Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump uswds from 2.12.1 to 2.12.2 #269

Merged
merged 3 commits into from
Nov 2, 2021
Merged

Bump uswds from 2.12.1 to 2.12.2 #269

merged 3 commits into from
Nov 2, 2021

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 2, 2021

Bumps uswds from 2.12.1 to 2.12.2.

Release notes

Sourced from uswds's releases.

USWDS 2.12.2

What's new in USWDS 2.12.2

Improvements and bug fixes

  • Fixed a duplicate-file bug in File Input. If a file with the same name was uploaded in two separate file input fields, the preview spinner would spin indefinitely. We now assign each upload an individual ID, and the image preview loads properly. (uswds/uswds#4313) Thanks @​mahoneycm!
  • Added ability to add a custom error message for wrong file type error in File Upload. Add the data attribute data-errorMessage to usa-file-input to include a custom error message. (uswds/uswds#3890) Thanks @​hilvitzs!
  • Fixed external link icon color. We resolved an issue with visited links where the icon color may not match the color of the link. (uswds/uswds#4297) Thanks @​aduth!
  • Removed extraneous href from Collection calendar. The usa-collection__calendar-date should not include an href, so we removed it. (uswds/uswds#4308) Thanks @​mahoneycm!

Security and dependencies

  • Added automatic sanitizing. The design system now automatically sanitizes content in elements we compose with JavaScript. This means that components like Combobox, Tooltip, File Input, and Date Picker will sanitize any content passed to them. This helps protect any design system implementation against malicious XSS attacks through these components. (uswds/uswds#4329)

Dependencies

Package Old New
@​babel/preset-env 7.15.0 7.15.8
@​types/node 16.6.1 16.11.6
autoprefixer 10.3.1 10.3.7
axe-core 4.3.2 4.3.4
chrome-launcher 0.14.0 0.14.1
eslint-plugin-import 2.24.0 2.25.2
eslint-plugin-no-unsanitized 3.1.5 3.2.0
gulp-postcss 9.0.0 9.0.1
mocha 9.0.3 9.1.3
postcss 8.3.6 8.3.11
prettier 2.3.2 2.4.1
sass 1.38.0 1.43.4
snyk 1.683.0 1.746.0
stylelint-scss 3.20.1 3.21.0
typescript 4.3.5 4.4.4
yargs 17.1.1 17.2.1

0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install uswds)

Internal only: 2 low, 12 moderate, 14 high, 1 critical vulnerabilities in devDependencies (development dependencies)

Release ZIP SHA-256 hash: 2c4a794c11dca65db04d6552312241ae6c397b7fd4ea5c8094698461d8d3f687

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump uswds from 2.12.1 to 2.12.2
684e58d 
Bumps [uswds](https://github.com/uswds/uswds) from 2.12.1 to 2.12.2.
- [Release notes](https://github.com/uswds/uswds/releases)
- [Commits](uswds/uswds@v2.12.1...v2.12.2)

---
updated-dependencies:
- dependency-name: uswds
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the type: dependencies Pull requests that update a dependency file label Nov 2, 2021
@aduth
Copy link
Member

aduth commented Nov 2, 2021

Failing visual regression is expected, since it's catching the version number on the homepage:

image

@aduth aduth merged commit e833b69 into main Nov 2, 2021
@aduth aduth deleted the dependabot/npm_and_yarn/uswds-2.12.2 branch November 2, 2021 15:01
@aduth aduth mentioned this pull request Jan 25, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aduth aduth aduth approved these changes

Assignees
No one assigned
Labels
type: dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@aduth