Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies #837

Merged
merged 7 commits into from
Dec 6, 2024
Merged

Update dependencies #837

merged 7 commits into from
Dec 6, 2024

Conversation

brentswisher
Copy link
Contributor

@brentswisher brentswisher commented Dec 6, 2024
edited
Loading

This change: (check at least one)

  • Adds a new feature
  • Fixes a bug
  • Improves maintainability
  • Improves documentation
  • Is a release activity

Is this a breaking change? (check one)

  • Yes
  • No

Is the: (complete all)

  • Title of this pull request clear, concise, and indicative of the issue number it addresses, if any?
  • Test suite(s) passing?
  • Code coverage maximal?
  • Changeset added?
  • Component status page up to date?

What does this change address?
Updates dependencies to resolve some open CVEs

How does this change work?

  • Updates to use yarn 4.5.3
  • Bumps all minor and patch versions of dependencies (where possible, see note about new resolution)
  • Removes some deprecated husky configuration
  • Fixes an a11y label issue in the combobox that the tests found in webkit once all the dependencies were bumped.

Additional context

  • I also added a resolution for @lit-labs/scoped-registry-mixin as it breaks when updated past 1.0.1
  • We are using a plain HTML button instead of a pharos-button with an icon in the combobox because it causes some styling issues. The way we were providing the label on the icon inside a button wasn't working as intended in webkit, so I changed it to set a aria-label on the button itself and mark the icon as hidden. We could also look into using a pharos-input-group here instead. I'll add an issue for that but wanted to get the updates out first since that looked a little more involved.

@brentswisher
chore: update to yarn 4.5.3
02cde08
@brentswisher
chore: bump all minor and patch versions of dependencies
d7e8940 
There is one exception: @lit-labs/scoped-registry-mixin. Updating it is
breaking our unit tests with an odd type error, so punting on that update
for now.
@brentswisher
chore: remove deprecated husky configuration
11298fc
@brentswisher
chore: update dependencies
878d78d
@brentswisher
fix(combobox): dropdown button a11y label location
bfdfb44 
Because the label is on the icon inside a button, when
webkit renders it, it is failing our axe a111y tests.
@brentswisher
chore: refresh yarn lock
9e48b8a
@brentswisher
chore: add changeset
899f070
@brentswisher brentswisher self-assigned this Dec 6, 2024
@brentswisher brentswisher requested a review from a team as a code owner December 6, 2024 17:21
@brentswisher brentswisher requested review from sirrah-tam, jialin-he and mtorres3 and removed request for a team December 6, 2024 17:21
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Dec 6, 2024

🦋 Changeset detected

Latest commit: 899f070

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@ithaka/pharos Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@brentswisher brentswisher requested a review from daneah December 6, 2024 17:21
@brentswisher brentswisher added accessibility dependencies Pull requests that update a dependency file labels Dec 6, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 6, 2024

size-limit report 📦

Path Size
packages/pharos/lib/index.js 66.79 KB (+0.04% 🔺)

@brentswisher brentswisher merged commit 9a5672b into develop Dec 6, 2024
11 checks passed
@brentswisher brentswisher deleted the maintenance/security-updates branch December 6, 2024 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@satya-achanta-venkata satya-achanta-venkata satya-achanta-venkata approved these changes

@daneah daneah daneah approved these changes

@sirrah-tam sirrah-tam Awaiting requested review from sirrah-tam sirrah-tam is a code owner automatically assigned from ithaka/pharos-maintainers

@jialin-he jialin-he Awaiting requested review from jialin-he jialin-he is a code owner automatically assigned from ithaka/pharos-maintainers

@mtorres3 mtorres3 Awaiting requested review from mtorres3 mtorres3 is a code owner automatically assigned from ithaka/pharos-maintainers

Assignees

@brentswisher brentswisher

Labels
accessibility dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@brentswisher @daneah @satya-achanta-venkata