Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Public sans - Dependencies: POAM Dec '23 #284

Merged
merged 5 commits into from
Dec 19, 2023
Merged

Public sans - Dependencies: POAM Dec '23 #284

merged 5 commits into from
Dec 19, 2023

Conversation

mejiaj
Copy link
Contributor

@mejiaj mejiaj commented Dec 13, 2023
edited
Loading

Dependency updates

Node

As of 12/18/23

Before: 13 vulnerabilities (6 moderate, 7 high).
After: 7 4 moderate severity vulnerabilities. (3 additional via npm audit fix).

Dependency Old New
@uswds/compile 1.0.0-beta.2 1.1.0
@uswds/uswds 3.0.0 3.7.1
postcss 8.2.6 8.4.32
sass-embedded 1.50.1 1.69.5
@axe-core/cli 4.0.0 4.8.2
glob-parent (via overrides) - 6.0.2

Ruby

Dependency Old New
Ruby 1 3.0.2 3.2.2
Bundler 2.0.1 2.4.22
addressable 2.8.5 2.8.6
google-protobuf 3.24.4 3.25.1
public_suffix 5.0.3 5.0.4
rake 13.0.6 13.1.0
rouge 4.1.3 4.2.0
sass-embedded 1.69.4 1.69.5

Footnotes

  1. There was a Cloud pages build error because of ruby version. Updating based on currently supported versions: https://www.ruby-lang.org/en/downloads/branches/

@mejiaj mejiaj marked this pull request as ready for review December 13, 2023 21:10
mahoneycm
mahoneycm reviewed Dec 14, 2023
View reviewed changes
Copy link
Contributor

@mahoneycm mahoneycm left a comment
edited by mejiaj
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good but I found running npm audit fix resolved 3 additional vulnerabilities. Can we add that to this PR?

  • Decreased vulnerabilities
  • npm audit fix does not resolve additional vulnerabilities
  • Stats without error

@mejiaj mejiaj requested a review from mahoneycm December 18, 2023 18:33
@mejiaj
Copy link
Contributor Author

mejiaj commented Dec 18, 2023

@mahoneycm I've run npm audit fix, thanks.

mahoneycm
mahoneycm approved these changes Dec 18, 2023
View reviewed changes
Copy link
Contributor

@mahoneycm mahoneycm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thanks James

@mejiaj mejiaj merged commit 8b20c61 into develop Dec 19, 2023
4 checks passed
@mejiaj mejiaj deleted the jm-poam-dec-23 branch December 19, 2023 14:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mahoneycm mahoneycm mahoneycm approved these changes

@thisisdano thisisdano Awaiting requested review from thisisdano

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mejiaj @mahoneycm