Jekyll 3.9.0 upgrade #1756
Merged
Jekyll 3.9.0 upgrade #1756
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
because CI complained: > jekyll-redirect-from-0.16.0 requires ruby version >= 2.4.0, which is > incompatible with the current version, ruby 2.3.1p112 we should move to Ruby 2.4 eventually I guess, but it doesn't need to be now
SethTisue
added a commit
to SethTisue/scala-lang
that referenced
this pull request
Aug 19, 2020
this is comparable to scala/docs.scala-lang#1756. the motivation is the same: we got a security alert about kramdown. but it went a bit differently in this repo. if I did `bundle update jekyll` that went all the way to some 4.x version. I don't know why. but it seems safer to do a smaller upgrade first. `bundle update --minor jekyll` got us to 3.9.0, but then kramdown didn't get updated, so I followed it with `bundle update kramdown` (after adding `kramdown-parser-gfm` to `Gemfile`, as in the other PR) since I didn't do a full `bundle update`, I didn't need to revert any version bump of jekyll-redirect-from so.... it's not great that this doesn't bring the two repos exactly in sync, but oh well. I'm trying to resolve the security issue without putting excess effort into it. I wouldn't oppose followup PR(s) that reduce the deltas between the repos.
SethTisue
added a commit
to SethTisue/scala.epfl.ch
that referenced
this pull request
Aug 19, 2020
akin to scala/scala-lang#1157 and scala/docs.scala-lang#1756 but here just `bundle update github-pages` was sufficient to get us on the desired Jekyll version (3.9.0) and desired kramdown version (2.3.0) that has the security fix that prompted the upgrade
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
we got a security alert that we should update kramdown to 2.3.0,
as per GHSA-mqm2-cgpr-p4m6
afaict that requires upgrading to Jekyll 3.9.0, which will....
hopefully be fine
while we're updating things, I did a full
bundle updatelet's try this out in this repo first, and if everything seems okay,
I'll submit a PR to the scala-lang.org repo too
as usual with Ruby stuff, :i-have-no-idea-what-im-doing: