Skip to content

Bump uswds from 2.3.1 to 2.4.0

Bucknell, Mary S. requested to merge dependabot/npm_and_yarn/uswds-2.4.0 into master

Created by: dependabot-preview[bot]

Bumps uswds from 2.3.1 to 2.4.0.

Release notes

Sourced from uswds's releases.

2.4.0

What's new in USWDS 2.4.0

Allow non-token values in theme color settings. While USWDS promotes and encourages using our system tokens in theme color settings, agencies have a real need to occasionally use non-token colors. This includes instances where certain colors are mandated by law and cannot be easily changed. Now, teams can add non-token colors to theme color settings like $theme-color-primary: #f00. This new non-token value of 'primary' will apply anywhere the 'primary' token is used: functions, mixins, settings, and utilities. Using non-token values will throw a warning in the compile process, but this, like all compile warnings, can be disabled by setting $theme-show-compile-warnings: false. (uswds/uswds#3258)

Handle deprecations more gracefully. Occasionally the design system will deprecate variables or functionality. Now we'll display a deprecation message in the terminal when compiling USWDS Sass to better communicate these changes. (This notification can be disabled in settings.) We're also improving backward compatibility by supporting deprecated variables, functions, and mixins throughout the major version cycle. This way, we can continue to improve how our code is structured while minimizing the effects of this restructuring on your projects. (uswds/uswds#3261)

This is how the deprecation warning prints in the terminal:

--------------------------------------------------------------------
✉ USWDS Notifications
--------------------------------------------------------------------
2.4.0: If your component settings aren't working as expected, make
sure you're importing the components settings in your Sass entry
point (often styles.scss) with `@import "uswds-theme-components"`.
A bug in 2.0 omitted that import.
--------------------------------------------------------------------
2.2.0: We changed the names of some settings.
$theme-navigation-width → $theme-header-min-width
$theme-megamenu-logo-text-width → $theme-header-logo-text-width
--------------------------------------------------------------------
2.0.2: We changed the names of some settings and mixins.
$theme-title-font-size → $theme-display-font-size
@include title → @include display
@include typeset-title → @include typeset-display
--------------------------------------------------------------------
These are notifications from the USWDS team, not necessarily a
problem with your code.
Disable notifications using $theme-show-notifications: false

Now components reliably respect their font settings. Setting values like $theme-footer-font-family should set the font face for the entire component, but some CSS specificity quirks were overriding these values in some instances. Now, setting a component's font face works as expected, with no secret overrides. (uswds/uswds#3253)

Bugfixes

  • Added a border-collapse: collapse rule to our tables to to fix a bug introduced when we upgraded our version of Normalize. Thanks for the heads up @maya! (uswds/uswds#3250)
  • Removed a duplicate layout grid import (uswds/uswds#3252)
  • Fixed the focus outline's offset, which was being overridden by a specificity bug (uswds/uswds#3259)

Audit

npm audit: found 7 vulnerabilities (5 low, 2 high) in 30585 scanned packages Both High vulnerabilities are related to Fractal and lodash

Commits
  • d7ba268 Merge pull request #3268 from uswds/release-2.4.0
  • b3c4080 2.4.0
  • 275d7fd Disable string-no-newline SL rule for notification
  • cb7d506 Merge pull request #3267 from uswds/dw-notification-enhance
  • 92c43bf Merge pull request #3266 from uswds/dw-update-refs-2.4.0
  • 49b9cfb Add note about adding the notifications var to general
  • 5679398 Update references to 2.4.0
  • f5d63e7 Merge pull request #3261 from uswds/dw-deprecated
  • a113e61 Merge pull request #3265 from uswds/dw-update-fractal
  • 57e51a6 Update dependencies
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Automerge options (never/patch/minor, and dev/runtime dependencies)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

Merge request reports