💬 Minimal, accessible, ultra lightweight css tooltip library. Just 1kb.

  • By Indrashish Ghosh
  • Last update: Sep 18, 2022
  • Comments: 16

Made with love License Build Status

Modern, minimal css tooptip library with accessibility baked in. Just `1kb` minified and gzipped.


Microtip

 

Table of Contents

 

Installation

via npm

npm install microtip

via yarn

yarn add microtip

via CDN

https://unpkg.com/microtip/microtip.css

direct download

curl -o microtip https://github.com/ghosh/microtip/blob/master/microtip.css

 

Setup

in PostCSS

@import 'microtip';

in Webpack

import microtip from 'microtip/microtip.css'

in SCSS

@import 'microtip/microtip';

Make sure, node_modules is included in the includePaths setting. You can then directly import the library into your file.

 

Usage

Using the tooltip is incredibly simple. Simply add a aria-label and role="tooltip" attribute to the element on which you want the tooltip to appear. The tooltip message is the attribute value aria-label="your message". This along with a position modifier is all you need to get going. Example:-

<button aria-label="Hey tooltip!" data-microtip-position="top" role="tooltip">

Position Modifiers

You can change the direction of the tooltip by adding a data-microtip-position attribute. The accepted values of this attribute are:- top, top-left, top-right, bottom, bottom-left, bottom-right, left and right. Example:-

<button aria-label="Hey tooltip!" data-microtip-position="top-left" role="tooltip">

Size Modifiers

By default, the tooltip will takeup only the size it requires to show the text. You can specify sizes by adding a data-microtip-size attribute. The accepted values include small, medium, large and fit. Example:-

<button aria-label="This is a decently long text!" data-microtip-position="top-left" data-microtip-size="medium" role="tooltip">

Note - fit sets the width of the tooltip to be the same as the width on the element. It only works along with the top and bottom position modifiers.

 

Customization

Microtip uses css variables, which allows you to customize the behavior of the tooltip as per your needs.

Variable Description Default Value
--microtip-transition-duration Specifies the duration of the tootltip transition .18s
--microtip-transition-delay The delay on hover before showing the tooltip 0s
--microtip-transition-easing The easing applied while transitioning the tooltip ease-in-out
--microtip-font-size Sets the font size of the text in tooltip 13px
--microtip-font-weight The font weight of the text in tooltip normal
--microtip-text-transform Controls the casing of the text none

 

Example:-

:root {
 --microtip-transition-duration: 0.5s;
 --microtip-transition-delay: 1s;
 --microtip-transition-easing: ease-out;
 --microtip-font-size: 13px;
 --microtip-font-weight: bold;
 --microtip-text-transform: uppercase;
}

The above code will cause all the tooltips to transition over 0.5s while applying an easing of type ease-out after a delay of 1s. The text will be bold and uppercase and have a font size of 13px.

You could also customize the tooltip for individual instances by using a selector more specific than :root. Example:-

.tooltip {
 --microtip-transition-duration: 0.2s;
 --microtip-transition-delay: 0s;
 --microtip-transition-easing: ease-in-out;
}

The above code would only affect the tooltips shown on any element with the tooltip class.

For more on css variables see here

 

Related

  • Micromodal - Tiny javascript library for creating accessible modal dialogs

 

Credits

 

✌️

A little project by @i_ghosh

Github

https://github.com/ghosh/microtip

Comments(16)

  • 1

    Remove role="tooltip"

    Just found this nice little gem. Nice work. Seems like an easy way to add nice tooltips.

    But I think the use of the role="tooltip" attribute is wrong. For example:

    <button aria-label="Hey tooltip!" data-microtip-position="up" role="tooltip">
    

    This implies that the role of the button is not a button anymore, but a tooltip. And that feels wrong, don't you think? The role of the button should still be a button.

  • 2

    How to hide tooltip after a button is pressed?

    Not sure if this is a bug or expected behaviour. When we only hover the button, the tooltip disappears after the mouse is moved away. But when the button is clicked and then moved away, the tooltip stays, how can we remove the tooltip after the click?

    Reproduced no https://microtip.now.sh/

    tooltip-bug-microtip

  • 3

    replace “minifier” with “clean-css”

    I've replaces minifier with clean-css which saves some extra bytes. It is also way more maintained and used.

    before: 6195 bytes
    after : 6041 bytes
    diff  :  154 bytes
    

    Not much bit every byte counts :)

  • 4

    position "up" in documentation

    In the readme, the first example has data-microtip-position="up". Took me some minutes to figure out that this is not a valid option. Please change it.

  • 5

    Bump stylelint from 9.1.1 to 13.12.0

    Bumps stylelint from 9.1.1 to 13.12.0.

    Release notes

    Sourced from stylelint's releases.

    13.12.0

    • Added: named-grid-areas-no-invalid rule (#5167).
    • Added: ignore: ["single-declaration"] to declaration-block-trailing-semicolon (#5165).
    • Fixed: *-no-unknown false positives (#5158).
    • Fixed: selector-pseudo-class-no-unknown false positives for :autofill (#5171).

    13.11.0

    • Added: exceptions and severity options to report* configuration object properties (#5143).

    13.10.0

    • Added: ignoreDisables, reportNeedlessDisables, reportInvalidScopeDisables and reportDescriptionlessDisables configuration object properties (#5126).
    • Added: declaration-block-no-duplicate-custom-properties rule (#5125).
    • Fixed: alpha-value-notation false negatives for CSS Variables (#5130).

