Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump the npm-packages group with 6 updates #395

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 10, 2025

Bumps the npm-packages group with 6 updates:

Package From To
@uswds/uswds 3.10.0 3.11.0
markdown-it-attrs 4.3.0 4.3.1
@11ty/eleventy 2.0.1 3.0.0
@11ty/eleventy-img 5.0.0 6.0.0
@types/node 22.10.2 22.10.5
esbuild 0.24.0 0.24.2

Updates @uswds/uswds from 3.10.0 to 3.11.0

Release notes

Sourced from @​uswds/uswds's releases.

USWDS 3.11.0

What's new in USWDS 3.11.0

Features

Package A11y Breaking Markup change Description
usa-elements - - - Removed outdated browser normalization styles. This update drops normalize support for Internet Explorer. Thanks @​aduth! (#5555)
usa-form, usa-input-prefix-suffix, usa-input, uswds-core - - - Moved .usa-input--[width] and .usa-input-group--[width] classes out of the usa-form package. These classes are now generated in the usa-input and usa-input-prefix-suffix packages and can be used without the .usa-form parent element. Thanks @​aduth! (#6232)
usa-table - - - Updated table header styles to be consistent across all table elements. Now, all thead th, tbody th, and tfoot th cells will all have the same visual styles. Thanks @​ajanickiv! ✏️ Teams should confirm that their tables display as expected. (#5986)

Bug fixes

Package A11y Breaking Markup change Description
usa-button, usa-collection, usa-file-input, usa-icon-list, usa-icon, usa-input-prefix-suffix, usa-modal, usa-pagination - - Yes Replaced deprecated xlink:href references with href. ✏ Teams should update their markup to replace xlink:href references with href and pull in the updated loader.svg file. (#6165)
usa-file-input Yes - - Fixed a bug that prevented screen readers from announcing the invalid file type error message. (#6168) ✏ Teams who support additional languages should update the error message string to match the new copy.
usa-footer Yes - - Removed overflow: hidden from usa-footer to allow the full focus outline to show. This fix also improves horizontal alignment in the slim footer variant. Thanks @​6TELOIV! (#6237)

Markup changes

MDN warns that the deprecated xlink:href attribute can stop working at any time. When referencing SVG icon sprites, teams should use href instead of the deprecated xlink:href attribute.

<!-- usa-icon example -->
<svg class="usa-icon" aria-hidden="true" focusable="false" role="img">
- <use xlink:href="./img/sprite.svg#close"></use>
+ <use href="./img/sprite.svg#close"></use>
</svg>

Dependencies and security

Dependency name Previous version New version
@​babel/core 7.25.7 7.26.0
@​babel/preset-env 7.25.7 7.26.0
axe-core 4.10.0 4.10.2
cross-spawn 7.0.3 7.0.6
html-webpack-plugin 5.6.0 5.6.3
mocha 10.7.3 10.8.2
nwsapi (added via npm overrides) -- 2.2.13
postcss 8.4.47 8.4.49
prettier 3.3.3 3.4.2
sass 1.79.4 1.83.0
sass-embedded 1.79.4 1.83.0
snyk 1.1293.1 1.1294.3
stylelint 16.9.0 16.11.0
typescript 5.6.2 5.7.2
webpack 5.95.0 5.97.1

0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install @uswds/uswds)

... (truncated)

Commits

Updates markdown-it-attrs from 4.3.0 to 4.3.1

Release notes

Sourced from markdown-it-attrs's releases.

v4.3.1

Generic error handling, catches tranforms that fails, prints an error and continues.

Full Changelog: arve0/markdown-it-attrs@v4.3.0...v4.3.1

Commits

Updates @11ty/eleventy from 2.0.1 to 3.0.0

Release notes

Sourced from @​11ty/eleventy's releases.

Eleventy v3.0.0: Possums ❤️ ESM

We did it. After 22 pre-releases and over a year of work, Eleventy 3.0.0 is now available. You can try it out now on your project using:

npm install @11ty/eleventy@latest

If you’re upgrading from a previous version of Eleventy, use the Upgrade Help plugin for automated checks and help with your upgrade!

