke Suzuki and Jonathan Bedard.

    	When JavaScript is embedded inside a PDF and it invokes the `print()` function,
    	the `thisObject` parameter in `PDFPlugin::jsPDFDocPrint` is not guaranteed
    	to be the proper type. Currently, we errenously assume it always is the proper
    	type, and cast it to `PDFPlugin *`, which results in an object with garbage values.

    	This PR protects against this by first checking if the `thisObject` is the correct
    	JavaScript object type, before trying to cast it.

    	* Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.h:
    	* Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm:
    	(WebKit::PDFPlugin::jsPDFDocClass):
    	(WebKit::PDFPlugin::jsPDFDocPrint):
    	(WebKit::PDFPlugin::makeJSPDFDoc):

    	Canonical link: https://commits.webkit.org/252432.1017@safari-7614-branch

    Canonical link: https://commits.webkit.org/259548.10@safari-7615-branch

Canonical link: https://commits.webkit.org/245886.861@safari-7613.4.1.0-branch


  Commit: 0e93708599ea68f15a24a25e0601b26970652b17
      https://github.com/WebKit/WebKit/commit/0e93708599ea68f15a24a25e0601b26970652b17
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-03-10 (Fri, 10 Mar 2023)

  Changed paths:
    R LayoutTests/http/wpt/resource-timing/crossorigin-servertiming-expected.txt
    R LayoutTests/http/wpt/resource-timing/crossorigin-servertiming.html
    R LayoutTests/http/wpt/resource-timing/resources/server-timing.py
    M Source/WebCore/loader/ResourceTiming.cpp
    M Source/WebCore/loader/ResourceTiming.h
    M Source/WebCore/loader/ResourceTimingInformation.cpp

  Log Message:
  -----------
  Revert b67af69609f3. rdar://problem/104427347

Canonical link: https://commits.webkit.org/245886.862@safari-7613.4.1.0-branch


  Commit: 7b4f7a3d6191b98026a189d410cacfaa56828a57
      https://github.com/WebKit/WebKit/commit/7b4f7a3d6191b98026a189d410cacfaa56828a57
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-03-10 (Fri, 10 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.3

Canonical link: https://commits.webkit.org/245886.863@safari-7613.4.1.0-branch


  Commit: 69ecc2db3ddfa37c7e8387076da5761d2a8add3f
      https://github.com/WebKit/WebKit/commit/69ecc2db3ddfa37c7e8387076da5761d2a8add3f
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-03-13 (Mon, 13 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.4

Canonical link: https://commits.webkit.org/245886.864@safari-7613.4.1.0-branch


  Commit: 316b1d29dcfa9c1d0b2a3e060f32de16508d26a6
      https://github.com/WebKit/WebKit/commit/316b1d29dcfa9c1d0b2a3e060f32de16508d26a6
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-03-13 (Mon, 13 Mar 2023)

  Changed paths:
    M Source/WebCore/loader/ResourceTiming.h

  Log Message:
  -----------
  Unreviewed build fix. rdar://106638395

error: use of undeclared identifier 'm_initiatorType'; did you mean 'm_initiator

* Source/WebCore/loader/ResourceTiming.h:
(WebCore::ResourceTiming::overrideInitiatorType): Deleted.
(WebCore::ResourceTiming::isLoadedFromServiceWorker const): Deleted.

Canonical link: https://commits.webkit.org/245886.865@safari-7613.4.1.0-branch


  Commit: ce8fb07d505e71648d0734f937a2d806eb25d05b
      https://github.com/WebKit/WebKit/commit/ce8fb07d505e71648d0734f937a2d806eb25d05b
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-03-13 (Mon, 13 Mar 2023)

  Changed paths:
    M Source/WebCore/loader/ResourceTiming.h

  Log Message:
  -----------
  Apply patch. rdar://problem/106657786

Canonical link: https://commits.webkit.org/245886.866@safari-7613.4.1.0-branch


  Commit: 57c5ca45c3dd330f528f97daf18e18ea83b8ac72
      https://github.com/WebKit/WebKit/commit/57c5ca45c3dd330f528f97daf18e18ea83b8ac72
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-03-13 (Mon, 13 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.5

Canonical link: https://commits.webkit.org/245886.867@safari-7613.4.1.0-branch


  Commit: bb402f886bb8d259aeeca94c032d019b5567cbe9
      https://github.com/WebKit/WebKit/commit/bb402f886bb8d259aeeca94c032d019b5567cbe9
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-03-13 (Mon, 13 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.6

Canonical link: https://commits.webkit.org/245886.868@safari-7613.4.1.0-branch


  Commit: 064b9dcb834bb1e0c2f4a4a475165b51dd6ef719
      https://github.com/WebKit/WebKit/commit/064b9dcb834bb1e0c2f4a4a475165b51dd6ef719
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-03-31 (Fri, 31 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/heap/Heap.cpp
    M Source/JavaScriptCore/heap/Heap.h
    M Source/JavaScriptCore/heap/HeapInlines.h
    M Source/JavaScriptCore/runtime/ArgList.cpp
    M Source/JavaScriptCore/runtime/ArgList.h
    M Source/WebCore/Modules/webaudio/AudioWorkletProcessor.cpp
    M Source/WebCore/Modules/webaudio/AudioWorkletProcessor.h
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp

  Log Message:
  -----------
  Apply patch. rdar://problem/107487307

Identifier: 245886.869 at safari-7613.4.1.0-branch


  Commit: f6fab214cb2964db175051611f6382e0f73597d3
      https://github.com/WebKit/WebKit/commit/f6fab214cb2964db175051611f6382e0f73597d3
  Author: JC Alvarado <joncarlo at apple.com>
  Date:   2023-04-19 (Wed, 19 Apr 2023)

  Changed paths:
    A LayoutTests/fast/editing/insert-text-hit-testing-crash-expected.txt
    A LayoutTests/fast/editing/insert-text-hit-testing-crash.html
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/rendering/HitTestRequest.h

  Log Message:
  -----------
  Cherry-pick 3a1ba44290d8. rdar://problem/107442800

    Update layout of child frames before hit testing a document if necessary
    https://bugs.webkit.org/show_bug.cgi?id=253615
    rdar://105873211

    Reviewed by Alan Baradlay.

    If hit testing can recurse into a child frame, we should make sure that
    layout and style are updated for all children before proceeding with
    hit testing.

    * LayoutTests/fast/editing/insert-text-hit-testing-crash-expected.txt: Added.
    * LayoutTests/fast/editing/insert-text-hit-testing-crash.html: Added.
    * Source/WebCore/dom/Document.cpp:
    (WebCore::Document::hitTest):

    Canonical link: https://commits.webkit.org/259548.435@safari-7615-branch

Identifier: 245886.870 at safari-7613.4.1.0-branch


  Commit: bfa4aa719905e2d0ba7a68c326015bec8d6a6d34
      https://github.com/WebKit/WebKit/commit/bfa4aa719905e2d0ba7a68c326015bec8d6a6d34
  Author: Claudio Saavedra <csaavedra at igalia.com>
  Date:   2023-04-19 (Wed, 19 Apr 2023)

  Changed paths:
    A LayoutTests/fast/css/content/display-contents-on-focus-crash-expected.txt
    A LayoutTests/fast/css/content/display-contents-on-focus-crash.html

  Log Message:
  -----------
  Cherry-pick 4f8eae698e45. rdar://problem/107442491

    Cherry-pick 260286.12 at webkit-2023.2-embargoed (042db6f5677e). rdar://104813991

        Add test for display contents on focus change
        https://bugs.webkit.org/show_bug.cgi?id=251380

        Reviewed by Antti Koivisto.

        Already fixed by #248776, but add this test for
        completeness.

