test of npm & package upgrades

Author: rlxdev

package-lock.json

@@ -16,40 +16,41 @@
   },
   "dependencies": {
     "@cityssm/bulma-sticky-table": "^2.1.0",
-    "@fortawesome/fontawesome-svg-core": "^6.5.2",
-    "@fortawesome/free-brands-svg-icons": "^6.5.2",
-    "@fortawesome/free-regular-svg-icons": "^6.5.1",
-    "@fortawesome/free-solid-svg-icons": "^6.5.1",
-    "@fortawesome/vue-fontawesome": "^3.0.5",
-    "@unhead/vue": "^1.11.18",
-    "axios": "^1.6.5",
+    "@fortawesome/fontawesome-svg-core": "^6.7.2",
+    "@fortawesome/free-brands-svg-icons": "^6.7.2",
+    "@fortawesome/free-regular-svg-icons": "^6.7.2",
+    "@fortawesome/free-solid-svg-icons": "^6.7.2",
+    "@fortawesome/vue-fontawesome": "^3.1.2",
+    "@unhead/vue": "^1.11.20",
+    "axios": "^1.12.2",
     "bulma": "^0.9.4",
     "bulma-timeline": "^3.0.5",
     "leaflet": "^1.9.4",
     "lodash": "^4.17.21",
     "node-sass": "^9.0.0",
-    "pinia": "^2.1.7",
+    "pinia": "^2.3.1",
     "vue": "^3.3.11",
-    "vue-gtag": "^2.0.1",
+    "vue-gtag": "^2.1.2",
     "vue-plugin-load-script": "^2.1.1",
-    "vue-router": "^4.2.5"
+    "vue-router": "^4.5.1"
   },
   "devDependencies": {
-    "@rushstack/eslint-patch": "^1.3.3",
-    "@tsconfig/node18": "^18.2.2",
-    "@types/lodash": "^4.17.7",
-    "@types/node": "^18.19.3",
-    "@vitejs/plugin-vue": "^4.5.2",
+    "@rushstack/eslint-patch": "^1.12.0",
+    "@tsconfig/node18": "^18.2.4",
+    "@types/lodash": "^4.17.20",
+    "@types/node": "^18.19.127",
+    "@vitejs/plugin-vue": "^4.6.2",
     "@vitejs/plugin-vue-jsx": "^3.1.0",
-    "@vue/eslint-config-prettier": "^8.0.0",
-    "@vue/eslint-config-typescript": "^12.0.0",
-    "@vue/tsconfig": "^0.5.0",
-    "eslint": "^8.49.0",
-    "eslint-plugin-vue": "^9.17.0",
-    "npm-run-all2": "^6.1.1",
-    "prettier": "^3.0.3",
+    "@vue/eslint-config-prettier": "^10.2.0",
+    "@vue/eslint-config-typescript": "^14.6.0",
+    "@vue/tsconfig": "^0.5.1",
+    "eslint": "^9.36.0",
+    "eslint-plugin-vue": "^10.5.0",
+    "npm-run-all2": "^6.2.6",
+    "prettier": "^3.6.2",
+    "sass-embedded": "^1.93.2",
     "typescript": "~5.3.0",
-    "vite": "^5.0.10",
-    "vue-tsc": "^1.8.25"
+    "vite": "^5.4.20",
+    "vue-tsc": "^1.8.27"
   }
-}
+}

package.json

@@ -1,3 +1,5 @@
+@use 'variables' as *;
+
 /** Override Bulma's generic variables **/
 $body-family: "Source Sans Pro", "Public Sans Web", sans-serif;
 

