search

scottish-government-design-system / design-system

Design System for the Scottish Government and other Scottish public sector bodies
https://designsystem.gov.scot
MIT License
25 stars 11 forks source link

Bump @xmldom/xmldom and svg-sprite #17

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps @xmldom/xmldom to 0.8.3 and updates ancestor dependency svg-sprite. These dependencies need to be updated together.

Updates @xmldom/xmldom from 0.7.5 to 0.8.3

Release notes

Sourced from @​xmldom/xmldom's releases.

0.8.3

Commits

Fixed

Thank you, @​Supraja9726 for your contributions

0.8.2

Commits

Fixed

Other

Thank you @​niklasl, @​cburatto, @​SheetJSDev, @​pyrsmk for your contributions

0.8.1

Commits

Fixes

Docs

0.8.0

Commits

Fixed

... (truncated)

Changelog

Sourced from @​xmldom/xmldom's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

0.8.3

Fixed

Thank you, @​Supraja9726 for your contributions

0.9.0-beta.2

Fixed

Thank you, @​Supraja9726 for your contributions

0.8.3

Fixed

Thank you, @​Supraja9726 for your contributions

0.9.0-beta.1

Fixed

Only use HTML rules if mimeType matches [#338](https://github.com/xmldom/xmldom/issues/338), fixes [#203](https://github.com/xmldom/xmldom/issues/203)

In the living specs for parsing XML and HTML, that this library is trying to implement, there is a distinction between the different types of documents being parsed: There are quite some rules that are different for parsing, constructing and serializing XML vs HTML documents.

So far xmldom was always "detecting" whether "the HTML rules should be applied" by looking at the current namespace. So from the first time an the HTML default namespace (http://www.w3.org/1999/xhtml) was found, every node was treated as being part of an HTML document. This misconception is the root cause for quite some reported bugs.

BREAKING CHANGE: HTML rules are no longer applied just because of the namespace, but require the mimeType argument passed to DOMParser.parseFromString(source, mimeType) to match 'text/html'. Doing so implies all rules for handling casing for tag and attribute names when parsing, creation of nodes and searching nodes.

BREAKING CHANGE: Correct the return type of DOMParser.parseFromString to Document | undefined. In case of parsing errors it was always possible that "the returned Document" has not been created. In case you are using Typescript you now need to handle those cases.

BREAKING CHANGE: The instance property DOMParser.options is no longer available, instead use the individual readonly property per option (assign, domHandler, errorHandler, normalizeLineEndings, locator, xmlns). Those also provides the default value if the option was not passed. The 'locator' option is now just a boolean (default remains true).

BREAKING CHANGE: The following methods no longer allow a (non spec compliant) boolean argument to toggle "HTML rules":

  • XMLSerializer.serializeToString
  • Node.toString
  • Document.toString

... (truncated)

Commits
  • c9df7a2 0.8.3
  • 1c57b5e docs: Prepare CHANGELOG for 0.8.3
  • 7c0d4b7 fix: Avoid iterating over prototype properties
  • a701915 chore(deps): update dependency eslint to v8.25.0 (#433)
  • 2aef5ef chore(deps): update actions/setup-node action to v3 (#431)
  • 0842586 chore(deps): update dependency eslint-plugin-prettier to v4.2.1 (#418)
  • 8f1ee5e chore(deps): update dependency eslint to v8.24.0 (#430)
  • 8a34f29 chore(deps): update dependency nodemon to v2.0.20 (#429)
  • ac8012f chore(deps): update dependency eslint to v8.23.1 (#419)
  • 7efca8c chore(deps): update dependency nodemon to v2.0.19 (#420)
  • Additional commits viewable in compare view


Updates svg-sprite from 1.5.4 to 2.0.0

Release notes

Sourced from svg-sprite's releases.