        * LayoutTests/fast/css/content/display-contents-on-focus-crash-expected.txt: Added.
        * LayoutTests/fast/css/content/display-contents-on-focus-crash.html: Added.

        Canonical link: https://commits.webkit.org/260286.12@webkit-2023.2-embargoed

    Canonical link: https://commits.webkit.org/259548.438@safari-7615-branch

Identifier: 245886.871 at safari-7613.4.1.0-branch


  Commit: 652b47ac12910adbd496e6ac0e1485a39cbedc9d
      https://github.com/WebKit/WebKit/commit/652b47ac12910adbd496e6ac0e1485a39cbedc9d
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2023-04-19 (Wed, 19 Apr 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.7

Identifier: 245886.872 at safari-7613.4.1.0-branch


  Commit: 191dd7481553ed65eea5baaa82efdb20133310ce
      https://github.com/WebKit/WebKit/commit/191dd7481553ed65eea5baaa82efdb20133310ce
  Author: Antoine Quint <graouts at webkit.org>
  Date:   2023-04-21 (Fri, 21 Apr 2023)

  Changed paths:
    M Source/WebCore/animation/WebAnimation.cpp

  Log Message:
  -----------
  Cherry-pick 1d6fe184ea53. rdar://problem/108268317

    Potential use-after-free in WebAnimation::commitStyles
    https://bugs.webkit.org/show_bug.cgi?id=254840
    rdar://107444873

    Reviewed by Dean Jackson and Darin Adler.

    Ensure that the animation's effect and target are kept alive for the duration of this method
    since it is possible that calling updateStyleIfNeeded() could call into JavaScript and thus
    these two pointers could be changed to a null value using the Web Animations API.

    * Source/WebCore/animation/WebAnimation.cpp:
    (WebCore::WebAnimation::commitStyles):

    Canonical link: https://commits.webkit.org/259548.532@safari-7615-branch

Identifier: 245886.873 at safari-7613.4.1.0-branch


  Commit: d821eb321bcb58be3af0d5d5c7c60b668558dea8
      https://github.com/WebKit/WebKit/commit/d821eb321bcb58be3af0d5d5c7c60b668558dea8
  Author: Michael Saboff <msaboff at apple.com>
  Date:   2023-04-21 (Fri, 21 Apr 2023)

  Changed paths:
    A JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js
    M Source/JavaScriptCore/runtime/StringPrototype.cpp
    M Source/JavaScriptCore/yarr/YarrInterpreter.cpp

  Log Message:
  -----------
  Cherry-pick e34edaa74575. rdar://problem/108268269

    [JSC] RegExpGlobalData::performMatch issue leading to OOB read
    https://bugs.webkit.org/show_bug.cgi?id=254930
    rdar://107436732

    Reviewed by Alexey Shvayka.

    Fixed two issues:
    1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position for non-BMP
       characters.  Since it is an assertion, we shouldn't advance the character position.
       Made the same fix to matchAssertionEOL().
    2) In StringPrototype.cpp::replaceUsingRegExpSearch(), we need to advance past both elements of
       a non-BMP character for the case where the RegExp match is empty.

    * JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js: New test.
    * Source/JavaScriptCore/runtime/StringPrototype.cpp:
    (JSC::replaceUsingRegExpSearch):
    * Source/JavaScriptCore/yarr/YarrInterpreter.cpp:
    (JSC::Yarr::Interpreter::InputStream::readCheckedDontAdvance):
    (JSC::Yarr::Interpreter::matchAssertionBOL):
    (JSC::Yarr::Interpreter::matchAssertionEOL):

    Canonical link: https://commits.webkit.org/259548.551@safari-7615-branch

Identifier: 245886.874 at safari-7613.4.1.0-branch


  Commit: 1bf221218148312ced767ec053ba76ee3b562548
      https://github.com/WebKit/WebKit/commit/1bf221218148312ced767ec053ba76ee3b562548
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-04-24 (Mon, 24 Apr 2023)

  Changed paths:
    M Source/WebCore/animation/WebAnimation.cpp

  Log Message:
  -----------
  Build fix after 245886.873 at safari-7613.4.1.0-branch (191dd748). rdar://108441251

Reviewed by NOBODY (OOPS!).

./animation/WebAnimation.cpp:1434:21: error: use of undeclared identifier 'dynamicDowncast'

Canonical link: https://commits.webkit.org/245886.875@safari-7613.4.1.0-branch


  Commit: 55b72b3873735fcc004a51f9a5c46f28de59d433
      https://github.com/WebKit/WebKit/commit/55b72b3873735fcc004a51f9a5c46f28de59d433
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-04-24 (Mon, 24 Apr 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.8

Canonical link: https://commits.webkit.org/245886.876@safari-7613.4.1.0-branch


  Commit: 09d0da3257b960ac36c87c30b32ec0dd34277080
      https://github.com/WebKit/WebKit/commit/09d0da3257b960ac36c87c30b32ec0dd34277080
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-06-07 (Wed, 07 Jun 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.9

Canonical link: https://commits.webkit.org/245886.877@safari-7613.4.1.0-branch


  Commit: aff18bad2bdac69e0751ae62ad33ab35b47b0b7f
      https://github.com/WebKit/WebKit/commit/aff18bad2bdac69e0751ae62ad33ab35b47b0b7f
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-06-07 (Wed, 07 Jun 2023)

  Changed paths:
    A JSTests/wasm/stress/big-try-simd.js
    A JSTests/wasm/stress/big-try.js
    A JSTests/wasm/stress/big-tuple-args.js
    A JSTests/wasm/stress/big-tuple.js
    A JSTests/wasm/stress/simd-big-tuple.js
    A JSTests/wasm/stress/tag-return.js
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmSectionParser.cpp

  Log Message:
  -----------
  Cherry-pick 50c7aaec2f53. rdar://problem/110417987

    Fixup air pointer args if they are not valid in BBQ
    https://bugs.webkit.org/show_bug.cgi?id=251890
    rdar://105079565

    Reviewed by Mark Lam and Yusuke Suzuki.

    We are not fixing up air args if their offsets don't fit into the instruction
    in a few cases.

    Here are some examples:

    MoveDouble 28480(%sp), %q16 ; too big
    MoveVector 248(%sp), %q16 ; not 16-byte aligned

    Let's fix up these arguments. We also fix a missing validation check
    when parsing exception tags exposed by this test.

    * Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
    (JSC::Wasm::AirIRGenerator64::addReturn):
    * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
    (JSC::Wasm::AirIRGeneratorBase::emitPatchpoint):

    oops

    Canonical link: https://commits.webkit.org/260038@main

Canonical link: https://commits.webkit.org/245886.878@safari-7613.4.1.0-branch


  Commit: 4da19b4d18521e2cbc43b5ffd58c8b39ef0c43e8
      https://github.com/WebKit/WebKit/commit/4da19b4d18521e2cbc43b5ffd58c8b39ef0c43e8
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-06-07 (Wed, 07 Jun 2023)

  Changed paths:
    R JSTests/wasm/stress/big-try-simd.js
    R JSTests/wasm/stress/big-try.js
    R JSTests/wasm/stress/big-tuple-args.js
    R JSTests/wasm/stress/big-tuple.js
    R JSTests/wasm/stress/simd-big-tuple.js
    R JSTests/wasm/stress/tag-return.js
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmSectionParser.cpp

  Log Message:
  -----------
  Revert "Cherry-pick 50c7aaec2f53. rdar://problem/110417987"

This reverts commit aff18bad2bdac69e0751ae62ad33ab35b47b0b7f.

