-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Public-Sans - POAM: August '24 #306
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mahoneycm not seeing the same results from npm audit
.
Develop
16 vulnerabilities (3 moderate, 13 high)
Feature
15 vulnerabilities (3 moderate, 12 high)
Can you run again and confirm?
Additionally, I've created issue #307 so we can update Ruby/Node versions. I still see node 18 being used.
@mejiaj Good catch, looks like I accidentally copied over the dependency vulnerability count from USWDS-Tutorial (tested before this branch) Updated the PR description to match! |
Co-authored-by: James Mejia <[email protected]>
Public-Sans: Update Ruby and Node versions
August additionsNode chromedriver 125.0.3 → 127.0.1 Gems google-protobuf 4.27.2 → 4.27.3 note: the chrome driver update was required to make Related GH thread |
Installed latest
|
Summary
Resolved dependency vulnerabilities via
npm audit fix
Related issue
USWDS-Team - POAM: August 2024
Closes https://github.com/uswds/public-sans/security/dependabot/75
Closes https://github.com/uswds/public-sans/security/dependabot/78
Closes https://github.com/uswds/public-sans/security/dependabot/77
Closes https://github.com/uswds/public-sans/security/dependabot/76
Preview link
Preview link →
Major changes
lts
3.3.4
Vulnerabilities before update
After update
Dependency updates
Node package updates
Gem updates:
Testing and review
Gulp commands run without error
npm run start
npm run serve
npm run test:a11y
(while localhost is being served from the serve script)