Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POAM: April 24 #429

Merged
merged 3 commits into from
Apr 12, 2024
Merged

POAM: April 24 #429

merged 3 commits into from
Apr 12, 2024

Conversation

clmedders
Copy link
Contributor

@clmedders clmedders commented Apr 8, 2024
edited
Loading

This PR handles security vulnerabilities for April 2024

Testing:

  • Pull down branch and run npm install and ensure no build errors
  • Start local with npm run start and visit local and visually inspect site to ensure no regressions
  • Local run npm run build-js to ensure no accessibility errors
DependenciesDependency Old New
 @babel/core 7.23.7  7.24.4 
@babel/preset-env 7.23.8 7.24.4
webpack 5.89.0 5.91.0

@clmedders clmedders changed the title paom updates for april 2024 POAM: April 24 Apr 8, 2024
@clmedders clmedders self-assigned this Apr 8, 2024
@clmedders clmedders added the dependencies Pull requests that update a dependency file label Apr 8, 2024
@clmedders clmedders marked this pull request as draft April 8, 2024 20:59
@clmedders clmedders requested review from mejiaj and nick-mon1 April 9, 2024 01:14
@clmedders clmedders marked this pull request as ready for review April 9, 2024 01:14
mejiaj
mejiaj previously approved these changes Apr 10, 2024
View reviewed changes
Copy link
Contributor

@mejiaj mejiaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@clmedders testing instructions mention pa11y task, but its npm run build-js that uses these dependencies.

I was able to test without any issues.

Build log 

npm run build-js

> [email protected] build-js
> webpack --progress

asset bundle.js 859 KiB [emitted] [minimized] [big] (name: site)
runtime modules 663 bytes 3 modules
cacheable modules 300 KiB
  ./assets/js/main.js 288 bytes [built] [code generated]
  ./node_modules/jquery/dist/jquery.js 279 KiB [built] [code generated]
  ./node_modules/stickyfilljs/dist/stickyfill.js 20.6 KiB [built] [code generated]

WARNING in configuration
The 'mode' option has not been set, webpack will fallback to 'production' for this value.
Set 'mode' option to 'development' or 'production' to enable defaults for each environment.
You can also set it to 'none' to disable any default behavior. Learn more: https://webpack.js.org/configuration/mode/

WARNING in asset size limit: The following asset(s) exceed the recommended size limit (244 KiB).
This can impact web performance.
Assets:
  bundle.js (859 KiB)

WARNING in entrypoint size limit: The following entrypoint(s) combined asset size exceeds the recommended limit (244 KiB). This can impact web performance.
Entrypoints:
  site (859 KiB)
      bundle.js


WARNING in webpack performance recommendations:
You can limit the size of your bundles by using import() or require.ensure to lazy load some parts of your application.
For more info visit https://webpack.js.org/guides/code-splitting/

webpack 5.91.0 compiled with 4 warnings in 572 ms

@ToniBonittoGSA ToniBonittoGSA merged commit 0516000 into main Apr 12, 2024
5 checks passed
@ToniBonittoGSA ToniBonittoGSA deleted the cm-poam-apr-24 branch April 12, 2024 17:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nick-mon1 nick-mon1 nick-mon1 approved these changes

@mejiaj mejiaj mejiaj approved these changes

@ToniBonittoGSA ToniBonittoGSA Awaiting requested review from ToniBonittoGSA

Assignees

@clmedders clmedders

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@clmedders @mejiaj @nick-mon1 @ToniBonittoGSA