search

uswds / public-sans

A strong, neutral, principles-driven, open source typeface for text or display
https://public-sans.digital.gov/
Other
4.44k stars 102 forks source link

Public-Sans - POAM: July '24 #306

Open mahoneycm opened 2 weeks ago

mahoneycm commented 2 weeks ago

Summary

Resolved dependency vulnerabilities via npm audit fix

Related issue

USWDS-Team - POAM: July 2024 Closes https://github.com/uswds/public-sans/security/dependabot/75

Preview link

Preview link →

Major changes

Vulnerabilities before update

16 vulnerabilities (3 moderate, 13 high)

After update

15 vulnerabilities (3 moderate, 12 high)

Dependency updates

Node package updates

Dependency name Previous version Updated version
@axe-core/cli ^4.9.0 ^4.9.1
@uswds/uswds 3.8.0 3.8.1
postcss ^8.4.38 ^8.4.39
sass-embedded ^1.77.0 ^1.77.5

Gem updates:

Gem name Previous version Updated version
addressable 2.8.6 2.8.7
public_suffix >= 2.0.2, < 6.0 >= 2.0.2, < 7.0
google-protobuf 4.27.1 4.27.2
public_suffix 5.0.5 6.0.0
rexml 3.2.9 3.3.1
rouge 4.2.1 4.3.0
sass-embedded 1.77.4 1.77.5

Testing and review

Gulp commands run without error

  1. npm run start
  2. npm run serve
  3. npm run test:a11y (while localhost is being served from the serve script)
mahoneycm commented 1 week ago

@mejiaj Good catch, looks like I accidentally copied over the dependency vulnerability count from USWDS-Tutorial (tested before this branch)

Updated the PR description to match!