A strong, independent CSS Framework. Only 2.7KB minified & gzipped.

  • By Tyler Childs
  • Last update: Aug 29, 2022
  • Comments: 17

Cutestrap v2

Docs/Demo

Installation Steps

To use the CSS as it is, you can install using npm or just download cutestrap.zip:

npm i cutestrap

Development guide

After cloning, you'll first need to install dependencies by running npm run setup.

After that just run npm start.

KSS will generate the docs from the kss-html folder. The dist folder is created from the src folder.

Contributors

Contributors are welcome, just follow these few guidelines:

  • Avoid checking in compiled files (dist and docs folders) as this will reduce merge conflicts with master
  • Pass stylelint checks

License Authentication

All versions below 2.* are licensed under the MIT License, while everything after is GPLv3.

If you would like to use Cutestrap in non GPLv3 projects, you may make a donation to charity and I'll grant you an MIT license.

If you disagree, I'm open to discussion and we can talk about it on this thread where I've established my initial thoughts.

Github

https://github.com/tylerchilds/cutestrap

Comments(17)

  • 1

    Use of implicit labels is considered bad accessibility

    Recent accessibility standards recommend using explicit labels with form elements. in order to achieve this use the for attribute in the label pointing to the id of the field.

    Wrapping the label around the input creates an implicit label, and while not wrong, has inconsistent performance among assistive technology, like screen readers.

    Current Cutestrap form HTML is

    <label class="textfield">
          <input type="text">
          <span class="textfield__label">Your Name</span>
        </label>
    

    I'm recommending modifying the suggested code to be:

    <div class="textfield">
        <label for="name">  
          <span class="textfield__label">Your Name</span>
        </label>
        <input type="text" id="name">
    </div>
    
  • 2

    reintroduce underline on .btn--link

    as .btn:link is more specific than .btn--link, the text-decoration: none there currently overrides the intended text-decoration: underline. moving the style to .btn fixes this, allowing for <button class="btn--link">...</button> and <a href="..." class="btn btn--link">...</a> to look like actual large links (with underline)

    closes https://github.com/cutestrap/cutestrap/issues/25

  • 3

    Errors installing dependencies for development

    When installing the node_modules for this project, there were several errors thrown during the npm install:

    npm WARN deprecated [email protected]: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to [email protected]^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
    npm WARN deprecated [email protected]: [email protected]<3.0.0 is no longer maintained. Upgrade to [email protected]^4.0.0.
    npm WARN deprecated [email protected]: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to [email protected]^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
    npm WARN deprecated [email protected]: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to [email protected]^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
    npm WARN deprecated [email protected]: cross-spawn no longer requires a build toolchain, use it instead!
    npm WARN prefer global [email protected] should be installed with -g
    npm WARN prefer global [email protected] should be installed with -g
    

    Then, when bower install in run, this is thrown:

    (node:8568) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.
    

    Finally, gulp fails as well:

    (node:8632) fs: re-evaluating native module sources is not supported. If you are using the graceful-fs module, please update it to a more recent version.
    module.js:442
        throw err;
        ^
    
    Error: Cannot find module 'gulp-include'
        at Function.Module._resolveFilename (module.js:440:15)
        at Function.Module._load (module.js:388:25)
        at Module.require (module.js:468:17)
        at require (internal/module.js:20:19)
        at Object.<anonymous> (/Users/edensg/Desktop/Desktop/GCVI/McCrae Day/styleguide/cutestrap/gulpfile.js:10:21)
        at Module._compile (module.js:541:32)
        at Object.Module._extensions..js (module.js:550:10)
        at Module.load (module.js:458:32)
        at tryModuleLoad (module.js:417:12)
        at Function.Module._load (module.js:409:3)
    

    I'm not sure how much of this you have control over and how much is just a result of dependencies and their messiness. Would it worth trying other (older) node versions perhaps, or are there other things that should be installed (locally or globally)?

  • 4

    Text link not accessible

    The text link is not fully accessible since it relies on color alone to denote that it's a link.

    Suggestion 1: return the underline. (highly recommended)

    Suggestion 2: provide more visual affordance that the standalone text is a link such as adding an icon.

    WCAG references: http://www.w3.org/TR/2008/REC-WCAG20-20081211/#visual-audio-contrast-without-color http://www.w3.org/TR/WCAG20-TECHS/F73.html

    PS: Since this is a link, strange that it's listed under Buttons and the class names say button.

    image

  • 5

    Default contextual colors?

    I like this project, and would love to use this in future proof-of-concepts I build. I noticed though that there doesn't seem to be a built-in way to set the color of elements based on context, like in Bootstrap where you can for example set btn-danger on a delete-button.

    It's easy to add yourself in your project, but from a UX point of view I feel like it might be too important to not include as a default. Do you agree? It would also help for those who just want a good-looking proof-of-concept without having to add custom CSS.

    I'd suggest using the same classes for all elements to keep it consistent, perhaps ctx-primary, ctx-success, ctx-warning, etc? I can try making a pull request if you think this is a good idea to add.

