Public Sans 2.001 (Maintenance update 1) #292

thisisdano · 2024-03-12T19:18:14Z

General

Adds issue and PR templates to the repo
Includes a number of dependency updates
This release does not affect any of the font files and makes no change to the distribution ZIP

Bumps [rack](https://github.com/rack/rack) from 2.2.3 to 2.2.3.1. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@2.2.3...2.2.3.1) --- updated-dependencies: - dependency-name: rack dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bump rack from 2.2.3 to 2.2.3.1

Public-Sans: Add Github action add-to-project

Public Sans: Use new Github issue templates

Public-sans: Update add-to-project GitHub action

Bumps [yargs-parser](https://github.com/yargs/yargs-parser) and [yargs](https://github.com/yargs/yargs). These dependencies needed to be updated together. Updates `yargs-parser` from 5.0.0-security.0 to 5.0.1 - [Release notes](https://github.com/yargs/yargs-parser/releases) - [Changelog](https://github.com/yargs/yargs-parser/blob/v5.0.1/CHANGELOG.md) - [Commits](https://github.com/yargs/yargs-parser/commits/v5.0.1) Updates `yargs` from 7.1.1 to 7.1.2 - [Release notes](https://github.com/yargs/yargs/releases) - [Changelog](https://github.com/yargs/yargs/blob/yargs-v7.1.2/CHANGELOG.md) - [Commits](https://github.com/yargs/yargs/commits/yargs-v7.1.2) --- updated-dependencies: - dependency-name: yargs-parser dependency-type: indirect - dependency-name: yargs dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.7.5 to 0.7.8. - [Release notes](https://github.com/xmldom/xmldom/releases) - [Changelog](https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md) - [Commits](xmldom/xmldom@0.7.5...0.7.8) --- updated-dependencies: - dependency-name: "@xmldom/xmldom" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) --- updated-dependencies: - dependency-name: decode-uri-component dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…dom-0.7.8 Bump @xmldom/xmldom from 0.7.5 to 0.7.8

Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. - [Release notes](https://github.com/ljharb/qs/releases) - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.5.2...v6.5.3) --- updated-dependencies: - dependency-name: qs dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…3.1.2 Bump minimatch from 3.0.4 to 3.1.2

Bump qs from 6.5.2 to 6.5.3

…er-and-yargs-5.0.1 Bump yargs-parser and yargs

…-component-0.2.2 Bump decode-uri-component from 0.2.0 to 0.2.2

Bumps [rack](https://github.com/rack/rack) from 2.2.3.1 to 2.2.6.2. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@2.2.3.1...v2.2.6.2) --- updated-dependencies: - dependency-name: rack dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [jszip](https://github.com/Stuk/jszip) from 3.7.1 to 3.10.1. - [Release notes](https://github.com/Stuk/jszip/releases) - [Changelog](https://github.com/Stuk/jszip/blob/main/CHANGES.md) - [Commits](Stuk/jszip@v3.7.1...v3.10.1) --- updated-dependencies: - dependency-name: jszip dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bump jszip from 3.7.1 to 3.10.1

Bump rack from 2.2.3.1 to 2.2.6.2

Bumps [xml2js](https://github.com/Leonidas-from-XIV/node-xml2js) from 0.4.23 to . - [Release notes](https://github.com/Leonidas-from-XIV/node-xml2js/releases) - [Commits](https://github.com/Leonidas-from-XIV/node-xml2js/commits) --- updated-dependencies: - dependency-name: xml2js dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…moved Remove xml2js

Npm audit fix

Public-sans: Update Node LTS

…4.31 Bump postcss from 8.4.19 to 8.4.31

Public sans - Dependencies: POAM Dec '23

Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.3 to 1.15.4. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.3...v1.15.4) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [es5-ext](https://github.com/medikoo/es5-ext) from 0.10.53 to 0.10.63. - [Release notes](https://github.com/medikoo/es5-ext/releases) - [Changelog](https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md) - [Commits](medikoo/es5-ext@v0.10.53...v0.10.63) --- updated-dependencies: - dependency-name: es5-ext dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [rack](https://github.com/rack/rack) from 2.2.8 to 2.2.8.1. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/main/CHANGELOG.md) - [Commits](rack/rack@v2.2.8...v2.2.8.1) --- updated-dependencies: - dependency-name: rack dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

