diff -Nru libmojolicious-perl-8.10+dfsg/Changes libmojolicious-perl-8.11+dfsg/Changes
--- libmojolicious-perl-8.10+dfsg/Changes	2018-12-17 23:13:03.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/Changes	2019-01-02 13:50:33.000000000 +0000
@@ -1,4 +1,14 @@
 
+8.11  2019-01-01
+  - Added EXPERIMENTAL support for SameSite cookies to better protect
+    Mojolicious applications from CSRF attacks. (dylanwh, sri)
+  - Added EXPERIMENTAL samesite attributes to Mojo::Cookie::Response and
+    Mojolicious::Cookies. (dylanwh, sri)
+  - Added lstat method to Mojo::File. (Grinnz)
+  - Added remove method to Mojo::File.
+  - Improved eval command with support for promises. (jberger)
+  - Improved Mojo::JSON::Pointer to ignore many invalid JSON Pointers.
+
 8.10  2018-12-18
   - Added reset event to Mojo::IOLoop.
   - Added limit argument to split method in Mojo::ByteStream. (s1037989)
diff -Nru libmojolicious-perl-8.10+dfsg/debian/changelog libmojolicious-perl-8.11+dfsg/debian/changelog
--- libmojolicious-perl-8.10+dfsg/debian/changelog	2018-12-26 16:51:23.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/debian/changelog	2019-01-03 22:47:31.000000000 +0000
@@ -1,3 +1,10 @@
+libmojolicious-perl (8.11+dfsg-1) unstable; urgency=medium
+
+  * Import upstream version 8.11+dfsg.
+  * Update years of upstream and packaging copyright.
+
+ -- gregor herrmann <gregoa@debian.org>  Thu, 03 Jan 2019 23:47:31 +0100
+
 libmojolicious-perl (8.10+dfsg-1) unstable; urgency=medium
 
   * Import upstream version 8.10+dfsg.
diff -Nru libmojolicious-perl-8.10+dfsg/debian/copyright libmojolicious-perl-8.11+dfsg/debian/copyright
--- libmojolicious-perl-8.10+dfsg/debian/copyright	2018-12-26 16:51:23.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/debian/copyright	2019-01-03 22:47:31.000000000 +0000
@@ -9,16 +9,16 @@
  lib/Mojolicious/resources/public/mojo/prettify/run_prettify.js
 
 Files: *
-Copyright: 2008-2018, Sebastian Riedel <sri@cpan.org>
+Copyright: 2008-2019, Sebastian Riedel <sri@cpan.org>
 License: Artistic-2.0
 
 Files: lib/Mojolicious/resources/public/mojo/*
-Copyright: 2010-2018, Sebastian Riedel <sri@cpan.org>
+Copyright: 2010-2019, Sebastian Riedel <sri@cpan.org>
 License: CC-BY-SA-4.0
 
 Files: debian/*
 Copyright: 2010-2011, Jonathan Yu <jawnsy@cpan.org>
- 2010-2018, gregor herrmann <gregoa@debian.org>
+ 2010-2019, gregor herrmann <gregoa@debian.org>
  2011, Angel Abad <angel@debian.org>
  2011, Fabrizio Regalli <fabreg@fabreg.it>
  2011-2012, Krzysztof Krzyżaniak (eloy) <eloy@debian.org>
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojo/Asset/File.pm libmojolicious-perl-8.11+dfsg/lib/Mojo/Asset/File.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojo/Asset/File.pm	2018-11-22 20:21:44.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojo/Asset/File.pm	2019-01-02 14:14:21.000000000 +0000
@@ -34,7 +34,7 @@
   if (my $handle = $self->handle) { close $handle }
 
   # Only the process that created the file is allowed to remove it
-  unlink $path if -w $path && ($self->{pid} // $$) == $$;
+  Mojo::File->new($path)->remove if -w $path && ($self->{pid} // $$) == $$;
 }
 
 sub add_chunk {
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojo/Cookie/Response.pm libmojolicious-perl-8.11+dfsg/lib/Mojo/Cookie/Response.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojo/Cookie/Response.pm	2018-11-22 20:21:53.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojo/Cookie/Response.pm	2018-12-30 15:08:25.000000000 +0000
@@ -4,9 +4,10 @@
 use Mojo::Date;
 use Mojo::Util qw(quote split_cookie_header);
 
-has [qw(domain expires host_only httponly max_age path secure)];
+has [qw(domain expires host_only httponly max_age path samesite secure)];
 
-my %ATTRS = map { $_ => 1 } qw(domain expires httponly max-age path secure);
+my %ATTRS
+  = map { $_ => 1 } qw(domain expires httponly max-age path samesite secure);
 
 sub parse {
   my ($self, $str) = @_;
@@ -53,6 +54,9 @@
   # "HttpOnly"
   $cookie .= "; HttpOnly" if $self->httponly;
 
+  # "Same-Site"
+  if (my $samesite = $self->samesite) { $cookie .= "; SameSite=$samesite" }
+
   # "Max-Age"
   if (defined(my $max = $self->max_age)) { $cookie .= "; Max-Age=$max" }
 
@@ -130,6 +134,16 @@
 
 Cookie path.
 