Canonical link: https://commits.webkit.org/245886.879@safari-7613.4.1.0-branch


  Commit: a3ec65d1dc564b3ee6e0ce7eb0d70332e3a6232c
      https://github.com/WebKit/WebKit/commit/a3ec65d1dc564b3ee6e0ce7eb0d70332e3a6232c
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-06-07 (Wed, 07 Jun 2023)

  Changed paths:
    A JSTests/wasm/stress/big-try-simd.js
    A JSTests/wasm/stress/big-try.js
    A JSTests/wasm/stress/big-tuple-args.js
    A JSTests/wasm/stress/big-tuple.js
    A JSTests/wasm/stress/simd-big-tuple.js
    A JSTests/wasm/stress/tag-return.js
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmSectionParser.cpp

  Log Message:
  -----------
  Cherry-pick 50c7aaec2f53. rdar://problem/110417987

    Fixup air pointer args if they are not valid in BBQ
    https://bugs.webkit.org/show_bug.cgi?id=251890
    rdar://105079565

    Reviewed by Mark Lam and Yusuke Suzuki.

    We are not fixing up air args if their offsets don't fit into the instruction
    in a few cases.

    Here are some examples:

    MoveDouble 28480(%sp), %q16 ; too big
    MoveVector 248(%sp), %q16 ; not 16-byte aligned

    Let's fix up these arguments. We also fix a missing validation check
    when parsing exception tags exposed by this test.

    * Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
    (JSC::Wasm::AirIRGenerator64::addReturn):
    * Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
    (JSC::Wasm::AirIRGeneratorBase::emitPatchpoint):

    oops

    Canonical link: https://commits.webkit.org/260038@main

Canonical link: https://commits.webkit.org/245886.880@safari-7613.4.1.0-branch


  Commit: 11308106e8d10e3ffa1294190158b140bdffce45
      https://github.com/WebKit/WebKit/commit/11308106e8d10e3ffa1294190158b140bdffce45
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-06-14 (Wed, 14 Jun 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.10

Canonical link: https://commits.webkit.org/245886.881@safari-7613.4.1.0-branch


  Commit: 3c6aa94ff6804fe9880e86192e46d429d450db1d
      https://github.com/WebKit/WebKit/commit/3c6aa94ff6804fe9880e86192e46d429d450db1d
  Author: David Degazio <d_degazio at apple.com>
  Date:   2023-06-14 (Wed, 14 Jun 2023)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGClobberize.h
    M Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
    M Source/JavaScriptCore/dfg/DFGHeapLocation.h

  Log Message:
  -----------
  Cherry-pick 01e86f13952b. rdar://problem/110785576

    Backport fix for erroneous CSE of EnumeratorNextUpdateIndexAndMode and HasIndexedProperty
    rdar://110785576

    Reviewed by Michael Saboff, Justin Michaud and Yusuke Suzuki.

    Backports part of https://commits.webkit.org/263909@main, which
    prevents erroneous elimination of an EnumeratorNextUpdateIndexAndMode
    and HasIndexedProperty node pair if they have the same operands.
    The full commit in 263909 at main depends on the existence of DFG tuples,
    which haven't yet been brought into the security branch, so those
    parts are omitted from this patch.

    * Source/JavaScriptCore/dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * Source/JavaScriptCore/dfg/DFGHeapLocation.cpp:
    (WTF::printInternal):
    * Source/JavaScriptCore/dfg/DFGHeapLocation.h:

    Canonical link: https://commits.webkit.org/259548.828@safari-7615-branch

Canonical link: https://commits.webkit.org/245886.882@safari-7613.4.1.0-branch


  Commit: 4795348abf733ef068339fb8c2ad779535c90f9e
      https://github.com/WebKit/WebKit/commit/4795348abf733ef068339fb8c2ad779535c90f9e
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-06-22 (Thu, 22 Jun 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.11

Identifier: 245886.883 at safari-7613.4.1.0-branch


  Commit: fb80de39f95d07e99149c82e386f89db34ba1bd4
      https://github.com/WebKit/WebKit/commit/fb80de39f95d07e99149c82e386f89db34ba1bd4
  Author: Matthew Finkel <sysrqb at apple.com>
  Date:   2023-06-22 (Thu, 22 Jun 2023)

  Changed paths:
    A LayoutTests/http/tests/mime/resources/.htaccess
    A LayoutTests/http/tests/mime/resources/svg-with-html.svg
    A LayoutTests/http/tests/mime/resources/xml-with-html.xml
    A LayoutTests/http/tests/mime/svg-with-html-expected.txt
    A LayoutTests/http/tests/mime/svg-with-html.html
    A LayoutTests/http/tests/mime/xml-with-html-expected.txt
    A LayoutTests/http/tests/mime/xml-with-html.html
    M Source/WebCore/platform/network/ios/WebCoreURLResponseIOS.mm

  Log Message:
  -----------
  Cherry-pick c9d2edfda9b0. rdar://problem/110134509

    [ios] Prioritize text/plain MIME type over file extension for XML file types
    https://bugs.webkit.org/show_bug.cgi?id=257299
    rdar://107379119

    Reviewed by David Kilzer.

    When we receive a file with a text/plain resource, we try harder to find a
    better match for the file content, but this can potentially lead to an issue
    with some file types like XML. Therefore, if the server says that a file should
    be treated as text/plain, and we decide that it is actually XML or SVG, we
    prefer using text/plain.

    * LayoutTests/http/tests/mime/resources/.htaccess: Added.
    * LayoutTests/http/tests/mime/resources/svg-with-html.svg: Added.
    * LayoutTests/http/tests/mime/resources/xml-with-html.xml: Added.
    * LayoutTests/http/tests/mime/svg-with-html-expected.txt: Added.
    * LayoutTests/http/tests/mime/svg-with-html.html: Added.
    * LayoutTests/http/tests/mime/xml-with-html-expected.txt: Added.
    * LayoutTests/http/tests/mime/xml-with-html.html: Added.
    * Source/WebCore/platform/network/ios/WebCoreURLResponseIOS.mm:
    (WebCore::shouldPreferTextPlainMIMEType):
    (WebCore::adjustMIMETypeIfNecessary):

    Canonical link: https://commits.webkit.org/259548.786@safari-7615-branch

Identifier: 245886.884 at safari-7613.4.1.0-branch


  Commit: 1eedcf8bdc6c81fc9df38ae651e51e1a24811271
      https://github.com/WebKit/WebKit/commit/1eedcf8bdc6c81fc9df38ae651e51e1a24811271
  Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
  Date:   2023-06-22 (Thu, 22 Jun 2023)

  Changed paths:
    M Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp

  Log Message:
  -----------
  Cherry-pick 54408f5746f2. rdar://problem/109368007

    [WebGPU] RemoteBuffer unmap should check the input vector
    https://bugs.webkit.org/show_bug.cgi?id=255350
    <rdar://107947502>

    Reviewed by Myles C. Maxfield.

    Ensure data vector passed to unmap is valid for the currently
    mapped buffer.

    * Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp:
    (WebKit::RemoteBuffer::unmap):

    Canonical link: https://commits.webkit.org/262895@main

Identifier: 245886.885 at safari-7613.4.1.0-branch


  Commit: 94269f38667c05f4c5b0de31b41c13f45cf4f749
      https://github.com/WebKit/WebKit/commit/94269f38667c05f4c5b0de31b41c13f45cf4f749
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2023-06-22 (Thu, 22 Jun 2023)

  Changed paths:
    M Source/ThirdParty/libwebrtc/Source/webrtc/pc/rtc_stats_collector.cc

  Log Message:
  -----------
  Cherry-pick b273da8975a7. rdar://problem/109364379

    [WebRTC] oob in RTCStatsCollector::ProduceTransportStats_n
    https://bugs.webkit.org/show_bug.cgi?id=256516
    rdar://109084778

    Reviewed by Eric Carlson.

    Cherry-pick libwebrtc 124d7c3fe5bdc79a355c9df02d07f25331631a68, which makes sure to check that the iterator is valid before using it.

