Merge pull request #329 from GSA/deps-updates

Updates to vulnerable dependencies

.gitignore

@@ -5,4 +5,6 @@ _site/
 .DS_Store
 .vendor/
 vendor/
-.bundle/
+.bundle/
+node_modules/
+assets/uswds/

Gemfile

@@ -5,8 +5,9 @@ source "https://rubygems.org"
 git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
 
 gem "jekyll", "~> 4.3.2"
-gem "nokogiri", "~> 1.14"
-gem "html-proofer", "~> 3.19", ">= 3.19.4"
+gem "nokogiri", "~> 1.16"
+gem 'html-proofer', '~> 5.0', '>= 5.0.9'
 gem "jekyll-redirect-from", ">= 0.16.0"
 gem "kramdown-parser-gfm", ">= 1.1.0"
 gem "jekyll-sitemap", ">= 1.4.0"
+gem 'rexml', '~> 3.3', '>= 3.3.8'

Gemfile.lock

@@ -1,32 +1,51 @@
 GEM
   remote: https://rubygems.org/
   specs:
+    Ascii85 (1.1.1)
     addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
+    afm (0.2.2)
+    async (2.17.0)
+      console (~> 1.26)
+      fiber-annotation
+      io-event (~> 1.6, >= 1.6.5)
+    bigdecimal (3.1.8)
     colorator (1.1.0)
     concurrent-ruby (1.2.3)
+    console (1.27.0)
+      fiber-annotation
+      fiber-local (~> 1.1)
+      json
     em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
     ethon (0.16.0)
       ffi (>= 1.15.0)
     eventmachine (1.2.7)
     ffi (1.16.3)
+    fiber-annotation (0.2.0)
+    fiber-local (1.1.0)
+      fiber-storage
+    fiber-storage (1.0.0)
     forwardable-extended (2.6.0)
     google-protobuf (3.25.5)
+    google-protobuf (3.25.5-arm64-darwin)
     google-protobuf (3.25.5-x86_64-darwin)
     google-protobuf (3.25.5-x86_64-linux)
-    html-proofer (3.19.4)
+    hashery (2.1.2)
+    html-proofer (5.0.9)
       addressable (~> 2.3)
-      mercenary (~> 0.3)
+      async (~> 2.1)
       nokogiri (~> 1.13)
-      parallel (~> 1.10)
+      pdf-reader (~> 2.11)
       rainbow (~> 3.0)
       typhoeus (~> 1.3)
       yell (~> 2.0)
+      zeitwerk (~> 2.5)
     http_parser.rb (0.8.0)
     i18n (1.14.5)
       concurrent-ruby (~> 1.0)
+    io-event (1.7.1)
     jekyll (4.3.3)
       addressable (~> 2.4)
       colorator (~> 1.0)
@@ -51,6 +70,7 @@ GEM
       jekyll (>= 3.7, < 5.0)
     jekyll-watch (2.2.1)
       listen (~> 3.0)
+    json (2.7.2)
     kramdown (2.4.0)
       rexml
     kramdown-parser-gfm (1.1.0)
@@ -60,54 +80,67 @@ GEM
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     mercenary (0.4.0)
-    mini_portile2 (2.8.1)
-    nokogiri (1.14.3)
-      mini_portile2 (~> 2.8.0)
+    mini_portile2 (2.8.7)
+    nokogiri (1.16.7)
+      mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    nokogiri (1.14.3-x86_64-darwin)
+    nokogiri (1.16.7-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.14.3-x86_64-linux)
+    nokogiri (1.16.7-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.16.7-x86_64-linux)
       racc (~> 1.4)
-    parallel (1.22.1)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
+    pdf-reader (2.12.0)
+      Ascii85 (~> 1.0)
+      afm (~> 0.2.1)
+      hashery (~> 2.0)
+      ruby-rc4
+      ttfunk
     public_suffix (5.0.5)
-    racc (1.6.2)
+    racc (1.8.1)
     rainbow (3.1.1)
     rake (13.2.1)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
+    rexml (3.3.8)
     rouge (4.2.1)
+    ruby-rc4 (0.1.5)
     safe_yaml (1.0.5)
     sass-embedded (1.54.6)
       google-protobuf (~> 3.19)
       rake (>= 10.0.0)
+    sass-embedded (1.54.6-arm64-darwin)
+      google-protobuf (~> 3.19)
     sass-embedded (1.54.6-x86_64-darwin)
       google-protobuf (~> 3.19)
-    strscan (3.1.0)
     terminal-table (3.0.2)
       unicode-display_width (>= 1.1.1, < 3)
-    typhoeus (1.4.0)
+    ttfunk (1.8.0)
+      bigdecimal (~> 3.1)
+    typhoeus (1.4.1)
       ethon (>= 0.9.0)
     unicode-display_width (2.5.0)
     webrick (1.8.2)
     yell (2.2.2)
+    zeitwerk (2.6.18)
 
 PLATFORMS
+  arm64-darwin
   ruby
   x86_64-darwin-21
   x86_64-linux
 
 DEPENDENCIES
-  html-proofer (~> 3.19, >= 3.19.4)
+  html-proofer (~> 5.0, >= 5.0.9)
   jekyll (~> 4.3.2)
   jekyll-redirect-from (>= 0.16.0)
   jekyll-sitemap (>= 1.4.0)
   kramdown-parser-gfm (>= 1.1.0)
-  nokogiri (~> 1.14)
+  nokogiri (~> 1.16)
+  rexml (~> 3.3, >= 3.3.8)
 