    13.9.0

    • Added: TAP formatter (#5062).
    • Fixed: incorrect exit code when using --report options (#5079).
    • Fixed: color-hex-case false negatives for css-in-js object notation (#5101).
    • Fixed: color-hex-length false negatives for css-in-js object notation (#5106).
    • Fixed: selector-attribute-name-disallowed-list false positives for valueless attribute selectors (#5060).

    13.8.0

    • Deprecated: StylelintStandaloneReturnValue.reportedDisables, .descriptionlessDisables, .needlessDisables, and .invalidScopeDisables. .reportedDisables will always be empty and the other properties will always be undefined, since these errors now show up in .results instead (#4973).
    • Added: disable comments that are reported as errors for various reasons are now reported as standard lint errors rather than a separate class of errors that must be handled specially (#4973).
    • Added: comment-pattern rule (#4962).
    • Added: selector-attribute-name-disallowed-list rule (#4992).
    • Added: ignoreAtRules[] to property-no-unknown (#4965).
    • Fixed: *-notation false negatives for dollar variables (#5031).
    • Fixed: *-pattern missing configured pattern in violation messages (#4975).

    13.7.2

    • Fixed: regression for disable commands and adjacent double-slash comments (#4950).
    • Fixed: use of full file path without converting it to glob (#4931).

    13.7.1

    • Fixed: double-slash disable comments when followed by another comment (#4913).

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-allowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.
      • comment-word-blacklist. Use comment-word-disallowed-list instead.
      • declaration-property-unit-blacklist. Use declaration-property-unit-disallowed-list instead.
      • declaration-property-unit-whitelist. Use declaration-property-unit-allowed-list instead.
      • declaration-property-value-blacklist. Use declaration-property-value-disallowed-list instead.
      • declaration-property-value-whitelist. Use declaration-property-value-allowed-list instead.
      • function-blacklist. Use function-disallowed-list instead.
      • function-url-scheme-blacklist. Use function-url-scheme-disallowed-list instead.
      • function-url-scheme-whitelist. Use function-url-scheme-allowed-list instead.

    ... (truncated)

    Changelog

    Sourced from stylelint's changelog.

    13.12.0

    • Added: named-grid-areas-no-invalid rule (#5167).
    • Added: ignore: ["single-declaration"] to declaration-block-trailing-semicolon (#5165).
    • Fixed: *-no-unknown false positives (#5158).
    • Fixed: selector-pseudo-class-no-unknown false positives for :autofill (#5171).

    13.11.0

    • Added: exceptions and severity options to report* configuration object properties (#5143).

    13.10.0

    • Added: ignoreDisables, reportNeedlessDisables, reportInvalidScopeDisables and reportDescriptionlessDisables configuration object properties (#5126).
    • Added: declaration-block-no-duplicate-custom-properties rule (#5125).
    • Fixed: alpha-value-notation false negatives for CSS Variables (#5130).

    13.9.0

    • Added: TAP formatter (#5062).
    • Fixed: incorrect exit code when using --report options (#5079).
    • Fixed: color-hex-case false negatives for css-in-js object notation (#5101).
    • Fixed: color-hex-length false negatives for css-in-js object notation (#5106).
    • Fixed: selector-attribute-name-disallowed-list false positives for valueless attribute selectors (#5060).

    13.8.0

    • Deprecated: StylelintStandaloneReturnValue.reportedDisables, .descriptionlessDisables, .needlessDisables, and .invalidScopeDisables. .reportedDisables will always be empty and the other properties will always be undefined, since these errors now show up in .results instead (#4973).
    • Added: disable comments that are reported as errors for various reasons are now reported as standard lint errors rather than a separate class of errors that must be handled specially (#4973).
    • Added: comment-pattern rule (#4962).
    • Added: selector-attribute-name-disallowed-list rule (#4992).
    • Added: ignoreAtRules[] to property-no-unknown (#4965).
    • Fixed: *-notation false negatives for dollar variables (#5031).
    • Fixed: *-pattern missing configured pattern in violation messages (#4975).

    13.7.2

    • Fixed: regression for disable commands and adjacent double-slash comments (#4950).
    • Fixed: use of full file path without converting it to glob (#4931).

    13.7.1

    • Fixed: double-slash disable comments when followed by another comment (#4913).

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-allowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
  • 6

    Bump stylelint from 9.1.1 to 13.9.0

    Bumps stylelint from 9.1.1 to 13.9.0.

    Release notes

    Sourced from stylelint's releases.

    13.9.0

    • Added: TAP formatter (#5062).
    • Fixed: incorrect exit code when using --report options (#5079).
    • Fixed: color-hex-case false negatives for css-in-js object notation (#5101).
    • Fixed: color-hex-length false negatives for css-in-js object notation (#5106).
    • Fixed: selector-attribute-name-disallowed-list false positives for valueless attribute selectors (#5060).

    13.8.0

    • Deprecated: StylelintStandaloneReturnValue.reportedDisables, .descriptionlessDisables, .needlessDisables, and .invalidScopeDisables. .reportedDisables will always be empty and the other properties will always be undefined, since these errors now show up in .results instead (#4973).
    • Added: disable comments that are reported as errors for various reasons are now reported as standard lint errors rather than a separate class of errors that must be handled specially (#4973).
    • Added: comment-pattern rule (#4962).
    • Added: selector-attribute-name-disallowed-list rule (#4992).
    • Added: ignoreAtRules[] to property-no-unknown (#4965).
    • Fixed: *-notation false negatives for dollar variables (#5031).
    • Fixed: *-pattern missing configured pattern in violation messages (#4975).