    * Source/ThirdParty/libwebrtc/Source/webrtc/pc/rtc_stats_collector.cc:

    Canonical link: https://commits.webkit.org/259548.747@safari-7615-branch

Identifier: 245886.886 at safari-7613.4.1.0-branch


  Commit: 0ecc03977c9905717191a2ddd2ef58dfa642e30f
      https://github.com/WebKit/WebKit/commit/0ecc03977c9905717191a2ddd2ef58dfa642e30f
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-06-23 (Fri, 23 Jun 2023)

  Changed paths:
    M Source/WebCore/loader/DocumentLoader.cpp

  Log Message:
  -----------
  Cherry-pick 3d72c3255b5f. rdar://problem/109364674

    Follow-up to 259548.752 at safari-7615-branch to cancel navigations instead of blocking them
    https://bugs.webkit.org/show_bug.cgi?id=257161
    rdar://108794051

    Reviewed by Alex Christensen.

    259548.752 at safari-7615-branch added further restrictions to prevent top-frame navigations
    by third-party iframes, in particular using redirects. I had decided to block the redirect
    with a blockedError(). However, it turns out that Safari shows an error page when doing
    so, which results in a bad user experience since the top frame is still being navigated
    (to an error page).

    To address the issue, I am now cancelling the redirect instead and returning a
    cancelledError(). I have verified that Safari doesn't show an error page in this case and
    that the top frame is not getting navigated.

    * Source/WebCore/loader/DocumentLoader.cpp:
    (WebCore::DocumentLoader::willSendRequest):

    Canonical link: https://commits.webkit.org/259548.773@safari-7615-branch

Identifier: 245886.887 at safari-7613.4.1.0-branch


  Commit: 72ad0ccbf2c95c2fe6ac3ccb660b1820a9f31421
      https://github.com/WebKit/WebKit/commit/72ad0ccbf2c95c2fe6ac3ccb660b1820a9f31421
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-06-29 (Thu, 29 Jun 2023)

  Changed paths:
    M Source/WebCore/loader/DocumentLoader.cpp

  Log Message:
  -----------
  Revert "Cherry-pick 3d72c3255b5f. rdar://problem/109364674"

This reverts commit 0ecc03977c9905717191a2ddd2ef58dfa642e30f.

Canonical link: https://commits.webkit.org/245886.888@safari-7613.4.1.0-branch


  Commit: 75be9e38d797a2ab86c3ad3fcf2e7582c478fd5c
      https://github.com/WebKit/WebKit/commit/75be9e38d797a2ab86c3ad3fcf2e7582c478fd5c
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-06-29 (Thu, 29 Jun 2023)

  Changed paths:
    M LayoutTests/fast/files/null-origin-string-expected.txt
    M LayoutTests/fast/files/null-origin-string.html
    A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes-expected.txt
    A LayoutTests/http/tests/security/block-top-level-navigation-to-different-scheme-by-third-party-iframes.html
    A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes-expected.txt
    A LayoutTests/http/tests/security/block-top-level-navigation-via-redirect-by-third-party-iframes.html
    A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-different-scheme.html
    A LayoutTests/http/tests/security/resources/navigate-top-level-frame-to-failure-page-via-redirect.html
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/Document.h
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/NavigationRequester.cpp
    M Source/WebCore/loader/NavigationRequester.h

  Log Message:
  -----------
  Cherry-pick a0fa94d1a572. rdar://problem/109364674

    Restrict further top-frame navigations by a third-party iframe
    https://bugs.webkit.org/show_bug.cgi?id=256549
    rdar://108794051

    Reviewed by Geoffrey Garen.

    Restrict further top-frame navigations by a third-party iframe:
    - Block navigations to a different scheme
    - Block navigations that start off same-site but redirect to a different site

    * Source/WebCore/dom/Document.cpp:
    (WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):
    * Source/WebCore/dom/Document.h:
    * Source/WebCore/loader/DocumentLoader.cpp:
    (WebCore::DocumentLoader::willSendRequest):
    * Source/WebCore/loader/NavigationRequester.cpp:
    (WebCore::NavigationRequester::from):
    * Source/WebCore/loader/NavigationRequester.h:
    (WebCore::NavigationRequester::encode const):
    (WebCore::NavigationRequester::decode):

    Canonical link: https://commits.webkit.org/259548.752@safari-7615-branch

Canonical link: https://commits.webkit.org/245886.889@safari-7613.4.1.0-branch


  Commit: 91f6449855d7b4c788004236769b3ef4d9d7fb5d
      https://github.com/WebKit/WebKit/commit/91f6449855d7b4c788004236769b3ef4d9d7fb5d
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-06-29 (Thu, 29 Jun 2023)

  Changed paths:
    M Source/WebCore/loader/DocumentLoader.cpp

  Log Message:
  -----------
  Cherry-pick 3d72c3255b5f. rdar://problem/109364674

    Follow-up to 259548.752 at safari-7615-branch to cancel navigations instead of blocking them
    https://bugs.webkit.org/show_bug.cgi?id=257161
    rdar://108794051

    Reviewed by Alex Christensen.

    259548.752 at safari-7615-branch added further restrictions to prevent top-frame navigations
    by third-party iframes, in particular using redirects. I had decided to block the redirect
    with a blockedError(). However, it turns out that Safari shows an error page when doing
    so, which results in a bad user experience since the top frame is still being navigated
    (to an error page).

    To address the issue, I am now cancelling the redirect instead and returning a
    cancelledError(). I have verified that Safari doesn't show an error page in this case and
    that the top frame is not getting navigated.

    * Source/WebCore/loader/DocumentLoader.cpp:
    (WebCore::DocumentLoader::willSendRequest):

    Canonical link: https://commits.webkit.org/259548.773@safari-7615-branch

Canonical link: https://commits.webkit.org/245886.890@safari-7613.4.1.0-branch


  Commit: b31ad7afb078a495a6ac152efc12c36b8093d75c
      https://github.com/WebKit/WebKit/commit/b31ad7afb078a495a6ac152efc12c36b8093d75c
  Author: Russell Epstein <repstein at apple.com>
  Date:   2023-06-29 (Thu, 29 Jun 2023)

  Changed paths:
    M Source/WebCore/loader/NavigationRequester.h

  Log Message:
  -----------
  Unreviewed build fix for rdar://109364674

Canonical link: https://commits.webkit.org/245886.891@safari-7613.4.1.0-branch


  Commit: 9ec1cb5444b253336b76328637e97bcceff6a30c
      https://github.com/WebKit/WebKit/commit/9ec1cb5444b253336b76328637e97bcceff6a30c
  Author: Ryan Reno <rreno at apple.com>
  Date:   2023-06-29 (Thu, 29 Jun 2023)

  Changed paths:
    A LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp-expected.txt
    A LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp.html
    A LayoutTests/http/tests/security/resources/attempt-top-level-navigation-with-csp.py
    M Source/WebCore/dom/Document.cpp

  Log Message:
  -----------
  Cherry-pick 18a05c43972c. rdar://problem/111460456

    Third Party IFrame Navigation Block Bypass via Content Security Policy Sandbox
    https://bugs.webkit.org/show_bug.cgi?id=257903
    rdar://109059471

    Reviewed by Brent Fulgham.

    If a third-party iframe is unsandboxed we will prevent top navigation
    without user interaction with the frame. However, this is bypassable if
    the iframe gives itself a sandbox which allows top navigation via CSP.

    This change checks to see if the iframe element was unsandboxed and
    proceeds with the more strict third-party checks if so.

    * LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp-expected.txt: Added.
    * LayoutTests/http/tests/security/block-top-level-navigations-by-third-party-iframe-sandboxed-by-own-csp.html: Added.
    * LayoutTests/http/tests/security/resources/attempt-top-level-navigation-with-csp.py: Added.
    * Source/WebCore/dom/Document.cpp:
    (WebCore::Document::isNavigationBlockedByThirdPartyIFrameRedirectBlocking):

    Canonical link: https://commits.webkit.org/259548.823@safari-7615-branch

Identifier: 245886.892 at safari-7613.4.1.0-branch


  Commit: 4d33406a25a5ef7b45bbcc0e5da94dc728b6de37
      https://github.com/WebKit/WebKit/commit/4d33406a25a5ef7b45bbcc0e5da94dc728b6de37
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2023-06-29 (Thu, 29 Jun 2023)

  Changed paths:
    M Source/WebCore/editing/markup.cpp

  Log Message:
  -----------
  Cherry-pick 9cd44913c84e. rdar://problem/111460732

    Disable link preload when sanitizing web content
    https://bugs.webkit.org/show_bug.cgi?id=258100
    rdar://109675198

    Reviewed by Chris Dumez.

    Otherwise we get a request in the network process with an invalid pageID,
    and it MESSAGE_CHECKs and terminates the process.

    * Source/WebCore/editing/markup.cpp:
    (WebCore::createPageForSanitizingWebContent):

    Canonical link: https://commits.webkit.org/259548.830@safari-7615-branch

Identifier: 245886.893 at safari-7613.4.1.0-branch


  Commit: d1a418452f33f1884d72c08502c519181d81774e
      https://github.com/WebKit/WebKit/commit/d1a418452f33f1884d72c08502c519181d81774e
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-06-30 (Fri, 30 Jun 2023)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

  Log Message:
  -----------
  Apply patch. rdar://problem/109780783

Identifier: 245886.894 at safari-7613.4.1.0-branch


  Commit: 07ed7165bda3da710c4392448e728a95b8ab3d26
      https://github.com/WebKit/WebKit/commit/07ed7165bda3da710c4392448e728a95b8ab3d26
  Author: Patrick Angle <pangle at apple.com>
  Date:   2023-06-30 (Fri, 30 Jun 2023)

  Changed paths:
    A LayoutTests/css3/filters/filter-visited-links-expected.html
    A LayoutTests/css3/filters/filter-visited-links.html
    M Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp

  Log Message:
  -----------
  Cherry-pick e74d4b07ad38. rdar://problem/109780610

    Web Inspector: Deeply nested console logging can cause ConsoleMessage to be destroyed while we are still trying to log it
    https://bugs.webkit.org/show_bug.cgi?id=256932
    rdar://108063640

    Reviewed by Mark Lam.

    InspectorConsoleAgent has been incorrectly managing the lifetime of each ConsoleMessage by moving messages into a vector
    of messages before we have passed those messages on to the frontend. This means that a console message that causes
    another console message to be logged may eventually cause our original message to be dropped from the vector if this
    occurs deeply enough. At that point, when we unwind back to the original message, it has been destroyed while we are
    trying to send it to the frontend, which results in a bad time because we are still inside a function on the
    ConsoleMessage that tries to access its own member variables like m_arguments, and fails because the message object
    itself has been destroyed, taking its members with it.

    This also fixes a subtle message inversion in the backlog of messages and what is logged to the console when Web
    Inspector is open, since the message is sent to the frontend after all other processing, but we were previously adding
    the message to the vector of past messages before that processing (which may in turn cause more logging before the
    actual logging we called in to perform) to occur.

    A second minor issue is that ScriptCallStack is incorrectly asserting in its constructor, which preventing investigation
    of this issue initially. The call stack should be less than __or equal to__ the max call stack, not just less than.

    * Source/JavaScriptCore/inspector/ConsoleMessage.cpp:
    (Inspector::ConsoleMessage::addToFrontend):
    * Source/JavaScriptCore/inspector/InjectedScript.cpp:
    (Inspector::InjectedScript::wrapObject const):
    (Inspector::InjectedScript::wrapTable const):
    * Source/JavaScriptCore/inspector/ScriptCallStack.cpp:
    (Inspector::ScriptCallStack::ScriptCallStack):
    * Source/JavaScriptCore/inspector/agents/InspectorConsoleAgent.cpp:
    (Inspector::InspectorConsoleAgent::addConsoleMessage):
    * Source/WebCore/page/PageConsoleClient.cpp:
    (WebCore::PageConsoleClient::messageWithTypeAndLevel):

    Canonical link: https://commits.webkit.org/259548.777@safari-7615-branch

Identifier: 245886.895 at safari-7613.4.1.0-branch


  Commit: 8c68ef39aa9841447b24b2d960b23df3efaa155d
      https://github.com/WebKit/WebKit/commit/8c68ef39aa9841447b24b2d960b23df3efaa155d
  Author: Said Abou-Hallawa <said at apple.com>
  Date:   2023-06-30 (Fri, 30 Jun 2023)

  Changed paths:
    M Source/WebCore/rendering/PaintPhase.h
    M Source/WebCore/rendering/RenderLayer.cpp
    M Source/WebCore/rendering/StyledMarkedText.cpp
    M Source/WebCore/rendering/TextDecorationPainter.cpp
    M Source/WebCore/rendering/TextDecorationPainter.h
    M Source/WebCore/rendering/TextPaintStyle.cpp
    M Source/WebCore/rendering/style/RenderStyle.cpp
    M Source/WebCore/rendering/style/RenderStyle.h

  Log Message:
  -----------
  Cherry-pick 89399f0f4614. rdar://problem/111116301

    Prevent SVG filters from leaking visited hyperlinks
    https://bugs.webkit.org/show_bug.cgi?id=257822
    rdar://109749006

    Reviewed by Simon Fraser.

    We should prevent websites from learning which sites have been visited via SVG
    filters on hyperlinks, per the attack described in https://arxiv.org/abs/2305.12784.

    This can be acheived by ignoring the visited links color when a filter is applied
    to the anchor element.

    * LayoutTests/css3/filters/filter-visited-links-expected.html: Added.
    * LayoutTests/css3/filters/filter-visited-links.html: Added.
    * Source/WebCore/rendering/PaintPhase.h:
    * Source/WebCore/rendering/RenderLayer.cpp:
    (WebCore::RenderLayer::paintLayerContents):
    (WebCore::RenderLayer::paintForegroundForFragments):
    (WebCore::RenderLayer::calculateClipRects const):
    * Source/WebCore/rendering/StyledMarkedText.cpp:
    (WebCore::resolveStyleForMarkedText):
    (WebCore::StyledMarkedText::computeStyleForUnmarkedMarkedText):
    * Source/WebCore/rendering/TextDecorationPainter.cpp:
    (WebCore::collectStylesForRenderer):
    (WebCore::TextDecorationPainter::decorationColor):
    (WebCore::TextDecorationPainter::stylesForRenderer):
    * Source/WebCore/rendering/TextDecorationPainter.h:
    (WebCore::TextDecorationPainter::decorationColor):
    (WebCore::TextDecorationPainter::stylesForRenderer):
    * Source/WebCore/rendering/TextPaintStyle.cpp:
    (WebCore::computeTextPaintStyle):
    * Source/WebCore/rendering/style/RenderStyle.cpp:
    (WebCore::RenderStyle::visitedDependentColor const):
    (WebCore::RenderStyle::visitedDependentColorWithColorFilter const):
    * Source/WebCore/rendering/style/RenderStyle.h:
    (WebCore::RenderStyle::visitedDependentColor):
    (WebCore::RenderStyle::visitedDependentColorWithColorFilter):

    Canonical link: https://commits.webkit.org/259548.820@safari-7615-branch

Identifier: 245886.896 at safari-7613.4.1.0-branch


  Commit: 2aed4a9c6b63e758b13a69a0354912ab9a949118
      https://github.com/WebKit/WebKit/commit/2aed4a9c6b63e758b13a69a0354912ab9a949118
  Author: Ryan Reno <rreno at apple.com>
  Date:   2023-06-30 (Fri, 30 Jun 2023)

  Changed paths:
    A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt
    A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html
    A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt
    A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html
    M Source/WebCore/loader/FrameLoader.cpp
    M Source/WebCore/loader/NavigationRequester.cpp
    M Source/WebCore/loader/NavigationRequester.h

  Log Message:
  -----------
  Cherry-pick 47ed6aa2ea88. rdar://problem/110801928

    Block sandboxed frames from navigating to javascript URLs without allow-scripts sandbox flag.
    https://bugs.webkit.org/show_bug.cgi?id=257824
    rdar://108462161

    Reviewed by Alex Christensen.

