Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Public Sans - POAM: November '24 #330

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

Public Sans - POAM: November '24 #330

wants to merge 2 commits into from

Conversation

mahoneycm
Copy link
Contributor

@mahoneycm mahoneycm commented Nov 20, 2024
edited
Loading

Summary

POAM updates for November 2024

Related issue

uswds/uswds-team#413

Resolves https://github.com/uswds/public-sans/security/dependabot/85

Preview link

Public Sans →

Major changes

  • Updated USWDS to 3.10.0

Dependency updates

found 0 vulnerabilities

Here's the updated table:

Dependency Name Old Version New Version
@axe-core/cli ^4.10.0 ^4.10.1
@uswds/uswds 3.9.0 3.10.0
postcss ^8.4.47 ^8.4.49
sass-embedded ^1.79.4 ^1.81.0

Gem updates

Gem Name Old version New version
google-protobuf 4.28.2 4.28.3
kramdown 2.4.0 2.5.1
rack 2.2.9 2.2.10
rexml 3.3.8 3.3.9
rouge 4.4.0 4.5.1
sass-embedded 1.79.4 1.81.0
webrick 1.8.2 1.9.0

Testing and review

Gulp commands run without error

  1. npm run start
  2. npm run serve
  3. npm run test:a11y (while localhost is being served from the serve script)
    • Note: you may need to install a chrome driver to match your local version. Instructions will appear in the terminal.

@mahoneycm mahoneycm requested a review from a team as a code owner November 20, 2024 20:23
@mahoneycm mahoneycm mentioned this pull request Nov 20, 2024
Open
7 tasks
cathybaptista
cathybaptista reviewed Nov 22, 2024
View reviewed changes
Copy link

@cathybaptista cathybaptista left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mahoneycm, I am not sure if this experience is something we want to message out. Let me know and if it's not something we need to tackle because its just on my local, then I approve.

  1. on public-sans, verified that gemfiles and package.json are updated according to table.
  2. ran npm start: warning: 224 repetitive deprecation warnings omitted.
  3. ran npm run serve: up and running
  4. npm run test:a11y (while localhost is being served from the serve script) this was failing, I had to run: npx browser-driver-manager install chrome. Then it succeeded:
npx axe http://localhost:4000/, http://localhost:4000/public-sans-100/ --tags wcag2a

Running axe-core 4.10.2 in chrome-headless

Testing http://localhost:4000/ ... please wait, this may take a minute.
 0 violations found!

Testing http://localhost:4000/public-sans-100/ ... please wait, this may take a minute.
 0 violations found!
Testing complete of 2 pages

@mahoneycm
Copy link
Contributor Author

@cathybaptista thanks for pointing that out! I added a note in the testing instructions 👍

cathybaptista
cathybaptista approved these changes Nov 25, 2024
View reviewed changes
Copy link

@cathybaptista cathybaptista left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cathybaptista cathybaptista cathybaptista approved these changes

@mejiaj mejiaj Awaiting requested review from mejiaj

@amyleadem amyleadem Awaiting requested review from amyleadem

@mlloydbixal mlloydbixal Awaiting requested review from mlloydbixal

@RachelCorsino RachelCorsino Awaiting requested review from RachelCorsino

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mahoneycm @cathybaptista