+=head2 samesite
+
+  my $samesite = $cookie->samesite;
+  $cookie      = $cookie->samesite('Lax');
+
+SameSite value. Note that this attribute is EXPERIMENTAL because even though
+most commonly used browsers support the feature, there is no specification yet
+besides
+L<this draft|https://tools.ietf.org/html/draft-west-first-party-cookies-07>.
+
 =head2 secure
 
   my $bool = $cookie->secure;
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojo/File.pm libmojolicious-perl-8.11+dfsg/lib/Mojo/File.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojo/File.pm	2018-12-12 00:44:43.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojo/File.pm	2019-01-02 13:49:30.000000000 +0000
@@ -78,6 +78,8 @@
   return Mojo::Collection->new(map { $self->new(canonpath $_) } sort keys %all);
 }
 
+sub lstat { File::stat::lstat(${shift()}) }
+
 sub make_path {
   my $self = shift;
   File::Path::make_path $$self, @_;
@@ -107,6 +109,12 @@
 
 sub realpath { $_[0]->new(Cwd::realpath ${$_[0]}) }
 
+sub remove {
+  my ($self, $mode) = @_;
+  unlink $$self or croak qq{Can't remove file "$$self": $!} if -e $$self;
+  return $self;
+}
+
 sub remove_tree {
   my $self = shift;
   File::Path::remove_tree $$self, @_;
@@ -369,6 +377,18 @@
 
 =back
 
+=head2 lstat
+
+  my $stat = $path->lstat;
+
+Return a L<File::stat> object for the symlink.
+
+  # Get symlink size
+  say path('/usr/sbin/sendmail')->lstat->size;
+
+  # Get symlink modification time
+  say path('/usr/sbin/sendmail')->lstat->mtime;
+
 =head2 make_path
 
   $path = $path->make_path;
@@ -418,6 +438,12 @@
 
 Resolve the path with L<Cwd> and return the result as a L<Mojo::File> object.
 
+=head2 remove
+
+  $path = $path->remove;
+
+Delete file.
+
 =head2 remove_tree
 
   $path = $path->remove_tree;
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojo/IOLoop/Server.pm libmojolicious-perl-8.11+dfsg/lib/Mojo/IOLoop/Server.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojo/IOLoop/Server.pm	2018-11-22 20:21:54.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojo/IOLoop/Server.pm	2019-01-02 13:56:13.000000000 +0000
@@ -4,6 +4,7 @@
 use Carp 'croak';
 use IO::Socket::IP;
 use IO::Socket::UNIX;
+use Mojo::File 'path';
 use Mojo::IOLoop;
 use Mojo::IOLoop::TLS;
 use Scalar::Util 'weaken';
@@ -57,7 +58,7 @@
     # UNIX domain socket
     my $reuse;
     if ($path) {
-      unlink $path if -S $path;
+      path($path)->remove if -S $path;
       $options{Local} = $path;
       $handle = $class->new(%options) or croak "Can't create listen socket: $!";
       $reuse = $self->{reuse} = join ':', 'unix', $path, fileno $handle;
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojo/JSON/Pointer.pm libmojolicious-perl-8.11+dfsg/lib/Mojo/JSON/Pointer.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojo/JSON/Pointer.pm	2018-12-16 16:59:09.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojo/JSON/Pointer.pm	2018-12-30 15:39:40.000000000 +0000
@@ -3,16 +3,16 @@
 
 has 'data';
 
-sub contains { shift->_pointer(1, @_) }
-sub get      { shift->_pointer(0, @_) }
+sub contains { shift->_pointer(0, @_) }
+sub get      { shift->_pointer(1, @_) }
 
 sub new { @_ > 1 ? shift->SUPER::new(data => shift) : shift->SUPER::new }
 
 sub _pointer {
-  my ($self, $contains, $pointer) = @_;
+  my ($self, $get, $pointer) = @_;
 
   my $data = $self->data;
-  return $contains ? 1 : $data unless $pointer =~ s!^/!!;
+  return length $pointer ? undef : $get ? $data : 1 unless $pointer =~ s!^/!!;
   for my $p (length $pointer ? (split '/', $pointer, -1) : ($pointer)) {
     $p =~ s!~1!/!g;
     $p =~ s/~0/~/g;
@@ -29,7 +29,7 @@
     else { return undef }
   }
 
-  return $contains ? 1 : $data;
+  return $get ? $data : 1;
 }
 
 1;
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojo/Server/Hypnotoad.pm libmojolicious-perl-8.11+dfsg/lib/Mojo/Server/Hypnotoad.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojo/Server/Hypnotoad.pm	2018-11-22 20:21:47.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojo/Server/Hypnotoad.pm	2019-01-02 14:13:39.000000000 +0000
@@ -92,7 +92,7 @@
   return unless my $new = $self->{new};
 
   my $prefork = $self->prefork->cleanup(0);
-  unlink $prefork->pid_file;
+  path($prefork->pid_file)->remove;
   $prefork->ensure_pid_file($new);
 }
 
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojo/Server/Prefork.pm libmojolicious-perl-8.11+dfsg/lib/Mojo/Server/Prefork.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojo/Server/Prefork.pm	2018-11-22 20:21:48.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojo/Server/Prefork.pm	2019-01-02 14:12:35.000000000 +0000
@@ -17,19 +17,18 @@
 has spare              => 2;
 has workers            => 4;
 
