search

uswds / public-sans

A strong, neutral, principles-driven, open source typeface for text or display
https://public-sans.digital.gov/
Other
4.47k stars 102 forks source link

Public-sans - POAM: September '24 #315

Open mahoneycm opened 1 month ago

mahoneycm commented 1 month ago

Summary

POAM updates for September 2024

[!WARNING] We received deprecation warnings for dependencies that are no longer supported. They are coming from USWDS compile and will be resolved in uswds/uswds-compile#122.

[!IMPORTANT] This PR caught a Federalist build issue. The issue appears unrelated to these changes but was caught due to generating a new gemfile.lock.

The federalist pages team is investigating. Additional details in this slack thread (šŸ”’).

In the meantime I've downgraded ruby.

Related issue

uswds/uswds-team#390 Resolves https://github.com/uswds/public-sans/security/dependabot/84 Resolves https://github.com/uswds/public-sans/security/dependabot/83 Resolves https://github.com/uswds/public-sans/security/dependabot/74 Resolves https://github.com/uswds/public-sans/security/dependabot/81 Resolves https://github.com/uswds/public-sans/security/dependabot/82

Preview link

Preview link ā†’

Major changes

Dependency updates

Before:

11 vulnerabilities (6 moderate, 5 high)

After

found 0 vulnerabilities

Dependency updates

Node package updates

Dependency name Old version New version
@axe-core/cl ^4.9.1 ^4.10.0
@uswds/uswds 3.8.1 3.8.2
gulp ^4.0.2 ^5.0.0
postcss ^8.4.41 ^8.4.45
sass-embedded ^1.77.8 ^1.78.0

Gem updates:

Dependency name Old version New version
@uswds/uswds 3.8.2 3.9.0
concurrent-ruby 1.3.3 1.3.4
google-protobuf 4.28.0 4.28.2
i18n 1.14.5 1.14.6
jekyll 4.3.3 4.3.4
rexml 3.3.4 3.3.8
rouge 4.3.0 4.4.0
postcss ^8.4.45 ^8.4.47
sass-embedded 1.78.0 1.79.4
strscan 3.1.0 ā€”
unicode-display_width 2.5.0 2.6.0
webrick 1.8.1 1.8.2

Testing and review

Gulp commands run without error

  1. npm run start
  2. npm run serve
  3. npm run test:a11y (while localhost is being served from the serve script)
  4. Confirm no font regressions in Public Sans fonts due to Gulp update
mahoneycm commented 1 week ago

October updates

Dependency updates

Dependency name Old version New version
@uswds/uswds 3.8.1 3.8.2
postcss ^8.4.41 ^8.4.45
sass-embedded ^1.77.8 ^1.78.0

Gem updates

Gem name Old version New version
google-protobuf 4.28.1 4.28.2
rexml 3.3.7 3.3.8
sass-embedded 1.78.0 1.79.4
webrick 1.8.1 1.8.2
mahoneycm commented 1 week ago

~IMPORTANT~ ~Converting to draft while we review compile POAM PR~

Resuming review of this PR since we would have to wait for the next compile release to resolve