Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @uswds/uswds from 3.8.2 to 3.9.0 #116

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @uswds/uswds from 3.8.2 to 3.9.0 #116

wants to merge 2 commits into from

Conversation

Jin-Sun-tts
Copy link
Collaborator

snyk-top-banner

Snyk has created this PR to upgrade @uswds/uswds from 3.8.2 to 3.9.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released on 2 months ago.

Release notes
Package name: @uswds/uswds
  • 3.9.0 - 2024-10-04

    What's new in USWDS 3.9.0

    Features

    Package A11y Breaking Markup change Description
    usa-character-count - - - Enhanced the visual cue when maxlength is exceeded in the character count component. Now, the component uses standard USWDS error styles to visually enhance the error state. (#5908)
    usa-date-picker, usa-date-range-picker Yes - - Added aria-disabled to the list of expected attributes in the date picker and date range picker components. Now, the component will disable toggle when the aria-disabled attribute is present. (#6013)
    uswds-core, usa-layout-grid - - - Added new $theme-utility-breakpoints-custom setting. This setting generates responsive variants of USWDS utilities at custom breakpoints. Values must be set with px values inside a Sass map. Thanks @ jamigibbs! (#6048)

    Bug fixes

    Package A11y Breaking Markup change Description
    usa-alert, usa-site-alert - Yes - Fixed a bug that caused $theme-site-margins-width to unexpectedly adjust the alignment inside the alert and site alert components. Alignment on the alert and site alert components will likely shift from this change. Confirm that your implementation of the component aligns as expected. (#5636)

    ⚠️ Considered breaking because the alignment and display of the alert may shift.
    usa-button - Yes - Updated the width of unstyled buttons at narrow screen widths. Now, unstyled buttons receive a width of auto to better match USWDS link styles. Users should confirm that the variant visually displays as expected in their projects. Thanks @ aduth! (#5631)

    ⚠️ Considered breaking because the display of unstyled buttons will change at narrow screen widths. Check your codebase for any instances of @ include button-unstyled in your custom styles. These items may be affected by this change.
    usa-card - Yes - Fixed a bug that caused the component to ignore the $theme-card-font-family setting. Confirm that your implementation of the card component displays with the expected font family. (#5974)

    ⚠️ Considered breaking because fonts in cards may change if you've set $theme-card-font-family.
    usa-combo-box Yes - - Removed custom screen reader instructions in the combo box component. Combo box now relies on the default instructions provided by screen readers. (#6022)
    usa-date-picker, usa-date-range-picker Yes - - Fixed a bug that caused mouseover events to prevent keyboard navigation. Now when you hover your mouse over the date picker buttons, only the hover state will be triggered. (#5774)
    usa-header Yes Yes - Removed the CSS order property from the mobile view in standard variants of the header component. Now, the visual order of the component matches the tab order. If you would like to visually keep the search bar at the top of the menu, you will need to reorder your markup in the mobile view. (#6037)

    ⚠️ Considered breaking because the position of the search bar will change in the mobile menu.
    usa-footer, templates Yes - Yes Added the autocomplete="email" attribute to the big footer variant and the "Create an account" template. This attribute allows the components to meet the standards outlined in WCAG 1.3.5. (#6002)

    ✏️ Teams should update their markup if they use an email field in their big footer.
    usa-identifier - - Yes Updated the USA.gov link in Spanish versions of the identifier. The link text now reads "Visite USAGov en Español" and the link url is now "https://www.usa.gov/es/". (#5892)

    ✏️ Teams should update this text if they use the Spanish-language identifier.
    usa-memorable-date Yes - Yes Removed numeric representation of months in the memorable date component. Recent usability testing indicated that having both numbers and names to represent months was confusing for screen reader users. (#6028)

    ✏️ Teams should update their memorable date component to remove the leading numbers.
    usa-pagination Yes - - Added text underline styles to pagination links. Pagination links are now visually consistent with other USWDS text links. (#5970)

    Dependencies and security

    Dependency name Previous version Updated version
    @ 18f/identity-stylelint-config 4.0.0 4.1.0
    @ babel/core 7.24.5 7.25.2
    @ babel/preset-env 7.24.5 7.25.4
    @ types/node 20.12.11 20.14.10
    autoprefixer 10.4.19 10.4.20
    axe-core 4.9.1 4.10.0
    babel-loader 9.1.3 --
    eslint-plugin-import 2.29.1 2.30.0
    eslint-plugin-no-unsanitized 4.0.2 4.1.0
    gulp-changed 4.0.3 --
    gulp-clean 0.4.0 --
    gulp-cli 2.3.0 --
    mocha 10.4.0 10.7.3
    normalize.css 8.0.1 --
    path 0.12.7 --
    postcss 8.4.38 8.4.45
    postcss-preset-env 9.5.11 9.6.0
    prettier 3.2.5 3.3.3
    sass 1.77.0 1.78.0
    sass-embedded 1.77.0 1.78.0
    snyk 1.1291.0 1.1293.0
    stylelint 16.5.0 16.9.0
    typescript 5.4.5 5.6.2
    webpack 5.91.0 5.94.0

    Thanks @ aduth for contributing to our dependency updates and @ skyf0l for fixing a typo in our package.json!

    0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install @ uswds/uswds)
    29 moderate, 26 high vulnerabilities in devDependencies (development dependencies).

    Release TGZ SHA-256 hash: 140cb2162e6c60a6a6ecbc71d8d047819d4ec26f9dd6c7056bd4bd8a266af2ab

  • 3.8.2 - 2024-08-09

    What's new in USWDS 3.8.2

    Dependencies and security

    Removed the classlist-polyfill dependency. This update resolves a Denial of Service (DoS) vulnerability related to the classlist-polyfill dependency that we do not consider exploitable on the front end of applications. (#6012)

    Important

    This release may affect some functionality in Internet Explorer 11 (IE11). This update removes the polyfill that added full classList support to IE11. USWDS no longer supports IE11, but if your project does, test if this update negatively affects your users and add additional support for classList if it does.

    Dependency name Previous version New version
    classlist-polyfill 1.2.0 --

    Thanks @ aduth for the initial work on removing this dependency.

    0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install @ uswds/uswds)
    5 low, 11 moderate, 44 high vulnerabilities in devDependencies (development dependencies).

    Release TGZ SHA-256 hash: 94049e150c2a67dfdb75f140fc664d2e936ef652480a2f88dfdd96922e0a940c

from @uswds/uswds GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade @uswds/uswds from 3.8.2 to 3.9.0
ffecb40 
Snyk has created this PR to upgrade @uswds/uswds from 3.8.2 to 3.9.0.

See this package in npm:
@uswds/uswds

See this project in Snyk:
https://app.snyk.io/org/data.gov/project/e657297b-be3f-4619-b9dd-22fcd474c1b7?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@btylerburton btylerburton btylerburton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Jin-Sun-tts @btylerburton @snyk-bot