-sub DESTROY { unlink $_[0]->pid_file if $_[0]->cleanup }
+sub DESTROY { path($_[0]->pid_file)->remove if $_[0]->cleanup }
 
 sub check_pid {
-  my $file = shift->pid_file;
-  return undef unless open my $handle, '<', $file;
-  my $pid = <$handle>;
+  return undef unless -r (my $file = path(shift->pid_file));
+  my $pid = $file->slurp;
   chomp $pid;
 
   # Running
   return $pid if $pid && kill 0, $pid;
 
   # Not running
-  unlink $file;
+  $file->remove;
   return undef;
 }
 
@@ -37,15 +36,14 @@
   my ($self, $pid) = @_;
 
   # Check if PID file already exists
-  return if -e (my $file = $self->pid_file);
+  return if -e (my $file = path($self->pid_file));
 
   # Create PID file
-  $self->app->log->error(qq{Can't create process id file "$file": $!})
-    and die qq{Can't create process id file "$file": $!}
-    unless open my $handle, '>', $file;
+  if (my $err = eval { $file->spurt("$pid\n")->chmod(0644) } ? undef : $@) {
+    $self->app->log->error(qq{Can't create process id file "$file": $err})
+      and die qq{Can't create process id file "$file": $err};
+  }
   $self->app->log->info(qq{Creating process id file "$file"});
-  chmod 0644, $handle;
-  print $handle "$pid\n";
 }
 
 sub healthy {
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojolicious/Command/eval.pm libmojolicious-perl-8.11+dfsg/lib/Mojolicious/Command/eval.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojolicious/Command/eval.pm	2018-11-22 20:22:05.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojolicious/Command/eval.pm	2018-12-31 13:59:25.000000000 +0000
@@ -1,6 +1,7 @@
 package Mojolicious::Command::eval;
 use Mojo::Base 'Mojolicious::Command';
 
+use Mojo::Promise;
 use Mojo::Util 'getopt';
 
 has description => 'Run code against application';
@@ -13,10 +14,17 @@
   my $code = shift @args || '';
 
   # Run code against application
-  my $app = $self->app;
-  no warnings;
+  my $app    = $self->app;
   my $result = eval "package main; sub app; local *app = sub { \$app }; $code";
-  return $@ ? die $@ : $result unless defined $result && ($v1 || $v2);
+  die $@ if $@;
+
+  # Handle promises
+  my $err;
+  Mojo::Promise->resolve($result)
+    ->then(sub { $result = shift }, sub { $err = shift })->wait;
+  die $err if $err;
+
+  return $result unless defined $result && ($v1 || $v2);
   $v2 ? print($app->dumper($result)) : say $result;
 }
 
@@ -48,7 +56,9 @@
 
 =head1 DESCRIPTION
 
-L<Mojolicious::Command::eval> runs code against applications.
+L<Mojolicious::Command::eval> runs code against applications. If the result is a
+promise (then-able), it will wait until the promise is fulfilled or rejected and
+the result is returned.
 
 This is a core command, that means it is always enabled and its code a good
 example for learning to build new commands, you're welcome to fork it.
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojolicious/Guides/Contributing.pod libmojolicious-perl-8.11+dfsg/lib/Mojolicious/Guides/Contributing.pod
--- libmojolicious-perl-8.10+dfsg/lib/Mojolicious/Guides/Contributing.pod	2018-12-16 22:14:22.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojolicious/Guides/Contributing.pod	2018-12-31 12:37:21.000000000 +0000
@@ -88,12 +88,10 @@
 now!|https://kiwiirc.com/nextclient/#irc://irc.freenode.net/mojo?nick=guest-?>),
 to avoid unnecessary work and to increase its chances of getting accepted.
 
-To get early feedback and reviews for your code changes you can also open a
-B<work in progress> pull request. But you will have to declare a deadline after
-which the pull request should be considered finished or failed in the
-description. Otherwise all pull requests are considered finished and ready for
-voting. If changes have been requested for your pull request, you have 24 hours
-to address these requests, or you can try again with a new pull request later.
+Any member of the core team can call for a vote with a GitHub comment mentioning
+the team C<@mojolicious/core>. Then there will be a review period of 14 days (or
+less if enough votes have been cast), after which all votes are counted and the
+pull request will be accepted or rejected.
 
