Dependabot couldn't create a PR for activesupport due to a version lock on tzinfo the gemfile.
After checking why the version was locked, I couldn't determine any reason why tzinfo shouldn't be updated to the latest, or at least the version required by the newer activesupport packages where the security vulnerability was fixed.
A deployment on my local machine with bundle exec jekyll serve -s ./docs -V (verbose build) shows no issues.
Dependabot couldn't create a PR for
activesupport
due to a version lock ontzinfo
the gemfile.After checking why the version was locked, I couldn't determine any reason why
tzinfo
shouldn't be updated to the latest, or at least the version required by the neweractivesupport
packages where the security vulnerability was fixed.A deployment on my local machine with
bundle exec jekyll serve -s ./docs -V
(verbose build) shows no issues.