USWDS-Site - POAM: September '24

[mahoneycm]

Summary

Installed available minor and patch updates for direct dependencies.

Important

This PR caught a Federalist build issue related to Ruby 3.3.4. The issue appears unrelated to these changes but was caught due to generating a new gemfile.lock. This PR downgrades Ruby to 3.2.5 to avoid build errors.

The federalist pages team is investigating and created this issue to track. Additional details in this slack thread (🔒)

Related issue

USWDS-Team - POAM: August 2024

Preview link

Preview link →

Major changes

• Ruby downgraded to 3.2.5 to resolve Cloud Pages build error.
• Removed outdated overrides
  • glob-parent
    • Originally added in USWDS-Site - Dependencies: Use overrides to remove reliance on snyk ignore #2069
    • Error was related to a snyk ignore that was added monthly
    • No error detected on install, build, or snyk tests
  • postcss
    • Originally added in USWDS-Site - Snyk: Add postcss override to package.json #2351 to address snyk error
    • Error was related to sub-dependency in compile
    • No error detected on install, build, or snyk tests
• Resolved HTML proofer error
  • Affected link: https://design.va.gov/patterns/help-users-to/recover-from-errors#style-and-tone
  • The page was simplified and the related header was removed
  • The new simplified page still outlines the related guidance that we originally referenced

Testing and review

1. Run npm install.
2. Run npm run build and confirm there are no build errors.
3. Run npm start and confirm there are no build errors.
4. Run npm test and confirm there are no errors.
5. Run npm run crawl to test crawler script that uses cheerio package.
6. No perceived visual regressions.
7. Cloud pages preview link works.
8. Confirm the new "Recover from Errors" guidance covers the we originally linked to:
   • WebArchive of the link →
     • Section referenced was "Style and Tone".
   • Replacement link →

Dependency updates

Before:

16 vulnerabilities (8 moderate, 8 high)

After:

14 vulnerabilities (9 moderate, 5 high)

Package updates

Dependency name	Old version	New version
cheerio	^1.0.0-rc.12	^1.0.0
eslint-plugin-import	^2.29.1	^2.30.0
express	^4.19.2	^4.21.0
postcss	^8.4.40	^8.4.47
sass	^1.77.8	^1.78.0
snyk	^1.1292.2	^1.1293.1

Gem updates

Gem name	Old version	New Version
google-protobuf	4.27.3	4.28.1
i18n	1.14.5	1.14.6
jekyll	4.3.3	4.3.4
parallel	1.26.2	1.26.3
rexml	3.3.5	3.3.7
rouge	4.3.0	4.4.0
rspec-core	3.13.0	3.13.1
rspec-expectations	3.13.1	3.13.3
sass-embedded	1.77.8	1.78.0
strscan	3.1.0	--
zeitwerk	2.6.17	2.6.18

[mejiaj]

Thanks @mahoneycm! Tests pass and no issues found in preview after testing several pages (Components, Docs, Utils, and Security).

Minor note, there's still a reference to Ruby 3.3.4 in README.md. Updated in be54418.

[amyleadem]

Looks good! Thanks as always for the helpful PR description, @mahoneycm

• Confirm that the link update is appropriate
• Confirm all references to ruby 3.3.4 have been updated
• Confirm I can run npm install, npm start, npm run build, npm run crawl, npm test without error