src/assets/style/bulmaCveCustomizations.scss

@@ -1,23 +1,23 @@
 <template>
   <div :id="`${sectionAnchorId}`">
     <div class="mb-2">
-      <button @click="togglePanel" class="message-header cve-accordion-header">
-        <slot></slot>
-        <button class="button message-header-button"
-          :style="{'background-color': '#162e51 !important', 'color': 'white !important'}"
+      <div style="display: flex; flex: 1; flex-direction: row; background-color: #162e51 !important;">
+        <button @click="togglePanel" class="message-header cve-accordion-header" style="flex: 1 1 auto">
+          <slot></slot>
+        </button>
+        <button @click="togglePanel" class="button message-header-button"
+          style="background-color: #162e51 !important; color: white !important; flex: 0 0 auto; align-self: center;"
           :aria-expanded="usecveRecordStore.accordionState[organizationId] ? 'true' : 'false'"
-          :aria-controls="`${organizationId}-panel`"
-        >
+          :aria-controls="`${organizationId}-panel`">
           <span class="icon is-small">
             <p :id="`expandCollapseAltText-${organizationId}`" class="is-hidden">
               {{usecveRecordStore.accordionState[organizationId] ? 'expand' : 'collapse'}}
             </p>
             <font-awesome-icon :icon="usecveRecordStore.accordionState[organizationId] ? 'minus' : 'plus'"
-              aria-hidden="false" focusable="true" :aria-labelledby="`expandCollapseAltText-${organizationId}`"
-            />
+              aria-hidden="false" focusable="true" :aria-labelledby="`expandCollapseAltText-${organizationId}`"/>
           </span>
         </button>
-      </button>
+      </div>
       <!-- Panel content is conditionally determined by role -->
       <div :id="`${organizationId}-panel`" v-if="usecveRecordStore.accordionState[organizationId]"
         class="pl-3 pr-3 pt-2 pb-5 cve-container-accordion-panel"

src/components/AdpVulnerabilityEnrichment.vue

@@ -63,16 +63,14 @@
                 <iframe class="has-ratio" width="560" height="315" src="https://www.youtube.com/embed/OQB2w71JmLE" frameborder="0" allowfullscreen>
                 </iframe>
               </figure>
-              <p>
-                <a href='/ProgramOrganization/Board'>CVE Board</a> members Tod Beardsley, Shannon Sabens, and Kent Landfield provide
-                the truth and facts about the following myths about the CVE Program:
-                <ul>
-                  <li class="cve-list-no-bullet">Myth #1: The CVE Program is run entirely by the MITRE Corporation.</li>
-                  <li class="cve-list-no-bullet"> Myth #2: The CVE Program is controlled by software vendors.</li>
-                  <li class="cve-list-no-bullet">Myth #3: The CVE Program doesn’t cover enough types of vulnerabilities.</li>
-                  <li class="cve-list-no-bullet">Myth #4: The CVE Program is responsible for assigning vulnerability severity scores.</li>
-                </ul>
-              </p>
+              <a href='/ProgramOrganization/Board'>CVE Board</a> members Tod Beardsley, Shannon Sabens, and Kent Landfield provide
+              the truth and facts about the following myths about the CVE Program:
+              <ul>
+                <li class="cve-list-no-bullet">Myth #1: The CVE Program is run entirely by the MITRE Corporation.</li>
+                <li class="cve-list-no-bullet"> Myth #2: The CVE Program is controlled by software vendors.</li>
+                <li class="cve-list-no-bullet">Myth #3: The CVE Program doesn’t cover enough types of vulnerabilities.</li>
+                <li class="cve-list-no-bullet">Myth #4: The CVE Program is responsible for assigning vulnerability severity scores.</li>
+              </ul>
             </div>
             <div class="cve-white-bg-gray-border-container">
               <h3 class="title mt-4">Podcast - Becoming A CNA Myths versus Facts</h3>
@@ -88,17 +86,17 @@
                 U.S. Cybersecurity and Infrastructure Security Agency (CISA)</a>
                 about the myths and facts of partnering with the CVE Program as a
                 <router-link to="/ProgramOrganization/CNAs">CVE Numbering Authority</router-link> (CNA):
-                <ul>
-                  <li class="cve-list-no-bullet">Myth #1: Only a specific category of software vendors can become CNAs.</li>
-                  <li class="cve-list-no-bullet">
-                    Myth #2: Organizations cannot leverage their existing vulnerability management and disclosure processes when they become a CNA.
-                  </li>
-                  <li class="cve-list-no-bullet">Myth #3: The requirements for becoming a CNA are overwhelming and extensive.</li>
-                  <li class="cve-list-no-bullet">Myth #4: A fee is required to become a CNA.</li>
-                  <li class="cve-list-no-bullet">Myth #5: The CNA onboarding process is too complicated and time-consuming.</li>
-                  <li class="cve-list-no-bullet">Myth #6: Organizations cannot choose the Top-Level Root or Root they want to work with.</li>
-                </ul>
               </p>
+              <ul>
+                <li class="cve-list-no-bullet">Myth #1: Only a specific category of software vendors can become CNAs.</li>
+                <li class="cve-list-no-bullet">
+                  Myth #2: Organizations cannot leverage their existing vulnerability management and disclosure processes when they become a CNA.
+                </li>
+                <li class="cve-list-no-bullet">Myth #3: The requirements for becoming a CNA are overwhelming and extensive.</li>
+                <li class="cve-list-no-bullet">Myth #4: A fee is required to become a CNA.</li>
+                <li class="cve-list-no-bullet">Myth #5: The CNA onboarding process is too complicated and time-consuming.</li>
+                <li class="cve-list-no-bullet">Myth #6: Organizations cannot choose the Top-Level Root or Root they want to work with.</li>
+              </ul>
             </div>
             <div class="cve-white-bg-gray-border-container">
               <h3 class="title mt-4">Podcast - CNA Onboarding Process Myths Versus Facts</h3>

