v3.0.0

✏️ Sass update

• Migrates from PostCSS + CleanCSS to Lightning CSS for minifying and transpilation of CSS output
  • This should result in faster builds and smaller files

⚠️ Breaking changes:

• Requires node 14 and up
• Drops task runner for AMP styling
  • The Texas Tribune no longer supports AMP

🤖 Dependabot updates

• np
• fs-extra
• queso-ui
• sass
• svgo

What's Changed

• Drop AMP support by @ashley-hebler in #332
• Bump all sass compiling packages by @ashley-hebler in #333
• Bump json5 from 1.0.1 to 1.0.2 by @dependabot in #327
• Bump svgo from 2.7.0 to 3.0.2 by @ashley-hebler in #335
• Bump http-cache-semantics from 4.1.0 to 4.1.1 by @dependabot in #330
• Update SASS compiling to latest by @ashley-hebler in #336
• Lightning CSS ⚡ by @ashley-hebler in #340
• Add latest queso patch by @ashley-hebler in #341
• Build improvements by @ashley-hebler in #342
  Full Changelog: v2.3.2...v3.0.0

v2.3.2

✏️ Minor dependency updates

• Addresses minimist vulnerability
• Addresses ansi-regex vulnerabilities
• Runs npx browserslist@latest --update-db to get rid of test warnings

What's Changed

• Handle browserslist warnings 29fbef2
• Run npm audit fix 7395308
• Merge pull request #302 from texastribune/dependabot/npm_and_yarn/minimist-1.2.6 22e5e39
• Bump minimist from 1.2.5 to 1.2.6 5008685

Full Changelog: v2.3.1...v2.3.2

v2.3.1

✏️ Sass and AMP updates

• Prevents warnings from showing up in sass to clean build logs
• Bumps amp-validator

⚙️ Adds a test - Check for expected CSS output

🤖 Dependabot updates - nanoid

What's Changed

• Bump package-lock.json file to version 2 by @ashley-hebler in #286
• Add better tests by @ashley-hebler in #287
• Bump amp-validator from 1.0.23 to 1.0.35 by @ashley-hebler in #295
• Hide sass warnings by @ashley-hebler in #297
• Bump nanoid from 3.1.23 to 3.3.1 by @dependabot in #296

Full Changelog: v2.3.0...v2.3.1

v2.3.0

✏️ Sass updates

• Migrates from node-sass to dart-sass
• Slower build times, but fewer dependencies and modern sass features
• Non-breaking, but likely more warnings will show up during compiling

---

Commits

• Merge pull request #285 from texastribune/dart-sass-3 86f9d8e
• Change sass compiler to dart sass 3166a3c

v2.2.5...v2.3.0

v2.2.5

✏️ SVG updates

• Removed dependency on svg-sprite, which hasn't had an update in a while and had a security vulnerability
• The spriting process is now done manually by converting icons to svgo-optimized svgs and hackily converting those into <symbol> tags. This seems to work fine in tests, but will revisit this if it ends up breaking icons where it's used.

🤖 Dependabot updates - Bumps svgo for security patch; bumps eslint and associated libraries with new eslint standards

---

Commits

• Merge pull request #278 from texastribune/remove-svgstore 3b16f1d
• Remove dimensions for correct defs file syntax 3b8e3e3
• Remove svgstore as a dependency f582094
• Build the svg sprite manually 9a57e0d
• Merge pull request #275 from texastribune/svgs 3fda838
• Add latest svg packages 4b67cb2
• Run npm audit fix a4cb25a
• Merge pull request #258 from texastribune/dependabot/npm_and_yarn/fast-glob-3.2.7 368aab0
• Merge pull request #273 from texastribune/bump-eslint-2 f2ee0e9
• Add eslint import plugin to pass test 5d3f0f3
• Add eslint-react plugin to pass test 22f0b89
• Add eslint-jsx plugin for node 12 5bd7ba1
• Clean up eslint 1f7d1be
• Run npm install with more recent local npm version 3a77d2b
• Merge pull request #267 from texastribune/dependabot/npm_and_yarn/tmpl-1.0.5 ae72336
• Bump tmpl from 1.0.4 to 1.0.5 fcb8f9a
• Bump fast-glob from 3.2.4 to 3.2.7 2899d11

v2.2.4...v2.2.5

v2.2.4

🤖 Dependabot updates - Bumps tar for security patch

• Merge pull request #265 from texastribune/dependabot/npm_and_yarn/tar-6.1.11 dea56df
• Bump tar from 6.1.4 to 6.1.11 2127e80

