Merge branch 'master' into snyk-upgrade-456eb41b07cb0cd09a500daa59fa8e40

.github/dependabot.yml

@@ -0,0 +1,15 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+  - package-ecosystem: "bundler" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/tests.yml

@@ -11,7 +11,7 @@ jobs:
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7.3
+          ruby-version: 3.1.4
           bundler-cache: true
 
   general_tests:
@@ -23,7 +23,7 @@ jobs:
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: 2.7.3
+          ruby-version: 3.1.4
           bundler-cache: true
 
       - name: Run tests

.ruby-version

@@ -0,0 +1 @@
+3.1.4

.stylelintrc.yml

@@ -1,8 +1,4 @@
-extends: stylelint-config-recommended
-syntax: scss
-plugins:
-  - stylelint-scss
+extends: stylelint-config-standard-scss
 rules:
-  # Use scss/at-rule-no-unknown instead of core/at-rule-no-unknown to allow SCSS @rules.
-  at-rule-no-unknown: null
-  scss/at-rule-no-unknown: true
+  selector-class-pattern: null
+  scss/at-extend-no-missing-placeholder: null

Gemfile.lock

@@ -9,28 +9,28 @@ GIT
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.2.6)
+    activesupport (5.2.8.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.6)
+      public_suffix (>= 2.0.2, < 6.0)
     colorator (1.1.0)
     colorize (0.8.1)
-    concurrent-ruby (1.1.9)
-    em-websocket (0.5.2)
+    concurrent-ruby (1.2.3)
+    em-websocket (0.5.3)
       eventmachine (>= 0.12.9)
-      http_parser.rb (~> 0.6.0)
+      http_parser.rb (~> 0)
     eslintrb (2.1.0)
       execjs
       multi_json (>= 1.3)
       rake
-    ethon (0.14.0)
+    ethon (0.16.0)
       ffi (>= 1.15.0)
     eventmachine (1.2.7)
-    execjs (2.8.1)
-    ffi (1.15.4)
+    execjs (2.9.1)
+    ffi (1.16.3)
     forwardable-extended (2.6.0)
     hawkins (2.0.5)
       em-websocket (~> 0.5)
@@ -45,14 +45,14 @@ GEM
       typhoeus (~> 1.3)
       yell (~> 2.0)
     htmlentities (4.3.4)
-    http_parser.rb (0.6.0)
-    i18n (0.9.5)
+    http_parser.rb (0.8.0)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    jekyll (3.9.1)
+    jekyll (3.9.5)
       addressable (~> 2.4)
       colorator (~> 1.0)
       em-websocket (~> 0.5)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       jekyll-sass-converter (~> 1.0)
       jekyll-watch (~> 2.0)
       kramdown (>= 1.17, < 3)
@@ -63,58 +63,56 @@ GEM
       safe_yaml (~> 1.0)
     jekyll-sass-converter (1.5.2)
       sass (~> 3.4)
-    jekyll-toc (0.17.1)
+    jekyll-toc (0.18.0)
       jekyll (>= 3.9)
-      nokogiri (~> 1.11)
+      nokogiri (~> 1.12)
     jekyll-watch (2.2.1)
       listen (~> 3.0)
-    json-schema (2.8.1)
-      addressable (>= 2.4)
-    kramdown (2.3.1)
+    json-schema (4.1.1)
+      addressable (>= 2.8)
+    kramdown (2.4.0)
       rexml
     kramdown-parser-gfm (1.1.0)
       kramdown (~> 2.0)
-    liquid (4.0.3)
-    listen (3.7.0)
+    liquid (4.0.4)
+    listen (3.8.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
     mercenary (0.3.6)
-    mini_portile2 (2.8.1)
-    minitest (5.14.4)
+    minitest (5.22.2)
     multi_json (1.15.0)
-    nokogiri (1.14.0)
-      mini_portile2 (~> 2.8.0)
+    nokogiri (1.16.2-x86_64-linux)
       racc (~> 1.4)
-    parallel (1.21.0)
+    parallel (1.24.0)
     pathutil (0.16.2)
       forwardable-extended (~> 2.6)
-    power_assert (2.0.1)
-    public_suffix (4.0.6)
-    racc (1.6.2)
-    rake (13.0.6)
-    rb-fsevent (0.11.0)
+    power_assert (2.0.3)
+    public_suffix (5.0.4)
+    racc (1.7.3)
+    rake (13.1.0)
+    rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rexml (3.2.5)
-    rouge (3.26.1)
+    rexml (3.2.6)
+    rouge (3.30.0)
     safe_yaml (1.0.5)
     sass (3.7.4)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
-    test-unit (3.4.7)
+    test-unit (3.6.1)
       power_assert
     thread_safe (0.3.6)
-    typhoeus (1.4.0)
+    typhoeus (1.4.1)
       ethon (>= 0.9.0)
-    tzinfo (1.2.10)
+    tzinfo (1.2.11)
       thread_safe (~> 0.1)
-    webrick (1.7.0)
+    webrick (1.8.1)
     yell (2.2.2)
 