 The following mission statement and rules are the foundation of all L<Mojo> and
 L<Mojolicious> development. Please make sure that your contribution aligns well
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/debug.html.ep libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/debug.html.ep
--- libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/debug.html.ep	2018-07-23 14:04:22.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/debug.html.ep	2019-01-01 18:21:42.000000000 +0000
@@ -10,7 +10,9 @@
     %= javascript '/mojo/prettify/run_prettify.js'
     %= stylesheet '/mojo/prettify/prettify-mojo-dark.css'
     <style>
-      a img { border: 0 }
+      a img {
+        border: 0;
+      }
       body {
         background: url(<%= url_for '/mojo/pinstripe-light.png' %>);
         color: #445555;
@@ -60,23 +62,41 @@
         color: #eee;
         text-shadow: #333 0 1px 0;
       }
-      .important { background-color: rgba(47, 48, 50, .75) }
-      .infobox { color: #333 }
-      .infobox tr:nth-child(odd) .value { background-color: #ddeeff }
-      .infobox tr:nth-child(even) .value { background-color: #eef9ff }
-      .key { text-align: right }
-      .more table { margin-bottom: 1em }
+      .important {
+        background-color: rgba(47, 48, 50, .75);
+       }
+      .infobox {
+        color: #333;
+       }
+      .infobox tr:nth-child(odd) .value {
+        background-color: #ddeeff;
+       }
+      .infobox tr:nth-child(even) .value {
+        background-color: #eef9ff;
+       }
+      .key {
+        text-align: right;
+      }
+      .more table {
+        margin-bottom: 1em;
+       }
       .spaced {
         margin-left: 5em;
         margin-right: 5em;
       }
-      .striped { border-top: solid #cce4ff 1px }
+      .striped {
+        border-top: solid #cce4ff 1px;
+       }
       .tap {
         font: 0.5em Verdana, sans-serif;
         text-align: center;
       }
-      .value { padding-left: 1em }
-      .wide { width: 100% }
+      .value {
+        padding-left: 1em;
+       }
+      .wide {
+        width: 100%;
+       }
       #error {
         font: 1.5em 'Helvetica Neue', Helvetica, sans-serif;
         font-weight: 300;
@@ -89,28 +109,87 @@
       }
       #nothing {
         border-bottom: 0;
-        padding-top: 60px;
+        padding-top: 20px;
       }
       #showcase {
         border-bottom: 0;
         border-top: 0;
       }
-      #showcase table { margin-top: 1em }
+      #showcase table {
+        margin-top: 1em;
+      }
       #showcase td {
         padding-top: 0;
         padding-bottom: 0;
       }
-      #showcase .key { padding-right: 0 }
+      #showcase .key {
+        padding-right: 0;
+      }
       #log {
         border-radius: 5px;
         margin-top: 1em;
       }
-      #log table { margin: 0 }
+      #log table {
+        margin: 0;
+      }
+      #mojobar {
+        background-color: #1a1a1a;
+        background: -webkit-linear-gradient(top, #2a2a2a 0%, #000 100%);
+        background: -moz-linear-gradient(top, #2a2a2a 0%, #000 100%);
+        background: linear-gradient(top, #2a2a2a 0%, #000 100%);
+        box-shadow: 0px 1px 0px rgba(0, 0, 0, 0.5);
+        height: 46px;
+        overflow: hidden;
+        width: 100%;
+        z-index: 1000;
+      }
+      #mojobar-brand {
+        display: inline-block;
+        padding-left: 50px;
+        padding-top: 4px;
+      }
+      #mojobar-links {
+        display: inline;
+        float: right;
+        height: 60px;
+        margin-top: 0.8em;
+        padding-right: 50px;
+      }
+      #mojobar-links a {
+        color: #bbb;
+        font: 0.9em 'Helvetica Neue', Helvetica, sans-serif;
+        margin-left: 0.5em;
+        text-decoration: none;
+        transition: all 200ms ease-in-out;
+      }
+      #mojobar-links a:hover {
+        color: #fff;
+      }
+      #mojobar-links input {
+        background-color: #3a3a3a;
+        border: 1px solid rgba(0, 0, 0, 0.1);
+        border-radius: 3px;
+        color: #eee;
+        display: inline;
+        margin-left: 1em;
+        padding: 4px;
+        transition: all 0.15s;
+      }
+      #mojobar-links input:focus {
+        background-color: #fff;
+        color: #111;
+        outline: 0;
+      }
+      #mojobar-links form {
+        display: inline;
+      }
       #more, #trace {
         border-bottom-left-radius: 5px;
         border-bottom-right-radius: 5px;
       }
-      #more .tap, #trace .tap { text-shadow: #ddd 0 1px 0 }
+      #more .tap, #trace .tap {
+        text-shadow: #ddd 0 1px 0;
+      }
       #request {
         border-bottom: 0;
         border-top-left-radius: 5px;
@@ -120,9 +199,11 @@
       #routes {
         border-bottom-left-radius: 5px;
         border-bottom-right-radius: 5px;
-        padding-top: 70px;
+        padding-top: 30px;
+      }
+      #trace {
+        border-top: 0;
       }
-      #trace { border-top: 0 }
       #wrapperlicious {
         max-width: 1000px;
         margin: 0 auto;
@@ -130,7 +211,30 @@
     </style>
   </head>
   <body>
-    %= include 'mojo/menubar'
+    <div id="mojobar">
+      %= link_to 'https://mojolicious.org' => (id => 'mojobar-brand') => begin
+        <picture>
+          <img src="<%= url_for '/mojo/logo-white.png' %>"
+            srcset="<%= url_for '/mojo/logo-white-2x.png' %> 2x">
+        </picture>
+      % end
+      <div id="mojobar-links">
+        %= link_to Documentation => 'https://mojolicious.org/perldoc'
+        <%= link_to Chat =>
+          'https://kiwiirc.com/nextclient/#irc://irc.freenode.net/mojo?nick=guest-?'
+        %>
+        %= link_to Wiki => 'https://github.com/mojolicious/mojo/wiki'
+        %= link_to GitHub => 'https://github.com/mojolicious/mojo'
+        %= link_to CPAN => 'https://metacpan.org/release/Mojolicious/'
+        %= link_to MailingList => 'https://groups.google.com/group/mojolicious'
+        %= link_to Twitter => 'https://twitter.com/perlmojo'
+        %= form_for 'https://www.google.com/cse' => (target => '_blank') => begin
+          %= hidden_field cx => '014527573091551588235:pwfplkjpgbi'
+          %= hidden_field ie => 'UTF-8'
+          %= search_field 'q', placeholder => 'Search'
+        %= end
+      </div>
+    </div>
     <script>
       function mojoDrawer(handle, drawer) {
         $(handle).on('click', function () {
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/exception.html.ep libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/exception.html.ep
--- libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/exception.html.ep	2018-05-21 21:40:03.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/exception.html.ep	2019-01-01 18:11:08.000000000 +0000
@@ -4,7 +4,9 @@
   <head>
     <title>Server error</title>
     <style>
-      body { background-color: #caecf6 }
+      body {
