Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

USWDS-Sandbox - POAM: May '24 #136

Merged
merged 4 commits into from
May 20, 2024
Merged

USWDS-Sandbox - POAM: May '24 #136

merged 4 commits into from
May 20, 2024

Conversation

mahoneycm
Copy link
Contributor

@mahoneycm mahoneycm commented May 14, 2024

Summary

Updated non-vulnerable dependencies including the USWDS package.

Related Issue

Closes https://github.com/uswds/uswds-tutorial/security/dependabot/16

Vulnerability changes

Before:

11 vulnerabilities (4 moderate, 7 high)

After:

10 vulnerabilities (3 moderate, 7 high)

Testing instructions

  1. Run build, start, and test scripts without failure.
  2. Check pipeline checks and ensure all are passing.

Dependency updates

Dependency Old version New version
Snyk 1.1288.0 1.1291.0

dependabot bot and others added 3 commits May 2, 2024 10:14
Bumps [ejs](https://github.com/mde/ejs) from 3.1.9 to 3.1.10.
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v3.1.9...v3.1.10)

---
updated-dependencies:
- dependency-name: ejs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@mahoneycm mahoneycm changed the title Cm poam may 2024 USWDS-Sandbox - POAM: May 14, 2024
@mahoneycm mahoneycm changed the title USWDS-Sandbox - POAM: USWDS-Sandbox - POAM: May '24 May 14, 2024
@mahoneycm mahoneycm mentioned this pull request May 14, 2024
6 tasks
@mejiaj mejiaj merged commit 8424b75 into main May 20, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants