Authoritative front-end development resources for Calcite design initiative.

  • By Esri
  • Last update: Nov 17, 2022
  • Comments: 17

This project is deprecated and is not recommended for future development.

Calcite Web

github releases Travis semistandard

Calcite Web is a web design framework that implements the Esri Brand Guidelines and Calcite design framework for browser-based properties and products. Calcite Web is written in Sass, and is compatible with both the standard Sass ruby gem and the Libsass compiler. The project also includes a dependency-free JavaScript library for use with interactive patterns.

Getting Started

We recommend installing Calcite Web with a package manager. Calcite Web works as both a ruby gem or NPM module. Check out the documentation for installation instructions.

Once you've installed Calcite Web, it can be helpful to read the quickstart guide to get an idea of how you use it.

Browser Support

IE / Edge
IE / Edge		 Firefox
Firefox		 Chrome
Chrome		 Safari
Safari
IE10, IE11, Edge last 2 versions last 2 versions last 2 versions

Contributing

We welcome all contributions: issues, pull requests, idea, questions, documentation improvements, etc. Just make sure you read the contribution guidelines.

Licensing

Copyright 2016 Esri

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

A copy of the license is available in the repository's LICENSE file.

Github

https://github.com/Esri/calcite-web

Comments(17)

  • 1

    Accordions

    @nikolaswise @paulcpederson @asangma @chrisferenci @driskull @CassidyB @stieman

    Accordion +/- versus v/^

    There's a considerable concern with our pattern using +/- for accordions.

    In complex dialogues where you can add, create, delete, zoom, or unzoom... the +/- icons can serve as confusing.

    Suggest using the icons below for accordions to limit this confusion: carrots

  • 2

    Text is too thin all over

    @nikolaswise I ban you from using font-weight: 300; on Calcite Web :smile:

    This makes fonts appear way to thin overall but particularly on headers and elements with smaller text sizes.

    I bet this is also unreadable on older/crappier monitors (try the PC on the front desk) but it also still looks to thin on my retina display and thunderbolt.

    Can we bump this up to font-weight: 400; with a light option for headers?

  • 3

    Standard copyright and links in footer?

    The line with "Copyright ..." differs between http://esri.github.io/calcite-web/ vs https://developers.arcgis.com/en/ vs the "patterns" site in regards to css, links and text

    Which one should we use?

  • 4

    Calcite Color Palette : Make the Authoritative Resource

    Having discovered discrepancies in how colors and grids are displayed in Adobe files versus actual CSS, it should be decided which colors and grids are the true colors and grids, and any files related to the matter should be updated (swatches, photoshop guides, css files).

  • 5

    Provide events for javascript patterns

    For example, when using the filter-dropdown component, there is currently no way to know when it has changed. So you basically have to reimplement the pattern again in whatever framework you're using.

    One way to fix this is by returning an event bus from calcite.init. For example:

    var calcite = require('calcite-web')

var c = calcite.init()

c.on('filterDropdownChange', function (e) {
  console.log(e) // => {id: 'filterdropdown1', filters: ['one', 'two', 'three']}
})

    In this way we could enable people plugging this JavaScript into their applications to listen to events and do whatever they need to.

    This also opens up the idea of allowing developers to also emit these events so that you can programmatically open modals, etc via JavaScript like:

    c.emit('modalOpen', {id: 'modal1'})

    Which would find the modal with an id of modal1 and open it. We could also use this internally to decouple all of our logic within calcite-web.js. Each pattern would internally just emit events and update the page.

    Interested in how this would help/hinder @patrickarlt 's work on web components, or how it would fit into other frameworks like Angular, Ember, React, etc.

  • 6

    First and Secondary Nav Structures

    We need to combine and refine all the current navigation patterns into one well-designed set of hierarchical navigation patterns.