 PLATFORMS
-  ruby
+  x86_64-linux
 
 DEPENDENCIES
   eslintrb
@@ -130,4 +128,4 @@ DEPENDENCIES
   webrick (~> 1.7)
 
 BUNDLED WITH
-   2.2.3
+   2.3.26

SECURITY.md

@@ -0,0 +1,27 @@
+# Security Policy
+
+As a U.S. Government agency, the General Services Administration (GSA) takes
+seriously our responsibility to protect the public's information, including
+financial and personal information, from unwarranted disclosure.
+
+Software developed by the U.S. General Services Administration (GSA)
+is subject to the [GSA Vulnerability Disclosure Policy](https://gsa.gov/vulnerability-disclosure-policy).
+
+Please consult our policy for:
+* How to submit a report if you believe you have discovered a vulnerability.
+* GSA's coordinated disclosure policy.
+* Information on how you may conduct security research on GSA-developed
+  software and systems.
+* Important legal and policy guidelines.
+
+## Supported Versions
+
+Please note that only certain branches are supported with security updates.
+
+| Version (Branch) | Supported          |
+| ---------------- | ------------------ |
+| master           | :white_check_mark: |
+| other            | :x:                |
+
+When using this code or reporting vulnerabilities please only use supported
+versions.

_apidocs/entity-api.md

@@ -5,6 +5,14 @@ banner-heading: SAM.gov Entity Management API
 <!--<link rel="stylesheet" type="text/css" href="../../assets/swaggerui-dist/swagger-ui.css" >-->
 <!--<link rel="stylesheet" type="text/css" href="../../assets/swaggerui-dist/custom.css" >-->
 
+<div class="usa-alert usa-alert-warning" id="site-wide-alert" role="alert">
+   <div class="usa-alert-body">
+     <p class="usa-alert-text">
+        At this time, please <b>cease using</b> the Entity Management API for any Representations and Certifications display (also known as 'Reps and Certs') information.<br><br>Entity Management API results may not match the information available in the Reps and Certs in the entity's record on SAM.gov. The Reps and Certs display via search at SAM.gov is correct.<br><br>The Reps and Certs data stored in the database is correct.<br>The Reps and Certs data in the SAM record is correct.<br>It is the data returned by the API that we are investigating.<br><br>We will provide updates as soon as possible.
+     </p>
+   </div>
+ </div>
+
 ## Overview
 The Entity Management API allows users to request Unclassified ("Public"), Controlled Unclassified Information (CUI) "For Official Use Only" (FOUO) or CUI "Sensitive" entity data, based on the sensitivity level of the user account and through several optional request parameters.
 
@@ -12355,4 +12363,4 @@ Disclaimer:
 | 08/22/2023 | v4.4    | * Uploaded a revised Data Dictionary with updated Business Types.
 | 09/29/2023 | v4.5    | * Updated "Additional Help References" documentation to link to SAM.gov Data Services page.
 
-<p><small><a href="#">Back to top</a></small></p>
+<p><small><a href="#">Back to top</a></small></p>