…irects-1.15.4 Bump follow-redirects from 1.15.3 to 1.15.4

Bump rack from 2.2.8 to 2.2.8.1

…10.63 Bump es5-ext from 0.10.53 to 0.10.63

LGTM

Public Sans - POAM: April '24

Public-sans - POAM: May '24

thisisdano and others added 30 commits May 11, 2022 11:17

Ignore zip files

6b3b140

Merge pull request #251 from uswds/dependabot/bundler/rack-2.2.3.1

2abf26f

Bump rack from 2.2.3 to 2.2.3.1

Add github issue templates

b2c8ffa

Remove github issue templates

4da90ec

Add github issue templates

707fda9

Add Github action add-to-project

a650ded

Merge pull request #255 from uswds/al-add-to-project

976bdb9

Public-Sans: Add Github action add-to-project

Merge pull request #253 from uswds/al-issue-templates

f6bc402

Public Sans: Use new Github issue templates

Update github-token and pin action version

c62c7ba

Merge pull request #256 from uswds/al-update-secret

14de512

Public-sans: Update add-to-project GitHub action

Merge pull request #263 from uswds/dependabot/npm_and_yarn/xmldom/xml…

f083195

…dom-0.7.8 Bump @xmldom/xmldom from 0.7.5 to 0.7.8

Merge pull request #265 from uswds/dependabot/npm_and_yarn/minimatch-…

c291d19

…3.1.2 Bump minimatch from 3.0.4 to 3.1.2

Merge pull request #266 from uswds/dependabot/npm_and_yarn/qs-6.5.3

9c59e9b

Bump qs from 6.5.2 to 6.5.3

Merge pull request #260 from uswds/dependabot/npm_and_yarn/yargs-pars…

9deda78

…er-and-yargs-5.0.1 Bump yargs-parser and yargs

Merge pull request #264 from uswds/dependabot/npm_and_yarn/decode-uri…

1938420

…-component-0.2.2 Bump decode-uri-component from 0.2.0 to 0.2.2

Merge pull request #269 from uswds/dependabot/npm_and_yarn/jszip-3.10.1

7ba542c

Bump jszip from 3.7.1 to 3.10.1

Merge pull request #268 from uswds/dependabot/bundler/rack-2.2.6.2

61c5da7

Bump rack from 2.2.3.1 to 2.2.6.2

Merge pull request #274 from uswds/dependabot/npm_and_yarn/xml2js--re…

0100a85

…moved Remove xml2js

Npm audit fix

4c29157

Merge pull request #275 from uswds/cm-audit-fix-may-2023

3f004a5

Npm audit fix

Create add-issue-labels.yml

6626fde

mahoneycm and others added 19 commits October 19, 2023 10:14

Gem updates

4a933fb

Npm audit fix

9e1a61a

Merge pull request #282 from uswds/cm-update-node-lts-18

9088d43

Public-sans: Update Node LTS

Merge pull request #280 from uswds/dependabot/npm_and_yarn/postcss-8.…

03bfd05

…4.31 Bump postcss from 8.4.19 to 8.4.31

Update node dependencies

afc2e91

Add overrides to address glob-parent

6c42ca5

Update ruby and ruby deps

59a460e

Include usa-layout-grid to fix regression

be79d10

Run npm audit fix

7bf8e34

Merge pull request #284 from uswds/jm-poam-dec-23

8b20c61

Public sans - Dependencies: POAM Dec '23

Merge pull request #287 from uswds/dependabot/npm_and_yarn/follow-red…

092fe0b

…irects-1.15.4 Bump follow-redirects from 1.15.3 to 1.15.4

Merge pull request #290 from uswds/dependabot/bundler/rack-2.2.8.1

76ff75e

Bump rack from 2.2.8 to 2.2.8.1

Merge pull request #289 from uswds/dependabot/npm_and_yarn/es5-ext-0.…

1d0fa76

…10.63 Bump es5-ext from 0.10.53 to 0.10.63

Add GSA security policy

fb08fdd

Merge pull request #291 from uswds/dw-add-security-policy

a0b34fe

LGTM

Add maintenance release notes

6423e3c

thisisdano changed the title ~~Public Sans 2.002~~ Public Sans 2.001 (Maintenance update 1) Mar 12, 2024

thisisdano requested a review from mejiaj March 12, 2024 19:31

mahoneycm and others added 6 commits April 9, 2024 13:43

npm audit fix

0d3c80d

Update non-vulnerabile dependencies

1813eb3

Add GA4 tag

d0b221d

Update RubyGems and bundle install

dddb4f5

Install chromedriver devDependency

71ffb57

Merge pull request #297 from uswds/cm-POAM-april-2024

7ade240

Public Sans - POAM: April '24

mejiaj approved these changes Apr 29, 2024

View reviewed changes

mahoneycm and others added 2 commits May 10, 2024 15:26

Update non-vulnerable dependencies

6aaf92a

Merge pull request #300 from uswds/cm-POAM-may-2024

0ba29c2

Public-sans - POAM: May '24

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Public Sans 2.001 (Maintenance update 1) #292

Public Sans 2.001 (Maintenance update 1) #292

thisisdano commented Mar 12, 2024 •

edited

Public Sans 2.001 (Maintenance update 1) #292

Are you sure you want to change the base?

Public Sans 2.001 (Maintenance update 1) #292

Conversation

thisisdano commented Mar 12, 2024 • edited

General

thisisdano commented Mar 12, 2024 •

edited