src/views/About/Overview.vue

@@ -18,24 +18,24 @@
               <p>
                 <router-link to="/ResourcesSupport/Glossary?activeTerm=glossaryRecord">CVE Records</router-link>
                 may now provide data from three different sources to enrich vulnerability information available to the public:
-                <ul>
-                  <li>
-                    <router-link to="/ProgramOrganization/CNAs">CVE Numbering Authority (CNA)</router-link>:
-                    Selected enriched information provided by the CNA is found under the “CNA” container.
-                  </li>
-                  <li>
-                    <span class="has-text-weight-bold">CVE Program Container:</span> Additional references  that are added by the CVE Program are
-                    found in the CVE Program Container.  Refer to this
-                    <router-link to="/Media/News/item/blog/2024/07/26/CVE-Records-Add-New-CVE-Program-Container">blog</router-link>
-                    for a full explanation of this enriched data.
-                  </li>
-                  <li>
-                    <router-link to="/ProgramOrganization/ADPs">Authorized Data Publisher (ADP)</router-link>:
-                    Selected enriched information provided by one or more ADPs is provided under the “ADP” container.
-                    If there is no ADP-enriched information, no ADP container will be present.
-                  </li>
-                </ul>
               </p>
+              <ul>
+                <li>
+                  <router-link to="/ProgramOrganization/CNAs">CVE Numbering Authority (CNA)</router-link>:
+                  Selected enriched information provided by the CNA is found under the “CNA” container.
+                </li>
+                <li>
+                  <span class="has-text-weight-bold">CVE Program Container:</span> Additional references  that are added by the CVE Program are
+                  found in the CVE Program Container.  Refer to this
+                  <router-link to="/Media/News/item/blog/2024/07/26/CVE-Records-Add-New-CVE-Program-Container">blog</router-link>
+                  for a full explanation of this enriched data.
+                </li>
+                <li>
+                  <router-link to="/ProgramOrganization/ADPs">Authorized Data Publisher (ADP)</router-link>:
+                  Selected enriched information provided by one or more ADPs is provided under the “ADP” container.
+                  If there is no ADP-enriched information, no ADP container will be present.
+                </li>
+              </ul>
               <p>
                 Note: CVE Record detail pages may not display all data for a record. Select the “View JSON” link to view all available required,
                 optional, and enriched information for the record.
@@ -133,26 +133,26 @@
             </ul>
             <p>
               Each category contains a list with the following format:
-              <ul>
-                <li>
-                  Top-level
-                  <a href="https://github.com/CVEProject/cve-schema/blob/main/schema/docs/versions.md#versions-and-version-ranges"
-                  target="_blank">
-                    version/version range
-                  </a>
-                  is marked with a solid circle bullet.
-                  <ul>
-                    <li>
-                      <a href="https://github.com/CVEProject/cve-schema/blob/main/schema/docs/versions.md#version-status-decisions"
-                      target="_blank">
-                        Version changes
-                      </a>
-                      are marked with an outlined circle bullet.
-                    </li>
-                  </ul>
-                </li>
-              </ul>
             </p>
+            <ul>
+              <li>
+                Top-level
+                <a href="https://github.com/CVEProject/cve-schema/blob/main/schema/docs/versions.md#versions-and-version-ranges"
+                target="_blank">
+                  version/version range
+                </a>
+                is marked with a solid circle bullet.
+                <ul>
+                  <li>
+                    <a href="https://github.com/CVEProject/cve-schema/blob/main/schema/docs/versions.md#version-status-decisions"
+                    target="_blank">
+                      Version changes
+                    </a>
+                    are marked with an outlined circle bullet.
+                  </li>
+                </ul>
+              </li>
+            </ul>
             <p><span class="cve-version">Purple text</span> denotes the version provided by the user inputting the CVE JSON data.</p>
           <!-- <h4 class="title">Version Details</h4> -->
             <p>