    13.7.2

    • Fixed: regression for disable commands and adjacent double-slash comments (#4950).
    • Fixed: use of full file path without converting it to glob (#4931).

    13.7.1

    • Fixed: double-slash disable comments when followed by another comment (#4913).

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-allowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.
      • comment-word-blacklist. Use comment-word-disallowed-list instead.
      • declaration-property-unit-blacklist. Use declaration-property-unit-disallowed-list instead.
      • declaration-property-unit-whitelist. Use declaration-property-unit-allowed-list instead.
      • declaration-property-value-blacklist. Use declaration-property-value-disallowed-list instead.
      • declaration-property-value-whitelist. Use declaration-property-value-allowed-list instead.
      • function-blacklist. Use function-disallowed-list instead.
      • function-url-scheme-blacklist. Use function-url-scheme-disallowed-list instead.
      • function-url-scheme-whitelist. Use function-url-scheme-allowed-list instead.
      • function-whitelist. Use function-allowed-list instead.
      • media-feature-name-blacklist. Use media-feature-name-disallowed-list instead.
      • media-feature-name-value-whitelist. Use media-feature-name-value-allowed-list instead.
      • media-feature-name-whitelist. Use media-feature-name-allowed-list instead.
      • property-blacklist. Use property-disallowed-list instead.
      • property-whitelist. Use property-allowed-list instead.
      • selector-attribute-operator-blacklist. Use selector-attribute-operator-disallowed-list instead.
      • selector-attribute-operator-whitelist. Use selector-attribute-operator-allowed-list instead.
      • selector-combinator-blacklist. Use selector-combinator-disallowed-list instead.
      • selector-combinator-whitelist. Use selector-combinator-allowed-list instead.
      • selector-pseudo-class-blacklist. Use selector-pseudo-class-disallowed-list instead.
      • selector-pseudo-class-whitelist. Use selector-pseudo-class-allowed-list instead.
      • selector-pseudo-element-blacklist. Use selector-pseudo-element-disallowed-list instead.
      • selector-pseudo-element-whitelist. Use selector-pseudo-element-allowed-list instead.

    ... (truncated)

    Changelog

    Sourced from stylelint's changelog.

    13.9.0

    • Added: TAP formatter (#5062).
    • Fixed: incorrect exit code when using --report options (#5079).
    • Fixed: color-hex-case false negatives for css-in-js object notation (#5101).
    • Fixed: color-hex-length false negatives for css-in-js object notation (#5106).
    • Fixed: selector-attribute-name-disallowed-list false positives for valueless attribute selectors (#5060).

    13.8.0

    • Deprecated: StylelintStandaloneReturnValue.reportedDisables, .descriptionlessDisables, .needlessDisables, and .invalidScopeDisables. .reportedDisables will always be empty and the other properties will always be undefined, since these errors now show up in .results instead (#4973).
    • Added: disable comments that are reported as errors for various reasons are now reported as standard lint errors rather than a separate class of errors that must be handled specially (#4973).
    • Added: comment-pattern rule (#4962).
    • Added: selector-attribute-name-disallowed-list rule (#4992).
    • Added: ignoreAtRules[] to property-no-unknown (#4965).
    • Fixed: *-notation false negatives for dollar variables (#5031).
    • Fixed: *-pattern missing configured pattern in violation messages (#4975).

    13.7.2

    • Fixed: regression for disable commands and adjacent double-slash comments (#4950).
    • Fixed: use of full file path without converting it to glob (#4931).

    13.7.1

    • Fixed: double-slash disable comments when followed by another comment (#4913).

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-allowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.
      • comment-word-blacklist. Use comment-word-disallowed-list instead.
      • declaration-property-unit-blacklist. Use declaration-property-unit-disallowed-list instead.
      • declaration-property-unit-whitelist. Use declaration-property-unit-allowed-list instead.
      • declaration-property-value-blacklist. Use declaration-property-value-disallowed-list instead.
      • declaration-property-value-whitelist. Use declaration-property-value-allowed-list instead.
      • function-blacklist. Use function-disallowed-list instead.
      • function-url-scheme-blacklist. Use function-url-scheme-disallowed-list instead.
      • function-url-scheme-whitelist. Use function-url-scheme-allowed-list instead.
      • function-whitelist. Use function-allowed-list instead.
      • media-feature-name-blacklist. Use media-feature-name-disallowed-list instead.
      • media-feature-name-value-whitelist. Use media-feature-name-value-allowed-list instead.
      • media-feature-name-whitelist. Use media-feature-name-allowed-list instead.
      • property-blacklist. Use property-disallowed-list instead.
      • property-whitelist. Use property-allowed-list instead.
      • selector-attribute-operator-blacklist. Use selector-attribute-operator-disallowed-list instead.
      • selector-attribute-operator-whitelist. Use selector-attribute-operator-allowed-list instead.
      • selector-combinator-blacklist. Use selector-combinator-disallowed-list instead.

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
  • 7

    Bump stylelint from 9.1.1 to 13.8.0

    Bumps stylelint from 9.1.1 to 13.8.0.

    Release notes

    Sourced from stylelint's releases.

    13.8.0

    • Deprecated: StylelintStandaloneReturnValue.reportedDisables, .descriptionlessDisables, .needlessDisables, and .invalidScopeDisables. .reportedDisables will always be empty and the other properties will always be undefined, since these errors now show up in .results instead (#4973).
    • Added: disable comments that are reported as errors for various reasons are now reported as standard lint errors rather than a separate class of errors that must be handled specially (#4973).
    • Added: comment-pattern rule (#4962).
    • Added: selector-attribute-name-disallowed-list rule (#4992).
    • Added: ignoreAtRules[] to property-no-unknown (#4965).
    • Fixed: *-notation false negatives for dollar variables (#5031).
    • Fixed: *-pattern missing configured pattern in violation messages (#4975).

