Snyk has created this PR to upgrade uswds from 2.4.0 to 2.7.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 4 versions ahead of your current version.
The recommended version was released a month ago, on 2020-05-11.

Release notes

Package name: uswds

2.7.0 - 2020-05-11
What's new in USWDS 2.7.0

New components

Read more about these components on our website, but we're excited to start releasing the first of a number of new design system components planned for 2020:
- Button group: Use button groups to collect similar or related actions.
- Card: Cards contain content and actions about a single subject.
- Character count: Character count helps users know how much text they can enter when there is a limit on the number of characters.
- Combo box: A combo box helps users select an item from a large list of options.
Improvements and bug fixes

Improved mobile experience for numeric fields. We updated our guidance and code for numeric fields to follow the lead of gov.uk's recent guidance and research. This updates those fields to use text rather than number inputs with an inputmode of numeric. (#3392)

Fixed color token errors. We made some mistakes adding the new color tokens into the system in 2.6.0. Now the values of Indigo cool 60v, Indigo cool 70v, and Indigo cool 80v fall within our grade guidance, and match both the documentation and the design assets. (#3455)

Improved styling of Skipnav component. Now the Skipnav includes proper link formatting. (#3393)

Improved display of the Here's how you know link in the gov banner. Now there's no distracting change to the length of the underline on hover. (#3427)

Assure external link icon wraps properly. Now the external link icon won't get stranded as a widow on a new line. It will break to a new line only with its link text. (#3428)

Provide a more reliable treatment for dropdown menus. Now dropdown menus won't get cut off if they come too close to the header boundary (#3438) and menus with usa-current nav elements won't display an unnecessary underline at desktop widths (#3434).

Dependencies and security

package old new

chrome-launcher 0.12.0 0.13.2

handlebars 4.7.3 4.7.6

mocha 7.1.0 7.1.2
- 0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)
- 318 low, 2 high vulnerabilities in devDependencies (development dependencies)
Note: The devDependencies number is high because we're still having issues with npm audit fix.

package	old	new
chrome-launcher	0.12.0	0.13.2
handlebars	4.7.3	4.7.6
mocha	7.1.0	7.1.2

2.6.0 - 2020-03-18

Use more consistent search markup. We made the markup of usa-search more consistent and assured that the styling worked properly regardless of what version of the markup you're using. This is not as breaking change, but we recommend updating your search markup to the most current version. (#3327)

Utilities output specified pseudoclasses correctly. We fixed a bug that prevented the utilities from outputting certain pseudoclass prefixes like active:, visited: and focus:. (#3346) Thanks @greenca6!

Improved letterspacing function. This fixes a bug that caused the letterspacing functions to output the wrong value for 1. Now the utilities and the functions output the same values. (#3343) Thanks @maya!

Provide complete vivid color families. Now each color family has vivid grades from 5-80. Changing families in settings is more reliable and will no longer result in pointing to false values. Each new color is normalized to our new color grade luminance range guidance. (#3351) Thanks @jlarmstrongiv!

Provide a more reliable and consistent color system. Each new color is normalized to our new color grade luminance range guidance, so all magic number combinations will work as promised. (#3351) Thanks @darekkay!

Standard color wheel 2.6.0

Vivid color wheel 2.6.0

Dependencies and security

package	old	new
@types/node	13.5.0	13.9.1
@babel/preset-env	7.7.6	7.8.7
yargs	12.0.5	15.3.1
autoprefixer	9.7.3	9.7.4
axe-core	3.4.1	3.5.2
eslint-config-prettier	6.7.0	6.10.0
eslint-plugin-import	12.19.1	12.20.1
gulp-stylelint	10.0.0	13.0.0
handlebars	4.5.3	4.7.3
jsdom	16.0.1	16.2.1
resemblejs	3.2.3	3.2.4
sass	1.25.0	1.26.3
stylelint	11.1.1	13.2.1
stylelint-config-prettier	6.0.0	8.0.1
stylelint-config-recommended-scss	4.1.0	4.2.0
stylelint-scss	3.13.0	3.15.0

