USWDS - Draft release notes for 3.8.1

[amyleadem]

What's new in USWDS 3.8.1

Bug fixes

Package	A11Y	Breaking	Markup change	Description
usa-button-group	—	—	—	Improved styles for nested button groups. Now, nested button groups should match the height of their parents. (#5885)
usa-footer	—	—	—	Restored the usa-layout-grid dependency in the footer package and removed layout grid styles from the footer stylesheet. This update prevents visual regressions in footer and other components with layout grid utility classes in their markup. (#5930)
usa-identifier	—	—	Yes	Fixed a bug that added the English word "An" to Spanish variants of the identifier component. This was accidentally added to our component preview templates because of a data error. (#5857)
usa-in-page-navigation	—	—	—	Updated an outdated reference to the data-header-selector attribute in an in-page navigation JavaScript error message. The error message now correctly references the data-heading-elements attribute. (#5856)
usa-input-mask	—	—	—	Fixed a bug that caused input mask to break when it is not a direct child of a form. Nested input masks will now initialize and work properly. Thanks @chrislarrycarl! (#5518)
usa-tooltip	Yes	—	—	Updated the behavior of the tooltip component to allow users to hover over tooltip content. This allows the component to meet the "hoverable" standard outlined in WCAG 1.4.13. (#5909)
usa-tooltip	Yes	—	—	Updated tooltip component behavior to close active tooltips when the escape key is pressed. This allows the component to meet the "dismissible" standard outlined in WCAG 1.4.13. (#5919)
usa-validation	Yes	—	—	Fixed a bug that caused non-interactive checklist items in the validation component to receive focus. Now, only the interactive input will receive focus. (#5835)
uswds-utilities	—	—	—	Updated the code comments on utility Sass partials. These comments now reflect the correct utility class names and values. Thanks @aduth! (#5859)

Dependencies and security

Dependency name	Previous version	New version
@18f/identity-stylelint-config	2.0.0	4.0.0
@babel/core	7.23.6	7.24.5
@babel/preset-env	7.23.6	7.24.5
@types/node	20.10.4	20.12.11
autoprefixer	10.4.16	10.4.19
axe-core	4.8.2	4.9.1
eslint	8.52.0	8.56.0
eslint-plugin-import	2.29.0	2.29.1
html-webpack-plugin	5.5.4	5.6.0
mocha	10.2.0	10.4.0
postcss	8.4.32	8.4.38
postcss-discard-comments	6.0.0	6.0.2
postcss-preset-env	9.3.0	9.5.11
prettier	2.8.8	3.2.5
sass	1.69.5	1.77.0
sass-embedded	1.69.5	1.77.0
snyk	1.1262.0	1.1291.0
stylelint	15.11.0	16.5.0
svgo	3.1.0	3.3.2
typescript	5.3.3	5.4.5
webpack	5.89.0	5.91.0

Thanks @anselmbradford for the dependency updates!

0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install @uswds/uswds)
13 moderate, 28 high vulnerabilities in devDependencies (development dependencies).

Release TGZ SHA-256 hash: a86fa133b842ce28d1eed2226216c478debf31bf6c16ffcd96fecf061fdf4583

[RBAngel1]

@amyleadem and @anselmbradford
Are both postcss dependencies upgraded? I found two different versions, 7.0.39 and 8.4.19, that are showing vulnerabilities with CVE-2023-44270
The locations are:
compile/node_modules/@gulp-sourcemaps/identity-map/node_modules/postcss
compile/node_modules/postcss

[mejiaj]

The feature notes look good.

We'll have to revisit the dependency updates since we have quite a few PR's for that already.

• USWDS - POAM: April ‘24 #5854
• USWDS - Dependencies: Update eslint, prettier, stylelint and dependencies #5782
• USWDS - POAM: May '24 #5924

[mahoneycm]

@RBAngel1 The postcss update is for our direct dependency only. The USWDS-Compile's postcss dependency will be updated on it's next release. Unfortunately it looks like @gulp-sourcemaps is stuck with the vulnerable version due to it's subdependency.