  • 6

    Select arrow not clickable

    The css arrow in select boxes (.field select+.label::after) is not clickable (Chrome, Firefox, others). This is an issue to users who aim for that very arrow when trying to use the menu, and give up if that doesn't work (a behavior seen in real usage testing).

    I think the solution might be as easy as adding an pointer-events: none; (well, not for Internet Explorer, but Cutestrap forms don't really work with IE anyway)

  • 7

    remove dd text indent

    removes the text indent on dd, which causes very unsightly visual effect when the definition description is multiline (see example screenshot below)

    before:

    cute-dd-current

    after:

    cute-dd-fix

    alternatively, suggest changing from text-indent to padding-left, which would then move all dd content to the right, not just the beginning of each line.

    alternative:

    cute-dd-alt

  • 8

    Why are `` elements given `display: table;`?

    On one hand I'm just curious what the design choice here was about; on the other hand there's an issue when there's an <img> element within a container with .ta-center/.ta-right -- the image won't respect the text alignment. This can be worked around however by setting appropriate margins on the image:

    .ta-center img {
      margin-left: auto;
      margin-right: auto;
    }
    
    .ta-right img {
      margin-left: auto;
    }
    
  • 9

    /src/sass/ mis-match with /dist/scss/

    The two sets of source files are slightly out of sync. Namely...

    • dd padding/text-indent in _base.scss;
    • margins and classnames for .wrapper-large and .wrapper-small in _grid.scss; and
    • padding on .radio and .checkbox in _forms.scss.

    It looks like /dist/scss/ is the canonical version, but then what's the point of the /src/sass/ directory?

  • 10

    Should tag names be included in style definitions?

    I really like the minimalism of Cutestrap, but I have found myself fighting with the button styling when trying to use semantic markup in my nav elements. I was recently reading through BEM naming conventions and noticed that it specifies "No tag name or ids" for CSS selectors. Conversely, Cutestrap docs state that "A default button is applied with the .btn class or automatically on button tags or button/submit inputs."

    Is this implementation of tag styling in Cutestrap intentional? Am I referencing incorrect documentation for BEM?

  • 11

    should wrapper-small be renamed?

    I thought wrapper-small should be replaced with wrapper wrapper--small

    even the inline docs hint at this <div class="wrapper {{modifier_class}}">Wrapper</div>

  • 12

    Bump copy-props from 2.0.4 to 2.0.5

    Bumps copy-props from 2.0.4 to 2.0.5.

    Release notes

    Sourced from copy-props's releases.

    2.0.5

    Fix

    • Avoids prototype pollution (#7)

    Doc

    • Update license years.
    • Transfer ownership to Gulp Team (#6)

    Build

    • Update dependencies: each-props (>=1.3.2), is-plain-object (>=5.0.0).

    Test

    • Expand test versions to v11〜v14.
    Changelog

    Sourced from copy-props's changelog.

    Changelog

    3.0.1 (2021-10-31)

    Bug Fixes

    • ci: Rename prettierignore typo & avoid formatting web (192badf)
    • Update dependencies (ba8a51c)

    3.0.0 (2021-09-25)

    ⚠ BREAKING CHANGES

    • Normalize repository, dropping node <10.13 support (#8)

    Miscellaneous Chores

    • Normalize repository, dropping node <10.13 support (#8) (85b1165)
    Commits
    • 40b7974 2.0.5
    • 2c738f5 Fix: Avoids prototype pollution (#7)
    • 4cac863 Merge: Transfer ownership to Gulp Team (#6)
    • 54a791d Doc: Transfer ownership to Gulp Team
    • 196fc9e Merge: Update dependencies and expand ci test versions (#5)
    • e89907f Test: Update npm to v4 when nodejs is v5 because of npm install error.
    • e970322 Test: Run coveralls when nodejs >= 6 because of its supports
    • 063e534 Test: Add nodejs v11-v14 into ci test versions
    • 72270af Doc: Update license years
    • f60b928 Build: Update versions of dependencies
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 13

    Bump path-parse from 1.0.6 to 1.0.7

    Bumps path-parse from 1.0.6 to 1.0.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 14

    Bump browserslist from 4.5.5 to 4.16.6

    Bumps browserslist from 4.5.5 to 4.16.6.

    Changelog

    Sourced from browserslist's changelog.

    4.16.6

    • Fixed npm-shrinkwrap.json support in --update-db (by Geoff Newman).

    4.16.5

    • Fixed unsafe RegExp (by Yeting Li).

    4.16.4

    • Fixed unsafe RegExp.
    • Added artifactory support to --update-db (by Ittai Baratz).

    4.16.3

    • Fixed --update-db.

    4.16.2

    4.16.1

    • Fixed Chrome 4 with mobileToDesktop (by Aron Woost).

    4.16

    • Add browserslist config query.

    4.15

    • Add TypeScript types (by Dmitry Semigradsky).

    4.14.7

    • Fixed Yarn Workspaces support to --update-db (by Fausto Núñez Alberro).
    • Added browser changes to --update-db (by @​AleksandrSl).
    • Added color output to --update-db.
    • Updated package.funding to have link to our Open Collective.