+        background-color: #caecf6;
+      }
       #raptor {
         background: url(<%= url_for '/mojo/failraptor.png' %>);
         height: 488px;
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/menubar.html.ep libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/menubar.html.ep
--- libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/menubar.html.ep	2018-11-19 14:37:40.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/menubar.html.ep	1970-01-01 00:00:00.000000000 +0000
@@ -1,138 +0,0 @@
-%= javascript '/mojo/jquery/jquery.js'
-<div id="mojobar">
-  <style scoped="scoped">
-    #mojobar {
-      background-color: #1a1a1a;
-      background: -webkit-linear-gradient(top, #2a2a2a 0%, #000 100%);
-      background: -moz-linear-gradient(top, #2a2a2a 0%, #000 100%);
-      background: linear-gradient(top, #2a2a2a 0%, #000 100%);
-      box-shadow: 0px 1px 0px rgba(0, 0, 0, 0.5);
-      height: 46px;
-      overflow: hidden;
-      position: absolute;
-      width: 100%;
-      z-index: 1000;
-    }
-    #mojobar-brand {
-      display: inline-block;
-      padding-left: 50px;
-      padding-top: 4px;
-    }
-    #mojobar-links {
-      display: inline;
-      float: right;
-      height: 60px;
-      margin-top: 0.8em;
-      padding-right: 50px;
-    }
-    #mojobar-links a {
-      color: #bbb;
-      font: 0.9em 'Helvetica Neue', Helvetica, sans-serif;
-      margin-left: 0.5em;
-      text-decoration: none;
-      transition: all 200ms ease-in-out;
-    }
-    #mojobar-links a:hover { color: #fff }
-    #mojobar-links input {
-      background-color: #3a3a3a;
-      border: 1px solid rgba(0, 0, 0, 0.1);
-      border-radius: 3px;
-      color: #eee;
-      display: inline;
-      margin-left: 1em;
-      padding: 4px;
-      transition: all 0.15s;
-    }
-    #mojobar-links input:focus {
-      background-color: #fff;
-      color: #111;
-      outline: 0;
-    }
-    #mojobar-links form { display: inline }
-    .animated { transition: all 0.25s ease }
-  </style>
-  %= link_to 'https://mojolicious.org' => (id => 'mojobar-brand') => begin
-    <picture>
-      <img src="<%= url_for '/mojo/logo-white.png' %>"
-        srcset="<%= url_for '/mojo/logo-white-2x.png' %> 2x">
-    </picture>
-  % end
-  <div id="mojobar-links">
-    %= link_to Documentation => 'https://mojolicious.org/perldoc'
-    <%= link_to Chat =>
-      'https://kiwiirc.com/nextclient/#irc://irc.freenode.net/mojo?nick=guest-?'
-    %>
-    %= link_to Wiki => 'https://github.com/mojolicious/mojo/wiki'
-    %= link_to GitHub => 'https://github.com/mojolicious/mojo'
-    %= link_to CPAN => 'https://metacpan.org/release/Mojolicious/'
-    %= link_to MailingList => 'https://groups.google.com/group/mojolicious'
-    %= link_to Twitter => 'https://twitter.com/perlmojo'
-    %= form_for 'https://www.google.com/cse' => (target => '_blank') => begin
-      %= hidden_field cx => '014527573091551588235:pwfplkjpgbi'
-      %= hidden_field ie => 'UTF-8'
-      %= search_field 'q', placeholder => 'Search'
-    %= end
-  </div>
-</div>
-<script>
-  var mojobar = $('#mojobar');
-  var mojobarHeight = mojobar.outerHeight();
-  function getElementByHash(hash) {
-    return $(hash.replace(/(:|\.|\[|\]|,)/g, '\\$1'));
-  }
-  function fixOffset() {
-    var offset = getElementByHash(window.location.hash).offset();
-    if (offset) {
-      $('html, body').animate({scrollTop: offset.top - mojobarHeight}, 1);
-    }
-  }
-  $(window).on('load', function () {
-    if (window.location.hash) {
-      fixOffset();
-    }
-    var start = mojobar.offset().top;
-    var fixed;
-    var lastScrollTop = $(window).scrollTop();
-    var hidden = mojobarHeight + 1;
-    $(window).on('scroll', function () {
-      var st = $(window).scrollTop();
-      if (fixed) {
-        if (st <= start) {
-          fixed = false;
-          mojobar.removeClass('animated');
-          mojobar.css({'position': 'absolute', 'top': start + 'px'});
-        }
-        else if (Math.abs(lastScrollTop - st) > 100) {
-          if (!mojobar.hasClass('animated')) {
-            mojobar.addClass('animated');
-          }
-          if (st > lastScrollTop && st > (mojobarHeight + start + 250)) {
-            mojobar.css('transform', 'translateY(-' + hidden + 'px)');
-          }
-          else if (st < lastScrollTop) {
-            mojobar.css('transform', 'translateY(0px)');
-          }
-          lastScrollTop = st;
-        }
-      }
-      else if (st > start) {
-        fixed = true;
-        mojobar.css({'position': 'fixed', 'top': 0});
-        lastScrollTop = $(window).scrollTop();
-      }
-    });
-  });
-  $(function () {
-    $('a[href^="#"]').addClass('mojoscroll').on('click', function (e) {
-      e.preventDefault();
-      e.stopPropagation();
-      var hash   = '#' + this.href.split('#')[1];
-      var target = getElementByHash(hash);
-      var old    = target.attr('id');
-      target.attr('id', '');
-      location.hash = hash;
-      target.attr('id', old);
-      fixOffset();
-    });
-  });
-</script>
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/not_found.html.ep libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/not_found.html.ep
--- libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/not_found.html.ep	2018-05-21 21:40:33.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/not_found.html.ep	2019-01-01 18:11:24.000000000 +0000
@@ -4,8 +4,12 @@
   <head>
     <title>Page not found</title>
     <style>
-      a img { border: 0 }
-      body { background-color: #caecf6 }
+      a img {
+        border: 0;
+      }
+      body {
+        background-color: #caecf6;
+      }
       #noraptor {
         left: 0%;
         position: fixed;
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/perldoc.html.ep libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/perldoc.html.ep
--- libmojolicious-perl-8.10+dfsg/lib/Mojolicious/resources/templates/mojo/perldoc.html.ep	2018-11-08 18:51:03.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojolicious/resources/templates/mojo/perldoc.html.ep	2019-01-01 16:39:10.000000000 +0000
@@ -98,7 +98,6 @@
     </style>
   </head>
   <body>
-    %= include 'mojo/menubar'
     <div id="wrapperlicious">
       <div id="perldoc">
         <div id="links">
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojolicious/Sessions.pm libmojolicious-perl-8.11+dfsg/lib/Mojolicious/Sessions.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojolicious/Sessions.pm	2018-11-22 20:21:58.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojolicious/Sessions.pm	2018-12-30 15:13:02.000000000 +0000
@@ -9,6 +9,7 @@
 has cookie_path        => '/';
 has default_expiration => 3600;
 has deserialize        => sub { \&Mojo::JSON::j };
+has samesite           => 'Lax';
 has serialize          => sub { \&Mojo::JSON::encode_json };
 