Why should you use Eleventy? Eleventy is a flexible and production-ready site generator known for its zero-client JavaScript footprint, speedy sites, speedy builds, and full control over the output.

A few numbers on the best version of Eleventy yet:

Stats v2.0.1 v3.0.0
20% smaller 35.2 MB 28.1 MB
11% fewer dependencies 213 189
9% faster npm install 4.511s* 4.103s*

*fastest time of 3 runs (bypassing local cache)

Flagship 3.0 features

  1. Eleventy is now written in ESM with full support for ESM in your projects: configuration, data files, 11ty.js templates, etc. For many projects this won’t be a breaking change and we’ll continue to support CommonJS too. Every example on the docs now includes both a CommonJS and ESM version. Docs: https://v3.11ty.dev/docs/cjs-esm/
// ESM
export default function(eleventyConfig) {}
// We’ll keep supporting CommonJS:
module.exports = function(eleventyConfig) {}

  1. Supporting more package managers and runtimes: pnpm, yarn, Deno. More examples on the docs! https://v3.11ty.dev/docs/
  2. Asynchronous configuration #614 Docs: https://v3.11ty.dev/docs/config/
// ESM
export default async function(eleventyConfig) {}
// CommonJS
module.exports = async function(eleventyConfig) {}

  1. For-free performance improvement to built-in slugify, inputPathToUrl universal filters (via memoization) #840 Docs: https://v3.11ty.dev/docs/memoize/
  2. Named config export improves consistency for plugins #3246 and set*Directory configuration API methods #1503 Docs: https://v3.11ty.dev/docs/config-shapes/#optional-export-config-object and https://v3.11ty.dev/docs/config/#configuration-options
export default function(eleventyConfig) {
  eleventyConfig.setInputDirectory(".");
</tr></table> 

... (truncated)

Commits

Updates @11ty/eleventy-img from 5.0.0 to 6.0.0

Release notes

Sourced from @​11ty/eleventy-img's releases.

Eleventy Image v6.0.0

Notably, for maximum compatibility this package is still CommonJS (not yet ESM). Node minimum is still 18+ (unchanged from Eleventy Image v4).

Breaking Changes

  • useCacheValidityInHash option has been removed #146
  • Transform method will reuse existing <img width> attribute (if single integer) as eleventy:widths value #234

The following changes likely require no action on your part (but are nonetheless breaking):

  • Better color support (P3, AdobeRGB, et al): images retain ICC profiles by default #244
  • Dependency major upgrade: @11ty/eleventy-fetch from v4 to v5
  • Dependency major upgrade @11ty/eleventy-utils from v1 to v2
  • Default metadata object returned will no longer include empty format arrays { jpeg: [] } #242

Features

  • Uses native fetch() (no more node-fetch, via eleventy-fetch upgrade) and works better with caching on remote urls, consistency on file names with sync methods #252 #262 #146
  • returnType: "html" option will return the generated HTML directly instead of the metadata object #267
    • htmlOptions: {} are options passed to the generateHTML function
  • Output format filtering (opt-out with formatFiltering option). Filters out output formats that do not support animation or transparency automatically.
    • Animation friendly formats #260
    • Transparency friendly formats #105
  • Adds failOnError: true option to avoid throwing an error when image processing fails (and failing your build) #225 See also the eleventy:optional attribute below.
  • Adds new transform hook for running your own sharp customizations 11ty/eleventy-img#52 (can be used to add custom cropping!)
  • Improved error messaging when incorrectly using the default export with eleventyConfig.addPlugin #263
  • Concurrency auto-scales per machine resources (between 8 min and 16 max) #258
  • Support full URLs in urlPath option #239
  • generateHTML: Missing sizes error relaxed when using loading="lazy" HTML, swap to use sizes="auto" instead #207
  • New generateHTML option (also available via htmlOptions) forfallback: "smallest" to choose smallest image for <img> fallback and width/height dimensions #265 #129