    13.7.2

    • Fixed: regression for disable commands and adjacent double-slash comments (#4950).
    • Fixed: use of full file path without converting it to glob (#4931).

    13.7.1

    • Fixed: double-slash disable comments when followed by another comment (#4913).

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-allowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.
      • comment-word-blacklist. Use comment-word-disallowed-list instead.
      • declaration-property-unit-blacklist. Use declaration-property-unit-disallowed-list instead.
      • declaration-property-unit-whitelist. Use declaration-property-unit-allowed-list instead.
      • declaration-property-value-blacklist. Use declaration-property-value-disallowed-list instead.
      • declaration-property-value-whitelist. Use declaration-property-value-allowed-list instead.
      • function-blacklist. Use function-disallowed-list instead.
      • function-url-scheme-blacklist. Use function-url-scheme-disallowed-list instead.
      • function-url-scheme-whitelist. Use function-url-scheme-allowed-list instead.
      • function-whitelist. Use function-allowed-list instead.
      • media-feature-name-blacklist. Use media-feature-name-disallowed-list instead.
      • media-feature-name-value-whitelist. Use media-feature-name-value-allowed-list instead.
      • media-feature-name-whitelist. Use media-feature-name-allowed-list instead.
      • property-blacklist. Use property-disallowed-list instead.
      • property-whitelist. Use property-allowed-list instead.
      • selector-attribute-operator-blacklist. Use selector-attribute-operator-disallowed-list instead.
      • selector-attribute-operator-whitelist. Use selector-attribute-operator-allowed-list instead.
      • selector-combinator-blacklist. Use selector-combinator-disallowed-list instead.
      • selector-combinator-whitelist. Use selector-combinator-allowed-list instead.
      • selector-pseudo-class-blacklist. Use selector-pseudo-class-disallowed-list instead.
      • selector-pseudo-class-whitelist. Use selector-pseudo-class-allowed-list instead.
      • selector-pseudo-element-blacklist. Use selector-pseudo-element-disallowed-list instead.
      • selector-pseudo-element-whitelist. Use selector-pseudo-element-allowed-list instead.
      • unit-blacklist. Use unit-disallowed-list instead.
      • unit-whitelist. Use unit-allowed-list instead.
    • Added: syntax object acceptance to customSyntax option (#4839).
    • Added: support for *.cjs config files (#4905).
    • Added: support for descriptions in stylelint command comments (#4848).
    • Added: reportDescriptionlessDisables flag (#4907).
    • Added: reportDisables secondary option (#4897).
    Changelog

    Sourced from stylelint's changelog.

    13.8.0

    • Deprecated: StylelintStandaloneReturnValue.reportedDisables, .descriptionlessDisables, .needlessDisables, and .invalidScopeDisables. .reportedDisables will always be empty and the other properties will always be undefined, since these errors now show up in .results instead (#4973).
    • Added: disable comments that are reported as errors for various reasons are now reported as standard lint errors rather than a separate class of errors that must be handled specially (#4973).
    • Added: comment-pattern rule (#4962).
    • Added: selector-attribute-name-disallowed-list rule (#4992).
    • Added: ignoreAtRules[] to property-no-unknown (#4965).
    • Fixed: *-notation false negatives for dollar variables (#5031).
    • Fixed: *-pattern missing configured pattern in violation messages (#4975).

    13.7.2

    • Fixed: regression for disable commands and adjacent double-slash comments (#4950).
    • Fixed: use of full file path without converting it to glob (#4931).

    13.7.1

    • Fixed: double-slash disable comments when followed by another comment (#4913).

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-allowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.
      • comment-word-blacklist. Use comment-word-disallowed-list instead.
      • declaration-property-unit-blacklist. Use declaration-property-unit-disallowed-list instead.
      • declaration-property-unit-whitelist. Use declaration-property-unit-allowed-list instead.
      • declaration-property-value-blacklist. Use declaration-property-value-disallowed-list instead.
      • declaration-property-value-whitelist. Use declaration-property-value-allowed-list instead.
      • function-blacklist. Use function-disallowed-list instead.
      • function-url-scheme-blacklist. Use function-url-scheme-disallowed-list instead.
      • function-url-scheme-whitelist. Use function-url-scheme-allowed-list instead.
      • function-whitelist. Use function-allowed-list instead.
      • media-feature-name-blacklist. Use media-feature-name-disallowed-list instead.
      • media-feature-name-value-whitelist. Use media-feature-name-value-allowed-list instead.
      • media-feature-name-whitelist. Use media-feature-name-allowed-list instead.
      • property-blacklist. Use property-disallowed-list instead.
      • property-whitelist. Use property-allowed-list instead.
      • selector-attribute-operator-blacklist. Use selector-attribute-operator-disallowed-list instead.
      • selector-attribute-operator-whitelist. Use selector-attribute-operator-allowed-list instead.
      • selector-combinator-blacklist. Use selector-combinator-disallowed-list instead.
      • selector-combinator-whitelist. Use selector-combinator-allowed-list instead.
      • selector-pseudo-class-blacklist. Use selector-pseudo-class-disallowed-list instead.
      • selector-pseudo-class-whitelist. Use selector-pseudo-class-allowed-list instead.
      • selector-pseudo-element-blacklist. Use selector-pseudo-element-disallowed-list instead.
      • selector-pseudo-element-whitelist. Use selector-pseudo-element-allowed-list instead.
      • unit-blacklist. Use unit-disallowed-list instead.
      • unit-whitelist. Use unit-allowed-list instead.
    • Added: syntax object acceptance to customSyntax option (#4839).
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
  • 8

    Bump stylelint from 9.1.1 to 13.7.2

    Bumps stylelint from 9.1.1 to 13.7.2.