src/views/CVERecord/CveRecordUserGuide.vue

@@ -41,20 +41,18 @@
               Each release contains a description of CVEs added or updated since the last release, and an Assets section containing the downloads.
               Note that the zip files are quite large and so will take some time to download.
             </p>
-            <p>
-              <ul>
-                <li>
-                  Baseline downloads are issued at the end of each day at midnight and posted under Assets in the following file name format:
-                  Year-Month-Day_all_CVEs_at_midnight.zip, (e.g., 2024-04-01_all_CVEs_at_midnight.zip). This file remains unchanged for 24 hours.
-                  If you are updating your CVE List using zip files daily (or less frequently), this is the best one to use.
-                </li>
-                <li>
-                  Hourly updates are also provided under Assets using the file name format: Year-Month-Day_delta_CVEs_at_Hour 00Z.zip,
-                  (e.g., 2024-04-01_delta_CVEs_at_0100Z.zip). This is useful if you need your CVE List to be accurate hourly. Be aware that this
-                  file only contains the deltas since the baseline zip file.
-                </li>
-              </ul>
-            </p>
+            <ul>
+              <li>
+                Baseline downloads are issued at the end of each day at midnight and posted under Assets in the following file name format:
+                Year-Month-Day_all_CVEs_at_midnight.zip, (e.g., 2024-04-01_all_CVEs_at_midnight.zip). This file remains unchanged for 24 hours.
+                If you are updating your CVE List using zip files daily (or less frequently), this is the best one to use.
+              </li>
+              <li>
+                Hourly updates are also provided under Assets using the file name format: Year-Month-Day_delta_CVEs_at_Hour 00Z.zip,
+                (e.g., 2024-04-01_delta_CVEs_at_0100Z.zip). This is useful if you need your CVE List to be accurate hourly. Be aware that this
+                file only contains the deltas since the baseline zip file.
+              </li>
+            </ul>
             <div class="table-container" id="downloads-table">
               <table class="table is-striped is-hoverable cve-border-dark-blue cve-border-bottom-unset">
                 <thead>