The gulp-base64 package has 11 dependencies with
vulnerabilities listed against them as of this
time. It also doesn't seem to be maintained any
more. The last commit was in 2015 and there are
issues and pull requests up to bump the
dependencies.
This replaces it with gulp-base64-inline.
gulp-base64-inline takes a single path, which it
prepends to any image paths it finds. Our image
paths are actually URLs, not filesystem paths so
we need to send it a relative path to repoint the
URL.
This commit includes changes that remove a few
`@import`s from one of our sass partials.
They aren't needed as those files are imported
further up the stack and `_typography.scss` has an
import in it that overwrites the new
`_url-helpers.scss` we added here.
Means that only the following packages will now be
out of date:
1. govuk_template_jinja
2. jquery
Reasons:
GOVUK Template Jinja
This bumps it to 0.24.1, after which the only
changes are to add analytics tracking to the
GOV.UK logo and cookie banner.
We don't need to track either of these and they
were added for GOVUK analytics work.
jQuery
jQuery stops supporting IE<9 after version
1.12. This is pretty much our support now but if
we move to IE>8 we shouldn't do it by bumping the
version. This would just increase the amount of
broken JS we ship to IE8.
Also: both are deprecated and we will move off
them in the near future.
Since it moved to ES Modules in version 2.3.1,
diff-dom stopped including the `diffDOM.js` file
in its NPM package.
We don't do any kind of bundling in our build yet,
just concatenation of our scripts and some
minification of the results so we can't take
advantage of this yet.
The `diffDOM.js` file is still available in the
Github release so this moves to referencing that
in the `package.json` instead, until we start
using a bundler.
I opened an issue to check this is what the author
intended:
https://github.com/fiduswriter/diffDOM/issues/84
The latest version also adds Rollup as a peer
dependency.
Bumping NodeJS to 10.15.3 removes the need to
transpile `gulpfile.js` as this version includes
all the ES6 features used..
Also removes .babelrc file. This was included to
ensure the gulpfile was transpiled correctly so it
is no longer needed.
Sass-lint was bumped when gulp-sass-lint was
bumped. This brought in a new version which
changed the interface of `sassLint.format`.
It doesn't look like the `sassLint.format` method
ever defined any arguments or did anything with
the `arguments` variable. That being the case, our
sending it an instance of the 'stylish' ESLint
reporter did nothing in the previous version but
this wasn't obvious because sass-lint defaults to
'stylish' for its output styling.
The latest version (1.4.0) introduced an argument
of a writable stream which, if defined, will be
used to write the output to. This caused a problem
with our sending in the instance of 'stylish'.
This moves the selection of stylish into the
sass-lint config, as described in the
[sass-lint docs](https://github.com/sasstools/gulp-sass-lint/tree/master#sasslintformatwritable).
Brings in a new API which is a breaking change:
https://github.com/gulpjs/gulp/blob/master/CHANGELOG.md#400
Requires gulpfile.babel.js to be a CommonJS module
and for all tasks to be exported.
Replaces using ES6 modules for the CommonJS to
include other packages to match the type of module
the gulpfile now is.
Updates to 4.0.0 include `series` and `parallel`
methods which remove the need for the
`run-sequence` package.
Also bumps gulp-specific libraries.
Returns the data calculated by the API. Stored in Redis against a
hardcoded key so that no-one hammering the home page is directly hitting
the database.
Dealing with users who request to go live but haven’t completed all the
steps still represents a significant support overhead for our team.
We’ve made some improvements to the percentage of incomplete requests
with a better page design, but ultimately because it still shows the
button people think it’s OK to press the button while some of the items
on the page still say [Not completed].
We can do this now because organisations are in the database, which
means we can mark the agreement signed as soon as we get it back,
without having to deploy code.
We should audit when a service manager changes a user profile that is not
their own. This can be recorded in our events table, which is currently
only used to record successful logins.
This adds two new types of event, `update_user_email` and
`update_user_mobile_number` which store the
- browser fingerprint
- IP address
- user id of the user being updated
- user id of the service manager making the change
- original email address and new email address (for `update_user_email`
events)
- original mobile number and new mobile number (for
`update_user_mobile_number` events)
Shows a count of how many folders that user can see - this doesn't do
anything smart with parent folder stuff, it's just "how many checkboxes
are ticked on the edit page".
* doesn't show if service has no folders
* doesn't show if service hasn't got folder permissions enabled
Data attributes need to be '-' separated strings
in the HTML to appear as camelCase keys in the
`.dataset` (`.data()` in jQuery) property.
This corrects the assumption that the camelCasing
would carry through from the HTML.
More info:
https://developer.mozilla.org/en-US/docs/Learn/HTML/Howto/Use_data_attributes
If users scroll a page with an autofocus component
on so it is off-screen it seems safe to assume
they won't want it focused if they return to it.
This prevents that happening.
This adds a data-attribute flag to allow this
behaviour to be overridden.
We have some situations where the assumption here
isn't appropriate, for example on pages where the
component with autofocus is in a sticky element.
This means it will appear offscreen when the page
loads but, when its parent becomes sticky, will be
visible again.
We keep getting people requesting branding when they already have the
branding they want set. Seems like they don’t realise we’re doing it
automatically. This might help.
The delete link was inheriting 1px of extra top padding meant to align
it when displayed alongside a button. In this case it’s not being
displayed alongside a button, so doesn’t need the extra padding.