    Release notes

    Sourced from stylelint's releases.

    13.7.2

    • Fixed: regression for disable commands and adjacent double-slash comments (#4950).
    • Fixed: use of full file path without converting it to glob (#4931).

    13.7.1

    • Fixed: double-slash disable comments when followed by another comment (#4913).

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-allowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.
      • comment-word-blacklist. Use comment-word-disallowed-list instead.
      • declaration-property-unit-blacklist. Use declaration-property-unit-disallowed-list instead.
      • declaration-property-unit-whitelist. Use declaration-property-unit-allowed-list instead.
      • declaration-property-value-blacklist. Use declaration-property-value-disallowed-list instead.
      • declaration-property-value-whitelist. Use declaration-property-value-allowed-list instead.
      • function-blacklist. Use function-disallowed-list instead.
      • function-url-scheme-blacklist. Use function-url-scheme-disallowed-list instead.
      • function-url-scheme-whitelist. Use function-url-scheme-allowed-list instead.
      • function-whitelist. Use function-allowed-list instead.
      • media-feature-name-blacklist. Use media-feature-name-disallowed-list instead.
      • media-feature-name-value-whitelist. Use media-feature-name-value-allowed-list instead.
      • media-feature-name-whitelist. Use media-feature-name-allowed-list instead.
      • property-blacklist. Use property-disallowed-list instead.
      • property-whitelist. Use property-allowed-list instead.
      • selector-attribute-operator-blacklist. Use selector-attribute-operator-disallowed-list instead.
      • selector-attribute-operator-whitelist. Use selector-attribute-operator-allowed-list instead.
      • selector-combinator-blacklist. Use selector-combinator-disallowed-list instead.
      • selector-combinator-whitelist. Use selector-combinator-allowed-list instead.
      • selector-pseudo-class-blacklist. Use selector-pseudo-class-disallowed-list instead.
      • selector-pseudo-class-whitelist. Use selector-pseudo-class-allowed-list instead.
      • selector-pseudo-element-blacklist. Use selector-pseudo-element-disallowed-list instead.
      • selector-pseudo-element-whitelist. Use selector-pseudo-element-allowed-list instead.
      • unit-blacklist. Use unit-disallowed-list instead.
      • unit-whitelist. Use unit-allowed-list instead.
    • Added: syntax object acceptance to customSyntax option (#4839).
    • Added: support for *.cjs config files (#4905).
    • Added: support for descriptions in stylelint command comments (#4848).
    • Added: reportDescriptionlessDisables flag (#4907).
    • Added: reportDisables secondary option (#4897).
    • Added: *-no-vendor-prefix autofix (#4859).
    • Added: ignoreComments[] to comment-empty-line-before (#4841).
    • Added: ignoreContextFunctionalPseudoClasses to selector-max-id (#4835).
    • Fixed: inconsistent trailing newlines in CLI error output (#4876).
    • Fixed: support for multi-line disable descriptions (#4895).
    • Fixed: support for paths with parentheses (#4867).
    • Fixed: selector-max-* (except selector-max-type) false negatives for where, is, nth-child and nth-last-child (#4842).
    • Fixed: length-zero-no-unit TypeError for custom properties fallback (#4860).
    • Fixed: selector-combinator-space-after false positives for trailing combinator (#4878).
    Changelog

    Sourced from stylelint's changelog.

    13.7.2

    • Fixed: regression for disable commands and adjacent double-slash comments (#4950).
    • Fixed: use of full file path without converting it to glob (#4931).

    13.7.1

    • Fixed: double-slash disable comments when followed by another comment (#4913).

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-allowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.
      • comment-word-blacklist. Use comment-word-disallowed-list instead.
      • declaration-property-unit-blacklist. Use declaration-property-unit-disallowed-list instead.
      • declaration-property-unit-whitelist. Use declaration-property-unit-allowed-list instead.
      • declaration-property-value-blacklist. Use declaration-property-value-disallowed-list instead.
      • declaration-property-value-whitelist. Use declaration-property-value-allowed-list instead.
      • function-blacklist. Use function-disallowed-list instead.
      • function-url-scheme-blacklist. Use function-url-scheme-disallowed-list instead.
      • function-url-scheme-whitelist. Use function-url-scheme-allowed-list instead.
      • function-whitelist. Use function-allowed-list instead.
      • media-feature-name-blacklist. Use media-feature-name-disallowed-list instead.
      • media-feature-name-value-whitelist. Use media-feature-name-value-allowed-list instead.
      • media-feature-name-whitelist. Use media-feature-name-allowed-list instead.
      • property-blacklist. Use property-disallowed-list instead.
      • property-whitelist. Use property-allowed-list instead.
      • selector-attribute-operator-blacklist. Use selector-attribute-operator-disallowed-list instead.
      • selector-attribute-operator-whitelist. Use selector-attribute-operator-allowed-list instead.
      • selector-combinator-blacklist. Use selector-combinator-disallowed-list instead.
      • selector-combinator-whitelist. Use selector-combinator-allowed-list instead.
      • selector-pseudo-class-blacklist. Use selector-pseudo-class-disallowed-list instead.
      • selector-pseudo-class-whitelist. Use selector-pseudo-class-allowed-list instead.
      • selector-pseudo-element-blacklist. Use selector-pseudo-element-disallowed-list instead.
      • selector-pseudo-element-whitelist. Use selector-pseudo-element-allowed-list instead.
      • unit-blacklist. Use unit-disallowed-list instead.
      • unit-whitelist. Use unit-allowed-list instead.
    • Added: syntax object acceptance to customSyntax option (#4839).
    • Added: support for *.cjs config files (#4905).
    • Added: support for descriptions in stylelint command comments (#4848).
    • Added: reportDescriptionlessDisables flag (#4907).
    • Added: reportDisables secondary option (#4897).
    • Added: *-no-vendor-prefix autofix (#4859).
    • Added: ignoreComments[] to comment-empty-line-before (#4841).
    • Added: ignoreContextFunctionalPseudoClasses to selector-max-id (#4835).
    • Fixed: inconsistent trailing newlines in CLI error output (#4876).
    • Fixed: support for multi-line disable descriptions (#4895).
    • Fixed: support for paths with parentheses (#4867).
    Commits
    Maintainer changes

