search

chrisrhymes / bulma-clean-theme

A clean and modern Jekyll theme based on Bulma
http://www.csrhymes.com/bulma-clean-theme/
MIT License
383 stars 484 forks source link

Incompatible with security update #67

Closed GastonMazzei closed 3 years ago

GastonMazzei commented 3 years ago

building the Gemfile.lock with "bundle update" for the following Gemfile:

source 'https://rubygems.org'
gem "bulma-clean-theme",  '0.7.2'
gem 'github-pages', group: :jekyll_plugins
gem "kramdown", ">= 2.3.0"

yields

Bundler could not find compatible versions for gem "kramdown": In Gemfile: kramdown (>= 2.3.0)

bulma-clean-theme (= 0.7.2) was resolved to 0.7.2, which depends on
  kramdown (~> 1.17)

So removing the last Gemfile line (kramdown >=2.3.0) solves it and the page is beautiful.

Kramdown >=2.3.0 was my lazy way of fixing the bug CVE-2020-14001. Is the project compatible with solving this bug?

chrisrhymes commented 3 years ago

Hello, please try updating bulma-clean-theme to 0.10 in your gemfile and run bundle update. In this version I have updated to Jekyll 3.9 which uses a newer version of kramdown.

GastonMazzei commented 3 years ago

Hello, Thank you very much, I can confirm that fixed it!