    I've started collecting images of different navs across Esri and will be posting them to this thread. We need to accomplish the following requirements:

    1. Top-level or 'site' nav
    2. Second-level or 'sub' nav
    3. Breadcrumbs
    4. (Optional) Third-level nav

    After we get Middleman and sass set up in the repo, let's stub out some solutions along with their naming conventions and go from there.

    /cc @jhough10 @nikolaswise also, @karstenthorson you might have some input into what styles we should settle on going forward.

  • 7

    Icons

    Create a set of icons to distribute with the framework for common interface elements.

    These are the projected icon needs:

    Social Media

    • GitHub
    • Fork
    • Google+
    • Facebook
    • LinkedIn
    • Twitter
    • Stack-Overflow

    Actions

    • Delete
    • Search
    • Share
    • Sign-out
    • Upload
    • Download
    • Edit

    Locations

    • Support
    • Dashboard
    • Settings
    • Marketplace
    • Applications
    • Layers
    • Maps
    • Usage
    • User Profile
    • Documentation

    Labels

    • Experimental
    • Legacy
    • Updated
    • Warning
    • Help
    • Announcement

    Things

    • Navigation
    • Link-external
    • Link
    • Tag
    • Comment
    • Auth
    • Browser
    • Checkmark
    • Group (of users)
    • Key
    • Mail
    • Mobile
    • Phone
    • Pin
    • Right-arrow
    • Left-arrow
  • 8

    How to deal with black not being black

    Very often, I’m working with designs that use black (#000000), which is darker than the darkest black in Calcite (#323232).

    What strategy do you recommend we mortal developers follow to handle this?

    Has anyone paved a cowpath for this actual-black, true-black, dark-black, no-really-this-time-its-black color?

    May be related to the 11 step grayscale developed in https://github.com/Esri/calcite-web/issues/32

  • 9

    Button Hovers and Color

    @nikolaswise @paulcpederson @CassidyB

    I now understand how Calcite-Web works, and am excited to start using this in my designs. I just have a few suggestions for enhancing the system.

    Esri Brand Blue Buttons

    Suggest change from #196fa6 to Esri Blue 200 (#007ac2)

    Hover Buttons Dark Instead of Light

    Historically on esri.com and other esri branded sites we hover buttons darker. There are some edge cases, but I think this may help improve our system here.

    button_revisions

  • 10

    CSS problems with rtl language pages (Arabic)

    In Arabic (a right to left language), the table of contents and body are stacked top and bottom instead of the table of contents being on the right and the body on the left. It looks like a left margin has been left on the pre-1 class div (column-17) when those should have been switched to a right margin for the rtl languages. image

    Also, it looks like the figcaption elements have a right border in Arabic that I don't think should be there. image

  • 11

    App Switcher

    Hey Nik,

    Here's a quick sketch of the app switcher in a med-fi wireframe we are considering navigation for esri.com.

    It's not revolutionary, but hopefully this gives you an idea of placement for desktop.

    We are still questioning the use on tablet or mobile as we don't see too many use cases that would support the effort.

    Talk soon,

    Matt app switcher

  • 12

    Bump json5 and rollup-plugin-babel-minify

    Bumps json5 to 2.2.2 and updates ancestor dependency rollup-plugin-babel-minify. These dependencies need to be updated together.

    Updates json5 from 0.5.1 to 2.2.2

    Release notes

    Sourced from json5's releases.

    v2.2.2

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

    v2.2.0

    • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

    v2.1.3 [code, diff]

    • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

    v2.1.2

    • Fix: Bump minimist to v1.2.5. (#222)

    v2.1.1

    • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
    • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
    • Fix: Spelling mistakes have been fixed. (#196)

    v2.1.0

    • New: The index.mjs and index.min.mjs browser builds in the dist directory support ES6 modules. (#187)

    v2.0.1

    • Fix: The browser builds in the dist directory support ES5. (#182)

    v2.0.0

    • Major: JSON5 officially supports Node.js v6 and later. Support for Node.js v4 has been dropped. Since Node.js v6 supports ES5 features, the code has been rewritten in native ES5, and the dependence on Babel has been eliminated.

