Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PL - Dependencies: Remediate Babel security issue #438

Merged
merged 4 commits into from
Jul 25, 2024
Merged

PL - Dependencies: Remediate Babel security issue #438

merged 4 commits into from
Jul 25, 2024

Conversation

mejiaj
Copy link
Contributor

@mejiaj mejiaj commented Jul 22, 2024
edited
Loading

Description

Removing deprecated dependencies and redundant JavaScript. Closes https://github.com/GSA/plainlanguage.gov/security/dependabot/49.

Details

Remove deprecated dependencies

Removed the following deprecated dependencies:

Create NVMRC

Added an NVMRC file to always use the latest LTS version of node. This will help us stay on top of node versions.

Remove sticky polyfill

The only custom JS included was setting an explicit height to prevent a slight jump on hover. Position sticky has good support and didn't notice any issues on pages with sticky sidenav, like law/agency-programs.

Testing

  • Running npm run build-js builds without errors.
  • Running npm audit shows zero vulnerabilities.
  • Sticky navigation in works and there isn't a jump on hover | preview link →.

Impact

mejiaj added 4 commits July 22, 2024 10:52
@mejiaj
Remove unused & deprecated deps
3f54f50
@mejiaj
Remove outdated JS
686de9f 
Position sticky has good support in modern browsers. The issue originally mentioned in #184 is no longer happening.

#184
@mejiaj
Create NVMRC to use node LTS version
3c41cc1
@mejiaj
Restore main js file for future scripts
a2e49e0
mejiaj
mejiaj commented Jul 22, 2024
View reviewed changes
Copy link
Contributor Author

@mejiaj mejiaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added comments for clarity.

assets/js/main.js
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

File is left empty to allow custom JS in the future. Also avoids a build error. The polyfill and jQuery are no longer needed.

package.json
"babel-loader": "^8.2.3",
"babel-plugin-transform-es2015-modules-commonjs": "^6.26.2",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

Now included in @babel/preset-env.
Source →

package.json
"babel-loader": "^8.2.3",
"babel-plugin-transform-es2015-modules-commonjs": "^6.26.2",
"babel-preset-es2015": "^6.14.0",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

Replaced by @babel/preset-env.
Source →

package.json
Comment on lines -34 to -36
"jquery": "^3.7.1",
"pa11y-ci": "^2.4.2",
"stickyfilljs": "^2.1.0",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tip

jQuery and stickyfill no longer needed as position sticky is well supported.

@mejiaj mejiaj marked this pull request as ready for review July 22, 2024 16:17
@mejiaj mejiaj requested review from rileyseaburg and clmedders July 22, 2024 16:17
@rileyseaburg rileyseaburg merged commit b42f56b into main Jul 25, 2024
5 checks passed
@rileyseaburg rileyseaburg deleted the jm-poam-babel-update branch July 25, 2024 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clmedders clmedders clmedders approved these changes

@rileyseaburg rileyseaburg rileyseaburg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mejiaj @rileyseaburg @clmedders