 BUNDLED WITH
    2.4.2

_includes/footer.html

@@ -62,46 +62,46 @@ <h5>
         <div class="usa-identifier__container">
             <ul class="usa-identifier__required-links-list">
                 <li class="usa-identifier__required-links-item">
-                    <a href="//www.whitehouse.gov/omb/" class="usa-identifier__required-link usa-link">About OMB</a>
+                    <a href="https://www.whitehouse.gov/omb/" class="usa-identifier__required-link usa-link">About OMB</a>
                 </li>
                 <li class="usa-identifier__required-links-item">
                     <a
-                        href="//www.gsa.gov/website-information/website-policies#accessibility"
+                        href="https://www.gsa.gov/website-information/website-policies#accessibility"
                         class="usa-identifier__required-link usa-link"
                         >Accessibility support</a
                     >
                 </li>
                 <li class="usa-identifier__required-links-item">
                     <a
-                        href="//www.gsa.gov/reference/freedom-of-information-act-foia"
+                        href="https://www.gsa.gov/reference/freedom-of-information-act-foia"
                         class="usa-identifier__required-link usa-link"
                         >FOIA requests</a
                     >
                 </li>
                 <li class="usa-identifier__required-links-item">
                     <a
-                        href="//www.gsa.gov/reference/civil-rights-programs/notification-and-federal-employee-antidiscrimination-and-retaliation-act-of-2002"
+                        href="https://www.gsa.gov/reference/civil-rights-programs/notification-and-federal-employee-antidiscrimination-and-retaliation-act-of-2002"
                         class="usa-identifier__required-link usa-link"
                         >No FEAR Act data</a
                     >
                 </li>
                 <li class="usa-identifier__required-links-item">
-                    <a href="//www.gsaig.gov" class="usa-identifier__required-link usa-link">Office of the Inspector General</a>
+                    <a href="https://www.gsaig.gov" class="usa-identifier__required-link usa-link">Office of the Inspector General</a>
                 </li>
                 <li class="usa-identifier__required-links-item">
-                    <a href="//www.gsa.gov/reference/reports/budget-performance" class="usa-identifier__required-link usa-link"
+                    <a href="https://www.gsa.gov/reference/reports/budget-performance" class="usa-identifier__required-link usa-link"
                         >Performance reports</a
                     >
                 </li>
                 <li class="usa-identifier__required-links-item">
                     <a
-                        href="//www.gsa.gov/website-information/website-policies#privacy"
+                        href="https://www.gsa.gov/website-information/website-policies#privacy"
                         class="usa-identifier__required-link usa-link"
                         >Privacy policy</a
                     >
                 </li>
                 <li class="usa-identifier__required-links-item">
-                    <a href="//github.com/GSA/data-strategy/issues" class="usa-identifier__required-link usa-link"
+                    <a href="https://github.com/GSA/data-strategy/issues" class="usa-identifier__required-link usa-link"
                         >Report a bug</a
                     >
                 </li>

_posts/2019-07-14-census-pdb-roam.md

@@ -46,7 +46,7 @@ As soon as ROAM went live in February 2018, users inside and outside of the Cens
 
 The LRS, as packaged in ROAM, has also become a data-based decision-making tool for non-federal organizations, providing them with objective data validated by the Census Bureau. Given the representation and financial ramifications—seats in Congress and hundreds of billions of federal dollars are allocated according to decennial census information—state governments and other organizations invest a lot of resources in getting their residents tallied properly. California, for instance, has “already allocated more than $100 million on efforts aimed at getting all its residents counted” in the upcoming census, with other states following suit.[^3]  ROAM helps these governments, especially those that lack the geospatial information programming capacity to work with raw PDB data, to allocate their census programs efficiently.
 
-Several organizations have taken it a step further, building on the firm foundation of the PDB and ROAM. California built its own tool, called the Statewide Outreach and Rapid Deployment (also known as SWoRD)  tool on top of PDB data and using ROAM as an example. New York City and others have taken their own similar approaches. To help facilitate value creation on top of ROAM, its underlying data services are made available by the Census Bureau at [census.gov/roam](http://www.census.gov/roam) as a RESTful API (an Application Program Interface that responds predictably to other computers’ requests made over the internet).
+Several organizations have taken it a step further, building on the firm foundation of the PDB and ROAM. California built its own tool, called the Statewide Outreach and Rapid Deployment (also known as SWoRD)  tool on top of PDB data and using ROAM as an example. New York City and others have taken their own similar approaches. To help facilitate value creation on top of ROAM, its underlying data services are made available by the Census Bureau at [census.gov/roam](https://www.census.gov/roam) as a RESTful API (an Application Program Interface that responds predictably to other computers’ requests made over the internet).
 
 ## An evolving tool
 

package.json

@@ -12,7 +12,7 @@
     "qa": "bundle exec htmlproofer --http-status-ignore \"301,302,401,403,429\" --check-html _site",
     "setup": "bundle install",
     "start": "bundle exec jekyll serve",
-    "test": "bundle exec htmlproofer --check-html --disable-external _site"
+    "test": "bundle exec htmlproofer --disable-external _site"
   },
   "repository": {
     "type": "git",