    This version was pushed to npm by hudochenkov, a new releaser for stylelint since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
  • 9

    [Security] Bump js-yaml from 3.10.0 to 3.14.0

    Bumps js-yaml from 3.10.0 to 3.14.0. This update includes security fixes.

    Vulnerabilities fixed

    Sourced from The GitHub Security Advisory Database.

    Denial of Service in js-yaml Versions of js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.

    Recommendation

    Upgrade to version 3.13.0.

    Affected versions: < 3.13.0

    Sourced from The GitHub Security Advisory Database.

    Code Injection in js-yaml Versions of js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file. Objects that have toString as key, JavaScript code as value and are used as explicit mapping keys allow attackers to execute the supplied code through the load() function. The safeLoad() function is unaffected.

    An example payload is { toString: ! 'function (){return Date.now()}' } : 1 which returns the object { "1553107949161": 1 }

    Recommendation

    Upgrade to version 3.13.1.

    Affected versions: < 3.13.1

    Changelog

    Sourced from js-yaml's changelog.

    [3.14.0] - 2020-05-22

    Changed

    • Support safe/loadAll(input, options) variant of call.
    • CI: drop outdated nodejs versions.
    • Dev deps bump.

    Fixed

    • Quote = in plain scalars #519.
    • Check the node type for !<?> tag in case user manually specifies it.
    • Verify that there are no null-bytes in input.
    • Fix wrong quote position when writing condensed flow, #526.

    [3.13.1] - 2019-04-05

    Security

    • Fix possible code execution in (already unsafe) .load(), #480.

    [3.13.0] - 2019-03-20

    Security

    • Security fix: safeLoad() can hang when arrays with nested refs used as key. Now throws exception for nested arrays. #475.

    [3.12.2] - 2019-02-26

    Fixed

    • Fix noArrayIndent option for root level, #468.

    [3.12.1] - 2019-01-05

    Added

    • Added noArrayIndent option, #432.

    [3.12.0] - 2018-06-02

    Changed

    • Support arrow functions without a block statement, #421.

    [3.11.0] - 2018-03-05

    Added

    • Add arrow functions suport for !!js/function.

    Fixed

    • Fix dump in bin/octal/hex formats for negative integers, #399.
    Commits
    • 34e5072 3.14.0 released
    • 7b25c83 Browser files rebuild
    • 6f73473 Dev deps bump
    • 0c29349 Travis-CI: drop old nodejs versions
    • 10be97e fix(loader): Add support for safe/loadAll(input, options)
    • d6983dd Fix issue #526: wrong quote position writing condensed flow (#527)
    • 93fbf7d fix issue 526 (wrong quote position writing condensed flow)
    • e569cc7 readme: update titelift info
    • 8fb2905 changelog format update
    • 33c2236 Verify that there are no null-bytes in input
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
  • 10

    Bump stylelint from 9.1.1 to 13.7.0

    Bumps stylelint from 9.1.1 to 13.7.0.

    Release notes

    Sourced from stylelint's releases.

