search

cisagov / cyber.dhs.gov

A site for CISA directives
https://cyber.dhs.gov
Other
156 stars 61 forks source link

[Snyk] Upgrade uswds from 2.12.2 to 2.13.2 #330

Closed mcdonnnj closed 2 years ago

mcdonnnj commented 2 years ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade uswds from 2.12.2 to 2.13.2.

![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=uswds&from_version=2.12.2&to_version=2.13.2&pr_id=af5c6c0a-2ff9-4511-a11c-ecac7607dda0&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **3 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-03-07.
Release notes
Package name: uswds
  • 2.13.2 - 2022-03-07

    What's new in USWDS 2.13.2

    Improvements and bug fixes

    • Fixed GitHub icon to prevent CSP flag. Resolves an error which can occur when using the USWDS Icon component SVG sprite in combination with a Content Security Policy (CSP), where the presence of an inline style tag within the GitHub icon can violate most common CSPs which do not include the unsafe-inline style-src directive. Thanks @ aduth! (#4487)
    • Fixed Big Footer expanded display. Fixes an issue where the Big Footer variant does not show the proper expanded display at exactly 480px. Thanks @ jkjustjoshing! (#4525, #4531, and #4551)
    • Add proper aria-controls to Combo Box. Now the Combo Box input gets the expected aria-controls property when it's initialized. (#4483)

    Dependency updates

    dependency old new
    postcss-csso 5.0.1 6.0.0

    0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)

    Internal only: 4 low, 17 moderate, 22 high, 1 critical vulnerabilities in devDependencies (development dependencies)

    Release ZIP SHA-256 hash: c869a7b5d0ebc5b8f44645782bad39faccdb272b1e38a077586ce94e2b09c4cd

  • 2.13.1 - 2022-01-20

    What's new in USWDS 2.13.1

    Improvements and bug fixes

    • Fix Date Picker input bug in Safari. We fixed a bug where date picker selections would not propagate into the input field in Safari. (#4456)
    • Fix external link icon display bug in Safari. We fixed a bug that resulted in colored bars on the top and bottom of external link icons in Safari. (#4439)
    • Prevent infinite loops in divide function. We improved the logic of the divide function to abort immediately on an attempt to divide by zero. Thanks @ aduth! (#4438)
    • Optimize performance of luminance function. We used a simple look-up table for single-channel luminance values to dramatically improve the performance of luminance calculations. Thanks @ aduth! (#4437)
    • Improve package exports to allow importing in Webpack 5. We added explicit exports to USWDS assets so Webpack 5 can access them. Thanks @ tyduptyler13 and @ pearl-truss! (#4461, #4468)
    • Fix Dropdown chevron display in Windows high contrast mode. We updated the Dropdown styles to allow the chevron to appear in any forced color mode. Thanks @ trimspa! (#4457)

    Dependency updates

    None

    0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)

    Internal only: 2 low, 22 moderate, 19 high, 1 critical vulnerabilities in devDependencies (development dependencies)

    Release ZIP SHA-256 hash: c048e4958cbc51a5512d89e321bc7bb90aa3bec00539330042125d6b2c0a0c45

  • 2.13.0 - 2021-12-14

    What's new in USWDS 2.13.0

    Breaking changes

    ⚠️ Note: This release contains a couple accessibility-related updates that require a manual markup change.

    ⚠️ Improved resilience of icon-only functionality. We updated a couple components that use icon-only buttons so that they provide a text equivalent if the image path is broken and does not load. Specifically, this applies to two specific components:

    • The small variant of the Search button: The button that includes an image of a magnifying glass
    • The social icons in the Footer: This includes the Facebook, Twitter, YouTube, Instagram, and RSS buttons.

    If you use these components, they will require a markup change.

    Small search button

    Old markup

    <button class="usa-button" type="submit">
  <span class="usa-sr-only">Search</span>
</button>

    New markup as of 2.13.0

    <button class="usa-button" type="submit">    
  <img src="{{ your uswds image path }}/usa-icons-bg/search--white.svg" class="usa-search__submit-icon" alt="Search">
</button>

    Footer social buttons

    Old markup

    <a class="usa-social-link usa-social-link--facebook" href="{{ link }}">
  <span>Facebook</span>
</a>
<a class="usa-social-link usa-social-link--twitter" href="{{ link }}">
  <span>Twitter</span>
</a>
<a class="usa-social-link usa-social-link--youtube" href="{{ link }}">
  <span>YouTube</span>
</a>
<a class="usa-social-link usa-social-link--instagram" href="{{ link }}">
  <span>Instagram</span>
</a>
<a class="usa-social-link usa-social-link--rss" href="{{ link }}">
  <span>RSS</span>
</a>

    New markup as of 2.13.0

    <a class="usa-social-link" href="{{ link }}">
  <img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/facebook.svg" alt="Facebook">
</a>
<a class="usa-social-link" href="{{ link }}">
  <img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/twitter.svg" alt="Twitter">
</a>
<a class="usa-social-link" href="{{ link }}">
  <img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/youtube.svg" alt="YouTube">
</a>
<a class="usa-social-link" href="{{ link }}">
  <img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/instagram.svg" alt="Instagram">
</a>
<a class="usa-social-link" href="{{ link }}">
  <img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/rss_feed.svg" alt="RSS">
</a>

    Other improvements and bug fixes

    Fixed deprecation workings in our Sass compilation. Refactored our code to avoid division! (#4314) And avoid instances of unquoted string interpolation. (#4380) Thanks @ aduth!

