search

GSA / assets.cio.gov

Other
0 stars 0 forks source link

Bump uswds from 2.13.1 to 2.13.3 #3

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps uswds from 2.13.1 to 2.13.3.

Release notes

Sourced from uswds's releases.

USWDS 2.13.3

What's new in USWDS 2.13.3

Improvements and bug fixes

  • All components support High Contrast Mode and forced colors. All our components now support proper display when users have a forced colors mode set in their operating system. (uswds/uswds#4610)
  • Big Footer includes more accessible disclosure buttons. Now the Big Footer variant uses more accessible disclosure buttons for showing and hiding submenus at mobile widths. Thanks @​mherchel! (uswds/uswds#4476)
  • Allow default value in Time Picker. If the enhanced Time Picker input has a value, the value is now respected during initialization. Thanks @​aduth! (uswds/uswds#4488)

Dependency updates

dependency old new
mocha 6.2.0 6.2.3

Note: We're now pinning our dependencies to exact versions to be more intentional about the dependencies we use.

0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)

Internal only: 4 low, 8 moderate, 19 high, 1 critical vulnerabilities in devDependencies (development dependencies)

Release ZIP SHA-256 hash: ee183c713841b49f13e6ca7082b81cfd4b75ceff4d8ee4d6ea2cc61241139e68

USWDS 2.13.2

What's new in USWDS 2.13.2

Improvements and bug fixes

  • Fixed GitHub icon to prevent CSP flag. Resolves an error which can occur when using the USWDS Icon component SVG sprite in combination with a Content Security Policy (CSP), where the presence of an inline style tag within the GitHub icon can violate most common CSPs which do not include the unsafe-inline style-src directive. Thanks @​aduth! (uswds/uswds#4487)
  • Fixed Big Footer expanded display. Fixes an issue where the Big Footer variant does not show the proper expanded display at exactly 480px. Thanks @​jkjustjoshing! (uswds/uswds#4525, uswds/uswds#4531, and uswds/uswds#4551)
  • Add proper aria-controls to Combo Box. Now the Combo Box input gets the expected aria-controls property when it's initialized. (uswds/uswds#4483)

Dependency updates

dependency old new
postcss-csso 5.0.1 6.0.0

0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)

Internal only: 4 low, 17 moderate, 22 high, 1 critical vulnerabilities in devDependencies (development dependencies)

Release ZIP SHA-256 hash: c869a7b5d0ebc5b8f44645782bad39faccdb272b1e38a077586ce94e2b09c4cd

Commits
  • 974f976 Merge pull request #4619 from uswds/release-2.13.3
  • 80e90c5 Create uswds-2.13.3-zip-hash.txt
  • ef87a9c 2.13.3
  • b546756 Revert version and security hash to prep for re-output
  • 54da400 Update references to 2.13.3
  • 0952fe6 Create uswds-2.13.3-zip-hash.txt
  • a503ef0 2.13.3
  • 641a6ed Update mocha to resolve minimist vulnerability
  • cfee857 Merge pull request #4620 from uswds/develop
  • 8349ad2 Merge pull request #4618 from uswds/dependabot/npm_and_yarn/moment-2.29.2
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Looks like uswds is no longer a dependency, so this is no longer needed.