The new version requires additional configuration for less syntax, and
has new default rules we were out of compliance with.
I disabled rules about avoiding explicit vendor prefixes (such as
"-webkit") because we are not using any auto-prefixer tools. Other
violations have been fixed:
- kebab-case for element ids
- quotes around URLs
- double quotes instead of single quotes
- disable class selector pattern matching for MDL (external)
- use modern rgb/rgba syntax
- no quotes on font families
- no long-hand when short-hand will do
This brings our NPM audit vulnerabilities from 20 down to 10.
Downgrade less to v3. v4 is failing on macOS for some reason. See
less/less.js#3693
This also makes some less/CSS changes that are useful for future
upgrades:
- wrap all calculations in calc(), which is required in less v4
- remove unneeded @transparent variable
Finally, this fixes an erroneous error message that said "extern
generation failed" instead of "CSS compilation failed".
Closes#3981
Joey Parrish
Nico