v2.0.0

Breaking changes

  • Drop Node.js < 12 support
  • Update svgo to v2.x

Changes

  • Add namespaceIDPrefix option
  • Add rel="noopener noreferrer" to all links in generated HTML pages.
  • Add compileAsync method
  • Add support for disabling root viewBox attribute in stack mode
  • Add ID references substitution in href attributes (earlier worked with xlink:href only)
  • Drop Node.js < 12 support
  • Remove the deprecated transform option
  • Add milliseconds in logger's output
  • Change SVG dimensions calculation from PhantomJS to resvg-js, drop PhantomJ direct dependency (replaced with resvg-js)
  • Fix a rare issue with valid SVG files marked as invalid
  • Fix a rare bug with checking if passed config.log option is an instance of winston.Logger
  • Fix missing shape names when adding input files with a relative path
  • Replace cssmin with csso
  • Reduce lodash and other direct dependencies; switch to native JS alternatives

Dev updates

  • Update all devDepedencies
  • Switch to xo for linting
  • Replace mocha, should and c8 with jest
  • Replace PhantomJS and image-diff with playwright and pixelmatch for regression tests
  • A lot of docs tweaks
  • A lot of code refactoring
    • Switch to ES6+ syntax and methods
    • Switch to async methods whenever possible
    • Switch to ES6 classes whenever possible
    • Fix JSDoc documentation
  • Massively improve tests
    • Add regression tests for SVGs without dimensions
    • Add regression tests for all modes
    • Add tests and coverage reports to CI (Linux, Windows support)

Full Changelog: https://github.com/svg-sprite/svg-sprite/compare/v1.5.4...v2.0.0?w=1

v2.0.0-beta7

What's Changed

Full Changelog: https://github.com/svg-sprite/svg-sprite/compare/v2.0.0-beta6...v2.0.0-beta7

v2.0.0-beta6

... (truncated)

Changelog

Sourced from svg-sprite's changelog.

Newer release notes are published on the GitHub release page: https://github.com/svg-sprite/svg-sprite/releases

1.6.0-alpha Maintenance pre-release (2020-01-18)

  • Remove support for Node < 8.0
  • Update dependencies (#306, #310)
  • Update documentation to use updated SVGO plugin name (#275)
  • Move mocha and should dependencies back to devDependencies again (#297, #285)
  • Add built-in templating function to encode hash signs (#294)
  • Fix verbose logging output (#279, #291)
  • Add option to prefix auto-generated namespace IDs (#292, #293)
  • Update preview templates to use SVG checker image (#287)

1.5.0 Maintenance release (2018-09-18)

  • Updated dependencies
  • Dropped support for Node.js < 6.4

1.4.1 Maintenance release (2018-09-18)

1.4.0 Maintenance release (2018-03-17)

  • Added more Node.js versions to Travis instructions
  • Updated dependencies
  • Updated SVGO version & test fixture (#258, #259)
  • Reformatted documentation code examples (#236)
  • Fix JSHint errors (#261)
  • Add support for simple shape ID generator (#240)
  • Add failing CPU detection workaround (#252)
  • Changed SVGO plugin defaults (#249)

1.3.7 Bugfix release (2017-06-01)

  • Updated dependencies
  • Fixed invalid markup in <defs> example html (#229)
  • Fallback for failing CPU detection (#217)
  • Fixed broken SVGO configuration in CLI (#216, #199)
  • Added glob base directory option to CLI (#220)
  • Fixed broken rootAttributes option in CLI (#228)

1.3.6 Bugfix release (2016-08-29)

... (truncated)

Commits
  • d5031aa 2.0.0
  • 9681f5d Update minor dependencies (#733)
  • 5bf5b55 Replaced Error.errno with Error classes (#726)
  • 396d56e Added snapshots testing for regression tests
  • 9527e18 Fixed #288: Preserving @font-face in style defs
  • 697db77 Fixed mock import address
  • 05d5ee8 add tests for SVGShape reference methods
  • 7ccd2d2 add tests for SVGShape._initSVG
  • 6da97fd add tests for SVGShape.distribute
  • 758016b add tests for SVGShape dimension methods
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/scottishgovernment/pattern-library/network/alerts).
dependabot[bot] commented 1 year ago

Looks like these dependencies are up-to-date now, so this is no longer needed.