Open JennaySDavis opened 6 months ago
We cannot resolve the PostCSS Dependabot issues, linked below, because our systems rely on uswds-compile. We currently have the latest version(1.1.0) installed, which depends on the vulnerable version of PostCSS. The USWSDS package should be updated first, or we should move away from using it, but in the meantime, we will not be able to upgrade to a safe version.
In addition, Astro v2 depends on a vulnerable version of PostCSS. We would need to migrate to a newer version, requiring an overhaul since we are two full versions behind. We have spent about a week attempting this upgrade to Astro v4.
We do not currently have an accurate estimate of how long it will take to upgrade Astro as there are several unknowns around what is now preventing the upgraded version from working. Regardless, we will still need to resolve the dependency on USWDS-Compile before this vulnerability can be properly addressed.
@john-labbate any update on this?
@clyncha uswds/compile has been updated in our system at this point and is no longer a blocker. We have not allocated the resources to updating the Astro version yet.
Research multiple issues with Best Practices and Accessibility found when Lighthouse was run on the 889 Tool. The following items were reported: Best Practices
*The Lighthouse report is available in Google Docs > Accessibility Compliance Testing Results folder