Public sans - Dependencies: POAM Dec '23 - Githubissues

uswds / public-sans

A strong, neutral, principles-driven, open source typeface for text or display

https://public-sans.digital.gov/

Other

4.44k stars 102 forks source link

Public sans - Dependencies: POAM Dec '23 #284

Closed mejiaj closed 7 months ago

mejiaj commented 7 months ago

Dependency updates

Node

As of 12/18/23

Before: 13 vulnerabilities (6 moderate, 7 high). After: ~7~ 4 moderate severity vulnerabilities. (3 additional via npm audit fix).

Dependency	Old	New
@uswds/compile	1.0.0-beta.2	1.1.0
@uswds/uswds	3.0.0	3.7.1
postcss	8.2.6	8.4.32
sass-embedded	1.50.1	1.69.5
@axe-core/cli	4.0.0	4.8.2
glob-parent (via overrides)	-	6.0.2

Ruby

Dependency	Old	New
Ruby [^1]	3.0.2	3.2.2
Bundler	2.0.1	2.4.22
addressable	2.8.5	2.8.6
google-protobuf	3.24.4	3.25.1
public_suffix	5.0.3	5.0.4
rake	13.0.6	13.1.0
rouge	4.1.3	4.2.0
sass-embedded	1.69.4	1.69.5

[^1]: There was a Cloud pages build error because of ruby version. Updating based on currently supported versions: https://www.ruby-lang.org/en/downloads/branches/

mejiaj commented 7 months ago

@mahoneycm I've run npm audit fix, thanks.