This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade uswds from 2.12.2 to 2.13.2.
![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=uswds&from_version=2.12.2&to_version=2.13.2&pr_id=af5c6c0a-2ff9-4511-a11c-ecac7607dda0&visibility=true&has_feature_flag=false)
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **3 versions** ahead of your current version.
- The recommended version was released **a month ago**, on 2022-03-07.
Release notes Package name: uswds
Fixed GitHub icon to prevent CSP flag. Resolves an error which can occur when using the USWDS Icon component SVG sprite in combination with a Content Security Policy (CSP), where the presence of an inline style tag within the GitHub icon can violate most common CSPs which do not include the unsafe-inline style-src directive. Thanks @ aduth! (#4487)
Fixed Big Footer expanded display. Fixes an issue where the Big Footer variant does not show the proper expanded display at exactly 480px. Thanks @ jkjustjoshing! (#4525, #4531, and #4551)
Add proper aria-controls to Combo Box. Now the Combo Box input gets the expected aria-controls property when it's initialized. (#4483)
Dependency updates
dependency
old
new
postcss-csso
5.0.1
6.0.0
0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)
Fix Date Picker input bug in Safari. We fixed a bug where date picker selections would not propagate into the input field in Safari. (#4456)
Fix external link icon display bug in Safari. We fixed a bug that resulted in colored bars on the top and bottom of external link icons in Safari. (#4439)
Prevent infinite loops in divide function. We improved the logic of the divide function to abort immediately on an attempt to divide by zero. Thanks @ aduth! (#4438)
Optimize performance of luminance function. We used a simple look-up table for single-channel luminance values to dramatically improve the performance of luminance calculations. Thanks @ aduth! (#4437)
Improve package exports to allow importing in Webpack 5. We added explicit exports to USWDS assets so Webpack 5 can access them. Thanks @ tyduptyler13 and @ pearl-truss! (#4461, #4468)
Fix Dropdown chevron display in Windows high contrast mode. We updated the Dropdown styles to allow the chevron to appear in any forced color mode. Thanks @ trimspa! (#4457)
Dependency updates
None
0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)
⚠️Note: This release contains a couple accessibility-related updates that require a manual markup change.
⚠️Improved resilience of icon-only functionality. We updated a couple components that use icon-only buttons so that they provide a text equivalent if the image path is broken and does not load. Specifically, this applies to two specific components:
The small variant of the Search button: The button that includes an image of a magnifying glass
The social icons in the Footer: This includes the Facebook, Twitter, YouTube, Instagram, and RSS buttons.
If you use these components, they will require a markup change.
<a class="usa-social-link usa-social-link--facebook" href="{{ link }}">
<span>Facebook</span>
</a>
<a class="usa-social-link usa-social-link--twitter" href="{{ link }}">
<span>Twitter</span>
</a>
<a class="usa-social-link usa-social-link--youtube" href="{{ link }}">
<span>YouTube</span>
</a>
<a class="usa-social-link usa-social-link--instagram" href="{{ link }}">
<span>Instagram</span>
</a>
<a class="usa-social-link usa-social-link--rss" href="{{ link }}">
<span>RSS</span>
</a>
New markup as of 2.13.0
<a class="usa-social-link" href="{{ link }}">
<img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/facebook.svg" alt="Facebook">
</a>
<a class="usa-social-link" href="{{ link }}">
<img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/twitter.svg" alt="Twitter">
</a>
<a class="usa-social-link" href="{{ link }}">
<img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/youtube.svg" alt="YouTube">
</a>
<a class="usa-social-link" href="{{ link }}">
<img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/instagram.svg" alt="Instagram">
</a>
<a class="usa-social-link" href="{{ link }}">
<img class="usa-social-link__icon" src="{{ your uswds image path }}/usa-icons/rss_feed.svg" alt="RSS">
</a>
Other improvements and bug fixes
Fixed deprecation workings in our Sass compilation. Refactored our code to avoid division! (#4314) And avoid instances of unquoted string interpolation. (#4380) Thanks @ aduth!