    • New: Support for Unicode 10 has been added.

    • New: The test framework has been migrated from Mocha to Tap.

    • New: The browser build at dist/index.js is no longer minified by default. A minified version is available at dist/index.min.js. (#181)

    • Fix: The warning has been made clearer when line and paragraph separators are used in strings.

    • Fix: package.json5 has been restored, and it is automatically generated and

    ... (truncated)

    Changelog

    Sourced from json5's changelog.

    v2.2.2 [code, diff]

    • Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

    v2.2.1 [code, diff]

    • Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

    v2.2.0 [code, diff]

    • New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

    v2.1.3 [code, diff]

    • Fix: An out of memory bug when parsing numbers has been fixed. (#228, #229)

    v2.1.2 [code, diff]

    • Fix: Bump minimist to v1.2.5. (#222)

    v2.1.1 [code, diff]

    • New: package.json and package.json5 include a module property so bundlers like webpack, rollup and parcel can take advantage of the ES Module build. (#208)
    • Fix: stringify outputs \0 as \\x00 when followed by a digit. (#210)
    • Fix: Spelling mistakes have been fixed. (#196)

    ... (truncated)

    Commits
    • 14f8cb1 2.2.2
    • 10cc7ca docs: update CHANGELOG for v2.2.2
    • 7774c10 fix: add proto to objects and arrays
    • edde30a Readme: slight tweak to intro
    • 97286f8 Improve example in readme
    • d720b4f Improve readme (e.g. explain JSON5 better!) (#291)
    • 910ce25 docs: fix spelling of Aseem
    • 2aab4dd test: require tap as t in cli tests
    • 6d42686 test: remove mocha syntax from tests
    • 4798b9d docs: update installation and usage for modules
    • Additional commits viewable in compare view

    Updates rollup-plugin-babel-minify from 4.0.0 to 10.0.0

    Changelog

    Sourced from rollup-plugin-babel-minify's changelog.

    [10.0.0] – 2020-03-14

    Added

    • Support for Rollup ^2.0.0.

    Removed

    • BREAKING CHANGE: support for Node 8.

    [9.1.1] – 2019-11-10

    Fixed

    [9.1.0] – 2019-09-20

    Added

    Changed

    • #187 Bump babel-preset-minify dependency to ^0.5.1.

    [9.0.0] – 2019-06-29

    Added

    • #159 Support for Node 12.

    Removed

    • #169 BREAKING CHANGE: support for Node 6.

    [8.0.0] – 2019-03-08

    Fixed

    • #146 Banner is outputted twice.

    Changed

    • #146 BREAKING CHANGE: bump Rollup dependency to ^1.6.0.

    [7.0.0] – 2019-01-17

    Added

    Removed

    • #143 BREAKING CHANGE: remove support for Rollup < 1.
    • #143 BREAKING CHANGE: remove support for legacy syntax of banner.

    [6.2.0] – 2018-11-22

    Added

    • #138 Ability to add plugins to Babel.

    Fixed

    • #137 Error when minifying dynamic import.

    [6.1.1] – 2018-10-07

    ... (truncated)

    Commits
    • ae3c889 10.0.0
    • 5992ea7 docs(changelog): add missing link to v10 diff
    • e578a4a Merge pull request #200 from Comandeer/t/v10
    • 94cfe8a chore(docs): regenerate docs
    • 56cb227 docs(readme): add note about deprecation
    • 775fb4d chore(license): bump year
    • 8d18fa6 docs(changelog): add entry for v10.0.0
    • 206b32b test(cli): relax requirements for source maps in CLI tests
    • 4ee3017 chore(package): update dependencies
    • c0fbfb6 chore(package): bump supported Node version
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 13

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 14

    Bump engine.io and browser-sync

    Bumps engine.io and browser-sync. These dependencies needed to be updated together. Updates engine.io from 3.2.0 to 6.2.1

    Release notes

    Sourced from engine.io's releases.

