uswds-site
uswds-site copied to clipboard
Published
20 hours ago •
uswds
uswds
USWDS-Site - POAM: October '24
Summary
Installed available minor and patch updates for direct dependencies.
Related issue
USWDS-Team - POAM: October 2024
Preview link
Preview link → Resolves https://github.com/uswds/uswds-site/security/dependabot/82 Resolves https://github.com/uswds/uswds-site/security/dependabot/81 Resolves https://github.com/uswds/uswds-site/security/dependabot/66
Major changes
- Major version change from gulp 4 → 5
- Major version change from gulp-cli
Dependency updates
Before:
16 vulnerabilities (8 moderate, 8 high)
After:
3 moderate severity vulnerabilities
Package updates
| Dependency name | Old version | New version |
|---|---|---|
| cheerio | ^1.0.0-rc.12 | ^1.0.0 |
| eslint-plugin-import | ^2.29.1 | ^2.30.0 |
| express | ^4.19.2 | ^4.21.0 |
| gulp | ^4.0.2 | ^5.0.0 |
| gulp-cli | ^2.30 | ^3.0.0 |
| postcss | ^8.4.40 | ^8.4.47 |
| sass | ^1.77.8 | ^1.78.0 |
| snyk | ^1.1292.2 | ^1.1293.1 |
Gem updates
| Gem name | Old version | New Version |
|---|---|---|
| google-protobuf | 4.27.3 | 4.28.1 |
| i18n | 1.14.5 | 1.14.6 |
| jekyll | 4.3.3 | 4.3.4 |
| parallel | 1.26.2 | 1.26.3 |
| rexml | 3.3.5 | 3.3.7 |
| rouge | 4.3.0 | 4.4.0 |
| rspec-core | 3.13.0 | 3.13.1 |
| rspec-expectations | 3.13.1 | 3.13.3 |
| sass-embedded | 1.77.8 | 1.78.0 |
| strscan | 3.1.0 | -- |
| zeitwerk | 2.6.17 | 2.6.18 |
Testing and review
- Run
npm install. - Run
npm run buildand confirm there are no build errors. - Run various gulp scripts and confirm there are no errors.
- Run
npm startand confirm there are no build errors. - Run
npm testand confirm there are no errors. - No perceived visual regressions.
