[Snyk] Upgrade @uswds/uswds from 3.8.1 to 3.8.2 #329
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @uswds/uswds from 3.8.1 to 3.8.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 1 version ahead of your current version.
The recommended version was released on a month ago.
Release notes
Package name: @uswds/uswds
What's new in USWDS 3.8.2
Dependencies and security
Removed the
classlist-polyfill
dependency. This update resolves a Denial of Service (DoS) vulnerability related to theclasslist-polyfill
dependency that we do not consider exploitable on the front end of applications. (#6012)Important
This release may affect some functionality in Internet Explorer 11 (IE11). This update removes the polyfill that added full
classList
support to IE11. USWDS no longer supports IE11, but if your project does, test if this update negatively affects your users and add additional support forclassList
if it does.Thanks @ aduth for the initial work on removing this dependency.
0
vulnerabilities in regular dependencies (dependencies for USWDS projects installed withnpm install @ uswds/uswds
)5
low,11
moderate,44
high vulnerabilities in devDependencies (development dependencies).Release TGZ SHA-256 hash:
94049e150c2a67dfdb75f140fc664d2e936ef652480a2f88dfdd96922e0a940c
What's new in USWDS 3.8.1
Bug fixes
usa-button-group
usa-footer
usa-layout-grid
dependency in the footer package and removed layout grid styles from the footer stylesheet. This update prevents visual regressions in footer and other components with layout grid utility classes in their markup. (#5930)usa-identifier
usa-in-page-navigation
data-header-selector
attribute in an in-page navigation JavaScript error message. The error message now correctly references thedata-heading-elements
attribute. (#5856)usa-input-mask
usa-tooltip
usa-tooltip
usa-validation
uswds-utilities
Dependencies and security
Thanks @ anselmbradford for the dependency updates!
0
vulnerabilities in regular dependencies (dependencies for USWDS projects installed withnpm install @ uswds/uswds
)13
moderate,28
high vulnerabilities in devDependencies (development dependencies).Release TGZ SHA-256 hash:
a86fa133b842ce28d1eed2226216c478debf31bf6c16ffcd96fecf061fdf4583
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: