Dependabot can't resolve your Ruby dependencies.

As a result, Dependabot couldn't update any of your dependencies.

This could have been caused by a git reference having been deleted at the source, by an out-of-sync lockfile, or by a bug in Dependabot.

To help diagnose the issue, please try running bundle update --patch locally. If no errors occur, get in touch and we'll help dig into it.

You can mention @dependabot in the comments below to contact the Dependabot team.

Email alert frontend needs a Heroku app representing master and a pipeline for reviewing changes to UI and components.

The https://www.gov.uk/email/manage page (and its subpages) uses the phase banner component but it seems as if the styles for this component are missing. Looks as if they were removed a while ago.

The links in the header when signed into pages like https://www.gov.uk/email/manage overlap each other, as shown below when the menu is expanded. This seems to happen below the desktop breakpoint (768px) and mobile (640px).

There is an issue within this app as it's interacted with using the example page links

Starting
http://email-alert-frontend.dev.gov.uk/email-signup?link=%2Fgovernment%2Forganisations%2Fgovernment-digital-service

As you move through the app the actual URL changes which generates an error page
http://www.dev.gov.uk/email/subscriptions/new?topic_id=government-digital-service

The way GOV.UK Elements styles #content conflicts with our styling with the #wrapper.

This results in too much padding around the page.

Seems like there may be some similar issues with the custom margins on the expanded inputs too. Would recommend keeping the pattern as described in GOV.UK Elements and trying to update the pattern upstream.

Can reproduce when testing on smaller viewports e.g. mobile, tablet

Publishing Frontend Support: https://trello.com/c/SDaspypN/45-gov-uk-elements-conflicting-css-causing-padding-issues

What

We should optimize the CSS and JS served directly from Smart Answers, we should do this by:

• Minify CSS
• Minify and "Uglify" JS

Why

We are currently serving larger asset sizes than required to end users, optimizing the CSS and JS should improve performance on the frontend.

In the current state, titles and links for breadcrumbs need to be manually created by the publishing App.
This should be refactored to use the links array so we get links and titles being kept up to date.

We're seeing relatively frequent cookie overflow problems reported in Sentry - we should be sanitising the cookie code so that if these are exploit attempts we just reject them silently, and if they're not we work out what we're doing to cause them.

https://govuk.sentry.io/issues/5082661786/?alert_rule_id=283775&alert_timestamp=1712737444613&alert_type=email&environment=production&notification_uuid=38e5d9c6-2667-4f17-8bdc-42687ee97bef&project=202221&referrer=alert_email

When you try to create a new subscription but don't initially select a topic, the wrong error message is shown on the page to select a frequency after you choose a topic. I think this is because of how Rails handles flash messages.

As part of #639, @kevindew identified that we include the user's email address in plaintext form in the query params of the "View, unsubscribe or change the frequency of your subscriptions" link.

This means the user's email address will be present in logs, which isn't ideal. Although for analytics we filter emails before the reach GA, this would be difficult to replicate for logs.

We should consider how we can avoid having plaintext emails in the query params for managing subscriptions. There are a couple of approaches we could take here:

• Don't include it in the first place. This would mean the user has to enter their email manually as part of signing-in, which would increase of overhead for this workflow.

• Encrypt the email in a (non-expiring) token. This would require changes to the frontend (to accept the token) and the API (to change it in emails). We would also need to support the old behaviour.

If we're going to include verifiable/encrypted information in the "View, unsubscribe or change the frequency of your subscriptions" link, it may be simpler to support direct sign-in, with a suitable expiry.

What?

Viewing this app for the first time and starting up in isolation (to resolve an a11y issue) it's not clear that the typical Frontend startup process outlined in the docs does not apply to this app.

In order to startup this app and to be able to move through example pages and have them render, this app has to be started using Docker and the --live flag.

$ govuk-docker up email-alert-frontend-app-live

Why?

Without starting the up via this method, the app from a Frontend POV is unusable and you run into many errors.
Eg you cannot use /.startup.sh or docker without live data.

PR conversation with @kevindew around updating the README advised that it would be more desirable to get consensus with startup documentation across many apps and is most likely a wider topic. Updating docs as suggested above would be misleading and would age badly