 sub load {
@@ -55,6 +56,7 @@
     expires  => $session->{expires},
     httponly => 1,
     path     => $self->cookie_path,
+    samesite => $self->samesite,
     secure   => $self->secure
   };
   $c->signed_cookie($self->cookie_name, $value, $options);
@@ -140,6 +142,19 @@
     return {};
   });
 
+=head2 samesite
+
+  my $samesite = $sessions->samesite;
+  $sessions    = $sessions->samesite('Strict');
+
+Set the SameSite value on all session cookies, defaults to C<Lax>. Note that
+this attribute is EXPERIMENTAL because even though most commonly used browsers
+support the feature, there is no specification yet besides
+L<this draft|https://tools.ietf.org/html/draft-west-first-party-cookies-07>.
+
+  # Disable SameSite feature
+  $sessions->samesite(undef);
+
 =head2 secure
 
   my $bool  = $sessions->secure;
diff -Nru libmojolicious-perl-8.10+dfsg/lib/Mojolicious.pm libmojolicious-perl-8.11+dfsg/lib/Mojolicious.pm
--- libmojolicious-perl-8.10+dfsg/lib/Mojolicious.pm	2018-12-17 23:13:33.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/lib/Mojolicious.pm	2019-01-01 12:04:10.000000000 +0000
@@ -59,7 +59,7 @@
 has validator => sub { Mojolicious::Validator->new };
 
 our $CODENAME = 'Supervillain';
-our $VERSION  = '8.10';
+our $VERSION  = '8.11';
 
 sub BUILD_DYNAMIC {
   my ($class, $method, $dyn_methods) = @_;
@@ -553,6 +553,9 @@
   # Change name of cookie used for all sessions
   $app->sessions->cookie_name('mysession');
 
+  # Disable SameSite feature
+  $app->sessions->samesite(undef);
+
 =head2 static
 
   my $static = $app->static;
@@ -800,7 +803,7 @@
 
 =head2 Mojolicious Artwork
 
-  Copyright (C) 2010-2018, Sebastian Riedel.
+  Copyright (C) 2010-2019, Sebastian Riedel.
 
 Licensed under the CC-SA License, Version 4.0
 L<http://creativecommons.org/licenses/by-sa/4.0>.
@@ -1201,7 +1204,7 @@
 
 =head1 COPYRIGHT AND LICENSE
 
-Copyright (C) 2008-2018, Sebastian Riedel and others.
+Copyright (C) 2008-2019, Sebastian Riedel and others.
 
