Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade @uswds/uswds from 3.10.0 to 3.11.0 #388

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @uswds/uswds from 3.10.0 to 3.11.0 #388

wants to merge 1 commit into from
+6 −5

Conversation

FuhuXia
Copy link
Member

@FuhuXia FuhuXia commented Jan 9, 2025

snyk-top-banner

Snyk has created this PR to upgrade @uswds/uswds from 3.10.0 to 3.11.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.

  • The recommended version was released 21 days ago.

Release notes
Package name: @uswds/uswds
  • 3.11.0 - 2024-12-18

    What's new in USWDS 3.11.0

    Features

    Package A11y Breaking Markup change Description
    usa-elements - - - Removed outdated browser normalization styles. This update drops normalize support for Internet Explorer. Thanks @ aduth! (#5555)
    usa-form, usa-input-prefix-suffix, usa-input, uswds-core - - - Moved .usa-input--[width] and .usa-input-group--[width] classes out of the usa-form package. These classes are now generated in the usa-input and usa-input-prefix-suffix packages and can be used without the .usa-form parent element. Thanks @ aduth! (#6232)
    usa-table - - - Updated table header styles to be consistent across all table elements. Now, all thead th, tbody th, and tfoot th cells will all have the same visual styles. Thanks @ ajanickiv!

    ✏️ Teams should confirm that their tables display as expected. (#5986)

    Bug fixes

    Package A11y Breaking Markup change Description
    usa-button, usa-collection, usa-file-input, usa-icon-list, usa-icon, usa-input-prefix-suffix, usa-modal, usa-pagination - - Yes Replaced deprecated xlink:href references with href.

    ✏ Teams should update their markup to replace xlink:href references with href and pull in the updated loader.svg file. (#6165)
    usa-file-input Yes - - Fixed a bug that prevented screen readers from announcing the invalid file type error message. (#6168)

    ✏ Teams who support additional languages should update the error message string to match the new copy.
    usa-footer Yes - - Removed overflow: hidden from usa-footer to allow the full focus outline to show. This fix also improves horizontal alignment in the slim footer variant. Thanks @ 6TELOIV! (#6237)

    Markup changes

    MDN warns that the deprecated xlink:href attribute can stop working at any time. When referencing SVG icon sprites, teams should use href instead of the deprecated xlink:href attribute.

    <!-- usa-icon example -->
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
- <use xlink:href="./img/sprite.svg#close"></use>
+ <use href="./img/sprite.svg#close"></use>
</svg>

    Dependencies and security

    Dependency name Previous version New version
    @ babel/core 7.25.7 7.26.0
    @ babel/preset-env 7.25.7 7.26.0
    axe-core 4.10.0 4.10.2
    cross-spawn 7.0.3 7.0.6
    html-webpack-plugin 5.6.0 5.6.3
    mocha 10.7.3 10.8.2
    nwsapi (added via npm overrides) -- 2.2.13
    postcss 8.4.47 8.4.49
    prettier 3.3.3 3.4.2
    sass 1.79.4 1.83.0
    sass-embedded 1.79.4 1.83.0
    snyk 1.1293.1 1.1294.3
    stylelint 16.9.0 16.11.0
    typescript 5.6.2 5.7.2
    webpack 5.95.0 5.97.1

    0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install @ uswds/uswds)
    29 moderate, 26 high vulnerabilities in devDependencies (development dependencies).

    Release TGZ SHA-256 hash: 1c10cd70a3c627fd14d9ee74a4071e67c4e5ba4bf14ca1c50c19c2fe5885e70a

  • 3.10.0 - 2024-11-13

    What's new in USWDS 3.10.0

    Features

    Package A11y Breaking Markup change Description
    usa-combo-box - - - Updated the order of combo box search results. The component now displays options that start with the query at the top of the list, followed by options that contain the query. This behavior more closely aligns with user expectation. (#6122)

    Bug fixes

    Package A11y Breaking Markup change Description
    usa-checkbox - - - Removed inline style tags from indeterminate checkbox SVGs. These style tags were unnecessary and caused a conflict with Cypress automated testing. (#6162)

    ✏️ Teams should update the checkbox-indeterminate.svg and checkbox-indeterminate-alt.svg files in their projects.
    usa-file-input - - - Fixed a bug that caused file input image previews to break when a Content Security Policy is enabled. The component now uses event listeners in place of inline JavaScript to handle error states. Thanks @ jeffpw-goog! (#5997)
    usa-model - - - Fixed a bug that prevented the modal package from bundling with a custom prefix. The component no longer uses hard-coded class names in its JavaScript. Thanks @ sanason! (#6026)
    usa-step-indicator Yes - Yes Removed the aria-label from the wrapper of the step indicator component. This resolves an automated testing error related to having an invalid attribute on a div element. (#6146)

    ✏️ Teams should remove the the aria-label from the .usa-step-indicator element in their step indicator markup.
    usa-time-picker Yes - Yes Updated the time picker hint text to improve clarity. This update allows the component to meet the success criteria in WCAG 3.3.2. (#6147)

    ✏️ Teams should replace the words "hh:mm" in the time picker hint text with "Select a time from the dropdown. Type into the input to filter options."

    Markup changes

    Step indicator

    To remove automated testing errors, teams should update the step indicator markup to remove the aria-label on the usa-step-indicator element:

    - <div class="usa-step-indicator" aria-label="progress">
+ <div class="usa-step-indicator">

    Time picker

    If teams are using "hh:mm" in their time picker hint text, they should update the text to "Select a time from the dropdown. Type into the input to filter options.":

    - <div class="usa-hint">hh:mm</div>
+ <div class="usa-hint">Select a time from the dropdown. Type into the input to filter options.</div>

    Dependencies and security

    Dependency updates

    Dependency name Previous version Updated version
    object-assign 4.1.1 --

    Dev Dependency updates

    Dependency name Previous version Updated version
    @ babel/core 7.25.2 7.25.7
    @ babel/preset-env 7.25.4 7.25.7
    browserify 17.0.0 17.0.1
    eslint-plugin-import 2.30.0 2.31.0
    eslint-plugin-no-unsanitized 4.1.0 4.1.2
    postcss 8.4.45 8.4.47
    sass 1.78.0 1.79.4
    sass-embedded 1.78.0 1.79.4
    snyk 1.1293.0 1.1293.1
    twig-html-loader 0.1.9 --
    webpack 5.94.0 5.95.0

    Thanks @ aduth and @ anselmbradford for contributing to our dependency updates!

    0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install @ uswds/uswds)
    29 moderate, 26 high vulnerabilities in devDependencies (development dependencies).

    Release TGZ SHA-256 hash: fdd1f9fc4cbfeb0fca7feeba1c94b205ba4ee22d03f63bb916c8750982715fb7

from @uswds/uswds GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade @uswds/uswds from 3.10.0 to 3.11.0
ce6f8d6 
Snyk has created this PR to upgrade @uswds/uswds from 3.10.0 to 3.11.0.

See this package in npm:
@uswds/uswds

See this project in Snyk:
https://app.snyk.io/org/data.gov/project/3be75de7-3443-41fe-bed6-a223b97703ed?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@FuhuXia @snyk-bot