Public Sans - POAM: December '24

[mahoneycm]

Summary

POAM updates for November + December 2024

Related issue

uswds/uswds-team#413

Resolves https://github.com/uswds/public-sans/security/dependabot/85

Preview link

Public Sans →

Major changes

• Updated USWDS to 3.10.0

Dependency updates

found 0 vulnerabilities

Here's the updated table:

Dependency Name	Old Version	New Version
@axe-core/cli	^4.10.0	^4.10.1
@uswds/uswds	3.9.0	3.10.0
postcss	^8.4.47	^8.4.49
sass-embedded	^1.79.4	^1.83.0

Gem updates

Gem Name	Old version	New version
google-protobuf	4.28.2	4.29.1
kramdown	2.4.0	2.5.1
rack	2.2.9	2.2.10
rexml	3.3.8	3.4.0
rouge	4.4.0	4.5.1
sass-embedded	1.79.4	1.83.0
webrick	1.8.2	1.9.1

Testing and review

Gulp commands run without error

1. npm run start
2. npm run serve
3. npm run test:a11y (while localhost is being served from the serve script)
   • Note: you may need to install a chrome driver to match your local version. Instructions will appear in the terminal.

[cathybaptista]

@mahoneycm, I am not sure if this experience is something we want to message out. Let me know and if it's not something we need to tackle because its just on my local, then I approve.

1. on public-sans, verified that gemfiles and package.json are updated according to table.
2. ran npm start: warning: 224 repetitive deprecation warnings omitted.
3. ran npm run serve: up and running
4. npm run test:a11y (while localhost is being served from the serve script) this was failing, I had to run: npx browser-driver-manager install chrome. Then it succeeded:

npx axe http://localhost:4000/, http://localhost:4000/public-sans-100/ --tags wcag2a

Running axe-core 4.10.2 in chrome-headless

Testing http://localhost:4000/ ... please wait, this may take a minute.
 0 violations found!

Testing http://localhost:4000/public-sans-100/ ... please wait, this may take a minute.
 0 violations found!
Testing complete of 2 pages

[mahoneycm]

@cathybaptista thanks for pointing that out! I added a note in the testing instructions 👍

[cathybaptista]

LGTM! :)