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-disallowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.
      • comment-word-blacklist. Use comment-word-disallowed-list instead.
      • declaration-property-unit-blacklist. Use declaration-property-unit-disallowed-list instead.
      • declaration-property-unit-whitelist. Use declaration-property-unit-allowed-list instead.
      • declaration-property-value-blacklist. Use declaration-property-value-disallowed-list instead.
      • declaration-property-value-whitelist. Use declaration-property-value-allowed-list instead.
      • function-blacklist. Use function-disallowed-list instead.
      • function-url-scheme-blacklist. Use function-url-scheme-disallowed-list instead.
      • function-url-scheme-whitelist. Use function-url-scheme-allowed-list instead.
      • function-whitelist. Use function-allowed-list instead.
      • media-feature-name-blacklist. Use media-feature-name-disallowed-list instead.
      • media-feature-name-value-whitelist. Use media-feature-name-value-allowed-list instead.
      • media-feature-name-whitelist. Use media-feature-name-allowed-list instead.
      • property-blacklist. Use property-disallowed-list instead.
      • property-whitelist. Use property-allowed-list instead.
      • selector-attribute-operator-blacklist. Use selector-attribute-operator-disallowed-list instead.
      • selector-attribute-operator-whitelist. Use selector-attribute-operator-allowed-list instead.
      • selector-combinator-blacklist. Use selector-combinator-disallowed-list instead.
      • selector-combinator-whitelist. Use selector-combinator-allowed-list instead.
      • selector-pseudo-class-blacklist. Use selector-pseudo-class-disallowed-list instead.
      • selector-pseudo-class-whitelist. Use selector-pseudo-class-allowed-list instead.
      • selector-pseudo-element-blacklist. Use selector-pseudo-element-disallowed-list instead.
      • selector-pseudo-element-whitelist. Use selector-pseudo-element-allowed-list instead.
      • unit-blacklist. Use unit-disallowed-list instead.
      • unit-whitelist. Use unit-allowed-list instead.
    • Added: syntax object acceptance to customSyntax option (#4839).
    • Added: support for *.cjs config files (#4905).
    • Added: support for descriptions in stylelint command comments (#4848).
    • Added: reportDescriptionlessDisables flag (#4907).
    • Added: reportDisables secondary option (#4897).
    • Added: *-no-vendor-prefix autofix (#4859).
    • Added: ignoreComments[] to comment-empty-line-before (#4841).
    • Added: ignoreContextFunctionalPseudoClasses to selector-max-id (#4835).
    • Fixed: inconsistent trailing newlines in CLI error output (#4876).
    • Fixed: support for multi-line disable descriptions (#4895).
    • Fixed: support for paths with parentheses (#4867).
    • Fixed: selector-max-* (except selector-max-type) false negatives for where, is, nth-child and nth-last-child (#4842).
    • Fixed: length-zero-no-unit TypeError for custom properties fallback (#4860).
    • Fixed: selector-combinator-space-after false positives for trailing combinator (#4878).

    13.6.1

    • Fixed: max-empty-lines TypeError from inline comment with autofix and sugarss syntax (#4821).
    • Fixed: property-no-unknown false positives for namespaced variables (#4803).
    • Fixed: selector-type-no-unknown false positives for idents within ::part pseudo-elements (#4828).

    13.6.0

    Changelog

    Sourced from stylelint's changelog.

    13.7.0

    • Deprecated: *-blacklist, *-requirelist and *-whitelist rules in favour of the new *-disallowed-list, *-required-list and *-allowed-list ones (#4845):
      • at-rule-blacklist. Use at-rule-disallowed-list instead.
      • at-rule-property-requirelist. Use at-rule-property-required-list instead.
      • at-rule-whitelist. Use at-rule-allowed-list instead.
      • comment-word-blacklist. Use comment-word-disallowed-list instead.
      • declaration-property-unit-blacklist. Use declaration-property-unit-disallowed-list instead.
      • declaration-property-unit-whitelist. Use declaration-property-unit-allowed-list instead.
      • declaration-property-value-blacklist. Use declaration-property-value-disallowed-list instead.
      • declaration-property-value-whitelist. Use declaration-property-value-allowed-list instead.
      • function-blacklist. Use function-disallowed-list instead.
      • function-url-scheme-blacklist. Use function-url-scheme-disallowed-list instead.
      • function-url-scheme-whitelist. Use function-url-scheme-allowed-list instead.
      • function-whitelist. Use function-allowed-list instead.
      • media-feature-name-blacklist. Use media-feature-name-disallowed-list instead.
      • media-feature-name-value-whitelist. Use media-feature-name-value-allowed-list instead.
      • media-feature-name-whitelist. Use media-feature-name-allowed-list instead.
      • property-blacklist. Use property-disallowed-list instead.
      • property-whitelist. Use property-allowed-list instead.
      • selector-attribute-operator-blacklist. Use selector-attribute-operator-disallowed-list instead.
      • selector-attribute-operator-whitelist. Use selector-attribute-operator-allowed-list instead.
      • selector-combinator-blacklist. Use selector-combinator-disallowed-list instead.
      • selector-combinator-whitelist. Use selector-combinator-allowed-list instead.
      • selector-pseudo-class-blacklist. Use selector-pseudo-class-disallowed-list instead.
      • selector-pseudo-class-whitelist. Use selector-pseudo-class-allowed-list instead.
      • selector-pseudo-element-blacklist. Use selector-pseudo-element-disallowed-list instead.
      • selector-pseudo-element-whitelist. Use selector-pseudo-element-allowed-list instead.
      • unit-blacklist. Use unit-disallowed-list instead.
      • unit-whitelist. Use unit-allowed-list instead.
    • Added: syntax object acceptance to customSyntax option (#4839).
    • Added: support for *.cjs config files (#4905).
    • Added: support for descriptions in stylelint command comments (#4848).
    • Added: reportDescriptionlessDisables flag (#4907).
    • Added: reportDisables secondary option (#4897).
    • Added: *-no-vendor-prefix autofix (#4859).
    • Added: ignoreComments[] to comment-empty-line-before (#4841).
    • Added: ignoreContextFunctionalPseudoClasses to selector-max-id (#4835).
    • Fixed: inconsistent trailing newlines in CLI error output (#4876).
    • Fixed: support for multi-line disable descriptions (#4895).
    • Fixed: support for paths with parentheses (#4867).
    • Fixed: selector-max-* (except selector-max-type) false negatives for where, is, nth-child and nth-last-child (#4842).
    • Fixed: length-zero-no-unit TypeError for custom properties fallback (#4860).
    • Fixed: selector-combinator-space-after false positives for trailing combinator (#4878).