File upload confirms files to screenreaders. Now File Input will tell screenreaders the total number of files and the names of files added to the component. (#4415)
Mobile navigation now makes background content inert. When the mobile navigation is active, all other non-nav content is hidden. This prevents accidentally leaving the focus of the active mobile menu. (#4411)
⚠️Improve screenreader experience of Date Picker. Now screen readers can better describe the label and description of a date picker input. Thanks @ mahoneycm! (#4414)
This one needs a manual markup change:
Old Date Picker: Two IDs in aria-describedby
<label class="usa-label" id="{{ label ID }}" for="{{ input ID }}">{{ label text }}</label>
<div class="usa-hint" id="{{ hint ID }}">{{ hint text }}</div>
<div class="usa-date-picker">
<input
class="usa-input"
id="{{ input ID }}"
name="{{ input ID }}"
type="text"
aria-describedby="{{ label ID }} {{ hint ID }}"
>
</div>
New Date Picker: Label ID in aria-labelledby and hint ID in aria-describedby
<label class="usa-label" id="{{ label ID }}" for="{{ input ID }}">{{ label text }}</label>
<div class="usa-hint" id="{{ hint ID }}">{{ hint text }}</div>
<div class="usa-date-picker">
<input
class="usa-input"
id="{{ input ID }}"
name="{{ input ID }}"
type="text"
aria-labelledby="{{ label ID }}"
aria-describedby="{{ hint ID }}"
>
</div>
Dependencies
Package
Old
New
@ 18f/identity-stylelint-config
—
1.0.0
chrome-launcher
0.14.1
0.15
eslint
7.32.0
8.4.1
eslint-config-airbnb-base
14.2.1
15.0.0
eslint-plugin-no-unsanitized
3.2.0
4.0.1
gulp-eslint
6.0.0
removed
gulp-stylelint
13.0.0
removed
jsdom
17.0.0
19.0.0
mocha
9.1.3
6.2.0
sinon
11.1.2
12.0.1
stylelint
13.13.0
14.1.0
stylelint-config-prettier
8.0.2
removed
stylelint-config-recommended-scss
4.3.0
removed
stylelint-prettier
1.2.0
removed
stylelint-scss
3.21.0
removed
0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project report](https://app.snyk.io/org/cisagov/project/8e9bd611-f132-4a5a-b9c0-dc38289cc07c?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/cisagov/project/8e9bd611-f132-4a5a-b9c0-dc38289cc07c/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/cisagov/project/8e9bd611-f132-4a5a-b9c0-dc38289cc07c/settings/integration?pkg=uswds&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade uswds from 2.12.2 to 2.13.2.
![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=npm&package_name=uswds&from_version=2.12.2&to_version=2.13.2&pr_id=af5c6c0a-2ff9-4511-a11c-ecac7607dda0&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **3 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-03-07.
Release notes
Package name: uswds
What's new in USWDS 2.13.2
Improvements and bug fixes
aria-controls
property when it's initialized. (#4483)Dependency updates
postcss-csso
0
vulnerabilities in regular dependencies (dependencies for USWDS projects installed withnpm install uswds
)Internal only:
4 low, 17 moderate, 22 high, 1 critical
vulnerabilities in devDependencies (development dependencies)Release ZIP SHA-256 hash:
c869a7b5d0ebc5b8f44645782bad39faccdb272b1e38a077586ce94e2b09c4cd
What's new in USWDS 2.13.1
Improvements and bug fixes
divide
function. We improved the logic of thedivide
function to abort immediately on an attempt to divide by zero. Thanks @ aduth! (#4438)Dependency updates
None
0
vulnerabilities in regular dependencies (dependencies for USWDS projects installed withnpm install uswds
)Internal only:
2 low, 22 moderate, 19 high, 1 critical
vulnerabilities in devDependencies (development dependencies)Release ZIP SHA-256 hash:
c048e4958cbc51a5512d89e321bc7bb90aa3bec00539330042125d6b2c0a0c45
What's new in USWDS 2.13.0
Breaking changes
small
variant of the Search button: The button that includes an image of a magnifying glassIf you use these components, they will require a markup change.
Small search button
Old markup
New markup as of 2.13.0
Footer social buttons
Old markup
New markup as of 2.13.0
Other improvements and bug fixes
Fixed deprecation workings in our Sass compilation. Refactored our code to avoid division! (#4314) And avoid instances of unquoted string interpolation. (#4380) Thanks @ aduth!
File upload confirms files to screenreaders. Now File Input will tell screenreaders the total number of files and the names of files added to the component. (#4415)
Mobile navigation now makes background content inert. When the mobile navigation is active, all other non-nav content is hidden. This prevents accidentally leaving the focus of the active mobile menu. (#4411)
input
. Thanks @ mahoneycm! (#4414)This one needs a manual markup change:
Old Date Picker: Two IDs in
aria-describedby
New Date Picker: Label ID in
aria-labelledby
and hint ID inaria-describedby
Dependencies
0
vulnerabilities in regular dependencies (dependencies for USWDS projects installed withnpm install uswds
)Internal only:
8 low, 17 moderate, 12 high, 1 critical
vulnerabilities in devDependencies (development dependencies)Release ZIP SHA-256 hash:
34a951034e07288c6a23c2db3b9e54d6b5f11bec13b1484ca8a8ca8f3b013fbf
Commit messages
Package name: uswds
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/cisagov/project/8e9bd611-f132-4a5a-b9c0-dc38289cc07c?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/cisagov/project/8e9bd611-f132-4a5a-b9c0-dc38289cc07c/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/cisagov/project/8e9bd611-f132-4a5a-b9c0-dc38289cc07c/settings/integration?pkg=uswds&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)