Remove jQuery

[davidism]

At this point, support for modern JavaScript features in modern browsers is probably enough to replace jQuery with plain JavaScript. Bundling jQuery, even minimized, is 1/4 of the final size of the wheel on PyPI. We also keep getting asked to update jQuery due to CVEs that come out, even though they have no impact on the debugger.

[davidism]

We should probably support the same browser versions as jQuery: https://jquery.com/browser-support/. If IE is too much of a problem, I'm probably willing to drop it, it only accounts for 0.3% of page views (for docs at least).

[ThiefMaster]

I'd just drop everything that's not modern. It's a developer tool, why bother with old crap?
If you are a developer who needs to make your site work with ancient browsers fine. Sucks to be you but hopefully you are well-paid for it. That doesn't mean you'll use that old browser for day-to-day development, so if you end up in the Werkzeug debugger you are probably not using some nasty old browser.

So IMHO support only the latest Firefox, Chrome, Edge, Safari versions and that's it. Supporting older EdgeHTML versions and IE (even IE 11) is just a HUGE pain in the ass since it means you either need to write old JS or transpile it. If you ditch those old browsers you can use all the modern features "for free".

[davidism]

We need some sort of baseline, and that's probably fine too (it basically matches jQuery except for IE). We probably should account for Firefox ESR at least.

[ThiefMaster]

I doubt ESR is relevant for developer tool. Anyway the next ESR major release is coming out next month and I don't think anything important changed in the last year that's relevant for the debugger.

If we want something documented, I'd go for "the latest version of Firefox, Chrome, Edge and Safari available at "

[davidism]

The only feature I was thinking of off the top of my head was fetch vs XHR, since fetch is much nicer to work with but excludes IE. Yeah, let's go with completely modern for now.

[bclodius]

We also keep getting asked to update jQuery due to CVEs that come out, even though they have no impact on the debugger.

This is a huge painpoint on my end. Every few weeks / months all my python projects explode with new security finding due to this jquery dependency.

find venv -name jquery*
venv/lib/python3.7/site-packages/werkzeug/debug/shared/jquery.js

[juped]

@kx-chen and @chrisngyn will be working on this!

[davidism]

Looks like the Gist API requires an auth token to create gists.

You can read public gists anonymously, but you must be signed into GitHub to create gists. To read or write gists on a user's behalf, you need the gist OAuth scope and a token.

Clicking the button returns a 401 error from GitHub, translated to a 500 error from the debugger. I feel like this wasn't always the case, but it's clearly not working now. I don't think going through GitHub's OAuth flow is in the scope of the debugger, so let's just remove the button, code, and docs related to creating pastes/gists.

[obfusk]

Seems to be fixed by #1857.