Github Security Alert (Jekyll dependency)

Question

Github Security Alert (Jekyll dependency)

Closed this issue 4 years ago · 2 comments

Opening this issue as a reminder to update the Jekyll dependencies in a day or two, after the patch has made it's way through the dependency tree.

See the alert: https://github.com/Maps4HTML/Maps4HTML-Workshop-2020/network/alert/Gemfile.lock/activesupport/open

I opened an issue on the Jekyll repo: jekyll/jekyll#8210

Answer 1 · 2020-08-15T14:08:36.000Z

there seem to be quite a few of these piling up. I hope it doesn't put the web site at risk?

Answer 2 · 2021-01-14T00:57:27.000Z

The Jekyll issue was cleared up, so I'll close this. There's another active warning, but it doesn't affect anything that we're doing.

Which is probably true about Jekyll as well. Because we're using these at the build step, and not doing anything too complicated with networking, it's fairly low probability that an issue will be serious. But still need to check.