kramdown security alert
Closed this issue · 2 comments
Hi there
Should we do something about this?
https://github.com/ProofGeneral/proofgeneral.github.io/network/alert/Gemfile.lock/kramdown/open
Hi @Matafou, I had a quick look, even if this vuln. only impacts the proofgeneral.github.io website, and even if the automatic dependency update does not work this time, it would be good to fix this, either by updating the dependency manually (but I don't have a working ruby environment at the time),
or more simply, by removing the Gemfile.lock (as it appears this is what has been done in the GitHub Pages upstream template repo: daattali/beautiful-jekyll@114170b)
so feel free to push a commit in master that does git rm Gemfile.lock (maybe I'll have a look later on on how to benefit from other upgrades from that other commit: daattali/beautiful-jekyll@29e7fce, but there is no hurry)