    6.2.1

    :warning: This release contains an important security fix :warning:

    A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

    Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

    Please upgrade as soon as possible.

    Bug Fixes

    • catch errors when destroying invalid upgrades (#658) (425e833)

    6.2.0

    Features

    • add the "maxPayload" field in the handshake details (088dcb4)

    So that clients in HTTP long-polling can decide how many packets they have to send to stay under the maxHttpBufferSize value.

    This is a backward compatible change which should not mandate a new major revision of the protocol (we stay in v4), as we only add a field in the JSON-encoded handshake data:

    0{"sid":"lv_VI97HAXpY6yYWAAAC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000,"maxPayload":1000000}

    Links

    6.1.3

    Bug Fixes

    • typings: allow CorsOptionsDelegate as cors options (#641) (a463d26)
    • uws: properly handle chunked content (#642) (3367440)

    ... (truncated)

    Changelog

    Sourced from engine.io's changelog.

    6.2.1 (2022-11-20)

    :warning: This release contains an important security fix :warning:

    A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node.js process:

    Error: read ECONNRESET
    at TCP.onStreamRead (internal/stream_base_commons.js:209:20)
Emitted 'error' event on Socket instance at:
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

    Please upgrade as soon as possible.

    Bug Fixes

    • catch errors when destroying invalid upgrades (#658) (425e833)

    3.6.0 (2022-06-06)

    Bug Fixes

    Features

    • decrease the default value of maxHttpBufferSize (58e274c)

    This change reduces the default value from 100 mb to a more sane 1 mb.

    This helps protect the server against denial of service attacks by malicious clients sending huge amounts of data.

    See also: https://github.com/advisories/GHSA-j4f2-536g-r55m

    • increase the default value of pingTimeout (f55a79a)

    ... (truncated)

    Commits
    • 24b847b chore(release): 6.2.1
    • 425e833 fix: catch errors when destroying invalid upgrades (#658)
    • 99adb00 chore(deps): bump xmlhttprequest-ssl and engine.io-client in /examples/latenc...
    • d196f6a chore(deps): bump minimatch from 3.0.4 to 3.1.2 (#660)
    • 7c1270f chore(deps): bump nanoid from 3.1.25 to 3.3.1 (#659)
    • 535a01d ci: add Node.js 18 in the test matrix
    • 1b71a6f docs: remove "Vanilla JS" highlight from README (#656)
    • 917d1d2 refactor: replace deprecated String.prototype.substr() (#646)
    • 020801a chore: add changelog for version 3.6.0
    • ed1d6f9 test: make test script work on Windows (#643)
    • Additional commits viewable in compare view

    Updates browser-sync from 2.24.7 to 2.27.10

    Release notes

    Sourced from browser-sync's releases.

    2.27.9

    What's Changed

    A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

    Full Changelog: https://github.com/BrowserSync/browser-sync/compare/v2.27.8...v2.27.9

    2.27.8

    This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

    PR:

    Resolved Issues:

    Thanks to @​lachieh for the original PR, which helped me land this fix

    added snippet: boolean option

    This release adds a feature to address BrowserSync/browser-sync#1882

    Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

    browser-sync . --no-snippet

    or in any Browsersync configuration

    const config = {
  snippet: false,
};

    the original request was related to Eleventy usage, so here's how that would look

    eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 15

    Bump socket.io-parser and browser-sync

    Bumps socket.io-parser and browser-sync. These dependencies needed to be updated together. Updates socket.io-parser from 3.1.3 to 4.2.1

    Release notes

    Sourced from socket.io-parser's releases.

    4.2.1

    Bug Fixes

    • check the format of the index of each attachment (b5d0cb7)

    Links

    4.2.0

    Features

    • allow the usage of custom replacer and reviver (#112) (b08bc1a)

    Links

    4.1.2

    Bug Fixes

    • allow objects with a null prototype in binary packets (#114) (7f6b262)

    Links

    4.1.1

    Links

    4.1.0

    Features

    • provide an ESM build with and without debug (388c616)

    Links

    4.0.5

    Bug Fixes

    • check the format of the index of each attachment (b559f05)

    Links

    ... (truncated)

    Changelog

    Sourced from socket.io-parser's changelog.

