Skip to content

USWDS - POAM: December ‘24#6255

Merged
thisisdano merged 4 commits into
developfrom
cb-poam-dec-24
Dec 17, 2024
Merged

USWDS - POAM: December ‘24#6255
thisisdano merged 4 commits into
developfrom
cb-poam-dec-24

Conversation

@cathybaptista

@cathybaptista cathybaptista commented Dec 13, 2024

Copy link
Copy Markdown
Contributor

Summary

Updated vulnerable dependencies, updated indirect dependency for elliptic

Breaking change

This is not a breaking change.

Related issue

uswds/uswds-team#413

Preview link

Preview link:

Major changes

Before:

59 vulnerabilities (1 low, 31 moderate, 27 high)

After:

55 vulnerabilities (0 low, 29 moderate, 26 high)

`

Testing and review

  1. Pull down and run npm install
  2. Confirm no installation errors
  3. Run npx gulp buildSass to test sass compilation
  4. Run npm run test
  5. Confirm no testing or linting errors
  6. Run npm run build:html and confirm the script runs as expected.
  7. Start local or visit preview link
  8. Confirm there are no visual regressions

Dependency updates

Dependency name Old version New version
sass 1.81.0 1.83.0
sass-embedded 1.81.0 1.83.0
snyk 1.1294.1 1.1294.3
stylelint 16.10.0 16.11.0
webpack 5.96.1 5.97.1

@cathybaptista cathybaptista changed the title CB: USWDS poams USWDS - POAM: December ‘24 Dec 13, 2024
mejiaj
mejiaj previously approved these changes Dec 17, 2024

@mejiaj mejiaj left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, installed without issues.

Wanted to note that on develop I'm currently seeing this:

55 vulnerabilities (30 moderate, 25 high)

@amyleadem

Copy link
Copy Markdown
Contributor

@cathybaptista / @mahoneycm Can you pull in the latest from develop so that this includes the npm override fix from #6249?

@amyleadem amyleadem left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
Tested with Node v22.11.0.
Vulnerability count: 55 vulnerabilities (29 moderate, 26 high)

  • Confirm we can run npm install, npm start, npm build:html and npm run test without error.
  • Confirmed components render as expected in Storybook
  • Confirm dependency table matches the changes in package.json

@thisisdano thisisdano merged commit 2897fd9 into develop Dec 17, 2024
@thisisdano thisisdano deleted the cb-poam-dec-24 branch December 17, 2024 21:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Archived in project

Development

Successfully merging this pull request may close these issues.

5 participants