    Sandboxed iframes could execute script in a target frame by navigating
    the frame to a javascript: URL. For example, the top frame when the
    iframe has the sandbox flag "allow-top-navigation". This change checks to see if
    the "allow-scripts" flag is set before executing the URL in the target frame.

    * LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt: Added.
    * LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html: Added.
    * LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt: Added.
    * LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html: Added.
    * Source/WebCore/loader/FrameLoader.cpp:
    (WebCore::FrameLoader::executeJavaScriptURL):
    * Source/WebCore/loader/NavigationRequester.cpp:
    (WebCore::NavigationRequester::from):
    * Source/WebCore/loader/NavigationRequester.h:
    (WebCore::NavigationRequester::encode const):
    (WebCore::NavigationRequester::decode):

    Canonical link: https://commits.webkit.org/259548.813@safari-7615-branch

Identifier: 245886.897 at safari-7613.4.1.0-branch


  Commit: 4d7ef3096d32bcdeefd46940234a15c8973b88bd
      https://github.com/WebKit/WebKit/commit/4d7ef3096d32bcdeefd46940234a15c8973b88bd
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-06-30 (Fri, 30 Jun 2023)

  Changed paths:
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
    A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
    M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
    M LayoutTests/http/tests/security/referrer-policy-header-test.js
    M LayoutTests/http/tests/security/referrer-policy-header.html
    M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-always.html
    M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-default.html
    M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-never.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
    M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-origin.html
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
    M LayoutTests/http/tests/security/resources/postReferrer.py
    M LayoutTests/http/tests/security/resources/referrer-policy-log.py
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
    R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
    R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
    M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
    A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
    A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/win/TestExpectations
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M Source/WebCore/Modules/websockets/WebSocket.cpp
    M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
    M Source/WebCore/html/HTMLFormElement.cpp
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/DocumentThreadableLoader.cpp
    M Source/WebCore/loader/MixedContentChecker.cpp
    M Source/WebCore/loader/MixedContentChecker.h
    M Source/WebCore/loader/SubframeLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp

  Log Message:
  -----------
  Cherry-pick bc09b6fca325. rdar://problem/110471649

Identifier: 245886.898 at safari-7613.4.1.0-branch


  Commit: 99edce29b194c5bec63fb823ec513a0ce58f5d9d
      https://github.com/WebKit/WebKit/commit/99edce29b194c5bec63fb823ec513a0ce58f5d9d
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2023-06-30 (Fri, 30 Jun 2023)

  Changed paths:
    M Source/WebCore/loader/NavigationRequester.h

  Log Message:
  -----------
  Apply patch. rdar://problem/110471649

Identifier: 245886.899 at safari-7613.4.1.0-branch


  Commit: e20fa9d214e30181b2fbb7ac0c71e00a2b5af9fe
      https://github.com/WebKit/WebKit/commit/e20fa9d214e30181b2fbb7ac0c71e00a2b5af9fe
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-03 (Mon, 03 Jul 2023)

  Changed paths:
    M Source/WebCore/rendering/PaintPhase.h
    M Source/WebCore/rendering/RenderLayer.cpp
    M Source/WebCore/rendering/StyledMarkedText.cpp
    M Source/WebCore/rendering/TextDecorationPainter.cpp
    M Source/WebCore/rendering/TextDecorationPainter.h
    M Source/WebCore/rendering/TextPaintStyle.cpp
    M Source/WebCore/rendering/style/RenderStyle.cpp
    M Source/WebCore/rendering/style/RenderStyle.h

  Log Message:
  -----------
  Revert "Cherry-pick 89399f0f4614. rdar://problem/111116301"

This reverts commit 8c68ef39aa9841447b24b2d960b23df3efaa155d.

Identifier: 245886.900 at safari-7613.4.1.0-branch


  Commit: 4ea83cb14ac5407fca2c88b3791b2c3e7ba81e9b
      https://github.com/WebKit/WebKit/commit/4ea83cb14ac5407fca2c88b3791b2c3e7ba81e9b
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-03 (Mon, 03 Jul 2023)

  Changed paths:
    M Source/WebCore/loader/NavigationRequester.cpp

  Log Message:
  -----------
  Unreviewed build fix. rdar://110801928


  Commit: 104d1ef5ed804c804c54e15816ce52ea98dbc274
      https://github.com/WebKit/WebKit/commit/104d1ef5ed804c804c54e15816ce52ea98dbc274
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-03 (Mon, 03 Jul 2023)

  Changed paths:
    M Source/WebCore/loader/NavigationRequester.h

  Log Message:
  -----------
  Revert "Apply patch. rdar://problem/110471649"

This reverts commit 99edce29b194c5bec63fb823ec513a0ce58f5d9d.

Identifier: 245886.902 at safari-7613.4.1.0-branch


  Commit: cf7397266af431f8039256c605b065401d9a20ec
      https://github.com/WebKit/WebKit/commit/cf7397266af431f8039256c605b065401d9a20ec
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-03 (Mon, 03 Jul 2023)

  Changed paths:
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
    R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
    M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
    M LayoutTests/http/tests/security/referrer-policy-header-test.js
    M LayoutTests/http/tests/security/referrer-policy-header.html
    M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-always.html
    M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-default.html
    M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-never.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
    M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-origin.html
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
    M LayoutTests/http/tests/security/resources/postReferrer.py
    M LayoutTests/http/tests/security/resources/referrer-policy-log.py
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
    A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
    A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
    M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
    R LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    R LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
    R LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
    R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
    R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/win/TestExpectations
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
    A LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M Source/WebCore/Modules/websockets/WebSocket.cpp
    M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
    M Source/WebCore/html/HTMLFormElement.cpp
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/DocumentThreadableLoader.cpp
    M Source/WebCore/loader/MixedContentChecker.cpp
    M Source/WebCore/loader/MixedContentChecker.h
    M Source/WebCore/loader/SubframeLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp

  Log Message:
  -----------
  Revert "Cherry-pick bc09b6fca325. rdar://problem/110471649"

This reverts commit 4d7ef3096d32bcdeefd46940234a15c8973b88bd.

Identifier: 245886.903 at safari-7613.4.1.0-branch


  Commit: 487117eff994d3a7be0ecc9015681df06352aa8a
      https://github.com/WebKit/WebKit/commit/487117eff994d3a7be0ecc9015681df06352aa8a
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-03 (Mon, 03 Jul 2023)

  Changed paths:
    M Source/WebCore/loader/NavigationRequester.cpp

  Log Message:
  -----------
  Revert "Unreviewed build fix. rdar://110801928"

This reverts commit 4ea83cb14ac5407fca2c88b3791b2c3e7ba81e9b.