    4.2.1 (2022-06-27)

    Bug Fixes

    • check the format of the index of each attachment (b5d0cb7)

    4.2.0 (2022-04-17)

    Features

    • allow the usage of custom replacer and reviver (#112) (b08bc1a)

    4.1.2 (2022-02-17)

    Bug Fixes

    • allow objects with a null prototype in binary packets (#114) (7f6b262)

    4.1.1 (2021-10-14)

    4.1.0 (2021-10-11)

    Features

    • provide an ESM build with and without debug (388c616)

    4.0.4 (2021-01-15)

    Bug Fixes

    • allow integers as event names (1c220dd)

    4.0.3 (2021-01-05)

    4.0.2 (2020-11-25)

    ... (truncated)

    Commits
    • 5a2ccff chore(release): 4.2.1
    • b5d0cb7 fix: check the format of the index of each attachment
    • c7514b5 chore(release): 4.2.0
    • 931f152 chore: add Node.js 16 in the test matrix
    • 6c9cb27 chore: bump @​socket.io/component-emitter to version 3.1.0
    • b08bc1a feat: allow the usage of custom replacer and reviver (#112)
    • aed252c chore(release): 4.1.2
    • 89209fa chore: bump cached-path-relative from 1.0.2 to 1.1.0 (#113)
    • 0a3b556 chore: bump path-parse from 1.0.6 to 1.0.7 (#108)
    • 7f6b262 fix: allow objects with a null prototype in binary packets (#114)
    • Additional commits viewable in compare view

    Updates browser-sync from 2.24.7 to 2.27.10

    Release notes

    Sourced from browser-sync's releases.

    2.27.9

    What's Changed

    A bug prevented the help output from displaying - it was introduced when the CLI parser yargs was updated, and is now fixed :)

    Full Changelog: https://github.com/BrowserSync/browser-sync/compare/v2.27.8...v2.27.9

    2.27.8

    This release upgrades Socket.io (client+server) to the latest versions - solving the following issues, and silencing security warning :)

    PR:

    Resolved Issues:

    Thanks to @​lachieh for the original PR, which helped me land this fix

    added snippet: boolean option

    This release adds a feature to address BrowserSync/browser-sync#1882

    Sometimes you don't want Browsersync to auto-inject it's connection snippet into your HTML - now you can disable it globally via either a CLI param or the new snippet option :)

    browser-sync . --no-snippet

    or in any Browsersync configuration

    const config = {
  snippet: false,
};

    the original request was related to Eleventy usage, so here's how that would look

    eleventyConfig.setBrowserSyncConfig({
  snippet: false,
});

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 16

    Bump thenify from 3.3.0 to 3.3.1

    Bumps thenify from 3.3.0 to 3.3.1.

    Changelog

    Sourced from thenify's changelog.

    3.3.1 / 2020-06-18

    fixes

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 17

    Bump follow-redirects from 1.5.8 to 1.14.8

    Bumps follow-redirects from 1.5.8 to 1.14.8.

    Commits
    • 3d81dc3 Release version 1.14.8 of the npm package.
    • 62e546a Drop confidential headers across schemes.
    • 2ede36d Release version 1.14.7 of the npm package.
    • 8b347cb Drop Cookie header across domains.
    • 6f5029a Release version 1.14.6 of the npm package.
    • af706be Ignore null headers.
    • d01ab7a Release version 1.14.5 of the npm package.
    • 40052ea Make compatible with Node 17.
    • 86f7572 Fix: clear internal timer on request abort to avoid leakage
    • 2e1eaf0 Keep Authorization header on subdomain redirects.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

Popular Tag

Related