v2.2.3...v2.2.4

v2.2.3

🤖 Dependabot updates - Bumps tar and path-parse for security patches

• Merge pull request #263 from texastribune/dependabot/npm_and_yarn/path-parse-1.0.7 16f6280
• Merge pull request #261 from texastribune/dependabot/npm_and_yarn/tar-6.1.4 d9cb093
• Bump path-parse from 1.0.6 to 1.0.7 16acbd5
• Bump tar from 6.1.0 to 6.1.4 c331f78
• Update dependabot to new TT standard eb0238d

v2.2.2...v2.2.3

v2.2.2

🤖 Dependabot updates - The node-sass patch should squash some security vulnerabilities where queso-tools is a dependency

• Bump node-sass to 6.0.1 for patch e47b94c
• Merge pull request #253 from texastribune/dependabot/npm_and_yarn/node-sass-6.0.0 47a3c92
• Bump node-sass from 5.0.0 to 6.0.0 f19aa6c
• Remove ignores in dependabot config 3cbb28c
• Run npm audit c30191f
• Merge pull request #246 from texastribune/dependabot/npm_and_yarn/normalize-url-4.5.1 91b468c
• Merge pull request #247 from texastribune/dependabot/npm_and_yarn/glob-parent-5.1.2 aeffc7d
• Bump glob-parent from 5.1.1 to 5.1.2 a729d14
• Bump normalize-url from 4.5.0 to 4.5.1 2b59b80

v2.2.1...v2.2.2

v2.2.1

🤖 Dependabot updates - mostly just patches to get security fixes
- switched to Github-native dependabot

• Merge pull request #243 from texastribune/security-patch abe3238
• Run npm audit 55e25d2
• Merge pull request #241 from texastribune/dependabot/npm_and_yarn/postcss-8.3.0 a4ac885
• Bump postcss from 8.2.14 to 8.3.0 07e2ad8
• Merge pull request #242 from texastribune/bump-eslint a70fae7
• Bump eslint to latest and fix new errors 2b2881b
• Merge pull request #240 from texastribune/dependabot/npm_and_yarn/jest-27.0.4 8cacb2c
• Bump jest from 26.6.3 to 27.0.4 f7d9dd7
• Merge pull request #237 from texastribune/dependabot/npm_and_yarn/ws-7.4.6 4bd1a66
• Merge pull request #228 from texastribune/dependabot/add-v2-config-file 4e7182c
• Bump ws from 7.3.1 to 7.4.6 46f207e
• Merge pull request #232 from texastribune/dependabot/npm_and_yarn/hosted-git-info-2.8.9 f44c6b9
• Merge pull request #230 from texastribune/dependabot/npm_and_yarn/postcss-8.2.14 8620e69
• [Security] Bump hosted-git-info from 2.8.5 to 2.8.9 fd9cf21
• Merge pull request #231 from texastribune/dependabot/npm_and_yarn/lodash-4.17.21 3dba500
• [Security] Bump lodash from 4.17.19 to 4.17.21 4b09b83
• Bump postcss from 8.2.1 to 8.2.14 4e3bab6
• Upgrade to GitHub-native Dependabot 5aa3055
• Merge pull request #221 from texastribune/dependabot/npm_and_yarn/y18n-4.0.1 1b8fd14
• [Security] Bump y18n from 4.0.0 to 4.0.1 a42190e
• Merge pull request #183 from texastribune/dependabot/npm_and_yarn/node-notifier-8.0.1 fa4e6c8
• [Security] Bump node-notifier from 8.0.0 to 8.0.1 9b6b066

v2.2.0...v2.2.1

v2.2.0

🤖 Dependabot updates. Major dependency updates worth mentioning:

• node-sass bumped to 5.0.0
• postcss bumped to 8.2.1, but the jump to 8.0 had most notable changes.
• autoprefixer bumped to 10.1.0, but looks like the 10.0 bump had to do with the above postcss update. Sounds like it might cause incompatibility with Node.js 6.x, 8.x, 11.x so we stopped testing those environments.
• FWIW, all of these CSS processing updates seemed to have little effect on the compiled output in places where we use these task runners in texastribune repos

🆕 Small helper task that abstracts a copy function for fs.copy. See this pre-release and #180

https://github.com/texastribune/queso-tools/compare/v2.1.5..v2.2.0