    4.14.6

    • Fixed Yarn support in --update-db (by Ivan Storck).
    • Fixed npm 7 support in --update-db.

    4.14.5

    • Fixed last 2 electron versions query (by Sergey Melyukov).

    4.14.4

    • Fixed Unknown version 59 of op_mob error.

    4.14.3

    • Update Firefox ESR.

    4.14.2

    • Fixed --update-db on Windows (by James Ross).
    • Improved --update-db output.

    4.14.1

    • Added --update-db explanation (by Justin Zelinsky).

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 15

    Bump hosted-git-info from 2.8.4 to 2.8.9

    Bumps hosted-git-info from 2.8.4 to 2.8.9.

    Changelog

    Sourced from hosted-git-info's changelog.

    2.8.9 (2021-04-07)

    Bug Fixes

    2.8.8 (2020-02-29)

    Bug Fixes

    • #61 & #65 addressing issues w/ url.URL implmentation which regressed node 6 support (5038b18), closes #66

    2.8.7 (2020-02-26)

    Bug Fixes

    • Do not attempt to use url.URL when unavailable (2d0bb66), closes #61 #62
    • Do not pass scp-style URLs to the WhatWG url.URL (f2cdfcf), closes #60

    2.8.6 (2020-02-25)

    2.8.5 (2019-10-07)

    Bug Fixes

    • updated pathmatch for gitlab (e8325b5), closes #51
    • updated pathmatch for gitlab (ffe056f)

    Commits
    • 8d4b369 chore(release): 2.8.9
    • 29adfe5 fix: backport regex fix from #76
    • afeaefd chore(release): 2.8.8
    • 5038b18 fix: #61 & #65 addressing issues w/ url.URL implmentation which regressed nod...
    • 7440afa chore(release): 2.8.7
    • 2d0bb66 fix: Do not attempt to use url.URL when unavailable
    • f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
    • e1b83df chore(release): 2.8.6
    • ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
    • 624fd6f chore(release): 2.8.5
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by nlf, a new releaser for hosted-git-info since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 16

    Bump lodash from 4.17.15 to 4.17.21

    Bumps lodash from 4.17.15 to 4.17.21.

    Commits
    • f299b52 Bump to v4.17.21
    • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
    • 3469357 Prevent command injection through _.template's variable option
    • ded9bc6 Bump to v4.17.20.
    • 63150ef Documentation fixes.
    • 00f0f62 test.js: Remove trailing comma.
    • 846e434 Temporarily use a custom fork of lodash-cli.
    • 5d046f3 Re-enable Travis tests on 4.17 branch.
    • aa816b3 Remove /npm-package.
    • d7fbc52 Bump to v4.17.19
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • 17

    Bump handlebars from 3.0.6 to 3.0.8

    Bumps handlebars from 3.0.6 to 3.0.8.

    Changelog

    Sourced from handlebars's changelog.

    v3.0.8 - February 23rd, 2020

    Bugfixes:

    • backport some (but not all) of the security fixes from 4.x - 156061e

    Compatibility notes:

    • The properties __proto__, __defineGetter__, __defineSetter__ and __lookupGetter__ have been added to the list of "dangerous properties". If a property by that name is found and not an own-property of its parent, it will silently evaluate to undefined. This is done in both the compiled template and the "lookup"-helper. This will prevent Remote-Code-Execution exploits that have been published in npm advisories 1324 and 1316.
    • The check for dangerous properties has been changed from "propertyIsEnumerable" to "hasOwnProperty", as it is now done in Handlebars 4.6.0 and later.

    Security issues resolved:

    Commits

    v3.0.7 - June 30th, 2019

    Security fixes:

    Housekeeping

    • disable saucelabs-tests since the tunnel is not working - 95f33b1
    • update grunt-saucelabs and aws dependency - 09aaa56
    • fix package.json of components/handlebars.js repo - 7cf753b
    • Fix Travis by updating git tag retrieval - 7c3944015d30a4348ae66ec1736b752cd864d5c1
    • Use istanbul/lib/cli.js instead of node_modules/.bin/istanbul - 7820b207e123babd0bda0b4871790f2ea6b36b01

    Tests:

    • test: run appveyor tests in Node 10 - 420ac171a01b8777ebce0a777221754fcc72a5a8
    • Fix build on Windows - 47adcda48530ab1504b8019fe17eaedd4f4c943f

    Compatibility notes:

    Access to class constructors (i.e. ({}).constructor) is now prohibited to prevent Remote Code Execution. This means that following construct will no work anymore:

    class SomeClass {
    }
    </tr></table> 
    

    ... (truncated)

    Commits
    • 16bd606 v3.0.8
    • 90ad8d9 Update release notes
    • 156061e backport fixes from 4.x
    • 8ba9159 update package-lock.json
    • 55e4d9d v3.0.7
    • bae88eb Update release notes
    • c131bab chore: remove TODO comment from Gruntfile to enable clean build
    • 95f33b1 chore: disable saucelabs-tests since the tunnel is not working
    • 09aaa56 chore: update grunt-saucelabs and aws dependency
    • 0d6d8c3 Merge pull request #1532 from mattolson/backport-security-fixes
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.