    File upload confirms files to screenreaders. Now File Input will tell screenreaders the total number of files and the names of files added to the component. (#4415)

    Mobile navigation now makes background content inert. When the mobile navigation is active, all other non-nav content is hidden. This prevents accidentally leaving the focus of the active mobile menu. (#4411)

    ⚠️ Improve screenreader experience of Date Picker. Now screen readers can better describe the label and description of a date picker input. Thanks @ mahoneycm! (#4414)

    This one needs a manual markup change:

    Old Date Picker: Two IDs in aria-describedby

    <label class="usa-label" id="{{ label ID }}" for="{{ input ID }}">{{ label text }}</label>
<div class="usa-hint" id="{{ hint ID }}">{{ hint text }}</div>
<div class="usa-date-picker">
    <input
        class="usa-input"
        id="{{ input ID }}"
        name="{{ input ID }}"
        type="text"
        aria-describedby="{{ label ID }} {{ hint ID }}"
        >
</div>

    New Date Picker: Label ID in aria-labelledby and hint ID in aria-describedby

    <label class="usa-label" id="{{ label ID }}" for="{{ input ID }}">{{ label text }}</label>
<div class="usa-hint" id="{{ hint ID }}">{{ hint text }}</div>
<div class="usa-date-picker">
    <input
        class="usa-input"
        id="{{ input ID }}"
        name="{{ input ID }}"
        type="text"
        aria-labelledby="{{ label ID }}"
        aria-describedby="{{ hint ID }}"
        >
</div>

    Dependencies

    Package Old New
    @ 18f/identity-stylelint-config 1.0.0
    chrome-launcher 0.14.1 0.15
    eslint 7.32.0 8.4.1
    eslint-config-airbnb-base 14.2.1 15.0.0
    eslint-plugin-no-unsanitized 3.2.0 4.0.1
    gulp-eslint 6.0.0 removed
    gulp-stylelint 13.0.0 removed
    jsdom 17.0.0 19.0.0
    mocha 9.1.3 6.2.0
    sinon 11.1.2 12.0.1
    stylelint 13.13.0 14.1.0
    stylelint-config-prettier 8.0.2 removed
    stylelint-config-recommended-scss 4.3.0 removed
    stylelint-prettier 1.2.0 removed
    stylelint-scss 3.21.0 removed

    0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)

    Internal only: 8 low, 17 moderate, 12 high, 1 critical vulnerabilities in devDependencies (development dependencies)

    Release ZIP SHA-256 hash: 34a951034e07288c6a23c2db3b9e54d6b5f11bec13b1484ca8a8ca8f3b013fbf

  • 2.12.2 - 2021-11-01
    Read more
from uswds GitHub release notes
Commit messages
Package name: uswds
  • 857cf50 Merge pull request #4560 from uswds/release-2.13.2
  • 98e0479 Create uswds-2.13.2-zip-hash.txt
  • cdfb7b5 2.13.2
  • cd80845 Update csso
  • aea4019 Use current snyk orb
  • 43e1a50 Update refs to 2.13.2
  • b54b7e2 Update dependencies
  • 11e7344 Merge pull request #4551 from uswds/dw-update-breakpoint
  • a2037e7 Use partial pixel to support high dpi
  • b1c1f20 Merge pull request #4531 from uswds/al-collapsible-480-bug
  • 4945467 Merge pull request #4532 from uswds/jm-update-federalist-develop
  • f10b397 Point to new `_site` directory.
  • 12c1fdd Change fractal output directory to standard Federalist setup.
  • 5c458e9 run prettier
  • fe336de adjust max-width for switch to collapsable footer, change cursor behavior on primary-link
  • 86636ea Merge pull request #4487 from aduth/aduth-rm-icon-inline-style
  • 30fab63 Merge pull request #4483 from uswds/al-combobox-508
  • f0cde87 Merge pull request #4348 from aduth/aduth-behavior-spec
  • 9a0c465 Merge pull request #4480 from jkjustjoshing/patch-1
  • 60c0af4 Merge pull request #4522 from uswds/dependabot/npm_and_yarn/follow-redirects-1.14.8
  • 6a3eb1a Bump follow-redirects from 1.14.7 to 1.14.8
  • 169e948 Repeat style fix for other copies of GitHub icon
  • c0b0b4d Merge pull request #4505 from uswds/dependabot/npm_and_yarn/simple-get-3.1.1
  • d735036 Bump simple-get from 3.1.0 to 3.1.1
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/cisagov/project/8e9bd611-f132-4a5a-b9c0-dc38289cc07c?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/cisagov/project/8e9bd611-f132-4a5a-b9c0-dc38289cc07c/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/cisagov/project/8e9bd611-f132-4a5a-b9c0-dc38289cc07c/settings/integration?pkg=uswds&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)