-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Production Release #352
Merged
Merged
Production Release #352
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Issue #333 Dependabot Alert: path-to-regexp outputs backtracking regular expressions Issue #332 Dependabot Alert: DOMPurify allows tampering by prototype pollution Issue #346 Research SAM.gov to determine why vendors/contractors marked to be shared are not appearing in the 889 Tool Issue #327 Bug: Accessibility Issue; Lists do not contain only <li> elements and script supporting elements ( <script> and <template>)
jfredrickson
approved these changes
Oct 3, 2024
felder101
added a commit
that referenced
this pull request
Nov 19, 2024
* Gsa/staging/production release (#148) * Bump get-func-name from 2.0.0 to 2.0.2 in /front-end Bumps [get-func-name](https://github.com/chaijs/get-func-name) from 2.0.0 to 2.0.2. - [Release notes](https://github.com/chaijs/get-func-name/releases) - [Commits](https://github.com/chaijs/get-func-name/commits/v2.0.2) --- updated-dependencies: - dependency-name: get-func-name dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump @vue/eslint-config-prettier from 7.1.0 to 8.0.0 in /front-end Bumps [@vue/eslint-config-prettier](https://github.com/vuejs/eslint-config-prettier) from 7.1.0 to 8.0.0. - [Release notes](https://github.com/vuejs/eslint-config-prettier/releases) - [Changelog](https://github.com/vuejs/eslint-config-prettier/blob/main/CHANGELOG.md) - [Commits](vuejs/eslint-config-prettier@v7.1.0...v8.0.0) --- updated-dependencies: - dependency-name: "@vue/eslint-config-prettier" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump eslint-plugin-vue from 9.16.1 to 9.17.0 in /front-end Bumps [eslint-plugin-vue](https://github.com/vuejs/eslint-plugin-vue) from 9.16.1 to 9.17.0. - [Release notes](https://github.com/vuejs/eslint-plugin-vue/releases) - [Commits](vuejs/eslint-plugin-vue@v9.16.1...v9.17.0) --- updated-dependencies: - dependency-name: eslint-plugin-vue dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump wheel from 0.41.1 to 0.41.2 Bumps [wheel](https://github.com/pypa/wheel) from 0.41.1 to 0.41.2. - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.41.1...0.41.2) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump @rushstack/eslint-patch from 1.3.2 to 1.5.1 in /front-end Bumps [@rushstack/eslint-patch](https://github.com/microsoft/rushstack/tree/HEAD/eslint/eslint-patch) from 1.3.2 to 1.5.1. - [Changelog](https://github.com/microsoft/rushstack/blob/main/eslint/eslint-patch/CHANGELOG.md) - [Commits](https://github.com/microsoft/rushstack/commits/@rushstack/eslint-patch_v1.5.1/eslint/eslint-patch) --- updated-dependencies: - dependency-name: "@rushstack/eslint-patch" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump @cypress/request and cypress in /front-end Bumps [@cypress/request](https://github.com/cypress-io/request) to 3.0.1 and updates ancestor dependency [cypress](https://github.com/cypress-io/cypress). These dependencies need to be updated together. Updates `@cypress/request` from 2.88.12 to 3.0.1 - [Release notes](https://github.com/cypress-io/request/releases) - [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md) - [Commits](cypress-io/request@v2.88.12...v3.0.1) Updates `cypress` from 12.17.3 to 13.2.0 - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](cypress-io/cypress@v12.17.3...v13.2.0) --- updated-dependencies: - dependency-name: "@cypress/request" dependency-type: indirect - dependency-name: cypress dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> * Updating build and run scripts In part, the new top-level `npm run dev` command will run both the backend and the frontend together. * Updating .nvmrc * Further updates to package build, run, and test scripts * Updating README python instructions Minor errors in fixed * Updating lint config `npm run lint` should now work correctly,with some initial settings for Vue * Undo linting changes * Updating eslint config to specify JS files as modules * Update README.md * Update README.md * Bump eslint from 8.47.0 to 8.51.0 in /front-end Bumps [eslint](https://github.com/eslint/eslint) from 8.47.0 to 8.51.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.47.0...v8.51.