Jekyll 3.9.0 upgrade, also kramdown upgrade #1157
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
this is comparable to scala/docs.scala-lang#1756. the motivation is the same: we got a security alert about kramdown. but it went a bit differently in this repo. if I did `bundle update jekyll` that went all the way to some 4.x version. I don't know why. but it seems safer to do a smaller upgrade first. `bundle update --minor jekyll` got us to 3.9.0, but then kramdown didn't get updated, so I followed it with `bundle update kramdown` (after adding `kramdown-parser-gfm` to `Gemfile`, as in the other PR) since I didn't do a full `bundle update`, I didn't need to revert any version bump of jekyll-redirect-from so.... it's not great that this doesn't bring the two repos exactly in sync, but oh well. I'm trying to resolve the security issue without putting excess effort into it. I wouldn't oppose followup PR(s) that reduce the deltas between the repos.
|
site seems okay — happy to respond to any post-merge feedback |
SethTisue
added a commit
to SethTisue/scala.epfl.ch
that referenced
this pull request
Aug 19, 2020
akin to scala/scala-lang#1157 and scala/docs.scala-lang#1756 but here just `bundle update github-pages` was sufficient to get us on the desired Jekyll version (3.9.0) and desired kramdown version (2.3.0) that has the security fix that prompted the upgrade
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
this is comparable to scala/docs.scala-lang#1756. the motivation is
the same: we got a security alert about kramdown.
but it went a bit differently in this repo. if I did
bundle update jekyllthat went all the way to some 4.x version. I don't know why.but it seems safer to do a smaller upgrade first.
bundle update --minor jekyllgot us to 3.9.0, but then kramdown didn't get updated,so I followed it with
bundle update kramdown(after addingkramdown-parser-gfmtoGemfile, as in the other PR)since I didn't do a full
bundle update, I didn't need to revertany version bump of jekyll-redirect-from
so.... it's not great that this doesn't bring the two repos exactly
in sync, but oh well. I'm trying to resolve the security issue without
putting excess effort into it.
I wouldn't oppose followup PR(s) that reduce the deltas between the
repos.