Ember HK Components

Reusable Ember components for Heroku applications.

Assumptions

Usage of these components assumes you are using the Purple3 CSS framework and Malibu.

Security

This project maintains high security standards and regularly addresses vulnerabilities through:

• Automated vulnerability scanning via pnpm audit
• Strategic dependency resolutions to address transitive vulnerabilities
• Regular dependency updates while maintaining compatibility
• Comprehensive security documentation (see BABEL_TRAVERSE_VULNERABILITY_GUIDE.md)

For security-related questions or to report vulnerabilities, please follow Heroku's security guidelines.

Usage

Installation

1. Install ember-cli-eyeglass if it's not installed already:

   ember install ember-cli-eyeglass

2. Install @heroku/ember-hk-components:

   ember install @heroku/ember-hk-components

CSS

You'll need to import the scss files that support the actual components into your app. Ensure that you have installed ember-cli-eyeglass and that you are using app.scss for your app's styles.

You can import css for all the components like this:

@import "ember-hk-components/ember-hk-components";

If you want to import the css for only a specific component, like hk-slide-panel, you can include it like this:

@import "ember-hk-components/hk-slide-panel";

Components

See ember-hk-components.herokuapp.com for a complete list of components that are available.

Development

Installation

• git clone https://github.com/heroku/ember-hk-components
• cd ember-hk-components
• Install the required asdf plugins (if not already installed):

  asdf plugin add nodejs
  asdf plugin add pnpm

• Install the correct tool versions:

  asdf install

• pnpm install

Running

• ember serve
• Visit your app at http://localhost:4200.

Running Tests

• pnpm test (Runs ember try:each to test your addon against multiple Ember versions)
• ember test
• ember test --server

Security Auditing

This project uses PNPM for enhanced security and performance:

• pnpm audit - Check for security vulnerabilities
• pnpm audit --fix - Automatically fix resolvable vulnerabilities

See BABEL_TRAVERSE_VULNERABILITY_GUIDE.md for detailed security resolution strategies.

Local Usage in Another Application

The demo app is useful for developing this addon, but it can often be helpful to consume your version of this addon in another application either to more easily develop your changes or to validate that your changes work as you expect. You can use your local version of ember-hk-components in another application that consumes it via PNPM's link command.

// in your ember-hk-components directory
> pnpm link --global

// in your consuming app directory
> pnpm link --global @heroku/ember-hk-components

// to put consuming app back on the release version
> pnpm unlink --global @heroku/ember-hk-components
> pnpm install @heroku/ember-hk-components

Now, when you make changes in your copy of ember-hk-components those changes will be reflected in the consuming application.

Package Management

This project has migrated from Yarn to PNPM for:

• Enhanced security through stricter dependency resolution
• Better performance with content-addressable storage
• Improved workspace support for monorepo scenarios
• Advanced resolution strategies for vulnerability mitigation

All package management commands should use pnpm instead of npm or yarn.

Recent Security Improvements

This project has recently undergone significant security hardening:

Vulnerability Resolution

• Critical babel-traverse vulnerability resolved via strategic package resolutions
• High-severity vulnerabilities in rollup, json5, ansi-html addressed
• Transitive dependency vulnerabilities mitigated through @ladjs/consolidate adoption

Dependency Updates

• ember-a11y-testing updated to ^5.2.1 for better compatibility
• Package resolutions strategically implemented for security without breaking changes
• Comprehensive audit process documented for future maintenance

Security Documentation

• BABEL_TRAVERSE_VULNERABILITY_GUIDE.md - Comprehensive guide for resolving babel-traverse vulnerabilities
• Detailed troubleshooting and implementation strategies
• Best practices for maintaining security in Ember CLI projects

For more details on security implementations, see the vulnerability guide and recent changelog entries.

Releases

Notes

This library does its best to follow the principles of Semantic Versioning. Every effort should be made to ensure all non-major versions are released in a backwards compatible way.

Changelog

This project's changelog is generated using lerna-changelog. You can find instructions on how to setup your local environment for this in the project's Readme. Note that the Personal access token you use must be SSO-enabled for this to work.

lerna-changelog works off a system of labels defined in this project's package.json. Pull requests will be collated into the changelog based on which label has been applied to them.

Making a New Release

Once you are ready to make a new release follow these steps:

• Ensure all merged pull requests are labelled correctly as indicated in the Changelog section
• Create a new branch
• Update the version number in package.json
• Run pnpm run changelog --from x.x.x where x.x.x is the last version of this library that was released. This should generate changelog of changes since that last release.
• Copy the output of that command into CHANGELOG.md
• Commit your changes and open a PR

Once the PR is approved and merged you can then tag your new version by running git tag x.x.x where x.x.x is the new version number. Push your tag to GitHub using git push origin --tags.

Publish your new version to npm with the command pnpm publish 🎉

Note that you must have publish access to the @heroku npm organization to successfully publish