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * update eslint to fix version conflict with prettier. Fix various linting errors * add test coverage check * revert prettier formatting from uswds files * remove coverage-c8 dependency * add workflow for front-end tests * make test for date use UTC explicitly * make utc explicit in date formating * use recommended eslint settings from Eric - thank you - and fix additional linter warnings * merge * Combining READMEs * Removing flaky test suite * Fixing typo * Adding top-level links to jump straight to instructions Lets devs jump right to what they probably care about most at first * Updating SAM key link * Adding note about e2e tests * Updated uswds version from 3.6.0 to 3.6.1 * Updated footer based on Issue 123. Added NASA logo to the project to display in the footer. * Updated footer css layout for responsiveness * Updated footer logo placement on mobile. Fixed footer broken unit test. * Updated footer format to support mobile. Override uswds default settings to allow more flex options. --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mark Meyer <[email protected]> Co-authored-by: eric-gade <[email protected]> Co-authored-by: Eric Gade <[email protected]> Co-authored-by: Tim Hollosy <[email protected]> * Gsa/issue 166/alert banner (#168) * Added alert to home page to notify user possible issues with the search tool. * Updated alert language based client feedback. * Updated the alert message for search issue. * Gsa/release/staging (#171) * Updated uswds version from 3.6.1 to 3.7.1 (#164) --------- Co-authored-by: Mark Meyer <[email protected]> Co-authored-by: eric-gade <[email protected]> Co-authored-by: Eric Gade <[email protected]> Co-authored-by: Tim Hollosy <[email protected]> * Addressed various dependency vulnerabilities in front-end and back-end that were flagged by dependabot. (#189) * Sprint 25 (#201) Issue #190 Dependabot Alert: FastAPI Content-Type Header ReDoS * Production Release (#207) Sprint 26 Changes: Issue #200 889 Footer Identifier Update to include Domain * Production Release (#211) Includes the following issue(s): Issue #203 Update USWDS from 3.71 to 3.8 | 889 Tool * Production Release (#223) Includes the following issues: Issue #218 Dependabot Alert: Request smuggling leading to endpoint restriction bypass in Gunicorn * Production Release (#249) Sprint 32 Issues: Update USWDS from 3.8 to 3.8.1 |889 Tool #237 Dependabot Alert: Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain #228 Dependabot Alert: follow-redirects' Proxy-Authorization header kept across hosts #208 * Production Release (#259) Sprint 33 include(s) the following issues: Improve performance by adding explicit height and width to image elements #146 Interactive elements indicate their purpose and state #185 * Production Release (#277) Includes Spring 34 and 35 issues. Implement the Link Checker on the 889 Tool #151 Research Issues found with Lighthouse #162 Research Issues found with Lighthouse and address if applicable #269 Dependabot Alert: WS Affected by a DoS When Handlin a Request with many HTTP Headers #261 * Spell out FOUO (#284) remove banner. (#285) * Update to the latest version of USWDS 3.8.2 | 889 Tool #299 Dependabot Alert: Axios Cross-Site Request Forgery #278 * Production Release (#336) * Commit includes the following:: Add Expiration Date field to the Search Results Information Displayed on the Results Screen #318 Dependabot Alert: Regular Expression Denial of Service (ReDoS) in micromatch #319 * Update packages. * Production Release (#352) Issue #333 Dependabot Alert: path-to-regexp outputs backtracking regular expressions Issue #332 Dependabot Alert: DOMPurify allows tampering by prototype pollution Issue #346 Research SAM.gov to determine why vendors/contractors marked to be shared are not appearing in the 889 Tool Issue #327 Bug: Accessibility Issue; Lists do not contain only <li> elements and script supporting elements ( <script> and <template>) * Production Release (Sprint 41) (#361) Dependabot Alert: Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS #334 Dependabot Alert: Vite's server.fs.deny is bypassed when using ?import&raw #335 * Sprint 42 (#372) * Merged staging into main (#379) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Mark Meyer <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: eric-gade <[email protected]> Co-authored-by: Eric Gade <[email protected]> Co-authored-by: Tim Hollosy <[email protected]> Co-authored-by: John Labbate <[email protected]> Co-authored-by: John Labbate <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue #333 Dependabot Alert: path-to-regexp outputs backtracking regular expressions
Issue #332 Dependabot Alert: DOMPurify allows tampering by prototype pollution
Issue #346 Research SAM.gov to determine why vendors/contractors marked to be shared are not appearing in the 889 Tool
Issue #327 Bug: Accessibility Issue; Lists do not contain only