Updated our recommended version of Node to the current LTS (12.16.1)

0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)
313 low, 35 moderate, 2 high vulnerabilities in devDependencies (development dependencies)

Note: The devDependencies number seems high. We've had some issues with npm audit recently

2.5.1 - 2020-03-03
Removed media query sorting. CSSO's forceMediaMerge wasn't exporting media queries in the expected order, so we're disabling it for more reliable CSS output. While both the minified and unminified CSS files are modestly larger as a result: 268 KB unsorted vs. 259 KB sorted, our testing indicates that once the files are compressed server side with gzip, the unsorted CSS is actually smaller: 36 KB unsorted and gzipped vs. 38 KB sorted and gzipped. As a result, we recommend that teams do not use media query sorting at this time.

Note: This release also temporarily removes the best practice tests from our aXe testing until we can reinstate these tests as warnings rather than errors (#3333). This aXe change should come in the next minor version this month (2.6.0).

2.5.0 - 2020-02-14

What's new in USWDS 2.5.0

⚠️ Improved component accessibility and testing. We upgraded our accessibility testing with aXe from 2.6.1 to 3.4.1 and improved the accessibility of our markup in the process. This introduces minor changes to the markup of 5 components and our documentation template — you should update your markup, but existing markup will not break:

banner: is now a <section> instead of a <div> with the ARIA label Official government website
footer: nav includes the ARIA label of Footer navigation
graphic-list: uses h2 as a heading default instead of h3
hero: includes the ARIA label of Introduction
search: the search form is given the ARIA role of search
documentation template: includes only the main content in the <main> element. The nav is no longer treated as an <aside>

PR: #3280

Allow non-token values in state color settings. Now state tokens (like "warning") can accept non-token colors, just as we introduced for theme colors in 2.4.0. Teams using non-token values can now keep colors consistent between theme and state. Using non-token values will throw a warning in the compile process, but this, like all compile warnings, can be disabled by setting $theme-show-compile-warnings: false. Thanks @sawyerh! #3289

Updated to the canonical Sass compiler. We're now using Dart Sass to compile the system Sass. Dart Sass is the canonical Sass compiler, so using it will keep us at feature parity and help prevent inadvertent inconsistencies. #3304

Output utility classes in proper order without media query sorting. We no longer require media query sorting for proper utility class output. We no longer use a dedicated media query sorter in our dependencies, and do all our optimization with csso (deprecating cssnano). #3308

Improved performance. We've improved the time it takes to compile the design system and its overall file size:

version	build:sass	gulp sass	unminified	minified
2.4.0	14s	6.5s	359 KB	270 KB
2.5.0	7.5s	5.2s	357 KB	259 KB

Allows USWDS notifications to render in all environments. We removed the multiline strings that were causing our notification to cause build failures in environments like webpack. Now the Sass should compile properly in all environments. #3290

Update to the most recent version of Public Sans. Updated to Public Sans 1.008 for better readability and display. #3275

Added missing add-aspect() mixin. This adds the mixin equivalent to the add-aspect utility classes. #3283

Improved error messaging for the lh() function. Now it lets you know why it failed and how to fix the error. #3284

Disabled JS in our Fractal library to remediate an out-of-date jQuery vulnerability. #3274

Package updates:

package	old	new
@types/node	12.12.20	13.5.0
axe-core	2.6.1	3.4.1
cssnano		deprecated
css-mqpacker		deprecated
gulp-spawn-mocha	5.0.1	6.0.0
jsdom	9.0.0	16.0.1
jsdom-global	2.1.0	3.0.2
mocha	5.2.0	7.0.1
nyc	14.1.1	15.0.0
postcss-csso	—	4.0.0
sass	—	1.25.0