    13.6.1

    • Fixed: max-empty-lines TypeError from inline comment with autofix and sugarss syntax (#4821).
    • Fixed: property-no-unknown false positives for namespaced variables (#4803).
    • Fixed: selector-type-no-unknown false positives for idents within ::part pseudo-elements (#4828).
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
  • 11

    [Security] Bump lodash from 4.17.4 to 4.17.20

    Bumps lodash from 4.17.4 to 4.17.20. This update includes security fixes.

    Vulnerabilities fixed

    Sourced from The GitHub Security Advisory Database.

    Prototype Pollution in lodash Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.

    This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.

    Affected versions: < 4.17.19

    Sourced from The GitHub Security Advisory Database.

    Prototype Pollution in lodash Versions of lodash prior to 4.17.19 are vulnerable to Prototype Pollution. The function zipObjectDeep allows a malicious user to modify the prototype of Object if the property identifiers are user-supplied. Being affected by this issue requires zipping objects based on user-provided property arrays.

    This vulnerability causes the addition or modification of an existing property that will exist on all objects and may lead to Denial of Service or Code Execution under specific circumstances.

    Affected versions: < 4.17.19

    Sourced from The GitHub Security Advisory Database.

    Critical severity vulnerability that affects lodash, lodash-es, lodash-amd, lodash.template, lodash.merge, lodash.mergewith, and lodash.defaultsdeep Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

    Affected versions: < 4.17.12

    Sourced from The GitHub Security Advisory Database.

    Moderate severity vulnerability that affects lodash lodash prior to 4.7.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.7.11.

    Affected versions: < 4.17.11

    Sourced from The GitHub Security Advisory Database.

    High severity vulnerability that affects lodash, lodash-es, lodash-amd, lodash.template, lodash.merge, lodash.mergewith, and lodash.defaultsdeep Affected versions of lodash are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

    Affected versions: < 4.17.13

    Sourced from The Node Security Working Group.

    Denial of Service Prototype pollution attack (lodash / constructor.prototype)

    Affected versions: <4.17.11

    Sourced from The GitHub Security Advisory Database.

    Low severity vulnerability that affects lodash A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

    Affected versions: < 4.17.11

    Sourced from The Node Security Working Group.

    lodash prototype pollution lodash node module before 4.17.5 suffers from a prototype pollution vulnerability via 'defaultsDeep', 'merge', and 'mergeWith' functions, which allows a malicious user to modify the prototype of 'Object' via proto, causing the addition or modification of an existing property that will exist on all objects.

    Affected versions: <4.17.5

    Commits
    Maintainer changes

    This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
  • 12

    Feat/tooltip height

    This addresses Issue #69.

    Changes:

    1. Modify data-microtip-size attribute to account for height & width.
    2. Add data-microtip-width attribute to specify tooltip width.
    3. Add data-microtip-height attribute to specify tooltip height.
    4. All the above points have included line-height: 150%; to make multiple line text easier to read.

    Screenshot examples: Screen Shot 2021-11-21 at 11 57 18 PM height: 80px; Screen Shot 2021-11-21 at 11 57 34 PM height: 150px; Screen Shot 2021-11-22 at 12 02 14 AM height: 260px;

    What this looks like without this feature: Screen Shot 2021-11-22 at 12 04 16 AM

  • 13

    feature: Tooltip Size (Height)

    You can specify the size of the tooltip with data-microtip-size. However, this only accounts for the width of the tooltip.

    If my text size is large, the tooltip height will match the size of the font.

    There is no way to adjust the height size (see example image).

    Screen Shot 2021-11-21 at 11 11 03 PM
  • 14

    Tooltip background-color

    Hey! Thanks for wonderful and tiny clean script, it's very handy and easy to use.

    But is there a way to change background color of both tooltip background AND tooltip arrow? In my case arrow always stays black.

  • 15

    role="tooltip" causes invalid HTML for anchor tags with href

    This is an add-on to #5.

    When using the library to an <a> tag with an href, the HTML becomes invalid according to the W3C validator.

    For instance:

    <a href="https://github.com/" aria-label="GitHub" data-microtip-position="bottom" role="tooltip">GitHub</a>
    

    will produce the following error:

    Attribute href not allowed on element a at this point.

    Removing role="tooltip" clears the error, but the tooltip obviously won't work.

  • 16

    [Security] Bump hosted-git-info from 2.4.2 to 2.8.9

    Bumps hosted-git-info from 2.4.2 to 2.8.9. This update includes a security fix.

    Vulnerabilities fixed

    Sourced from The GitHub Security Advisory Database.

    Regular Expression Denial of Service in hosted-git-info The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

    Affected versions: < 2.8.9

    Changelog

    Sourced from hosted-git-info's changelog.

    2.8.9 (2021-04-07)

    Bug Fixes

    2.8.8 (2020-02-29)

    Bug Fixes

    • #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

    2.8.7 (2020-02-26)

    Bug Fixes

    • Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
    • Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

    2.8.6 (2020-02-25)

    2.8.5 (2019-10-07)

    Bug Fixes

    • updated pathmatch for gitlab (e8325b5), closes #51
    • updated pathmatch for gitlab (ffe056f)

    2.8.4 (2019-08-12)

    ... (truncated)

    Commits
    • 8d4b369 chore(release): 2.8.9
    • 29adfe5 fix: backport regex fix from #76
    • afeaefd chore(release): 2.8.8
    • 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
    • 7440afa chore(release): 2.8.7
    • 2d0bb66 fix: Do not attempt to use url.URL when unavailable
    • f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
    • e1b83df chore(release): 2.8.6
    • ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
    • 624fd6f chore(release): 2.8.5
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)