Weekly complaints from github: CVE-2018-17567

[jr3cermak]

acep-uaf / thearcticprogram.net Known security vulnerabilities detected

Dependency jekyll
Version

= 3.8.0 < 3.8.4
Upgrade to ~> 3.8.4 Vulnerabilities CVE-2018-17567 Moderate severity Defined in Gemfile.lock

[dayne]

@jr3cermak good catch.

Fortunately the Jekyll referenced here is for the development side only. The actual website is hosted and rendered by GitHub itself which is updated.

That said - why leave a vulnerability alert open. Ran bundle update and committed the updated Gemfile.lock so this warning should go away now.