Identifier: 245886.904 at safari-7613.4.1.0-branch


  Commit: 9eb9400d761a183538d87d35b06eb2dcf06c54e2
      https://github.com/WebKit/WebKit/commit/9eb9400d761a183538d87d35b06eb2dcf06c54e2
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-03 (Mon, 03 Jul 2023)

  Changed paths:
    R LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt
    R LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html
    R LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt
    R LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html
    M Source/WebCore/loader/FrameLoader.cpp
    M Source/WebCore/loader/NavigationRequester.cpp
    M Source/WebCore/loader/NavigationRequester.h

  Log Message:
  -----------
  Revert "Cherry-pick 47ed6aa2ea88. rdar://problem/110801928"

This reverts commit 2aed4a9c6b63e758b13a69a0354912ab9a949118.

Identifier: 245886.905 at safari-7613.4.1.0-branch


  Commit: 43ac5b8e8849102e00d7dd7b2ff3d9a96d3df414
      https://github.com/WebKit/WebKit/commit/43ac5b8e8849102e00d7dd7b2ff3d9a96d3df414
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-05 (Wed, 05 Jul 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.12

Identifier: 245886.906 at safari-7613.4.1.0-branch


  Commit: 2c9836d5695f3e0001ce5f58e6582526d5402403
      https://github.com/WebKit/WebKit/commit/2c9836d5695f3e0001ce5f58e6582526d5402403
  Author: Ryan Reno <rreno at apple.com>
  Date:   2023-07-05 (Wed, 05 Jul 2023)

  Changed paths:
    A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt
    A LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html
    A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt
    A LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html
    M Source/WebCore/loader/FrameLoader.cpp
    M Source/WebCore/loader/NavigationRequester.cpp
    M Source/WebCore/loader/NavigationRequester.h

  Log Message:
  -----------
  Cherry-pick 47ed6aa2ea88. rdar://problem/110801928

    Block sandboxed frames from navigating to javascript URLs without allow-scripts sandbox flag.
    https://bugs.webkit.org/show_bug.cgi?id=257824
    rdar://108462161

    Reviewed by Alex Christensen.

    Sandboxed iframes could execute script in a target frame by navigating
    the frame to a javascript: URL. For example, the top frame when the
    iframe has the sandbox flag "allow-top-navigation". This change checks to see if
    the "allow-scripts" flag is set before executing the URL in the target frame.

    * LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt: Added.
    * LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html: Added.
    * LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt: Added.
    * LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html: Added.
    * Source/WebCore/loader/FrameLoader.cpp:
    (WebCore::FrameLoader::executeJavaScriptURL):
    * Source/WebCore/loader/NavigationRequester.cpp:
    (WebCore::NavigationRequester::from):
    * Source/WebCore/loader/NavigationRequester.h:
    (WebCore::NavigationRequester::encode const):
    (WebCore::NavigationRequester::decode):

    Canonical link: https://commits.webkit.org/259548.813@safari-7615-branch

Identifier: 245886.907 at safari-7613.4.1.0-branch


  Commit: df2c1fdba80152eb4ab298c766df983346840591
      https://github.com/WebKit/WebKit/commit/df2c1fdba80152eb4ab298c766df983346840591
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-05 (Wed, 05 Jul 2023)

  Changed paths:
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
    A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
    M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
    M LayoutTests/http/tests/security/referrer-policy-header-test.js
    M LayoutTests/http/tests/security/referrer-policy-header.html
    M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-always.html
    M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-default.html
    M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-never.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
    M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-origin.html
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
    M LayoutTests/http/tests/security/resources/postReferrer.py
    M LayoutTests/http/tests/security/resources/referrer-policy-log.py
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
    R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
    R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
    M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
    A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
    A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/win/TestExpectations
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M Source/WebCore/Modules/websockets/WebSocket.cpp
    M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
    M Source/WebCore/html/HTMLFormElement.cpp
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/DocumentThreadableLoader.cpp
    M Source/WebCore/loader/MixedContentChecker.cpp
    M Source/WebCore/loader/MixedContentChecker.h
    M Source/WebCore/loader/SubframeLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp

  Log Message:
  -----------
  Apply patch. rdar://problem/110471649

Identifier: 245886.908 at safari-7613.4.1.0-branch


  Commit: 557b7c352c61a4baff617826a31fe8f8b1ee07d3
      https://github.com/WebKit/WebKit/commit/557b7c352c61a4baff617826a31fe8f8b1ee07d3
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-05 (Wed, 05 Jul 2023)

  Changed paths:
    M Source/WebCore/loader/NavigationRequester.h

  Log Message:
  -----------
  Apply patch. rdar://problem/110471649

Identifier: 245886.909 at safari-7613.4.1.0-branch


  Commit: 79909f9fb603246919a8e46d0381130431f1efaf
      https://github.com/WebKit/WebKit/commit/79909f9fb603246919a8e46d0381130431f1efaf
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-07 (Fri, 07 Jul 2023)

  Changed paths:
    M Source/WebCore/loader/MixedContentChecker.cpp

  Log Message:
  -----------
  Apply patch. rdar://problem/110471649

Identifier: 245886.910 at safari-7613.4.1.0-branch


  Commit: 0f0b8fe7852e5f3c1541b29e0b3b96411855fba4
      https://github.com/WebKit/WebKit/commit/0f0b8fe7852e5f3c1541b29e0b3b96411855fba4
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-07 (Fri, 07 Jul 2023)

  Changed paths:
    R LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation-expected.txt
    R LayoutTests/http/tests/security/sandboxed-iframe-javascript-self-navigation.html
    R LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation-expected.txt
    R LayoutTests/http/tests/security/sandboxed-iframe-javascript-top-navigation.html
    M Source/WebCore/loader/FrameLoader.cpp
    M Source/WebCore/loader/NavigationRequester.cpp
    M Source/WebCore/loader/NavigationRequester.h

  Log Message:
  -----------
  Revert "Cherry-pick 47ed6aa2ea88. rdar://problem/110801928"

This reverts commit 2c9836d5695f3e0001ce5f58e6582526d5402403.

Identifier: 245886.911 at safari-7613.4.1.0-branch


  Commit: 177aabaa4e4572e9b0513589f772a728c9ebedb7
      https://github.com/WebKit/WebKit/commit/177aabaa4e4572e9b0513589f772a728c9ebedb7
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2023-07-10 (Mon, 10 Jul 2023)

  Changed paths:
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
    R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
    M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
    M LayoutTests/http/tests/security/referrer-policy-header-test.js
    M LayoutTests/http/tests/security/referrer-policy-header.html
    M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-always.html
    M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-default.html
    M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-never.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
    M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-origin.html
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
    M LayoutTests/http/tests/security/resources/postReferrer.py
    M LayoutTests/http/tests/security/resources/referrer-policy-log.py
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
    A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
    A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
    M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
    R LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    R LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
    R LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
    R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
    R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/win/TestExpectations
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
    A LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/Modules/websockets/WebSocket.cpp
    M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebCore/html/HTMLFormElement.cpp
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/DocumentThreadableLoader.cpp
    M Source/WebCore/loader/MixedContentChecker.cpp
    M Source/WebCore/loader/MixedContentChecker.h
    M Source/WebCore/loader/SubframeLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Revert rdar://110801928

Identifier: 245886.912 at safari-7613.4.1.0-branch


  Commit: 57521f7aec18ba94201b6d4dd81563455d1952c2
      https://github.com/WebKit/WebKit/commit/57521f7aec18ba94201b6d4dd81563455d1952c2
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2023-07-10 (Mon, 10 Jul 2023)

  Changed paths:
    A JSTests/stress/putstacksinking-callvarargs.js
    A JSTests/stress/putstacksinking-tailcallvarargs.js
    M Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h

  Log Message:
  -----------
  Cherry-pick c3d2e3627b45. rdar://problem/111523858

    CallVarargs should identify that it can read inline call frame arguments.
    rdar://111361499

    Reviewed by Yusuke Suzuki.

