Skip to content

USWDS 3.8.2
Compare
Choose a tag to compare
@amyleadem amyleadem released this 09 Aug 21:32
· 702 commits to main since this release
v3.8.2
0eed4b9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's new in USWDS 3.8.2

Dependencies and security

Removed the classlist-polyfill dependency. This update resolves a Denial of Service (DoS) vulnerability related to the classlist-polyfill dependency that we do not consider exploitable on the front end of applications. (#6012)

Important

This release may affect some functionality in Internet Explorer 11 (IE11). This update removes the polyfill that added full classList support to IE11. USWDS no longer supports IE11, but if your project does, test if this update negatively affects your users and add additional support for classList if it does.

Dependency name Previous version New version
classlist-polyfill 1.2.0 --

Thanks @aduth for the initial work on removing this dependency.

0 vulnerabilities in regular dependencies (dependencies for USWDS projects installed with npm install @uswds/uswds)
5 low, 11 moderate, 44 high vulnerabilities in devDependencies (development dependencies).

Release TGZ SHA-256 hash: 94049e150c2a67dfdb75f140fc664d2e936ef652480a2f88dfdd96922e0a940c

Contributors

aduth
Assets 3
Loading
0 Join discussion