search

uswds / public-sans

A strong, neutral, principles-driven, open source typeface for text or display
https://public-sans.digital.gov/
Other
4.44k stars 102 forks source link

Public Sans - POAM: April '24 #297

Closed mahoneycm closed 3 months ago

mahoneycm commented 3 months ago

Summary

Updated vulerable and non-vulnerable dependencies. Added chromedriver devDependency to specify which version of chrome axe testing should use. This will allow us to maintain uniform tests across machines.

Current vulnerabilities:

5 moderate severity vulnerabilities

Vulnerabilities after fix:

4 moderate severity vulnerabilities

Related issue

Closes https://github.com/uswds/public-sans/security/dependabot/72

Testing instructions

  1. Running start and serve run without error
  2. Gulp commands run without error
    1. npm run start
    2. npm run serve
    3. npm run test:a11y (while localhost is being served from the serve script)

Dependency updates

Dependency Old version New version
@uswds/swds 3.7.1 3.8.0
postcss 8.4.32 8.4.38
sass-embedded 1.69.5 1.74.1
@axe-core/cli (devDependency) 4.8.2 4.9.0
chromedriver (devDependency) - 123.0.3
mahoneycm commented 3 months ago

@mejiaj Ready for re-review! The new RubyGems version caused my Gemfile.lock to update after rebuilding the site. Mostly patch fixes.