    Call already does this, but CallVarargs has a special case that forgot.

    We should not be allowed to push PutStacks below a call of any kind, since
    it might access our call frame's arguments via foo.arguments, unless
    we are strict.

    The only exception is TailCall (but not TailCallForwardVarargsInlinedCaller),
    because it will destroy the entire frame.

    We do not un-pessimize TailCall yet to reduce risk, but it could be made
    to match TailCallForwardVarargs in the future.

    * JSTests/stress/putstacksinking-callvarargs.js: Added.
    (main.opt.x):
    (main.opt.y):
    (main.opt.z):
    (main.opt):
    (main):
    * JSTests/stress/putstacksinking-tailcallvarargs.js: Added.
    (main.opt.x):
    (main.opt.y):
    (main.opt.z):
    (main.opt):
    (main):
    * Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h:
    (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):

    Canonical link: https://commits.webkit.org/259548.856@safari-7615-branch

Identifier: 245886.913 at safari-7613.4.1.0-branch


  Commit: 67921fb95566632ecfcab780e1637425226b23d6
      https://github.com/WebKit/WebKit/commit/67921fb95566632ecfcab780e1637425226b23d6
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2023-07-10 (Mon, 10 Jul 2023)

  Changed paths:
    M Source/WebCore/rendering/PaintPhase.h
    M Source/WebCore/rendering/RenderLayer.cpp
    M Source/WebCore/rendering/StyledMarkedText.cpp
    M Source/WebCore/rendering/TextBoxPainter.cpp
    M Source/WebCore/rendering/TextDecorationPainter.cpp
    M Source/WebCore/rendering/TextDecorationPainter.h
    M Source/WebCore/rendering/TextPaintStyle.cpp
    M Source/WebCore/rendering/style/RenderStyle.cpp
    M Source/WebCore/rendering/style/RenderStyle.h

  Log Message:
  -----------
  Apply patch. rdar://problem/111116301

Identifier: 245886.914 at safari-7613.4.1.0-branch


  Commit: a513eba5c0f5795313bd1d46f96a9becbf03a906
      https://github.com/WebKit/WebKit/commit/a513eba5c0f5795313bd1d46f96a9becbf03a906
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2023-07-10 (Mon, 10 Jul 2023)

  Changed paths:
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
    A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    A LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
    M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
    M LayoutTests/http/tests/security/referrer-policy-header-test.js
    M LayoutTests/http/tests/security/referrer-policy-header.html
    M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-always.html
    M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-default.html
    M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-never.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
    M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-origin.html
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
    M LayoutTests/http/tests/security/resources/postReferrer.py
    M LayoutTests/http/tests/security/resources/referrer-policy-log.py
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
    R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
    R LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
    M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
    A LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
    A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
    A LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    A LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/win/TestExpectations
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M Source/WebCore/Modules/websockets/WebSocket.cpp
    M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
    M Source/WebCore/html/HTMLFormElement.cpp
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/DocumentThreadableLoader.cpp
    M Source/WebCore/loader/MixedContentChecker.cpp
    M Source/WebCore/loader/MixedContentChecker.h
    M Source/WebCore/loader/SubframeLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp

  Log Message:
  -----------
  Apply patch. rdar://problem/110471649

Identifier: 245886.915 at safari-7613.4.1.0-branch


  Commit: d19588e4c038b6bd56bf4b43c9a14f9d60e71271
      https://github.com/WebKit/WebKit/commit/d19588e4c038b6bd56bf4b43c9a14f9d60e71271
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2023-07-10 (Mon, 10 Jul 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.12

Identifier: 245886.916 at safari-7613.4.1.0-branch


  Commit: 9850fba63aa864fff9fc6d065c8d9355d62c5745
      https://github.com/WebKit/WebKit/commit/9850fba63aa864fff9fc6d065c8d9355d62c5745
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-11 (Tue, 11 Jul 2023)

  Changed paths:
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https-expected.txt
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
    R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    R LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag-emptyString.html
    M LayoutTests/http/tests/security/referrer-policy-header-and-meta-tag.html
    M LayoutTests/http/tests/security/referrer-policy-header-multipart.html
    M LayoutTests/http/tests/security/referrer-policy-header-test.js
    M LayoutTests/http/tests/security/referrer-policy-header.html
    M LayoutTests/http/tests/security/referrer-policy-https-always-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-always.html
    M LayoutTests/http/tests/security/referrer-policy-https-default-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-default.html
    M LayoutTests/http/tests/security/referrer-policy-https-never-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-never.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer-when-downgrade.html
    M LayoutTests/http/tests/security/referrer-policy-https-no-referrer.html
    M LayoutTests/http/tests/security/referrer-policy-https-origin-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-origin.html
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url-expected.txt
    M LayoutTests/http/tests/security/referrer-policy-https-unsafe-url.html
    M LayoutTests/http/tests/security/resources/postReferrer.py
    M LayoutTests/http/tests/security/resources/referrer-policy-log.py
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-getCurrentPosition.html
    M LayoutTests/http/tests/security/resources/sandboxed-iframe-geolocation-watchPosition.html
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-meta-tag.py
    M LayoutTests/http/tests/security/resources/serve-referrer-policy-and-test.py
    A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http-expected.txt
    A LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-with-embedded-http.html
    M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt
    R LayoutTests/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    R LayoutTests/imported/w3c/web-platform-tests/mixed-content/csp.https.window-expected.txt
    R LayoutTests/imported/w3c/web-platform-tests/mixed-content/nested-iframes.window-expected.txt
    R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/fs/FileSystemFileHandle-create-sync-access-handle.https.tentative.window-expected.txt
    R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/nested-documents-expected.txt
    R LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/screen-orientation/unlock-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/win/TestExpectations
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame-expected.txt
    A LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/insecure-image-in-iframe-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/wk2/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M Source/WebCore/Modules/websockets/WebSocket.cpp
    M Source/WebCore/Modules/websockets/WorkerThreadableWebSocketChannel.cpp
    M Source/WebCore/html/HTMLFormElement.cpp
    M Source/WebCore/loader/DocumentLoader.cpp
    M Source/WebCore/loader/DocumentThreadableLoader.cpp
    M Source/WebCore/loader/MixedContentChecker.cpp
    M Source/WebCore/loader/MixedContentChecker.h
    M Source/WebCore/loader/SubframeLoader.cpp
    M Source/WebCore/loader/cache/CachedResourceLoader.cpp

  Log Message:
  -----------
  Revert "Apply patch. rdar://problem/110471649"

This reverts commit a513eba5c0f5795313bd1d46f96a9becbf03a906.

Identifier: 245886.917 at safari-7613.4.1.0-branch


  Commit: 4b6f7229ece73498b5f84e7d5aa646c973539053
      https://github.com/WebKit/WebKit/commit/4b6f7229ece73498b5f84e7d5aa646c973539053
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2023-07-11 (Tue, 11 Jul 2023)

  Changed paths:
    M Source/JavaScriptCore/Configurations/Version.xcconfig
    M Source/ThirdParty/ANGLE/Configurations/Version.xcconfig
    M Source/ThirdParty/libwebrtc/Configurations/Version.xcconfig
    M Source/WebCore/Configurations/Version.xcconfig
    M Source/WebCore/PAL/Configurations/Version.xcconfig
    M Source/WebGPU/Configurations/Version.xcconfig
    M Source/WebInspectorUI/Configurations/Version.xcconfig
    M Source/WebKit/Configurations/Version.xcconfig
    M Source/WebKitLegacy/mac/Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7613.7.1.0.13

Identifier: 245886.918 at safari-7613.4.1.0-branch


Compare: https://github.com/WebKit/WebKit/compare/6b69f56e4cc9%5E...4b6f7229ece7


More information about the webkit-changes mailing list