Transform Method

  • Reuse existing <img width> attribute (if single integer) as eleventy:widths value #234
  • Adds eleventy:optional HTML attribute so that errors in image processing will not fail the build (in different ways) #259
    1. Remove src attribute
    2. Leave as-is eleventy:optional="keep"
    3. Replace with a transparent Data URI eleventy:optional="placeholder"
  • Decode file name paths #253
  • Support transforming <picture> nodes #214
  • Preserve attributes on img and picture elements 11ty/eleventy-img#214 #241 #243 #251
  • Fix for relative references when using permalinks with non-index.html file names #236

Full Milestone (×26 issues closed): https://github.com/11ty/eleventy-img/milestone/22?closed=1 Full Changelog (×75 commits, +2,347/-992): 11ty/eleventy-img@v5.0.0...v6.0.0

Prerelease: Eleventy Image v6.0.0-beta.5

Full v6 Milestone: https://github.com/11ty/eleventy-img/milestone/22?closed=1

... (truncated)

Commits

Updates @types/node from 22.10.2 to 22.10.5

Commits

Updates esbuild from 0.24.0 to 0.24.2

Release notes

Sourced from esbuild's releases.

v0.24.2

  • Fix regression with --define and import.meta (#4010, #4012, #4013)

    The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

    This fix was contributed by @​sapphi-red.

v0.24.1

  • Allow es2024 as a target in tsconfig.json (#4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
      "compilerOptions": {
        "target": "ES2024"
      }
    }

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
      get
      *x() {}
      set
      *y() {}
    }

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

    // The following code now transforms to "return true;\n"
    console.log(esbuild.transformSync(
      `return process.env['SOME-TEST-VAR']`,
      { define: { 'process.env["SOME-TEST-VAR"]': 'true' } },
    ))

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.24.2

  • Fix regression with --define and import.meta (#4010, #4012, #4013)

    The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

    This fix was contributed by @​sapphi-red.

0.24.1

  • Allow es2024 as a target in tsconfig.json (#4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
      "compilerOptions": {
        "target": "ES2024"
      }
    }

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
      get
      *x() {}
      set
      *y() {}
    }

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

    // The following code now transforms to "return true;\n"
    console.log(esbuild.transformSync(
      `return process.env['SOME-TEST-VAR']`,
      { define: { 'process.env["SOME-TEST-VAR"]': 'true' } },

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm-packages group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@uswds/uswds](https://github.com/uswds/uswds) | `3.10.0` | `3.11.0` |
| [markdown-it-attrs](https://github.com/arve0/markdown-it-attrs) | `4.3.0` | `4.3.1` |
| [@11ty/eleventy](https://github.com/11ty/eleventy) | `2.0.1` | `3.0.0` |
| [@11ty/eleventy-img](https://github.com/11ty/eleventy-img) | `5.0.0` | `6.0.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.10.2` | `22.10.5` |
| [esbuild](https://github.com/evanw/esbuild) | `0.24.0` | `0.24.2` |


Updates `@uswds/uswds` from 3.10.0 to 3.11.0
- [Release notes](https://github.com/uswds/uswds/releases)
- [Commits](uswds/uswds@v3.10.0...v3.11.0)

Updates `markdown-it-attrs` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/arve0/markdown-it-attrs/releases)
- [Commits](arve0/markdown-it-attrs@v4.3.0...v4.3.1)

Updates `@11ty/eleventy` from 2.0.1 to 3.0.0
- [Release notes](https://github.com/11ty/eleventy/releases)
- [Changelog](https://github.com/11ty/eleventy/blob/main/docs/release-instructions.md)
- [Commits](11ty/eleventy@v2.0.1...v3.0.0)

Updates `@11ty/eleventy-img` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/11ty/eleventy-img/releases)
- [Commits](11ty/eleventy-img@v5.0.0...v6.0.0)

Updates `@types/node` from 22.10.2 to 22.10.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `esbuild` from 0.24.0 to 0.24.2
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.24.0...v0.24.2)

---
updated-dependencies:
- dependency-name: "@uswds/uswds"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-packages
- dependency-name: markdown-it-attrs
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-packages
- dependency-name: "@11ty/eleventy"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-packages
- dependency-name: "@11ty/eleventy-img"
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-packages
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-packages
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jan 10, 2025
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 10, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 10, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/npm-packages-a076f67a3c branch January 10, 2025 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant