Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

USWDS-Compile - POAM: May '24 #101

Merged
merged 4 commits into from
May 22, 2024
Merged

USWDS-Compile - POAM: May '24 #101

merged 4 commits into from
May 22, 2024

Conversation

mahoneycm
Copy link
Contributor

@mahoneycm mahoneycm commented May 14, 2024
edited
Loading

Summary

Updated non-vulnerable dependencies including the USWDS package.

Snyk errors

Updated snyk ignore to resolve the following issues:

npx snyk ignore --id="SNYK-JS-BRACES-6838727" --reason="No available upgrade or patch" 
npx snyk ignore --id="SNYK-JS-INFLIGHT-6095116" --reason="No available upgrade or patch"
npx snyk ignore --id="SNYK-JS-MICROMATCH-6838728" --reason="No available upgrade or patch"
npx snyk ignore --id="SNYK-JS-POSTCSS-5926692" --reason="No available upgrade or patch" 
npx snyk ignore --id="SNYK-JS-ANSIREGEX-1583908" --reason="Upgrading Gulp causes regression in asset compilation"

Testing instructions

  1. Install this branch on site
    • On Site's main branch, run:
npm install "https://github.com/uswds/uswds-compile/tree/cm-POAM-may-2024" --save
  1. Run gulp sass scripts and ensure compile runs as expected without error.
  2. Ensure no when package is used to compile site
    1. Visit demo repo
    2. Run gulp compile commands and confirm they run without error
    3. Visit site preview and confirm there are no regressions

Dependency updates

Dependency Old version New version
sass-embedded 1.74.1 1.77.0

@mahoneycm mahoneycm marked this pull request as ready for review May 14, 2024 15:51
@mahoneycm mahoneycm requested review from mejiaj and amyleadem May 14, 2024 15:51
@mahoneycm mahoneycm mentioned this pull request May 14, 2024
Closed
6 tasks
@mejiaj
Copy link
Contributor

mejiaj commented May 17, 2024

@mahoneycm there's a snyk failure on this PR. Can you check it out?

@mahoneycm mahoneycm changed the title Update non-vulnerable dependencies USWDS-Compile - POAM: May '24 May 20, 2024
@mahoneycm mahoneycm mentioned this pull request May 20, 2024
Closed
@mahoneycm mahoneycm requested a review from mejiaj May 20, 2024 14:59
@mahoneycm
Copy link
Contributor Author

@mejiaj Snyk errors were coming from Gulp. I was able to successfully bump Gulp to it's next major version to resolve one of the high severity snyk failures. The rest were added to the snyk ignore.

I updated the PR description with additional information and created a demo branch in our site repo

@mejiaj
Copy link
Contributor

mejiaj commented May 20, 2024

@mahoneycm we haven't sufficiently tested this next major version, so I'd hesitate to merge.

@mahoneycm mahoneycm mentioned this pull request May 21, 2024
Closed
@mahoneycm
Copy link
Contributor Author

I've created a testing repo for Site and Sandbox.

Site seems to compile as expected without error but I keep running into an image / asset copy issue on sandbox that causes all of the images to be corrupted 😬

@mahoneycm
Copy link
Contributor Author

Gulp regression

Upgrading to Gulp 5 caused a possible regression in our Sandbox repo when running copyAssets and copyImages compile scripts.

I've reverted Gulp back to 4.0.2. We can use #99 continue testing Gulp major version updates.

@mahoneycm mahoneycm mentioned this pull request May 22, 2024
Closed
2 tasks
@mejiaj mejiaj merged commit fe638d0 into develop May 22, 2024
1 check passed
@mejiaj mejiaj deleted the cm-POAM-may-2024 branch May 22, 2024 14:19
@mejiaj mejiaj mentioned this pull request Jun 17, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amyleadem amyleadem Awaiting requested review from amyleadem

@mejiaj mejiaj Awaiting requested review from mejiaj

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mahoneycm @mejiaj