 This program is free software, you can redistribute it and/or modify it under
 the terms of the Artistic License version 2.0.
diff -Nru libmojolicious-perl-8.10+dfsg/MANIFEST libmojolicious-perl-8.11+dfsg/MANIFEST
--- libmojolicious-perl-8.10+dfsg/MANIFEST	2018-12-20 10:27:51.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/MANIFEST	2019-01-02 18:03:59.000000000 +0000
@@ -133,7 +133,6 @@
 lib/Mojolicious/resources/public/mojo/prettify/run_prettify.js
 lib/Mojolicious/resources/templates/mojo/debug.html.ep
 lib/Mojolicious/resources/templates/mojo/exception.html.ep
-lib/Mojolicious/resources/templates/mojo/menubar.html.ep
 lib/Mojolicious/resources/templates/mojo/not_found.html.ep
 lib/Mojolicious/resources/templates/mojo/perldoc.html.ep
 lib/Mojolicious/Routes.pm
diff -Nru libmojolicious-perl-8.10+dfsg/META.json libmojolicious-perl-8.11+dfsg/META.json
--- libmojolicious-perl-8.10+dfsg/META.json	2018-12-20 10:27:51.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/META.json	2019-01-02 18:03:59.000000000 +0000
@@ -58,6 +58,6 @@
       },
       "x_IRC" : "irc://irc.freenode.net/#mojo"
    },
-   "version" : "8.10",
+   "version" : "8.11",
    "x_serialization_backend" : "JSON::PP version 4.00"
 }
diff -Nru libmojolicious-perl-8.10+dfsg/META.yml libmojolicious-perl-8.11+dfsg/META.yml
--- libmojolicious-perl-8.10+dfsg/META.yml	2018-12-20 10:27:51.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/META.yml	2019-01-02 18:03:59.000000000 +0000
@@ -31,5 +31,5 @@
   homepage: https://mojolicious.org
   license: http://www.opensource.org/licenses/artistic-license-2.0
   repository: https://github.com/mojolicious/mojo.git
-version: '8.10'
+version: '8.11'
 x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
diff -Nru libmojolicious-perl-8.10+dfsg/t/mojo/cookie.t libmojolicious-perl-8.11+dfsg/t/mojo/cookie.t
--- libmojolicious-perl-8.10+dfsg/t/mojo/cookie.t	2018-11-22 20:22:55.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/t/mojo/cookie.t	2018-12-30 15:17:30.000000000 +0000
@@ -164,9 +164,10 @@
 $cookie->expires(1218092879);
 $cookie->secure(1);
 $cookie->httponly(1);
+$cookie->samesite('Lax');
 is $cookie->to_string,
   '0="ba r"; expires=Thu, 07 Aug 2008 07:07:59 GMT; domain=example.com;'
-  . ' path=/test; secure; HttpOnly; Max-Age=60', 'right format';
+  . ' path=/test; secure; HttpOnly; SameSite=Lax; Max-Age=60', 'right format';
 
 # Empty response cookie
 is_deeply(Mojo::Cookie::Response->parse, [], 'no cookies');
@@ -372,6 +373,18 @@
   . ' path=/test; secure; Max-Age=60', 'right result';
 is $cookies->[1], undef, 'no more cookies';
 
+# Parse response cookie with SameSite value
+$cookies = Mojo::Cookie::Response->parse(
+  'foo=bar; Path=/; Expires=Tuesday, 09-Nov-99 23:12:40 GMT; SameSite=Lax');
+is $cookies->[0]->name,     'foo',     'right name';
+is $cookies->[0]->value,    'bar',     'right value';
+is $cookies->[0]->domain,   undef,     'no domain';
+is $cookies->[0]->path,     '/',       'right path';
+is $cookies->[0]->max_age,  undef,     'no max age value';
+is $cookies->[0]->expires,  942189160, 'right expires value';
+is $cookies->[0]->samesite, 'Lax',     'right samesite value';
+is $cookies->[1], undef, 'no more cookies';
+
 # Parse response cookie with broken Expires and Domain values
 $cookies = Mojo::Cookie::Response->parse('foo="ba r"; Expires=Th');
 is $cookies->[0]->name,    'foo',  'right name';
diff -Nru libmojolicious-perl-8.10+dfsg/t/mojo/file.t libmojolicious-perl-8.11+dfsg/t/mojo/file.t
--- libmojolicious-perl-8.10+dfsg/t/mojo/file.t	2018-12-02 23:09:50.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/t/mojo/file.t	2019-01-02 15:19:53.000000000 +0000
@@ -97,6 +97,13 @@
 $file->spurt(encode('UTF-8', '♥'));
 $handle = $file->open('<:encoding(UTF-8)');
 is_deeply [<$handle>], ['♥'], 'right structure';
+$dir = tempdir;
+eval { $dir->child('does_not_exist')->open('<') };
+like $@, qr/^Can't open file/, 'right error';
+eval { $dir->child('does_not_exist')->slurp };
+like $@, qr/^Can't open file/, 'right error';
+eval { $dir->child('foo')->make_path->spurt('fail') };
+like $@, qr/^Can't open file/, 'right error';
 
 # Make path
 $dir = tempdir;
@@ -108,6 +115,16 @@
 ok -d $nextdir, 'directory exists';
 ok $error, 'directory already existed';
 
