USWDS-Site - POAM: November ‘24

[cathybaptista]

Summary

POAM Updates for November 2024

Related issue

uswds/uswds-team#413

Resolves https://github.com/uswds/public-sans/security/dependabot/85

Preview link

Preview link:

Major changes

ruby updated to 3.2.5
rexml updated to 3.3.9

Before:

5 vulnerabilities (1 low, 3 moderate, 1 high)

After:

5 vulnerabilities (0 low, 3 moderate, 0 high)

Testing and review

1. Pull down and run npm install
2. Confirm no installation errors
3. Run Compile scripts
4. Confirm no build errors
5. Run npm run test
6. Confirm no testing or linting errors
7. Start local or visit preview link
8. Confirm there are no visual regressions

Dependency updates

Gem updates

Dependency name	Old version	New version
google-protobuf	4.28.2-arm64-darwin	4.28.3-arm64-darwin
json	2.7.2	2.8.2
kramdown	2.4.0	2.5.1
rexml	3.3.8	3.3.9
rouge	4.4.0	4.5.1
rspec-core	3.13.1	3.13.2
sass-embedded	1.79.4-arm64-darwin	1.81.0-arm64-darwin
webrick	1.8.2	1.9.0
zeitwerk	2.6.18	2.7.1

Node updates

Dependency name	Old version	New version
axe-core	^4.10.0	^4.10.2
postcss	^8.4.47	^8.4.49
sass	^1.79.4	^1.81.0
snyk	^1.1293.1	^1.1294.0

[mahoneycm]

Praise: Looking great @cathybaptista ! Everything is working like a charm. Just some small PR cleanup and this will be good to go!

Polish (non-blocking): If you use triple ticks and js or node codeblocks, you can get color syntaxed vulnerability report. Feel free to "edit" this comment to see how this looks in the markup if you'd like.

ex:

5 vulnerabilities (1 low, 3 moderate, 1 high)

Polish: Fix the table formatting. Everything looks good here but there is an extra column header causing the markdown formatting to break the table display.

[mahoneycm]

lgtm!