+# Remove
+$dir = tempdir;
+$dir->child('test.txt')->spurt('test!');
+ok -e $dir->child('test.txt'), 'file exists';
+is $dir->child('test.txt')->slurp, 'test!', 'right content';
+ok !-e $dir->child('test.txt')->remove->touch->remove->remove,
+  'file no longer exists';
+eval { $dir->child('foo')->make_path->remove };
+like $@, qr/^Can't remove file/, 'right error';
+
 # Remove tree
 $dir = tempdir;
 $dir->child('foo', 'bar')->make_path->child('test.txt')->spurt('test!');
@@ -164,6 +181,16 @@
 $dir = tempdir;
 is $dir->child('test.txt')->spurt('1234')->stat->size, 4, 'right size';
 
+# Lstat
+$dir = tempdir;
+my $orig = $dir->child('test.txt')->spurt('');
+my $link = $orig->sibling('test.link');
+SKIP: {
+  skip 'symlinks unimplemented', 2 unless eval { symlink $orig, $link };
+  is $link->stat->size,    0, 'target file is empty';
+  isnt $link->lstat->size, 0, 'link is not empty';
+}
+
 # List
 is_deeply path('does_not_exist')->list->to_array, [], 'no files';
 is_deeply path(__FILE__)->list->to_array,         [], 'no files';
diff -Nru libmojolicious-perl-8.10+dfsg/t/mojo/json_pointer.t libmojolicious-perl-8.11+dfsg/t/mojo/json_pointer.t
--- libmojolicious-perl-8.10+dfsg/t/mojo/json_pointer.t	2018-11-22 20:22:56.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/t/mojo/json_pointer.t	2018-12-30 15:42:40.000000000 +0000
@@ -8,6 +8,7 @@
 ok $pointer->contains(''),     'contains ""';
 ok $pointer->contains('/'),    'contains "/"';
 ok $pointer->contains('/foo'), 'contains "/foo"';
+ok !$pointer->contains('foo'),  '"foo" is invalid';
 ok !$pointer->contains('/bar'), 'does not contains "/bar"';
 ok $pointer->new({foo => {bar => undef}})->contains('/foo/bar'),
   'contains "/foo/bar"';
@@ -34,6 +35,7 @@
   '"" is "{foo => "bar", "" => "baz"}"';
 is $pointer->get('/'),    'baz', '"/" is "baz"';
 is $pointer->get('/foo'), 'bar', '"/foo" is "bar"';
+is $pointer->get('foo'),  undef, '"foo" is invalid';
 is $pointer->new({foo => {bar => 42}})->get('/foo/bar'), 42,
   '"/foo/bar" is "42"';
 is_deeply $pointer->new({foo => {23 => {baz => 0}}})->get('/foo/23'),
diff -Nru libmojolicious-perl-8.10+dfsg/t/mojolicious/commands.t libmojolicious-perl-8.11+dfsg/t/mojolicious/commands.t
--- libmojolicious-perl-8.10+dfsg/t/mojolicious/commands.t	2018-11-22 20:23:14.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/t/mojolicious/commands.t	2018-12-31 13:58:41.000000000 +0000
@@ -217,6 +217,17 @@
   $eval->run('-v', 'app->controller_class');
 }
 like $buffer, qr/Mojolicious::Controller/, 'right output';
+eval { $eval->run('-v', 'die "TEST"') };
+like $@, qr/TEST/, 'right output';
+$buffer = '';
+{
+  open my $handle, '>', \$buffer;
+  local *STDOUT = $handle;
+  $eval->run('-v', 'Mojo::Promise->new->resolve("Zoidberg")');
+}
+like $buffer, qr/Zoidberg/, 'right output';
+eval { $eval->run('-v', 'Mojo::Promise->new->reject("DOOM")') };
+like $@, qr/DOOM/, 'right output';
 
 # generate
 require Mojolicious::Command::Author::generate;
diff -Nru libmojolicious-perl-8.10+dfsg/t/mojolicious/group_lite_app.t libmojolicious-perl-8.11+dfsg/t/mojolicious/group_lite_app.t
--- libmojolicious-perl-8.10+dfsg/t/mojolicious/group_lite_app.t	2018-11-22 20:23:21.000000000 +0000
+++ libmojolicious-perl-8.11+dfsg/t/mojolicious/group_lite_app.t	2018-12-30 15:21:03.000000000 +0000
@@ -272,7 +272,15 @@
 like $log, qr/Cookie "bad" has a bad signature/, 'right message';
 ok $t->tx->res->cookie('mojolicious')->httponly,
   'session cookie has HttpOnly flag';
+is $t->tx->res->cookie('mojolicious')->samesite, 'Lax', 'right SameSite value';
 $t->app->log->unsubscribe(message => $cb);
+$t->app->sessions->samesite('Strict');
+$t->get_ok('/bridge2stash')->status_is(200);
+is $t->tx->res->cookie('mojolicious')->samesite, 'Strict',
+  'right SameSite value';
+$t->app->sessions->samesite(undef);
+$t->get_ok('/bridge2stash')->status_is(200);
+is $t->tx->res->cookie('mojolicious')->samesite, undef, 'no SameSite value';
 
 # Broken session cookie
 $t->reset_session;